|
 |
cd9052 |
From 20adfff6c0db657d302bd96f986f2e79a8b2d791 Mon Sep 17 00:00:00 2001
|
|
|
cd9052 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
cd9052 |
Date: Fri, 30 Oct 2020 13:20:46 +0100
|
|
|
cd9052 |
Subject: [PATCH 2/6] service: allow to use ldaps for rootDSE lookup
|
|
|
cd9052 |
|
|
|
cd9052 |
Let the realmd service use ldaps for the rootDSE lookup when requested.
|
|
|
cd9052 |
|
|
|
cd9052 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1826964
|
|
|
cd9052 |
---
|
|
|
cd9052 |
service/realm-disco-dns.c | 10 +++++++---
|
|
|
cd9052 |
service/realm-disco-dns.h | 1 +
|
|
|
cd9052 |
service/realm-disco-domain.c | 8 +++++++-
|
|
|
cd9052 |
service/realm-disco-domain.h | 1 +
|
|
|
cd9052 |
service/realm-disco-mscldap.c | 2 +-
|
|
|
cd9052 |
service/realm-disco-rootdse.c | 3 ++-
|
|
|
cd9052 |
service/realm-disco-rootdse.h | 1 +
|
|
|
cd9052 |
service/realm-ldap.c | 5 ++++-
|
|
|
cd9052 |
service/realm-ldap.h | 1 +
|
|
|
cd9052 |
service/realm-samba-provider.c | 5 ++++-
|
|
|
cd9052 |
service/realm-sssd-provider.c | 5 ++++-
|
|
|
cd9052 |
11 files changed, 33 insertions(+), 9 deletions(-)
|
|
|
cd9052 |
|
|
|
cd9052 |
diff --git a/service/realm-disco-dns.c b/service/realm-disco-dns.c
|
|
|
cd9052 |
index 446010c..77d5034 100644
|
|
|
cd9052 |
--- a/service/realm-disco-dns.c
|
|
|
cd9052 |
+++ b/service/realm-disco-dns.c
|
|
|
cd9052 |
@@ -32,6 +32,7 @@ typedef struct {
|
|
|
cd9052 |
GQueue addresses;
|
|
|
cd9052 |
GQueue targets;
|
|
|
cd9052 |
gint current_port;
|
|
|
cd9052 |
+ gboolean use_ldaps;
|
|
|
cd9052 |
gint returned;
|
|
|
cd9052 |
DiscoPhase phase;
|
|
|
cd9052 |
GResolver *resolver;
|
|
|
cd9052 |
@@ -180,7 +181,7 @@ return_or_resolve (RealmDiscoDns *self,
|
|
|
cd9052 |
|
|
|
cd9052 |
target = g_queue_pop_head (&self->targets);
|
|
|
cd9052 |
if (target) {
|
|
|
cd9052 |
- self->current_port = g_srv_target_get_port (target);
|
|
|
cd9052 |
+ self->current_port = self->use_ldaps ? 636 : g_srv_target_get_port (target);
|
|
|
cd9052 |
g_resolver_lookup_by_name_async (self->resolver, g_srv_target_get_hostname (target),
|
|
|
cd9052 |
g_task_get_cancellable (task), on_name_resolved,
|
|
|
cd9052 |
g_object_ref (task));
|
|
|
cd9052 |
@@ -201,7 +202,7 @@ return_or_resolve (RealmDiscoDns *self,
|
|
|
cd9052 |
g_resolver_lookup_by_name_async (self->resolver, self->name,
|
|
|
cd9052 |
g_task_get_cancellable (task), on_name_resolved,
|
|
|
cd9052 |
g_object_ref (task));
|
|
|
cd9052 |
- self->current_port = 389;
|
|
|
cd9052 |
+ self->current_port = self->use_ldaps ? 636 : 389;
|
|
|
cd9052 |
self->phase = PHASE_HOST;
|
|
|
cd9052 |
break;
|
|
|
cd9052 |
case PHASE_HOST:
|
|
|
cd9052 |
@@ -251,6 +252,7 @@ realm_disco_dns_class_init (RealmDiscoDnsClass *klass)
|
|
|
cd9052 |
|
|
|
cd9052 |
GSocketAddressEnumerator *
|
|
|
cd9052 |
realm_disco_dns_enumerate_servers (const gchar *domain_or_server,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation)
|
|
|
cd9052 |
{
|
|
|
cd9052 |
RealmDiscoDns *self;
|
|
|
cd9052 |
@@ -262,12 +264,14 @@ realm_disco_dns_enumerate_servers (const gchar *domain_or_server,
|
|
|
cd9052 |
|
|
|
cd9052 |
self = g_object_new (REALM_TYPE_DISCO_DNS, NULL);
|
|
|
cd9052 |
self->name = g_hostname_to_ascii (input);
|
|
|
cd9052 |
+ self->use_ldaps = use_ldaps;
|
|
|
cd9052 |
self->invocation = g_object_ref (invocation);
|
|
|
cd9052 |
|
|
|
cd9052 |
/* If is an IP, skip resolution */
|
|
|
cd9052 |
if (g_hostname_is_ip_address (input)) {
|
|
|
cd9052 |
inet = g_inet_address_new_from_string (input);
|
|
|
cd9052 |
- g_queue_push_head (&self->addresses, g_inet_socket_address_new (inet, 389));
|
|
|
cd9052 |
+ g_queue_push_head (&self->addresses,
|
|
|
cd9052 |
+ g_inet_socket_address_new (inet, use_ldaps ? 636 : 389));
|
|
|
cd9052 |
g_object_unref (inet);
|
|
|
cd9052 |
self->phase = PHASE_HOST;
|
|
|
cd9052 |
} else {
|
|
|
cd9052 |
diff --git a/service/realm-disco-dns.h b/service/realm-disco-dns.h
|
|
|
cd9052 |
index a51777f..5b20fe9 100644
|
|
|
cd9052 |
--- a/service/realm-disco-dns.h
|
|
|
cd9052 |
+++ b/service/realm-disco-dns.h
|
|
|
cd9052 |
@@ -26,6 +26,7 @@ typedef enum {
|
|
|
cd9052 |
G_BEGIN_DECLS
|
|
|
cd9052 |
|
|
|
cd9052 |
GSocketAddressEnumerator * realm_disco_dns_enumerate_servers (const gchar *domain_or_server,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation);
|
|
|
cd9052 |
|
|
|
cd9052 |
RealmDiscoDnsHint realm_disco_dns_get_hint (GSocketAddressEnumerator *enumerator);
|
|
|
cd9052 |
diff --git a/service/realm-disco-domain.c b/service/realm-disco-domain.c
|
|
|
cd9052 |
index 3f0ccb5..fdda8f6 100644
|
|
|
cd9052 |
--- a/service/realm-disco-domain.c
|
|
|
cd9052 |
+++ b/service/realm-disco-domain.c
|
|
|
cd9052 |
@@ -37,6 +37,7 @@ typedef struct _Callback {
|
|
|
cd9052 |
typedef struct {
|
|
|
cd9052 |
GObject parent;
|
|
|
cd9052 |
gchar *input;
|
|
|
cd9052 |
+ gboolean use_ldaps;
|
|
|
cd9052 |
GCancellable *cancellable;
|
|
|
cd9052 |
GDBusMethodInvocation *invocation;
|
|
|
cd9052 |
GSocketAddressEnumerator *enumerator;
|
|
|
cd9052 |
@@ -206,6 +207,7 @@ on_discover_next_address (GObject *source,
|
|
|
cd9052 |
|
|
|
cd9052 |
realm_diagnostics_info (self->invocation, "Performing LDAP DSE lookup on: %s", string);
|
|
|
cd9052 |
realm_disco_rootdse_async (address, explicit_host,
|
|
|
cd9052 |
+ self->use_ldaps,
|
|
|
cd9052 |
self->invocation, self->cancellable,
|
|
|
cd9052 |
on_discover_rootdse, g_object_ref (self));
|
|
|
cd9052 |
self->outstanding++;
|
|
|
cd9052 |
@@ -248,6 +250,7 @@ on_cancel_propagate (GCancellable *source,
|
|
|
cd9052 |
|
|
|
cd9052 |
void
|
|
|
cd9052 |
realm_disco_domain_async (const gchar *string,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
gpointer user_data)
|
|
|
cd9052 |
@@ -267,8 +270,11 @@ realm_disco_domain_async (const gchar *string,
|
|
|
cd9052 |
if (self == NULL) {
|
|
|
cd9052 |
self = g_object_new (REALM_TYPE_DISCO_DOMAIN, NULL);
|
|
|
cd9052 |
self->input = g_strdup (string);
|
|
|
cd9052 |
+ self->use_ldaps = use_ldaps;
|
|
|
cd9052 |
self->invocation = g_object_ref (invocation);
|
|
|
cd9052 |
- self->enumerator = realm_disco_dns_enumerate_servers (string, invocation);
|
|
|
cd9052 |
+ self->enumerator = realm_disco_dns_enumerate_servers (string,
|
|
|
cd9052 |
+ use_ldaps,
|
|
|
cd9052 |
+ invocation);
|
|
|
cd9052 |
|
|
|
cd9052 |
g_hash_table_insert (discover_cache, self->input, self);
|
|
|
cd9052 |
g_assert (!self->completed);
|
|
|
cd9052 |
diff --git a/service/realm-disco-domain.h b/service/realm-disco-domain.h
|
|
|
cd9052 |
index 27dcc6c..02d4998 100644
|
|
|
cd9052 |
--- a/service/realm-disco-domain.h
|
|
|
cd9052 |
+++ b/service/realm-disco-domain.h
|
|
|
cd9052 |
@@ -24,6 +24,7 @@
|
|
|
cd9052 |
G_BEGIN_DECLS
|
|
|
cd9052 |
|
|
|
cd9052 |
void realm_disco_domain_async (const gchar *string,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
gpointer user_data);
|
|
|
cd9052 |
diff --git a/service/realm-disco-mscldap.c b/service/realm-disco-mscldap.c
|
|
|
cd9052 |
index d3d3c10..2504904 100644
|
|
|
cd9052 |
--- a/service/realm-disco-mscldap.c
|
|
|
cd9052 |
+++ b/service/realm-disco-mscldap.c
|
|
|
cd9052 |
@@ -348,7 +348,7 @@ realm_disco_mscldap_async (GSocketAddress *address,
|
|
|
cd9052 |
return;
|
|
|
cd9052 |
}
|
|
|
cd9052 |
|
|
|
cd9052 |
- clo->source = realm_ldap_connect_anonymous (address, protocol, cancellable);
|
|
|
cd9052 |
+ clo->source = realm_ldap_connect_anonymous (address, protocol, FALSE, cancellable);
|
|
|
cd9052 |
g_source_set_callback (clo->source, (GSourceFunc)on_ldap_io,
|
|
|
cd9052 |
g_object_ref (task), g_object_unref);
|
|
|
cd9052 |
g_source_attach (clo->source, g_task_get_context (task));
|
|
|
cd9052 |
diff --git a/service/realm-disco-rootdse.c b/service/realm-disco-rootdse.c
|
|
|
cd9052 |
index 7614071..4ed19e5 100644
|
|
|
cd9052 |
--- a/service/realm-disco-rootdse.c
|
|
|
cd9052 |
+++ b/service/realm-disco-rootdse.c
|
|
|
cd9052 |
@@ -452,6 +452,7 @@ on_ldap_io (LDAP *ldap,
|
|
|
cd9052 |
void
|
|
|
cd9052 |
realm_disco_rootdse_async (GSocketAddress *address,
|
|
|
cd9052 |
const gchar *explicit_server,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GCancellable *cancellable,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
@@ -473,7 +474,7 @@ realm_disco_rootdse_async (GSocketAddress *address,
|
|
|
cd9052 |
g_task_set_task_data (task, clo, closure_free);
|
|
|
cd9052 |
|
|
|
cd9052 |
clo->source = realm_ldap_connect_anonymous (address, G_SOCKET_PROTOCOL_TCP,
|
|
|
cd9052 |
- cancellable);
|
|
|
cd9052 |
+ use_ldaps, cancellable);
|
|
|
cd9052 |
g_source_set_callback (clo->source, (GSourceFunc)on_ldap_io,
|
|
|
cd9052 |
g_object_ref (task), g_object_unref);
|
|
|
cd9052 |
g_source_attach (clo->source, g_task_get_context (task));
|
|
|
cd9052 |
diff --git a/service/realm-disco-rootdse.h b/service/realm-disco-rootdse.h
|
|
|
cd9052 |
index e024c84..7b21960 100644
|
|
|
cd9052 |
--- a/service/realm-disco-rootdse.h
|
|
|
cd9052 |
+++ b/service/realm-disco-rootdse.h
|
|
|
cd9052 |
@@ -21,6 +21,7 @@
|
|
|
cd9052 |
|
|
|
cd9052 |
void realm_disco_rootdse_async (GSocketAddress *address,
|
|
|
cd9052 |
const gchar *explicit_server,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GCancellable *cancellable,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
diff --git a/service/realm-ldap.c b/service/realm-ldap.c
|
|
|
cd9052 |
index 7831b5b..28c5c8a 100644
|
|
|
cd9052 |
--- a/service/realm-ldap.c
|
|
|
cd9052 |
+++ b/service/realm-ldap.c
|
|
|
cd9052 |
@@ -183,6 +183,7 @@ int ldap_init_fd (ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap
|
|
|
cd9052 |
GSource *
|
|
|
cd9052 |
realm_ldap_connect_anonymous (GSocketAddress *address,
|
|
|
cd9052 |
GSocketProtocol protocol,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GCancellable *cancellable)
|
|
|
cd9052 |
{
|
|
|
cd9052 |
GSource *source;
|
|
|
cd9052 |
@@ -238,7 +239,9 @@ realm_ldap_connect_anonymous (GSocketAddress *address,
|
|
|
cd9052 |
if (!g_unix_set_fd_nonblocking (ls->sock, FALSE, NULL))
|
|
|
cd9052 |
g_warning ("couldn't set to blocking");
|
|
|
cd9052 |
|
|
|
cd9052 |
- url = g_strdup_printf ("ldap://%s:%d", addrname, port);
|
|
|
cd9052 |
+ url = g_strdup_printf ("%s://%s:%d",
|
|
|
cd9052 |
+ use_ldaps ? "ldaps" : "ldap",
|
|
|
cd9052 |
+ addrname, port);
|
|
|
cd9052 |
rc = ldap_init_fd (ls->sock, 1, url, &ls->ldap);
|
|
|
cd9052 |
g_free (url);
|
|
|
cd9052 |
|
|
|
cd9052 |
diff --git a/service/realm-ldap.h b/service/realm-ldap.h
|
|
|
cd9052 |
index 263f72a..0f9f40e 100644
|
|
|
cd9052 |
--- a/service/realm-ldap.h
|
|
|
cd9052 |
+++ b/service/realm-ldap.h
|
|
|
cd9052 |
@@ -37,6 +37,7 @@ typedef GIOCondition (* RealmLdapCallback) (LDAP *ldap,
|
|
|
cd9052 |
|
|
|
cd9052 |
GSource * realm_ldap_connect_anonymous (GSocketAddress *address,
|
|
|
cd9052 |
GSocketProtocol protocol,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GCancellable *cancellable);
|
|
|
cd9052 |
|
|
|
cd9052 |
void realm_ldap_set_condition (GSource *source,
|
|
|
cd9052 |
diff --git a/service/realm-samba-provider.c b/service/realm-samba-provider.c
|
|
|
cd9052 |
index 9b489ce..de9f5e6 100644
|
|
|
cd9052 |
--- a/service/realm-samba-provider.c
|
|
|
cd9052 |
+++ b/service/realm-samba-provider.c
|
|
|
cd9052 |
@@ -27,6 +27,7 @@
|
|
|
cd9052 |
#include "realm-samba-enroll.h"
|
|
|
cd9052 |
#include "realm-samba-provider.h"
|
|
|
cd9052 |
#include "realm-samba-winbind.h"
|
|
|
cd9052 |
+#include "realm-options.h"
|
|
|
cd9052 |
|
|
|
cd9052 |
#include <glib/gstdio.h>
|
|
|
cd9052 |
|
|
|
cd9052 |
@@ -121,7 +122,9 @@ realm_samba_provider_discover_async (RealmProvider *provider,
|
|
|
cd9052 |
g_task_return_pointer (task, NULL, NULL);
|
|
|
cd9052 |
|
|
|
cd9052 |
} else {
|
|
|
cd9052 |
- realm_disco_domain_async (string, invocation,
|
|
|
cd9052 |
+ realm_disco_domain_async (string,
|
|
|
cd9052 |
+ realm_option_use_ldaps (options),
|
|
|
cd9052 |
+ invocation,
|
|
|
cd9052 |
on_ad_discover, g_object_ref (task));
|
|
|
cd9052 |
}
|
|
|
cd9052 |
|
|
|
cd9052 |
diff --git a/service/realm-sssd-provider.c b/service/realm-sssd-provider.c
|
|
|
cd9052 |
index 7ac0645..db183c0 100644
|
|
|
cd9052 |
--- a/service/realm-sssd-provider.c
|
|
|
cd9052 |
+++ b/service/realm-sssd-provider.c
|
|
|
cd9052 |
@@ -26,6 +26,7 @@
|
|
|
cd9052 |
#include "realm-sssd-ipa.h"
|
|
|
cd9052 |
#include "realm-sssd-provider.h"
|
|
|
cd9052 |
#include "realm-sssd-config.h"
|
|
|
cd9052 |
+#include "realm-options.h"
|
|
|
cd9052 |
|
|
|
cd9052 |
#include <glib/gstdio.h>
|
|
|
cd9052 |
|
|
|
cd9052 |
@@ -140,7 +141,9 @@ realm_sssd_provider_discover_async (RealmProvider *provider,
|
|
|
cd9052 |
g_task_return_pointer (task, NULL, NULL);
|
|
|
cd9052 |
|
|
|
cd9052 |
} else {
|
|
|
cd9052 |
- realm_disco_domain_async (string, invocation, on_kerberos_discover,
|
|
|
cd9052 |
+ realm_disco_domain_async (string,
|
|
|
cd9052 |
+ realm_option_use_ldaps (options),
|
|
|
cd9052 |
+ invocation, on_kerberos_discover,
|
|
|
cd9052 |
g_object_ref (task));
|
|
|
cd9052 |
}
|
|
|
cd9052 |
|
|
|
cd9052 |
--
|
|
|
cd9052 |
2.26.2
|
|
|
cd9052 |
|