Hi. Apologies, I have been working in ticket #570 and I send for your comments before the send a patch final. I was reviewing where else needs to change and I find this places 1 - krb5_auth.c ---> tevent_req *krb5_auth_send( 2 - krb5_utils.c ---> char *expand_ccname_template( 3 - ipa_dyndns.c ---> int create_nsupdate_message( This correct?
https://fedorahosted.org/sssd/ticket/570 Thanks
From 618123dc2a5714484fcbf6f34a4bb36f574ae15a Mon Sep 17 00:00:00 2001 From: "Ariel O. Barria" <[email protected]> Date: Mon, 26 Nov 2012 11:54:56 -0500 Subject: [PATCH] fall back to defaults from krb5.conf if the realm is not specified explicitly in sssd.conf --- src/providers/krb5/krb5_common.c | 35 +++++++++++++++++++++++++++++++---- src/providers/krb5/krb5_init.c | 35 ++++++++++++++++++++++++++++++++--- 2 files changed, 63 insertions(+), 7 deletions(-) diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index ed2fffae1bcaef9274e0f54278f9e4d9a17c41c3..02da28cfdeb626679f53be8601c274ef4678eedf 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -772,7 +772,14 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, { int ret; struct remove_info_files_ctx *ctx; - const char *krb5_realm; + char *krb5_realm; + char *default_realm = NULL; + krb5_error_code kerr = 0; + krb5_context krb_ctx = NULL; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) return ENOMEM; if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) { DEBUG(1, ("Missing KDC service name!\n")); @@ -785,12 +792,32 @@ errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, return ENOMEM; } + kerr = krb5_init_context(&krb_ctx); + if (kerr) { + DEBUG(SSSDBG_OP_FAILURE, ("Failed to init kerberos context\n")); + return kerr; + } + krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(1, ("Missing krb5_realm option!\n")); - ret = EINVAL; - goto done; + DEBUG(SSSDBG_OP_FAILURE, + ("Missing krb5_realm option, will use libkrb default\n")); + kerr = krb5_get_default_realm(krb_ctx, &default_realm); + if (kerr) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Failed to get default realm name: %s\n", + sss_krb5_get_error_message(krb_ctx, kerr))); + ret = kerr; + goto done; + } + krb5_realm = talloc_strdup(tmp_ctx, default_realm); + krb5_free_default_realm(krb_ctx, default_realm); + if (!krb5_realm) { + ret = KRB5KRB_ERR_GENERIC; + goto done; + } } + DEBUG(SSSDBG_TRACE_INTERNAL, ("got krb5_realm: [%s]\n", krb5_realm)); ctx->realm = talloc_strdup(ctx, krb5_realm); if (ctx->realm == NULL) { diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index a7b06fdf1004aa6199196ae2d1433e49eb4d0e46..de7ba71f9c77da4ea0cafdd6ac1bef0c779a163e 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -64,10 +64,17 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, const char *krb5_backup_servers; const char *krb5_kpasswd_servers; const char *krb5_backup_kpasswd_servers; - const char *krb5_realm; + char *krb5_realm; + char *default_realm = NULL; const char *errstr; int errval; int errpos; + krb5_error_code kerr = 0; + krb5_context krb_ctx = NULL; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL);// + if (tmp_ctx == NULL) return ENOMEM; if (krb5_options == NULL) { krb5_options = talloc_zero(bectx, struct krb5_options); @@ -102,11 +109,32 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC); + kerr = krb5_init_context(&krb_ctx); + if (kerr) { + DEBUG(SSSDBG_OP_FAILURE, ("Failed to init kerberos context\n")); + return kerr; + } + krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { - DEBUG(0, ("Missing krb5_realm option!\n")); - return EINVAL; + DEBUG(SSSDBG_OP_FAILURE, + ("Missing krb5_realm option, will use libkrb default\n")); + kerr = krb5_get_default_realm(krb_ctx, &default_realm); + if (kerr) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Failed to get default realm name: %s\n", + sss_krb5_get_error_message(krb_ctx, kerr))); + ret = kerr; + goto fail; + } + krb5_realm = talloc_strdup(tmp_ctx, default_realm); + krb5_free_default_realm(krb_ctx, default_realm); + if (!krb5_realm) { + ret = KRB5KRB_ERR_GENERIC; + goto fail; + } } + DEBUG(SSSDBG_TRACE_INTERNAL, ("got krb5_realm: [%s]\n", krb5_realm)); ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers, krb5_backup_servers, krb5_realm, &ctx->service); @@ -164,6 +192,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, fail: talloc_zfree(krb5_options->auth_ctx); + if (krb_ctx) krb5_free_context(krb_ctx); return ret; } -- 1.7.11.7
_______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
