providers/krb5/krb5_init_shared.c

3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher/*
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    SSSD
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    Authors:
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        Stephen Gallagher <sgallagh@redhat.com>
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    Copyright (C) 2012 Red Hat
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    This program is free software; you can redistribute it and/or modify
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    it under the terms of the GNU General Public License as published by
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    the Free Software Foundation; either version 3 of the License, or
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    (at your option) any later version.
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    This program is distributed in the hope that it will be useful,
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    but WITHOUT ANY WARRANTY; without even the implied warranty of
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    GNU General Public License for more details.
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    You should have received a copy of the GNU General Public License
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    along with this program.  If not, see <http://www.gnu.org/licenses/>.
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher*/
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher#include <fcntl.h>
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher#include "providers/krb5/krb5_common.h"
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher#include "providers/krb5/krb5_auth.h"
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl#include "providers/krb5/krb5_utils.h"
5cd4414fce1e0eb4133dfc6fc828bf25c8a959f9Lukas Slebodnik#include "providers/krb5/krb5_init_shared.h"
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallaghererrno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher                        struct be_ctx *bectx)
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher{
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    errno_t ret;
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria    time_t renew_intv = 0;
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria    krb5_deltat renew_interval_delta;
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria    char *renew_interval_str;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    if (dp_opt_get_bool(krb5_auth_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) {
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        ret = init_delayed_online_authentication(krb5_auth_ctx, bectx,
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher                                                 bectx->ev);
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        if (ret != EOK) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov            DEBUG(SSSDBG_CRIT_FAILURE,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov                  "init_delayed_online_authentication failed.\n");
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher            goto done;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    }
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria    renew_interval_str = dp_opt_get_string(krb5_auth_ctx->opts,
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria                         KRB5_RENEW_INTERVAL);
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria    if (renew_interval_str != NULL) {
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria        ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta);
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria        if (ret != EOK) {
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria            DEBUG(SSSDBG_MINOR_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                 "Reading krb5_renew_interval failed.\n");
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria            renew_interval_delta = 0;
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria        }
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria        renew_intv = renew_interval_delta;
1b171c456ff901ab622e44bcfd213f7de86fd787Ariel Barria    }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    if (renew_intv > 0) {
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv);
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        if (ret != EOK) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov            DEBUG(SSSDBG_CRIT_FAILURE, "init_renew_tgt failed.\n");
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher            goto done;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
7e394400eefd0e7c5ba0c64ab3fa28bee21ef2d7Sumit Bose    ret = sss_krb5_check_options(krb5_auth_ctx->opts, bectx->domain,
7e394400eefd0e7c5ba0c64ab3fa28bee21ef2d7Sumit Bose                                 krb5_auth_ctx);
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    if (ret != EOK) {
7e394400eefd0e7c5ba0c64ab3fa28bee21ef2d7Sumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_check_options failed.\n");
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        goto done;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    ret = krb5_install_offline_callback(bectx, krb5_auth_ctx);
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    if (ret != EOK) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n");
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        goto done;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx);
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    if (ret != EOK) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n");
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher        goto done;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek    krb5_auth_ctx->child_debug_fd = -1; /* -1 means not initialized */
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek    ret = child_debug_init(KRB5_CHILD_LOG_FILE,
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek                           &krb5_auth_ctx->child_debug_fd);
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek    if (ret != EOK) {
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek        DEBUG(SSSDBG_OP_FAILURE, "Could not set krb5_child debugging!\n");
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek        goto done;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    }
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl    ret = parse_krb5_map_user(krb5_auth_ctx,
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl                              dp_opt_get_cstring(krb5_auth_ctx->opts,
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl                                                 KRB5_MAP_USER),
b34ffbf33729c557c3d1aebf4707ad0ffe4f1904Petr Čech                              bectx->domain->name,
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl                              &krb5_auth_ctx->name_to_primary);
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl    if (ret != EOK) {
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl        DEBUG(SSSDBG_OP_FAILURE, "parse_krb5_map_user failed: %s:[%d]\n",
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl              sss_strerror(ret), ret);
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl        goto done;
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl    }
aa8a8318aaa3270e9d9957d0c22dec6342360a37Pavel Reichl
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek    ret = EOK;
77b13371c87702aee3f858f6b2b73826cf5a01bdJakub Hrozek
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagherdone:
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher    return ret;
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher}