ad_init.c revision 483728c1f9719e419830cce93b7e411370a5364b
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding Stephen Gallagher <sgallagh@redhat.com>
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding Copyright (C) 2012 Red Hat
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding This program is free software; you can redistribute it and/or modify
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding it under the terms of the GNU General Public License as published by
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding the Free Software Foundation; either version 3 of the License, or
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding (at your option) any later version.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding This program is distributed in the hope that it will be useful,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding but WITHOUT ANY WARRANTY; without even the implied warranty of
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding GNU General Public License for more details.
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding You should have received a copy of the GNU General Public License
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding along with this program. If not, see <http://www.gnu.org/licenses/>.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingstatic int ad_sasl_getopt(void *context, const char *plugin_name,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding const char *option,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingtypedef int (*sss_sasl_gen_cb_fn)(void);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding { SASL_CB_GETOPT, (sss_sasl_gen_cb_fn)ad_sasl_getopt, NULL },
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding/* This is quite a hack, we *try* to fool openldap libraries by initializing
b8dd12594991e5c275d82fca865d13c5f9775f4efielding * sasl first so we can pass in the SASL_CB_GETOPT callback we need to set some
b8dd12594991e5c275d82fca865d13c5f9775f4efielding * options. Should be removed as soon as openldap exposes a way to do that */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingstatic void ad_sasl_initialize(void)
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* NOTE: this may fail if soe other library in the system happens to
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * initialize and use openldap libraries or directly the cyrus-sasl
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * library as this initialization function can be called only once per
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * process */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* Get AD-specific options */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ("Could not parse common options: [%s]\n",
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* Set up the failover service */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ret = ad_failover_init(ad_options, bectx, ad_servers, ad_backup_servers, ad_realm,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ("Failed to init AD failover service: [%s]\n",
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding const char *hostname;
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* already initialized */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ret = ad_dyndns_init(ad_ctx->sdap_id_ctx->be, ad_options);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ("Failure setting up automatic DNS update\n"));
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* Continue without DNS updates */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ("setup_child failed [%d][%s].\n",
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* Set up various SDAP options */
2eaf6dbe7ea643b3a2b8e1973d9684fac6372c46trawick /* Set up the ID mapping object */
7431131ef5bf15f103cf5f338407ccabb716c0c0rbb ret = sdap_idmap_init(ad_ctx->sdap_id_ctx, ad_ctx->sdap_id_ctx,
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm ret = setup_tls_config(ad_ctx->sdap_id_ctx->opts->basic);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ("setup_tls_config failed [%s]\n", strerror(ret)));
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* setup SRV lookup plugin */
b8dd12594991e5c275d82fca865d13c5f9775f4efielding hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES)) {
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* use AD plugin */
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN);
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm srv_ctx = ad_srv_plugin_ctx_init(bectx, bectx->be_res,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding be_fo_set_srv_lookup_plugin(bectx, ad_srv_plugin_send,
0a09a4a642f7c0d367598394411dbdd4a6d8cd09fielding /* fall back to standard plugin */
goto done;
done:
return ret;
void **pvt_data)
if (!ad_options) {
return ret;
return EOK;
if (!krb5_auth_ctx) {
goto done;
goto done;
goto done;
done:
return ret;
void **pvt_data)
if (!ad_options) {
return ret;
return EOK;
return ret;
void **pvt_data)
goto fail;
goto fail;
goto fail;
return EOK;
fail:
return ret;
void **pvt_data)
int ret;
const char *ad_domain;
return ret;
return EINVAL;
return ret;
return EOK;