summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2013-06-12 13:44:19 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-16 12:53:14 +0200
commit03713859dffacc7142393e53c73d8d4cf7dee8d5 (patch)
tree2f2f78ac3e5bdab356465da3715ef9dad515105a
parent9f1106573a4fca41b99a468d06fa392486faf43c (diff)
downloadsssd-03713859dffacc7142393e53c73d8d4cf7dee8d5.tar.gz
sssd-03713859dffacc7142393e53c73d8d4cf7dee8d5.tar.bz2
sssd-03713859dffacc7142393e53c73d8d4cf7dee8d5.zip
subdomains: touch krb5.conf when creating new domain-realm mappings
https://fedorahosted.org/sssd/ticket/1815
-rw-r--r--configure.ac1
-rw-r--r--src/conf_macros.m413
-rw-r--r--src/providers/ipa/ipa_subdomains.c8
-rw-r--r--src/util/sss_krb5.c22
-rw-r--r--src/util/sss_krb5.h3
5 files changed, 47 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index e63e6787..7eeee2e2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,6 +110,7 @@ WITH_XML_CATALOG
WITH_KRB5_PLUGIN_PATH
WITH_KRB5_RCACHE_DIR
WITH_KRB5AUTHDATA_PLUGIN_PATH
+WITH_KRB5_CONF
WITH_PYTHON_BINDINGS
WITH_SELINUX
WITH_NSCD
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index c72b3dd7..1dd29603 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -291,6 +291,19 @@ AC_DEFUN([WITH_KRB5AUTHDATA_PLUGIN_PATH],
AC_SUBST(krb5authdatapluginpath)
])
+AC_DEFUN([WITH_KRB5_CONF],
+ [ AC_ARG_WITH([krb5_conf],
+ [AC_HELP_STRING([--with-krb5-conf=PATH], [Path to krb5.conf file [/etc/krb5.conf]])
+ ]
+ )
+
+ KRB5_CONF_PATH="${sysconfdir}/krb5.conf"
+ if test x"$with_krb5_conf" != x; then
+ KRB5_CONF_PATH=$with_krb5_conf
+ fi
+ AC_DEFINE_UNQUOTED([KRB5_CONF_PATH], ["$KRB5_CONF_PATH"], [KRB5 configuration file])
+ ])
+
AC_DEFUN([WITH_PYTHON_BINDINGS],
[ AC_ARG_WITH([python-bindings],
[AC_HELP_STRING([--with-python-bindings],
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 18878ae3..881f27c5 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -382,6 +382,14 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain)
goto done;
}
+ /* touch krb5.conf to ensure that new mappings are loaded */
+ ret = sss_krb5_touch_config();
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time "
+ "of krb5.conf. Created mappings may not be loaded.\n"));
+ /* just continue */
+ }
+
ret = EOK;
done:
if (fstream) {
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 674e9fcd..74db98fe 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <errno.h>
#include <talloc.h>
+#include <utime.h>
#include "config.h"
@@ -1176,3 +1177,24 @@ done:
return ENOTSUP;
#endif
}
+
+errno_t sss_krb5_touch_config(void)
+{
+ const char *config = NULL;
+ errno_t ret;
+
+ config = getenv("KRB5_CONFIG");
+ if (config == NULL) {
+ config = KRB5_CONF_PATH;
+ }
+
+ ret = utime(config, NULL);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" "
+ "[%d]: %s\n", config, strerror(ret)));
+ return ret;
+ }
+
+ return EOK;
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 5fe7178c..9bae2f92 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -191,4 +191,7 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
krb5_principal client_principal,
krb5_keytab keytab,
krb5_authdata ***_pac_authdata);
+
+errno_t sss_krb5_touch_config(void);
+
#endif /* __SSS_KRB5_H__ */