ipa_common.c revision 6bcdb688a3d1319ded1073f08e0350de9e5ba94e
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen IPA Provider Common Functions
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen Simo Sorce <ssorce@redhat.com>
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen Copyright (C) 2009 Red Hat
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen This program is free software; you can redistribute it and/or modify
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen it under the terms of the GNU General Public License as published by
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen the Free Software Foundation; either version 3 of the License, or
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen (at your option) any later version.
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen This program is distributed in the hope that it will be useful,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen GNU General Public License for more details.
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen You should have received a copy of the GNU General Public License
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
d595049948579def2d82718dbce0a6b49a281402Timo Sirainen { "ipa_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
d595049948579def2d82718dbce0a6b49a281402Timo Sirainen { "ipa_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
d595049948579def2d82718dbce0a6b49a281402Timo Sirainen { "ipa_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_user_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_group_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_group_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 1800 }, NULL_NUMBER },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_sasl_mech", DP_OPT_STRING, { "GSSAPI" } , NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen /* use the same parm name as the krb5 module so we set it only once */
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_entry_usn", "entryUSN", SYSDB_USN, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_rootdse_last_usn", "lastUSN", SYSDB_HIGH_USN, NULL }
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_name", "uid", SYSDB_NAME, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_shadow_last_change", "shadowLastChange", SYSDB_SHADOWPW_LASTCHANGE, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_shadow_min", "shadowMin", SYSDB_SHADOWPW_MIN, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_shadow_max", "shadowMax", SYSDB_SHADOWPW_MAX, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_shadow_warning", "shadowWarning", SYSDB_SHADOWPW_WARNING, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_shadow_inactive", "shadowInactive", SYSDB_SHADOWPW_INACTIVE, NULL },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_user_shadow_expire", "shadowExpire", SYSDB_SHADOWPW_EXPIRE, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_shadow_flag", "shadowFlag", SYSDB_SHADOWPW_FLAG, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_krb_last_pwd_change", "krbLastPwdChange", SYSDB_KRBPW_LASTCHANGE, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_user_krb_password_expiration", "krbPasswordExpiration", SYSDB_KRBPW_EXPIRATION, NULL },
28cb56e6957f06717e876cecb7aabc820fdf632eTimo Sirainen { "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_group_name", "cn", SYSDB_NAME, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING},
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_changepw_principal", DP_OPT_STRING, { "kadmin/changepw" }, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 15 }, NULL_NUMBER },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_validate", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen { "krb5_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }
bbc30fd4fa86723f6a72309ad3a2a96f34eabd6cTimo Sirainenint domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn)
bbc30fd4fa86723f6a72309ad3a2a96f34eabd6cTimo Sirainen const char *s;
bbc30fd4fa86723f6a72309ad3a2a96f34eabd6cTimo Sirainen dn = talloc_asprintf_append_buffer(dn, "%.*s,dc=", l, s);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen opts = talloc_zero(memctx, struct ipa_options);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen domain = dp_opt_get_string(opts->basic, IPA_DOMAIN);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen ret = dp_opt_set_string(opts->basic, IPA_DOMAIN, dom->name);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen /* FIXME: Make non-fatal once we have discovery */
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen server = dp_opt_get_string(opts->basic, IPA_SERVER);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen DEBUG(0, ("Can't find ipa server, missing option!\n"));
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen DEBUG(1, ("gethostname failed [%d][%s].\n", errno,
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname));
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainenint ipa_get_id_options(struct ipa_options *ipa_opts,
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen /* self check test, this should never fail, unless someone forgot
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen * to properly update the code after new ldap options have been added */
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen DEBUG(0, ("Option numbers do not match (%d != %d)\n",
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen ipa_opts->id = talloc_zero(ipa_opts, struct sdap_options);
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen /* get sdap options */
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen ret = dp_get_options(ipa_opts->id, cdb, conf_path,
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)) {
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen dp_opt_get_string(ipa_opts->basic, IPA_DOMAIN),
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen /* FIXME: get values by querying IPA */
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen /* set search base */
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen value = talloc_asprintf(tmpctx, "cn=accounts,%s", basedn);
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)));
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen /* set the ldap_sasl_authid if the ipa_hostname override was specified */
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_AUTHID)) {
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen hostname = dp_opt_get_string(ipa_opts->basic, IPA_HOSTNAME);
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen value = talloc_asprintf(tmpctx, "host/%s", hostname);
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen ipa_opts->id->basic[SDAP_SASL_AUTHID].opt_name,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_AUTHID)));
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen /* set krb realm */
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)) {
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen realm = dp_opt_get_string(ipa_opts->basic, IPA_DOMAIN);
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen for (i = 0; realm[i]; i++) {
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)));
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen /* fix schema to IPAv1 for now */
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen ipa_opts->id->schema_type = SDAP_SCHEMA_IPA_V1;
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen /* set user/group search bases if they are not specified */
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic,
a78d5bd9772681a232de56b3dd6acefee66cc71bTimo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE,
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
9e1211fd8b7a12b1a4e4c2b7714164e504f127d0Timo Sirainenint ipa_get_auth_options(struct ipa_options *ipa_opts,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen /* self check test, this should never fail, unless someone forgot
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen * to properly update the code after new ldap options have been added */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen DEBUG(0, ("Option numbers do not match (%d != %d)\n",
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ipa_opts->auth = talloc_zero(ipa_opts, struct dp_option);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen /* get krb5 options */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ret = dp_get_options(ipa_opts, cdb, conf_path,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen /* set krb realm */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->auth, KRB5_REALM)) {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen value = dp_opt_get_string(ipa_opts->basic, IPA_DOMAIN);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen for (i = 0; value[i]; i++) {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ret = dp_opt_set_string(ipa_opts->auth, KRB5_REALM, value);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen dp_opt_get_string(ipa_opts->auth, KRB5_REALM)));
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenstatic void ipa_resolve_callback(void *private_data, struct fo_server *server)
d595049948579def2d82718dbce0a6b49a281402Timo Sirainen service = talloc_get_type(private_data, struct ipa_service);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen DEBUG(1, ("FATAL: No hostent available for server (%s)\n",
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen if (inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0],
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen DEBUG(1, ("inet_ntop failed [%d][%s].\n", errno, strerror(errno)));
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen new_uri = talloc_asprintf(service, "ldap://%s", address);
1b33e848e84e6f74aa0e3339c32fa96bc15102a2Timo Sirainen /* free old one and replace with new one */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ret = write_krb5info_file(service->krb5_service->realm, address,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n"));
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainenint ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen service = talloc_zero(tmp_ctx, struct ipa_service);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen service->sdap = talloc_zero(service, struct sdap_service);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen service->krb5_service = talloc_zero(service, struct krb5_service);
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen DEBUG(1, ("Failed to create failover service!\n"));
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen service->sdap->name = talloc_strdup(service, "IPA");
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen service->krb5_service->name = talloc_strdup(service, "IPA");
1358e2c58ce29231485a5cfa454756d429ad3d2cTimo Sirainen for (i = 0; realm[i]; i++) {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen /* split server parm into a list */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen /* now for each one add a new server to the failover service */
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen for (i = 0; list[i]; i++) {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL);
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen ret = be_fo_service_add_callback(memctx, ctx, "IPA",
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen DEBUG(1, ("Failed to add failover callback!\n"));