Line data Source code
1 : /*
2 : SSSD
3 :
4 : Authors:
5 : Stephen Gallagher <sgallagh@redhat.com>
6 :
7 : Copyright (C) 2012 Red Hat
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include <fcntl.h>
24 :
25 : #include "providers/krb5/krb5_common.h"
26 : #include "providers/krb5/krb5_auth.h"
27 : #include "providers/krb5/krb5_utils.h"
28 : #include "providers/krb5/krb5_init_shared.h"
29 :
30 0 : errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
31 : struct be_ctx *bectx)
32 : {
33 : errno_t ret;
34 0 : time_t renew_intv = 0;
35 : krb5_deltat renew_interval_delta;
36 : char *renew_interval_str;
37 :
38 0 : if (dp_opt_get_bool(krb5_auth_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) {
39 0 : ret = init_delayed_online_authentication(krb5_auth_ctx, bectx,
40 : bectx->ev);
41 0 : if (ret != EOK) {
42 0 : DEBUG(SSSDBG_CRIT_FAILURE,
43 : "init_delayed_online_authentication failed.\n");
44 0 : goto done;
45 : }
46 : }
47 0 : renew_interval_str = dp_opt_get_string(krb5_auth_ctx->opts,
48 : KRB5_RENEW_INTERVAL);
49 0 : if (renew_interval_str != NULL) {
50 0 : ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta);
51 0 : if (ret != EOK) {
52 0 : DEBUG(SSSDBG_MINOR_FAILURE,
53 : "Reading krb5_renew_interval failed.\n");
54 0 : renew_interval_delta = 0;
55 : }
56 0 : renew_intv = renew_interval_delta;
57 : }
58 :
59 0 : if (renew_intv > 0) {
60 0 : ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv);
61 0 : if (ret != EOK) {
62 0 : DEBUG(SSSDBG_CRIT_FAILURE, "init_renew_tgt failed.\n");
63 0 : goto done;
64 : }
65 : }
66 :
67 0 : ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain,
68 : krb5_auth_ctx);
69 0 : if (ret != EOK) {
70 0 : DEBUG(SSSDBG_CRIT_FAILURE, "check_and_export_opts failed.\n");
71 0 : goto done;
72 : }
73 :
74 0 : ret = krb5_install_offline_callback(bectx, krb5_auth_ctx);
75 0 : if (ret != EOK) {
76 0 : DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n");
77 0 : goto done;
78 : }
79 :
80 0 : ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx);
81 0 : if (ret != EOK) {
82 0 : DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n");
83 0 : goto done;
84 : }
85 :
86 0 : krb5_auth_ctx->child_debug_fd = -1; /* -1 means not initialized */
87 0 : ret = child_debug_init(KRB5_CHILD_LOG_FILE,
88 : &krb5_auth_ctx->child_debug_fd);
89 0 : if (ret != EOK) {
90 0 : DEBUG(SSSDBG_OP_FAILURE, "Could not set krb5_child debugging!\n");
91 0 : goto done;
92 : }
93 :
94 0 : ret = parse_krb5_map_user(krb5_auth_ctx,
95 : dp_opt_get_cstring(krb5_auth_ctx->opts,
96 : KRB5_MAP_USER),
97 : &krb5_auth_ctx->name_to_primary);
98 0 : if (ret != EOK) {
99 0 : DEBUG(SSSDBG_OP_FAILURE, "parse_krb5_map_user failed: %s:[%d]\n",
100 : sss_strerror(ret), ret);
101 0 : goto done;
102 : }
103 :
104 0 : ret = EOK;
105 :
106 : done:
107 0 : return ret;
108 : }
|
