[Freeipa-devel] [PATCH] bynd-dyndb-ldap: Add separate keytab principal option
Adam Tkac
atkac at redhat.com
Mon Jan 3 14:05:23 UTC 2011
On Tue, Dec 21, 2010 at 08:36:17PM -0500, Simo Sorce wrote:
>
> Attached find a patch in the proper git format.
>
> Adam can you push it if you think it is ok ?
I added "#include <unistd.h>" into the ldap_helper.c to fix
following warning:
ldap_helper.c: In function 'new_ldap_instance':
ldap_helper.c:394:5: warning: implicit declaration of function 'gethostname'
Now patch looks fine for me, thank you. I've pushed it.
Regards, Adam
> From fa819bc901963bdb2ab5a1da2841f809598c28a3 Mon Sep 17 00:00:00 2001
> From: Zoran Pericic <zpericic at inet.hr>
> Date: Tue, 21 Dec 2010 20:12:10 -0500
> Subject: [PATCH] Use separate variables for sasl_user and krb5_principal
>
> ---
> src/ldap_helper.c | 31 +++++++++++++++++++++++++------
> 1 files changed, 25 insertions(+), 6 deletions(-)
>
> diff --git a/src/ldap_helper.c b/src/ldap_helper.c
> index 5eed8afba7a275a6ebb3a28c707639516ba9af41..134a3e899bd413a8146dd19a68ab30fc26cec269 100644
> --- a/src/ldap_helper.c
> +++ b/src/ldap_helper.c
> @@ -128,6 +128,7 @@ struct ldap_instance {
> ldap_auth_t auth_method;
> ld_string_t *bind_dn;
> ld_string_t *password;
> + ld_string_t *krb5_principal;
> ld_string_t *sasl_mech;
> ld_string_t *sasl_user;
> ld_string_t *sasl_auth_name;
> @@ -293,6 +294,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
> { "auth_method", default_string("none") },
> { "bind_dn", default_string("") },
> { "password", default_string("") },
> + { "krb5_principal", default_string("") },
> { "sasl_mech", default_string("GSSAPI") },
> { "sasl_user", default_string("") },
> { "sasl_auth_name", default_string("") },
> @@ -330,6 +332,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
> CHECK(str_new(mctx, &ldap_inst->base));
> CHECK(str_new(mctx, &ldap_inst->bind_dn));
> CHECK(str_new(mctx, &ldap_inst->password));
> + CHECK(str_new(mctx, &ldap_inst->krb5_principal));
> CHECK(str_new(mctx, &ldap_inst->sasl_mech));
> CHECK(str_new(mctx, &ldap_inst->sasl_user));
> CHECK(str_new(mctx, &ldap_inst->sasl_auth_name));
> @@ -346,6 +349,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
> ldap_settings[i++].target = auth_method_str;
> ldap_settings[i++].target = ldap_inst->bind_dn;
> ldap_settings[i++].target = ldap_inst->password;
> + ldap_settings[i++].target = ldap_inst->krb5_principal;
> ldap_settings[i++].target = ldap_inst->sasl_mech;
> ldap_settings[i++].target = ldap_inst->sasl_user;
> ldap_settings[i++].target = ldap_inst->sasl_auth_name;
> @@ -382,11 +386,25 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
> /* check we have the right data when SASL/GSSAPI is selected */
> if ((ldap_inst->auth_method == AUTH_SASL) &&
> (str_casecmp_char(ldap_inst->sasl_mech, "GSSAPI") == 0)) {
> - if ((ldap_inst->sasl_user == NULL) ||
> - (str_len(ldap_inst->sasl_user) == 0)) {
> - log_error("Sasl mech GSSAPI defined but sasl_user is empty");
> - result = ISC_R_FAILURE;
> - goto cleanup;
> + if ((ldap_inst->krb5_principal == NULL) ||
> + (str_len(ldap_inst->krb5_principal) == 0)) {
> + if ((ldap_inst->sasl_user == NULL) ||
> + (str_len(ldap_inst->sasl_user) == 0)) {
> + char hostname[255];
> + if (gethostname(hostname, 255) != 0) {
> + log_error("SASL mech GSSAPI defined but krb5_principal"
> + "and sasl_user are empty. Could not get hostname");
> + result = ISC_R_FAILURE;
> + goto cleanup;
> + } else {
> + str_sprintf(ldap_inst->krb5_principal, "DNS/%s", hostname);
> + log_debug(2, "SASL mech GSSAPI defined but krb5_principal"
> + "and sasl_user are empty, using default %s",
> + str_buf(ldap_inst->krb5_principal));
> + }
> + } else {
> + str_copy(ldap_inst->krb5_principal, ldap_inst->sasl_user);
> + }
> }
> }
>
> @@ -447,6 +465,7 @@ destroy_ldap_instance(ldap_instance_t **ldap_instp)
> str_destroy(&ldap_inst->base);
> str_destroy(&ldap_inst->bind_dn);
> str_destroy(&ldap_inst->password);
> + str_destroy(&ldap_inst->krb5_principal);
> str_destroy(&ldap_inst->sasl_mech);
> str_destroy(&ldap_inst->sasl_user);
> str_destroy(&ldap_inst->sasl_auth_name);
> @@ -1618,7 +1637,7 @@ ldap_reconnect(ldap_connection_t *ldap_conn)
> isc_result_t result;
> LOCK(&ldap_inst->kinit_lock);
> result = get_krb5_tgt(ldap_inst->mctx,
> - str_buf(ldap_inst->sasl_user),
> + str_buf(ldap_inst->krb5_principal),
> str_buf(ldap_inst->krb5_keytab));
> UNLOCK(&ldap_inst->kinit_lock);
> if (result != ISC_R_SUCCESS)
> --
> 1.7.3.3
>
--
Adam Tkac, Red Hat, Inc.
More information about the Freeipa-devel
mailing list