diff options
Diffstat (limited to 'src/util/domain_info_utils.c')
| -rw-r--r-- | src/util/domain_info_utils.c | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index 4af967cf..9d7bb5f5 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -336,9 +336,10 @@ sss_krb5_touch_config(void) } errno_t -sss_write_domain_mappings(struct sss_domain_info *domain) +sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths) { struct sss_domain_info *dom; + struct sss_domain_info *parent_dom; errno_t ret; errno_t err; TALLOC_CTX *tmp_ctx; @@ -349,6 +350,9 @@ sss_write_domain_mappings(struct sss_domain_info *domain) mode_t old_mode; FILE *fstream = NULL; int i; + bool capaths_started; + char *uc_forest; + char *uc_parent; if (domain == NULL || domain->name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n")); @@ -434,6 +438,51 @@ sss_write_domain_mappings(struct sss_domain_info *domain) } } + if (add_capaths) { + capaths_started = false; + parent_dom = domain; + uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name); + if (uc_parent == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); + ret = ENOMEM; + goto done; + } + + for (dom = get_next_domain(domain, true); + dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */ + dom = get_next_domain(dom, false)) { + + if (dom->forest == NULL) { + continue; + } + + uc_forest = get_uppercase_realm(tmp_ctx, dom->forest); + if (uc_forest == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); + ret = ENOMEM; + goto done; + } + + if (!capaths_started) { + ret = fprintf(fstream, "[capaths]\n"); + if (ret < 0) { + DEBUG(SSSDBG_OP_FAILURE, ("fprintf failed\n")); + ret = EIO; + goto done; + } + capaths_started = true; + } + + ret = fprintf(fstream, "%s = {\n %s = %s\n}\n%s = {\n %s = %s\n}\n", + dom->realm, uc_parent, uc_forest, + uc_parent, dom->realm, uc_forest); + if (ret < 0) { + DEBUG(SSSDBG_CRIT_FAILURE, ("fprintf failed\n")); + goto done; + } + } + } + ret = fclose(fstream); fstream = NULL; if (ret != 0) { |