sbus: remove be context from sbus_cli_connect code

This is a steps towards new implementation of new failover mechanism.
The new code will reuse sdap_cli_connect to connect to the LDAP server
but it will not use any be resolver stuff. This patch moves be resolver
usage one level up so the connection code can be easily reused.

It also moves kinit before connecting to LDAP into a separate,
standalone step (previously it was connect -> kinit -> sasl bind,
now it is kinit -> connect -> sasl bind).

Author: pbrezina

src/providers/ipa/ipa_auth.c

@@ -329,11 +329,11 @@ static void ipa_pam_auth_handler_flag_done(struct tevent_req *subreq)
 
     if (password_migration) {
         sdap_auth_ctx = state->auth_ctx->sdap_auth_ctx;
-        subreq = sdap_cli_connect_send(state, state->ev,
-                                       sdap_auth_ctx->opts,
-                                       sdap_auth_ctx->be,
-                                       sdap_auth_ctx->service,
-                                       true, CON_TLS_ON, true);
+        subreq = sdap_cli_resolve_and_connect_send(state, state->ev,
+                                                   sdap_auth_ctx->opts,
+                                                   sdap_auth_ctx->be,
+                                                   sdap_auth_ctx->service,
+                                                   true, CON_TLS_ON, true);
         if (subreq == NULL) {
             state->pd->pam_status = PAM_SYSTEM_ERR;
             goto done;
@@ -373,7 +373,7 @@ static void ipa_pam_auth_handler_connect_done(struct tevent_req *subreq)
 
     state->pd->pam_status = PAM_SYSTEM_ERR;
 
-    ret = sdap_cli_connect_recv(subreq, state, NULL, &sh, NULL);
+    ret = sdap_cli_resolve_and_connect_recv(subreq, state, NULL, &sh, NULL);
     talloc_free(subreq);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "Cannot connect to LDAP server to perform "

src/providers/ldap/ldap_auth.c

@@ -797,11 +797,12 @@ static struct tevent_req *auth_connect_send(struct tevent_req *req)
         use_tls = false;
     }
 
-    subreq = sdap_cli_connect_send(state, state->ev, state->ctx->opts,
-                                   state->ctx->be,
-                                   state->sdap_service, false,
-                                   use_tls ? CON_TLS_ON : CON_TLS_OFF,
-                                   skip_conn_auth);
+    subreq = sdap_cli_resolve_and_connect_send(state, state->ev,
+                                               state->ctx->opts,
+                                               state->ctx->be,
+                                               state->sdap_service, false,
+                                               use_tls ? CON_TLS_ON : CON_TLS_OFF,
+                                               skip_conn_auth);
 
     if (subreq == NULL) {
         tevent_req_error(req, ENOMEM);
@@ -850,16 +851,18 @@ static void auth_connect_done(struct tevent_req *subreq)
                                                     struct auth_state);
     int ret;
 
-    ret = sdap_cli_connect_recv(subreq, state, NULL, &state->sh, NULL);
+    ret = sdap_cli_resolve_and_connect_recv(subreq, state, NULL, &state->sh,
+                                            NULL);
     talloc_zfree(subreq);
     if (ret != EOK) {
-        /* As sdap_cli_connect_recv() returns EIO in case all the servers are
-         * down and we have to go offline, let's treat it accordingly here and
-         * allow the PAM responder to switch to offline authentication.
+        /* As sdap_cli_resolve_and_connect_recv() returns EIO in case all the
+         * servers are down and we have to go offline, let's treat it
+         * accordingly here and allow the PAM responder to switch to offline
+         * authentication.
          *
          * Unfortunately, there's not much pattern within our code and the way
-         * to indicate we're going down in this part of the code is returning
-         * an ETIMEDOUT.
+         * to indicate we're going down in this part of the code is returning an
+         * ETIMEDOUT.
          */
         if (ret == EIO) {
             tevent_req_error(req, ETIMEDOUT);

src/providers/ldap/sdap_async.h

@@ -213,17 +213,37 @@ enum connect_tls {
 struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx,
                                          struct tevent_context *ev,
                                          struct sdap_options *opts,
-                                         struct be_ctx *be,
-                                         struct sdap_service *service,
+                                         const char *uri,
+                                         struct sockaddr *sockaddr,
+                                         socklen_t sockaddr_len,
                                          bool skip_rootdse,
                                          enum connect_tls force_tls,
-                                         bool skip_auth);
+                                         bool skip_auth,
+                                         time_t kinit_expire_time);
+
 int sdap_cli_connect_recv(struct tevent_req *req,
                           TALLOC_CTX *memctx,
-                          bool *can_retry,
                           struct sdap_handle **gsh,
                           struct sdap_server_opts **srv_opts);
 
+struct tevent_req *
+sdap_cli_resolve_and_connect_send(TALLOC_CTX *mem_ctx,
+                                  struct tevent_context *ev,
+                                  struct sdap_options *opts,
+                                  struct be_ctx *be,
+                                  struct sdap_service *service,
+                                  bool skip_rootdse,
+                                  enum connect_tls force_tls,
+                                  bool skip_auth);
+
+errno_t
+sdap_cli_resolve_and_connect_recv(struct tevent_req *req,
+                                  TALLOC_CTX *memctx,
+                                  bool *can_retry,
+                                  struct sdap_handle **gsh,
+                                  struct sdap_server_opts **srv_opts);
+
+
 /* Exposes all options of generic send while allowing to parse by map */
 struct tevent_req *sdap_get_and_parse_generic_send(TALLOC_CTX *memctx,
                                                    struct tevent_context *ev,