From 20adfff6c0db657d302bd96f986f2e79a8b2d791 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 30 Oct 2020 13:20:46 +0100
Subject: [PATCH 2/6] service: allow to use ldaps for rootDSE lookup
Let the realmd service use ldaps for the rootDSE lookup when requested.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1826964
---
service/realm-disco-dns.c | 10 +++++++---
service/realm-disco-dns.h | 1 +
service/realm-disco-domain.c | 8 +++++++-
service/realm-disco-domain.h | 1 +
service/realm-disco-mscldap.c | 2 +-
service/realm-disco-rootdse.c | 3 ++-
service/realm-disco-rootdse.h | 1 +
service/realm-ldap.c | 5 ++++-
service/realm-ldap.h | 1 +
service/realm-samba-provider.c | 5 ++++-
service/realm-sssd-provider.c | 5 ++++-
11 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/service/realm-disco-dns.c b/service/realm-disco-dns.c
index 446010c..77d5034 100644
--- a/service/realm-disco-dns.c
+++ b/service/realm-disco-dns.c
@@ -32,6 +32,7 @@ typedef struct {
GQueue addresses;
GQueue targets;
gint current_port;
+ gboolean use_ldaps;
gint returned;
DiscoPhase phase;
GResolver *resolver;
@@ -180,7 +181,7 @@ return_or_resolve (RealmDiscoDns *self,
target = g_queue_pop_head (&self->targets);
if (target) {
- self->current_port = g_srv_target_get_port (target);
+ self->current_port = self->use_ldaps ? 636 : g_srv_target_get_port (target);
g_resolver_lookup_by_name_async (self->resolver, g_srv_target_get_hostname (target),
g_task_get_cancellable (task), on_name_resolved,
g_object_ref (task));
@@ -201,7 +202,7 @@ return_or_resolve (RealmDiscoDns *self,
g_resolver_lookup_by_name_async (self->resolver, self->name,
g_task_get_cancellable (task), on_name_resolved,
g_object_ref (task));
- self->current_port = 389;
+ self->current_port = self->use_ldaps ? 636 : 389;
self->phase = PHASE_HOST;
break;
case PHASE_HOST:
@@ -251,6 +252,7 @@ realm_disco_dns_class_init (RealmDiscoDnsClass *klass)
GSocketAddressEnumerator *
realm_disco_dns_enumerate_servers (const gchar *domain_or_server,
+ gboolean use_ldaps,
GDBusMethodInvocation *invocation)
{
RealmDiscoDns *self;
@@ -262,12 +264,14 @@ realm_disco_dns_enumerate_servers (const gchar *domain_or_server,
self = g_object_new (REALM_TYPE_DISCO_DNS, NULL);
self->name = g_hostname_to_ascii (input);
+ self->use_ldaps = use_ldaps;
self->invocation = g_object_ref (invocation);
/* If is an IP, skip resolution */
if (g_hostname_is_ip_address (input)) {
inet = g_inet_address_new_from_string (input);
- g_queue_push_head (&self->addresses, g_inet_socket_address_new (inet, 389));
+ g_queue_push_head (&self->addresses,
+ g_inet_socket_address_new (inet, use_ldaps ? 636 : 389));
g_object_unref (inet);
self->phase = PHASE_HOST;
} else {
diff --git a/service/realm-disco-dns.h b/service/realm-disco-dns.h
index a51777f..5b20fe9 100644
--- a/service/realm-disco-dns.h
+++ b/service/realm-disco-dns.h
@@ -26,6 +26,7 @@ typedef enum {
G_BEGIN_DECLS
GSocketAddressEnumerator * realm_disco_dns_enumerate_servers (const gchar *domain_or_server,
+ gboolean use_ldaps,
GDBusMethodInvocation *invocation);
RealmDiscoDnsHint realm_disco_dns_get_hint (GSocketAddressEnumerator *enumerator);
diff --git a/service/realm-disco-domain.c b/service/realm-disco-domain.c
index 3f0ccb5..fdda8f6 100644
--- a/service/realm-disco-domain.c
+++ b/service/realm-disco-domain.c
@@ -37,6 +37,7 @@ typedef struct _Callback {
typedef struct {
GObject parent;
gchar *input;
+ gboolean use_ldaps;
GCancellable *cancellable;
GDBusMethodInvocation *invocation;
GSocketAddressEnumerator *enumerator;
@@ -206,6 +207,7 @@ on_discover_next_address (GObject *source,
realm_diagnostics_info (self->invocation, "Performing LDAP DSE lookup on: %s", string);
realm_disco_rootdse_async (address, explicit_host,
+ self->use_ldaps,
self->invocation, self->cancellable,
on_discover_rootdse, g_object_ref (self));
self->outstanding++;
@@ -248,6 +250,7 @@ on_cancel_propagate (GCancellable *source,
void
realm_disco_domain_async (const gchar *string,
+ gboolean use_ldaps,
GDBusMethodInvocation *invocation,
GAsyncReadyCallback callback,
gpointer user_data)
@@ -267,8 +270,11 @@ realm_disco_domain_async (const gchar *string,
if (self == NULL) {
self = g_object_new (REALM_TYPE_DISCO_DOMAIN, NULL);
self->input = g_strdup (string);
+ self->use_ldaps = use_ldaps;
self->invocation = g_object_ref (invocation);
- self->enumerator = realm_disco_dns_enumerate_servers (string, invocation);
+ self->enumerator = realm_disco_dns_enumerate_servers (string,
+ use_ldaps,
+ invocation);
g_hash_table_insert (discover_cache, self->input, self);
g_assert (!self->completed);
diff --git a/service/realm-disco-domain.h b/service/realm-disco-domain.h
index 27dcc6c..02d4998 100644
--- a/service/realm-disco-domain.h
+++ b/service/realm-disco-domain.h
@@ -24,6 +24,7 @@
G_BEGIN_DECLS
void realm_disco_domain_async (const gchar *string,
+ gboolean use_ldaps,
GDBusMethodInvocation *invocation,
GAsyncReadyCallback callback,
gpointer user_data);
diff --git a/service/realm-disco-mscldap.c b/service/realm-disco-mscldap.c
index d3d3c10..2504904 100644
--- a/service/realm-disco-mscldap.c
+++ b/service/realm-disco-mscldap.c
@@ -348,7 +348,7 @@ realm_disco_mscldap_async (GSocketAddress *address,
return;
}
- clo->source = realm_ldap_connect_anonymous (address, protocol, cancellable);
+ clo->source = realm_ldap_connect_anonymous (address, protocol, FALSE, cancellable);
g_source_set_callback (clo->source, (GSourceFunc)on_ldap_io,
g_object_ref (task), g_object_unref);
g_source_attach (clo->source, g_task_get_context (task));
diff --git a/service/realm-disco-rootdse.c b/service/realm-disco-rootdse.c
index 7614071..4ed19e5 100644
--- a/service/realm-disco-rootdse.c
+++ b/service/realm-disco-rootdse.c
@@ -452,6 +452,7 @@ on_ldap_io (LDAP *ldap,
void
realm_disco_rootdse_async (GSocketAddress *address,
const gchar *explicit_server,
+ gboolean use_ldaps,
GDBusMethodInvocation *invocation,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -473,7 +474,7 @@ realm_disco_rootdse_async (GSocketAddress *address,
g_task_set_task_data (task, clo, closure_free);
clo->source = realm_ldap_connect_anonymous (address, G_SOCKET_PROTOCOL_TCP,
- cancellable);
+ use_ldaps, cancellable);
g_source_set_callback (clo->source, (GSourceFunc)on_ldap_io,
g_object_ref (task), g_object_unref);
g_source_attach (clo->source, g_task_get_context (task));
diff --git a/service/realm-disco-rootdse.h b/service/realm-disco-rootdse.h
index e024c84..7b21960 100644
--- a/service/realm-disco-rootdse.h
+++ b/service/realm-disco-rootdse.h
@@ -21,6 +21,7 @@
void realm_disco_rootdse_async (GSocketAddress *address,
const gchar *explicit_server,
+ gboolean use_ldaps,
GDBusMethodInvocation *invocation,
GCancellable *cancellable,
GAsyncReadyCallback callback,
diff --git a/service/realm-ldap.c b/service/realm-ldap.c
index 7831b5b..28c5c8a 100644
--- a/service/realm-ldap.c
+++ b/service/realm-ldap.c
@@ -183,6 +183,7 @@ int ldap_init_fd (ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap
GSource *
realm_ldap_connect_anonymous (GSocketAddress *address,
GSocketProtocol protocol,
+ gboolean use_ldaps,
GCancellable *cancellable)
{
GSource *source;
@@ -238,7 +239,9 @@ realm_ldap_connect_anonymous (GSocketAddress *address,
if (!g_unix_set_fd_nonblocking (ls->sock, FALSE, NULL))
g_warning ("couldn't set to blocking");
- url = g_strdup_printf ("ldap://%s:%d", addrname, port);
+ url = g_strdup_printf ("%s://%s:%d",
+ use_ldaps ? "ldaps" : "ldap",
+ addrname, port);
rc = ldap_init_fd (ls->sock, 1, url, &ls->ldap);
g_free (url);
diff --git a/service/realm-ldap.h b/service/realm-ldap.h
index 263f72a..0f9f40e 100644
--- a/service/realm-ldap.h
+++ b/service/realm-ldap.h
@@ -37,6 +37,7 @@ typedef GIOCondition (* RealmLdapCallback) (LDAP *ldap,
GSource * realm_ldap_connect_anonymous (GSocketAddress *address,
GSocketProtocol protocol,
+ gboolean use_ldaps,
GCancellable *cancellable);
void realm_ldap_set_condition (GSource *source,
diff --git a/service/realm-samba-provider.c b/service/realm-samba-provider.c
index 9b489ce..de9f5e6 100644
--- a/service/realm-samba-provider.c
+++ b/service/realm-samba-provider.c
@@ -27,6 +27,7 @@
#include "realm-samba-enroll.h"
#include "realm-samba-provider.h"
#include "realm-samba-winbind.h"
+#include "realm-options.h"
#include <glib/gstdio.h>
@@ -121,7 +122,9 @@ realm_samba_provider_discover_async (RealmProvider *provider,
g_task_return_pointer (task, NULL, NULL);
} else {
- realm_disco_domain_async (string, invocation,
+ realm_disco_domain_async (string,
+ realm_option_use_ldaps (options),
+ invocation,
on_ad_discover, g_object_ref (task));
}
diff --git a/service/realm-sssd-provider.c b/service/realm-sssd-provider.c
index 7ac0645..db183c0 100644
--- a/service/realm-sssd-provider.c
+++ b/service/realm-sssd-provider.c
@@ -26,6 +26,7 @@
#include "realm-sssd-ipa.h"
#include "realm-sssd-provider.h"
#include "realm-sssd-config.h"
+#include "realm-options.h"
#include <glib/gstdio.h>
@@ -140,7 +141,9 @@ realm_sssd_provider_discover_async (RealmProvider *provider,
g_task_return_pointer (task, NULL, NULL);
} else {
- realm_disco_domain_async (string, invocation, on_kerberos_discover,
+ realm_disco_domain_async (string,
+ realm_option_use_ldaps (options),
+ invocation, on_kerberos_discover,
g_object_ref (task));
}
--
2.26.2