4
IPA Provider Initialization functions
7
Simo Sorce <ssorce@redhat.com>
9
Copyright (C) 2009 Red Hat
11
This program is free software; you can redistribute it and/or modify
12
it under the terms of the GNU General Public License as published by
13
the Free Software Foundation; either version 3 of the License, or
14
(at your option) any later version.
16
This program is distributed in the hope that it will be useful,
17
but WITHOUT ANY WARRANTY; without even the implied warranty of
18
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19
GNU General Public License for more details.
21
You should have received a copy of the GNU General Public License
22
along with this program. If not, see <http://www.gnu.org/licenses/>.
25
#include <sys/types.h>
30
#include "providers/child_common.h"
31
#include "providers/ipa/ipa_common.h"
32
#include "providers/krb5/krb5_auth.h"
33
#include "providers/ipa/ipa_auth.h"
34
#include "providers/ipa/ipa_access.h"
35
#include "providers/ipa/ipa_dyndns.h"
37
struct ipa_options *ipa_options = NULL;
40
struct bet_ops ipa_id_ops = {
41
.handler = sdap_account_info_handler,
43
.check_online = sdap_check_online
46
struct bet_ops ipa_auth_ops = {
51
struct bet_ops ipa_chpass_ops = {
56
struct bet_ops ipa_access_ops = {
57
.handler = ipa_access_handler,
61
int common_ipa_init(struct be_ctx *bectx)
63
const char *ipa_servers;
66
ret = ipa_get_options(bectx, bectx->cdb,
68
bectx->domain, &ipa_options);
73
ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER);
75
DEBUG(1, ("Missing ipa_server option - using service discovery!\n"));
78
ret = ipa_service_init(ipa_options, bectx, ipa_servers, ipa_options,
79
&ipa_options->service);
81
DEBUG(0, ("Failed to init IPA failover service!\n"));
88
int sssm_ipa_id_init(struct be_ctx *bectx,
92
struct sdap_id_ctx *ctx;
98
ret = common_ipa_init(bectx);
104
if (ipa_options->id_ctx) {
105
/* already initialized */
107
*pvt_data = ipa_options->id_ctx;
111
ctx = talloc_zero(ipa_options, struct sdap_id_ctx);
116
ctx->service = ipa_options->service->sdap;
117
ipa_options->id_ctx = ctx;
119
ret = ipa_get_id_options(ipa_options, bectx->cdb,
126
if(dp_opt_get_bool(ipa_options->basic, IPA_DYNDNS_UPDATE)) {
127
/* Perform automatic DNS updates when the
128
* IP address changes.
129
* Register a callback for successful LDAP
130
* reconnections. This is the easiest way to
131
* identify that we have gone online.
134
/* Ensure that nsupdate exists */
136
ret = stat(NSUPDATE_PATH, &stat_buf);
140
DEBUG(0, ("%s does not exist. Dynamic DNS updates disabled\n",
144
DEBUG(0, ("Could not set up dynamic DNS updates: [%d][%s]\n",
145
err, strerror(err)));
149
/* nsupdate is available. Dynamic updates
152
ret = be_add_online_cb(ctx, ctx->be,
156
DEBUG(1,("Failure setting up automatic DNS update\n"));
157
/* We will continue without DNS updating */
164
ret = setup_tls_config(ctx->opts->basic);
166
DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
167
ret, strerror(ret)));
171
ret = sdap_id_conn_cache_create(ctx, ctx, &ctx->conn_cache);
176
ret = sdap_id_setup_tasks(ctx);
181
ret = setup_child(ctx);
183
DEBUG(1, ("setup_child failed [%d][%s].\n",
184
ret, strerror(ret)));
194
talloc_zfree(ipa_options->id_ctx);
199
int sssm_ipa_auth_init(struct be_ctx *bectx,
200
struct bet_ops **ops,
203
struct ipa_auth_ctx *ipa_auth_ctx;
204
struct krb5_ctx *krb5_auth_ctx;
205
struct sdap_auth_ctx *sdap_auth_ctx;
211
ret = common_ipa_init(bectx);
217
if (ipa_options->auth_ctx) {
218
/* already initialized */
219
*ops = &ipa_auth_ops;
220
*pvt_data = ipa_options->auth_ctx;
224
ipa_auth_ctx = talloc_zero(ipa_options, struct ipa_auth_ctx);
228
ipa_options->auth_ctx = ipa_auth_ctx;
230
ret = dp_copy_options(ipa_auth_ctx, ipa_options->basic,
231
IPA_OPTS_BASIC, &ipa_auth_ctx->ipa_options);
233
DEBUG(1, ("dp_copy_options failed.\n"));
237
krb5_auth_ctx = talloc_zero(ipa_auth_ctx, struct krb5_ctx);
238
if (!krb5_auth_ctx) {
242
krb5_auth_ctx->service = ipa_options->service->krb5_service;
243
ipa_options->auth_ctx->krb5_auth_ctx = krb5_auth_ctx;
245
ret = ipa_get_auth_options(ipa_options, bectx->cdb, bectx->conf_path,
246
&krb5_auth_ctx->opts);
251
sdap_auth_ctx = talloc_zero(ipa_auth_ctx, struct sdap_auth_ctx);
252
if (!sdap_auth_ctx) {
256
sdap_auth_ctx->be = bectx;
257
sdap_auth_ctx->service = ipa_options->service->sdap;
258
ipa_options->auth_ctx->sdap_auth_ctx = sdap_auth_ctx;
260
ret = ipa_get_id_options(ipa_options, bectx->cdb, bectx->conf_path,
261
&sdap_auth_ctx->opts);
266
ret = setup_tls_config(sdap_auth_ctx->opts->basic);
268
DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
269
ret, strerror(ret)));
273
if (dp_opt_get_bool(krb5_auth_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) {
274
ret = init_delayed_online_authentication(krb5_auth_ctx, bectx,
277
DEBUG(1, ("init_delayed_online_authentication failed.\n"));
282
ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain,
285
DEBUG(1, ("check_and_export_opts failed.\n"));
289
ret = krb5_install_offline_callback(bectx, krb5_auth_ctx);
291
DEBUG(1, ("krb5_install_offline_callback failed.\n"));
295
ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx);
297
DEBUG(1, ("krb5_install_sigterm_handler failed.\n"));
301
if (debug_to_file != 0) {
302
ret = open_debug_file_ex("krb5_child", &debug_filep);
304
DEBUG(0, ("Error setting up logging (%d) [%s]\n",
305
ret, strerror(ret)));
309
krb5_auth_ctx->child_debug_fd = fileno(debug_filep);
310
if (krb5_auth_ctx->child_debug_fd == -1) {
311
DEBUG(0, ("fileno failed [%d][%s]\n", errno, strerror(errno)));
316
v = fcntl(krb5_auth_ctx->child_debug_fd, F_GETFD, 0);
317
fcntl(krb5_auth_ctx->child_debug_fd, F_SETFD, v & ~FD_CLOEXEC);
320
*ops = &ipa_auth_ops;
321
*pvt_data = ipa_auth_ctx;
326
talloc_zfree(ipa_options->auth_ctx);
331
int sssm_ipa_chpass_init(struct be_ctx *bectx,
332
struct bet_ops **ops,
336
ret = sssm_ipa_auth_init(bectx, ops, pvt_data);
337
*ops = &ipa_chpass_ops;
341
int sssm_ipa_access_init(struct be_ctx *bectx,
342
struct bet_ops **ops,
346
struct ipa_access_ctx *ipa_access_ctx;
348
ipa_access_ctx = talloc_zero(bectx, struct ipa_access_ctx);
349
if (ipa_access_ctx == NULL) {
350
DEBUG(1, ("talloc_zero failed.\n"));
354
ret = sssm_ipa_id_init(bectx, ops, (void **) &ipa_access_ctx->sdap_ctx);
356
DEBUG(1, ("sssm_ipa_id_init failed.\n"));
360
ret = dp_copy_options(ipa_access_ctx, ipa_options->basic,
361
IPA_OPTS_BASIC, &ipa_access_ctx->ipa_options);
363
DEBUG(1, ("dp_copy_options failed.\n"));
367
*ops = &ipa_access_ops;
368
*pvt_data = ipa_access_ctx;
372
talloc_free(ipa_access_ctx);