From 4ce58767770898094b92cdb2e999c89a73514c09 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 23 Feb 2011 17:40:44 +0100 Subject: [PATCH] Use realm for basedn instead of IPA domain --- src/providers/ipa/ipa_access.c | 2 +- src/providers/ipa/ipa_auth.c | 12 ++++++------ src/providers/ipa/ipa_common.c | 8 +++++++- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 02b0a77..f07eb7b 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -74,7 +74,7 @@ static char *get_hbac_search_base(TALLOC_CTX *mem_ctx, DEBUG(9, ("ipa_hbac_search_base not available, trying base DN.\n")); ret = domain_to_basedn(mem_ctx, - dp_opt_get_string(ipa_options, IPA_DOMAIN), + dp_opt_get_string(ipa_options, IPA_KRB5_REALM), &base); if (ret != EOK) { DEBUG(1, ("domain_to_basedn failed.\n")); diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index eb7f291..d8d8ad5 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -46,7 +46,7 @@ struct get_password_migration_flag_state { struct sdap_handle *sh; enum sdap_result result; struct fo_server *srv; - char *ipa_domain; + char *ipa_realm; bool password_migration; }; @@ -56,13 +56,13 @@ static void get_password_migration_flag_done(struct tevent_req *subreq); static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_auth_ctx *sdap_auth_ctx, - char *ipa_domain) + char *ipa_realm) { int ret; struct tevent_req *req, *subreq; struct get_password_migration_flag_state *state; - if (sdap_auth_ctx == NULL || ipa_domain == NULL) { + if (sdap_auth_ctx == NULL || ipa_realm == NULL) { DEBUG(1, ("Missing parameter.\n")); return NULL; } @@ -80,7 +80,7 @@ static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx, state->result = SDAP_ERROR; state->srv = NULL; state->password_migration = false; - state->ipa_domain = ipa_domain; + state->ipa_realm = ipa_realm; /* We request to use StartTLS here, because if password migration is * enabled we will use this connection for authentication, too. */ @@ -126,7 +126,7 @@ static void get_password_migration_flag_auth_done(struct tevent_req *subreq) return; } - ret = domain_to_basedn(state, state->ipa_domain, &ldap_basedn); + ret = domain_to_basedn(state, state->ipa_realm, &ldap_basedn); if (ret != EOK) { DEBUG(1, ("domain_to_basedn failed.\n")); tevent_req_error(req, ret); @@ -311,7 +311,7 @@ static void ipa_auth_handler_done(struct tevent_req *req) state->ipa_auth_ctx->sdap_auth_ctx, dp_opt_get_string( state->ipa_auth_ctx->ipa_options, - IPA_DOMAIN)); + IPA_KRB5_REALM)); if (req == NULL) { DEBUG(1, ("get_password_migration_flag failed.\n")); goto done; diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 397e418..5b65e7f 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -273,7 +273,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } ret = domain_to_basedn(tmpctx, - dp_opt_get_string(ipa_opts->basic, IPA_DOMAIN), + dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM), &basedn); if (ret != EOK) { goto done; @@ -673,6 +673,12 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, service->krb5_service->realm[i] = toupper(service->krb5_service->realm[i]); } + + ret = dp_opt_set_string(options->basic, IPA_KRB5_REALM, + service->krb5_service->realm); + if (ret != EOK) { + goto done; + } } if (!servers) { -- 1.7.4