On Wed, Jun 26, 2013 at 11:37:04PM +0200, Jakub Hrozek wrote:
I'm sorry for this bug, I initially tested on a VM where I
manually
created the domain-realm mappings but then forgot to remove them. The
attached patches install domain-realm mappings in the same way IPA
provider does.
If these patches are accepted, I will open a bug for realmd to include
the /var/lib/sss/pubconf/krb5.include.d directory in krb5.conf by default.
... and maybe some time in the future there will be even a plugin
interface for MIT Kerberos.
From be90166ee5e0bfd2599a6ee98f0a9a1180573b3a Mon Sep 17 00:00:00
2001
From: Jakub Hrozek <jhrozek(a)redhat.com>
Date: Wed, 26 Jun 2013 22:39:41 +0200
Subject: [PATCH 1/2] IPA: Move the code to write domain mappings to
domain_info_utils.c
This makes the code reusable
---
src/providers/ipa/ipa_subdomains.c | 190 +++++--------------------------------
src/util/domain_info_utils.c | 154 ++++++++++++++++++++++++++++++
src/util/util.h | 2 +
3 files changed, 182 insertions(+), 164 deletions(-)
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 881f27c5d83f03a7e3bb1afb74fee765906e9148..2300249ca941f5d6e71348a44fc512aae5abea86
100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -49,9 +49,6 @@
#define IPA_SUBDOMAIN_REFRESH_PERIOD (3600 * 4)
#define IPA_SUBDOMAIN_DISABLED_PERIOD 3600
-/* the directory domain - realm mappings are written to */
-#define IPA_SUBDOMAIN_MAPPING_DIR PUBCONF_PATH"/krb5.include.d"
-
enum ipa_subdomains_req_type {
IPA_SUBDOMAINS_MASTER,
IPA_SUBDOMAINS_SLAVE,
@@ -114,6 +111,29 @@ const char *get_flat_name_from_subdomain_name(struct be_ctx
*be_ctx,
return NULL;
}
+static errno_t
+ipa_write_subdom_mappings(struct sss_domain_info *domain)
+{
+ errno_t ret;
+
+ ret = sss_write_domain_mappings(domain);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, ("couldn't write domain-realm
mappings\n"));
+ }
+
+ /* Some mappings might have been written, touch krb5.conf */
+
+ /* touch krb5.conf to ensure that new mappings are loaded */
+ ret = sss_krb5_touch_config();
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time
"
+ "of krb5.conf. Created mappings may not be loaded.\n"));
+ return ret;
+ }
+
+ return EOK;
+}
+
Would it be possible to move this to src/util/domain_info_utils.c as
well? The corresponding AD call looks quite similar.
bye,
Sumit