rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bc0fb19593
sssd/0011-subdomains-touch-krb5.conf-when-creating-new-domain-.patch
Jakub Hrozek ba06c0ac1d Apply a number of patches from upstream to fix issues found post-beta 
In particular:
-- segfault with a high DEBUG level
-- Fix IPA password migration (upstream #1873)
-- Fix fail over when retrying SRV resolution (upstream #1886)
2013-06-16 13:12:37 +02:00

123 lines
3.9 KiB
Diff
Raw Blame History

From 03713859dffacc7142393e53c73d8d4cf7dee8d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 12 Jun 2013 13:44:19 +0200
Subject: [PATCH 11/12] subdomains: touch krb5.conf when creating new
domain-realm mappings
https://fedorahosted.org/sssd/ticket/1815
---
configure.ac | 1 +
src/conf_macros.m4 | 13 +++++++++++++
src/providers/ipa/ipa_subdomains.c | 8 ++++++++
src/util/sss_krb5.c | 22 ++++++++++++++++++++++
src/util/sss_krb5.h | 3 +++
5 files changed, 47 insertions(+)
diff --git a/configure.ac b/configure.ac
index e63e678705ee059b984612a6ffab1a10a4f7e7f8..7eeee2e2a069b2c4f7a3408798740cb7aba88513 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,6 +110,7 @@ WITH_XML_CATALOG
WITH_KRB5_PLUGIN_PATH
WITH_KRB5_RCACHE_DIR
WITH_KRB5AUTHDATA_PLUGIN_PATH
+WITH_KRB5_CONF
WITH_PYTHON_BINDINGS
WITH_SELINUX
WITH_NSCD
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index c72b3dd73d5a3eac76c17d8ce2568088f78cfcb3..1dd296039719fb29b2dbd40710fe7428ef417e16 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -291,6 +291,19 @@ AC_DEFUN([WITH_KRB5AUTHDATA_PLUGIN_PATH],
AC_SUBST(krb5authdatapluginpath)
])
+AC_DEFUN([WITH_KRB5_CONF],
+ [ AC_ARG_WITH([krb5_conf],
+ [AC_HELP_STRING([--with-krb5-conf=PATH], [Path to krb5.conf file [/etc/krb5.conf]])
+ ]
+ )
+
+ KRB5_CONF_PATH="${sysconfdir}/krb5.conf"
+ if test x"$with_krb5_conf" != x; then
+ KRB5_CONF_PATH=$with_krb5_conf
+ fi
+ AC_DEFINE_UNQUOTED([KRB5_CONF_PATH], ["$KRB5_CONF_PATH"], [KRB5 configuration file])
+ ])
+
AC_DEFUN([WITH_PYTHON_BINDINGS],
[ AC_ARG_WITH([python-bindings],
[AC_HELP_STRING([--with-python-bindings],
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 18878ae33dc014639cfce0be54f9ca3a44c4ddbb..881f27c5d83f03a7e3bb1afb74fee765906e9148 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -382,6 +382,14 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain)
goto done;
}
+ /* touch krb5.conf to ensure that new mappings are loaded */
+ ret = sss_krb5_touch_config();
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time "
+ "of krb5.conf. Created mappings may not be loaded.\n"));
+ /* just continue */
+ }
+
ret = EOK;
done:
if (fstream) {
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 674e9fcdd99e3d1df26b0db9854a80a6e3870d33..74db98fe9ee4cba858de5b459f0a5540003c63f8 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <errno.h>
#include <talloc.h>
+#include <utime.h>
#include "config.h"
@@ -1176,3 +1177,24 @@ done:
return ENOTSUP;
#endif
}
+
+errno_t sss_krb5_touch_config(void)
+{
+ const char *config = NULL;
+ errno_t ret;
+
+ config = getenv("KRB5_CONFIG");
+ if (config == NULL) {
+ config = KRB5_CONF_PATH;
+ }
+
+ ret = utime(config, NULL);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" "
+ "[%d]: %s\n", config, strerror(ret)));
+ return ret;
+ }
+
+ return EOK;
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 5fe7178c1aed8afaa9d85be99dd91634e0cedb36..9bae2f92b6d132ffd2631773deee4e9c56ad483d 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -191,4 +191,7 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
krb5_principal client_principal,
krb5_keytab keytab,
krb5_authdata ***_pac_authdata);
+
+errno_t sss_krb5_touch_config(void);
+
#endif /* __SSS_KRB5_H__ */
--
1.8.2.1
Reference in New Issue View Git Blame Copy Permalink