dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0025-KRB5-IPA-AD-Add-a-utility-function-to-create-a-krb5_.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   0048be195e664c51eadc681f27b59dc12d1ca8ab
  2.   SOURCES
  3.   0025-KRB5-IPA-AD-Add-a-utility-function-to-create-a-krb5_.patch
Blob History Raw
ca1eb8 
From 95cb7de6221dad54b37f7dd05dbfc3b717168488 Mon Sep 17 00:00:00 2001
ca1eb8 
From: Jakub Hrozek <jhrozek@redhat.com>
ca1eb8 
Date: Mon, 25 Jun 2018 13:08:25 +0200
ca1eb8 
Subject: [PATCH] KRB5/IPA/AD: Add a utility function to create a krb5_service
ca1eb8 
 instance
ca1eb8
ca1eb8 
Each Kerberized provider used hand-crafted copy-paste code to set up its
ca1eb8 
copy of the krb5_service structure. Instead of adding yet another copy in
ca1eb8 
this patchset in the IPA subdomains code, create a utility function instead.
ca1eb8
ca1eb8 
Due to IPA provider first creating the krb5_service in the common setup
ca1eb8 
function, but only later reading the auth options in the auth provider
ca1eb8 
constructor, the code first uses the default true value for the use_kdcinfo
ca1eb8 
flag and then overrides it with the configured value in the auth constructor
ca1eb8 
-- it would be preferable to create the structure with the right value at
ca1eb8 
creation time, but this would require bigger refactoring. Also, the code
ca1eb8 
before this change was even less correct as the flag was initially set the
ca1eb8 
"false" due to the structure being allocated with talloc_zero(). At least
ca1eb8 
now it uses the default value.
ca1eb8
ca1eb8 
Related:
ca1eb8 
https://pagure.io/SSSD/sssd/issue/3291
ca1eb8
ca1eb8 
Reviewed-by: Sumit Bose <sbose@redhat.com>
ca1eb8 
(cherry picked from commit a9a9f39342ebd26425cb1b3baedfea2429d88b04)
ca1eb8 
---
ca1eb8 
 src/providers/ad/ad_common.c     | 26 ++--------------
ca1eb8 
 src/providers/ipa/ipa_common.c   | 35 +++++++++-------------
ca1eb8 
 src/providers/krb5/krb5_common.c | 51 ++++++++++++++++++++++----------
ca1eb8 
 src/providers/krb5/krb5_common.h |  6 ++++
ca1eb8 
 4 files changed, 58 insertions(+), 60 deletions(-)
ca1eb8
ca1eb8 
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
ca1eb8 
index feeb5d09643a02b99be1a387b41842a034a323b8..b103410e5915a380d0404e18da869517e4d4e355 100644
ca1eb8 
--- a/src/providers/ad/ad_common.c
ca1eb8 
+++ b/src/providers/ad/ad_common.c
ca1eb8 
@@ -757,20 +757,14 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
ca1eb8 
         goto done;
ca1eb8 
     }
ca1eb8
ca1eb8 
-    service->krb5_service = talloc_zero(service, struct krb5_service);
ca1eb8 
+    service->krb5_service = krb5_service_new(service, bectx,
ca1eb8 
+                                             ad_service, krb5_realm,
ca1eb8 
+                                             use_kdcinfo);
ca1eb8 
     if (!service->krb5_service) {
ca1eb8 
         ret = ENOMEM;
ca1eb8 
         goto done;
ca1eb8 
     }
ca1eb8
ca1eb8 
-    /* Set flag that controls whether we want to write the
ca1eb8 
-     * kdcinfo files at all
ca1eb8 
-     */
ca1eb8 
-    service->krb5_service->write_kdcinfo = use_kdcinfo;
ca1eb8 
-    DEBUG(SSSDBG_CONF_SETTINGS, "write_kdcinfo for realm %s set to %s\n",
ca1eb8 
-                       krb5_realm,
ca1eb8 
-                       service->krb5_service->write_kdcinfo ? "true" : "false");
ca1eb8 
-
ca1eb8 
     ret = be_fo_add_service(bectx, ad_service, ad_user_data_cmp);
ca1eb8 
     if (ret != EOK) {
ca1eb8 
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
ca1eb8 
@@ -783,12 +777,6 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
ca1eb8 
         goto done;
ca1eb8 
     }
ca1eb8
ca1eb8 
-    service->krb5_service->name = talloc_strdup(service->krb5_service,
ca1eb8 
-                                                ad_service);
ca1eb8 
-    if (!service->krb5_service->name) {
ca1eb8 
-        ret = ENOMEM;
ca1eb8 
-        goto done;
ca1eb8 
-    }
ca1eb8 
     service->sdap->kinit_service_name = service->krb5_service->name;
ca1eb8 
     service->gc->kinit_service_name = service->krb5_service->name;
ca1eb8
ca1eb8 
@@ -797,14 +785,6 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
ca1eb8 
         ret = EINVAL;
ca1eb8 
         goto done;
ca1eb8 
     }
ca1eb8 
-    service->krb5_service->realm =
ca1eb8 
-        talloc_strdup(service->krb5_service, krb5_realm);
ca1eb8 
-    if (!service->krb5_service->realm) {
ca1eb8 
-        ret = ENOMEM;
ca1eb8 
-        goto done;
ca1eb8 
-    }
ca1eb8 
-
ca1eb8 
-    service->krb5_service->be_ctx = bectx;
ca1eb8
ca1eb8 
     if (!primary_servers) {
ca1eb8 
         DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8 
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
ca1eb8 
index dcbb54a744358718e444972b9827ee64887e5e33..5808513bfd570c43bc1712114aabba5749ba0fec 100644
ca1eb8 
--- a/src/providers/ipa/ipa_common.c
ca1eb8 
+++ b/src/providers/ipa/ipa_common.c
ca1eb8 
@@ -965,6 +965,13 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8 
         return ENOMEM;
ca1eb8 
     }
ca1eb8
ca1eb8 
+    realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM);
ca1eb8 
+    if (!realm) {
ca1eb8 
+        DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
ca1eb8 
+        ret = EINVAL;
ca1eb8 
+        goto done;
ca1eb8 
+    }
ca1eb8 
+
ca1eb8 
     service = talloc_zero(tmp_ctx, struct ipa_service);
ca1eb8 
     if (!service) {
ca1eb8 
         ret = ENOMEM;
ca1eb8 
@@ -975,7 +982,13 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8 
         ret = ENOMEM;
ca1eb8 
         goto done;
ca1eb8 
     }
ca1eb8 
-    service->krb5_service = talloc_zero(service, struct krb5_service);
ca1eb8 
+
ca1eb8 
+    service->krb5_service = krb5_service_new(service, ctx,
ca1eb8 
+                                             "IPA", realm,
ca1eb8 
+                                             true); /* The configured value
ca1eb8 
+                                                     * will be set later when
ca1eb8 
+                                                     * the auth provider is set up
ca1eb8 
+                                                     */
ca1eb8 
     if (!service->krb5_service) {
ca1eb8 
         ret = ENOMEM;
ca1eb8 
         goto done;
ca1eb8 
@@ -993,28 +1006,8 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8 
         goto done;
ca1eb8 
     }
ca1eb8
ca1eb8 
-    service->krb5_service->name = talloc_strdup(service, "IPA");
ca1eb8 
-    if (!service->krb5_service->name) {
ca1eb8 
-        ret = ENOMEM;
ca1eb8 
-        goto done;
ca1eb8 
-    }
ca1eb8 
     service->sdap->kinit_service_name = service->krb5_service->name;
ca1eb8
ca1eb8 
-    realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM);
ca1eb8 
-    if (!realm) {
ca1eb8 
-        DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
ca1eb8 
-        ret = EINVAL;
ca1eb8 
-        goto done;
ca1eb8 
-    }
ca1eb8 
-    service->krb5_service->realm =
ca1eb8 
-        talloc_strdup(service->krb5_service, realm);
ca1eb8 
-    if (!service->krb5_service->realm) {
ca1eb8 
-        ret = ENOMEM;
ca1eb8 
-        goto done;
ca1eb8 
-    }
ca1eb8 
-
ca1eb8 
-    service->krb5_service->be_ctx = ctx;
ca1eb8 
-
ca1eb8 
     if (!primary_servers) {
ca1eb8 
         DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8 
               "No primary servers defined, using service discovery\n");
ca1eb8 
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
ca1eb8 
index d064a09ac3726c4185c2fa1eeac76ef6c261d33b..2a50dfec55c29b8d7f8b8751c904977c22aa906a 100644
ca1eb8 
--- a/src/providers/krb5/krb5_common.c
ca1eb8 
+++ b/src/providers/krb5/krb5_common.c
ca1eb8 
@@ -807,6 +807,40 @@ static int krb5_user_data_cmp(void *ud1, void *ud2)
ca1eb8 
     return strcasecmp((char*) ud1, (char*) ud2);
ca1eb8 
 }
ca1eb8
ca1eb8 
+struct krb5_service *krb5_service_new(TALLOC_CTX *mem_ctx,
ca1eb8 
+                                      struct be_ctx *be_ctx,
ca1eb8 
+                                      const char *service_name,
ca1eb8 
+                                      const char *realm,
ca1eb8 
+                                      bool use_kdcinfo)
ca1eb8 
+{
ca1eb8 
+    struct krb5_service *service;
ca1eb8 
+
ca1eb8 
+    service = talloc_zero(mem_ctx, struct krb5_service);
ca1eb8 
+    if (service == NULL) {
ca1eb8 
+        return NULL;
ca1eb8 
+    }
ca1eb8 
+
ca1eb8 
+    service->name = talloc_strdup(service, service_name);
ca1eb8 
+    if (service->name == NULL) {
ca1eb8 
+        talloc_free(service);
ca1eb8 
+        return NULL;
ca1eb8 
+    }
ca1eb8 
+
ca1eb8 
+    service->realm = talloc_strdup(service, realm);
ca1eb8 
+    if (service->realm == NULL) {
ca1eb8 
+        talloc_free(service);
ca1eb8 
+        return NULL;
ca1eb8 
+    }
ca1eb8 
+
ca1eb8 
+    DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8 
+          "write_kdcinfo for realm %s set to %s\n",
ca1eb8 
+          realm,
ca1eb8 
+          use_kdcinfo ? "true" : "false");
ca1eb8 
+    service->write_kdcinfo = use_kdcinfo;
ca1eb8 
+    service->be_ctx = be_ctx;
ca1eb8 
+    return service;
ca1eb8 
+}
ca1eb8 
+
ca1eb8 
 int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8 
                       const char *service_name,
ca1eb8 
                       const char *primary_servers,
ca1eb8 
@@ -824,7 +858,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8 
         return ENOMEM;
ca1eb8 
     }
ca1eb8
ca1eb8 
-    service = talloc_zero(tmp_ctx, struct krb5_service);
ca1eb8 
+    service = krb5_service_new(tmp_ctx, ctx, service_name, realm, use_kdcinfo);
ca1eb8 
     if (!service) {
ca1eb8 
         ret = ENOMEM;
ca1eb8 
         goto done;
ca1eb8 
@@ -836,21 +870,6 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8 
         goto done;
ca1eb8 
     }
ca1eb8
ca1eb8 
-    service->name = talloc_strdup(service, service_name);
ca1eb8 
-    if (!service->name) {
ca1eb8 
-        ret = ENOMEM;
ca1eb8 
-        goto done;
ca1eb8 
-    }
ca1eb8 
-
ca1eb8 
-    service->realm = talloc_strdup(service, realm);
ca1eb8 
-    if (!service->realm) {
ca1eb8 
-        ret = ENOMEM;
ca1eb8 
-        goto done;
ca1eb8 
-    }
ca1eb8 
-
ca1eb8 
-    service->write_kdcinfo = use_kdcinfo;
ca1eb8 
-    service->be_ctx = ctx;
ca1eb8 
-
ca1eb8 
     if (!primary_servers) {
ca1eb8 
         DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8 
               "No primary servers defined, using service discovery\n");
ca1eb8 
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
ca1eb8 
index 3529d740b89fee91281f936fdafd1bdb99e95bd7..1c12d5652ccef7e1738177eedad1c9de543916b7 100644
ca1eb8 
--- a/src/providers/krb5/krb5_common.h
ca1eb8 
+++ b/src/providers/krb5/krb5_common.h
ca1eb8 
@@ -164,6 +164,12 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
ca1eb8 
                             const char *server,
ca1eb8 
                             const char *service);
ca1eb8
ca1eb8 
+struct krb5_service *krb5_service_new(TALLOC_CTX *mem_ctx,
ca1eb8 
+                                      struct be_ctx *be_ctx,
ca1eb8 
+                                      const char *service_name,
ca1eb8 
+                                      const char *realm,
ca1eb8 
+                                      bool use_kdcinfo);
ca1eb8 
+
ca1eb8 
 int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8 
                       const char *service_name,
ca1eb8 
                       const char *primary_servers,
ca1eb8 
--
ca1eb8 
2.17.1
ca1eb8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation