Re: [SSSD] [PATCH] AD: Write out domain-realm mappings

Thu, 27 Jun 2013 00:54:29 -0700 

On Wed, Jun 26, 2013 at 11:37:04PM +0200, Jakub Hrozek wrote:
> I'm sorry for this bug, I initially tested on a VM where I manually
> created the domain-realm mappings but then forgot to remove them. The
> attached patches install domain-realm mappings in the same way IPA
> provider does.
> 
> If these patches are accepted, I will open a bug for realmd to include
> the /var/lib/sss/pubconf/krb5.include.d directory in krb5.conf by default.

... and maybe some time in the future there will be even a plugin
interface for MIT Kerberos.


> From be90166ee5e0bfd2599a6ee98f0a9a1180573b3a Mon Sep 17 00:00:00 2001
> From: Jakub Hrozek <jhro...@redhat.com>
> Date: Wed, 26 Jun 2013 22:39:41 +0200
> Subject: [PATCH 1/2] IPA: Move the code to write domain mappings to
>  domain_info_utils.c
> 
> This makes the code reusable
> ---
>  src/providers/ipa/ipa_subdomains.c | 190 
> +++++--------------------------------
>  src/util/domain_info_utils.c       | 154 ++++++++++++++++++++++++++++++
>  src/util/util.h                    |   2 +
>  3 files changed, 182 insertions(+), 164 deletions(-)
> 
> diff --git a/src/providers/ipa/ipa_subdomains.c 
> b/src/providers/ipa/ipa_subdomains.c
> index 
> 881f27c5d83f03a7e3bb1afb74fee765906e9148..2300249ca941f5d6e71348a44fc512aae5abea86
>  100644
> --- a/src/providers/ipa/ipa_subdomains.c
> +++ b/src/providers/ipa/ipa_subdomains.c
> @@ -49,9 +49,6 @@
>  #define IPA_SUBDOMAIN_REFRESH_PERIOD (3600 * 4)
>  #define IPA_SUBDOMAIN_DISABLED_PERIOD 3600
>  
> -/* the directory domain - realm mappings are written to */
> -#define IPA_SUBDOMAIN_MAPPING_DIR PUBCONF_PATH"/krb5.include.d"
> -
>  enum ipa_subdomains_req_type {
>      IPA_SUBDOMAINS_MASTER,
>      IPA_SUBDOMAINS_SLAVE,
> @@ -114,6 +111,29 @@ const char *get_flat_name_from_subdomain_name(struct 
> be_ctx *be_ctx,
>      return NULL;
>  }
>  
> +static errno_t
> +ipa_write_subdom_mappings(struct sss_domain_info *domain)
> +{
> +    errno_t ret;
> +
> +    ret = sss_write_domain_mappings(domain);
> +    if (ret) {
> +        DEBUG(SSSDBG_OP_FAILURE, ("couldn't write domain-realm mappings\n"));
> +    }
> +
> +    /* Some mappings might have been written, touch krb5.conf */
> +
> +    /* touch krb5.conf to ensure that new mappings are loaded */
> +    ret = sss_krb5_touch_config();
> +    if (ret != EOK) {
> +        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time 
> "
> +              "of krb5.conf. Created mappings may not be loaded.\n"));
> +        return ret;
> +    }
> +
> +    return EOK;
> +}
> +

Would it be possible to move this to src/util/domain_info_utils.c as
well? The corresponding AD call looks quite similar.

bye,
Sumit
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to