From 03713859dffacc7142393e53c73d8d4cf7dee8d5 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Wed, 12 Jun 2013 13:44:19 +0200
Subject: subdomains: touch krb5.conf when creating new domain-realm mappings

https://fedorahosted.org/sssd/ticket/1815
---
 src/conf_macros.m4                 | 13 +++++++++++++
 src/providers/ipa/ipa_subdomains.c |  8 ++++++++
 src/util/sss_krb5.c                | 22 ++++++++++++++++++++++
 src/util/sss_krb5.h                |  3 +++
 4 files changed, 46 insertions(+)

(limited to 'src')

diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index c72b3dd7..1dd29603 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -291,6 +291,19 @@ AC_DEFUN([WITH_KRB5AUTHDATA_PLUGIN_PATH],
     AC_SUBST(krb5authdatapluginpath)
   ])
 
+AC_DEFUN([WITH_KRB5_CONF],
+  [ AC_ARG_WITH([krb5_conf],
+                [AC_HELP_STRING([--with-krb5-conf=PATH], [Path to krb5.conf file [/etc/krb5.conf]])
+                ]
+               )
+
+    KRB5_CONF_PATH="${sysconfdir}/krb5.conf"
+    if test x"$with_krb5_conf" != x; then
+        KRB5_CONF_PATH=$with_krb5_conf
+    fi
+    AC_DEFINE_UNQUOTED([KRB5_CONF_PATH], ["$KRB5_CONF_PATH"], [KRB5 configuration file])
+  ])
+
 AC_DEFUN([WITH_PYTHON_BINDINGS],
   [ AC_ARG_WITH([python-bindings],
                 [AC_HELP_STRING([--with-python-bindings],
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 18878ae3..881f27c5 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -382,6 +382,14 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain)
         goto done;
     }
 
+    /* touch krb5.conf to ensure that new mappings are loaded */
+    ret = sss_krb5_touch_config();
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time "
+              "of krb5.conf. Created mappings may not be loaded.\n"));
+        /* just continue */
+    }
+
     ret = EOK;
 done:
     if (fstream) {
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 674e9fcd..74db98fe 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <errno.h>
 #include <talloc.h>
+#include <utime.h>
 
 #include "config.h"
 
@@ -1176,3 +1177,24 @@ done:
     return ENOTSUP;
 #endif
 }
+
+errno_t sss_krb5_touch_config(void)
+{
+    const char *config = NULL;
+    errno_t ret;
+
+    config = getenv("KRB5_CONFIG");
+    if (config == NULL) {
+        config = KRB5_CONF_PATH;
+    }
+
+    ret = utime(config, NULL);
+    if (ret == -1) {
+        ret = errno;
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" "
+                                    "[%d]: %s\n", config, strerror(ret)));
+        return ret;
+    }
+
+    return EOK;
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 5fe7178c..9bae2f92 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -191,4 +191,7 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
                                 krb5_principal client_principal,
                                 krb5_keytab keytab,
                                 krb5_authdata ***_pac_authdata);
+
+errno_t sss_krb5_touch_config(void);
+
 #endif /* __SSS_KRB5_H__ */
-- 
cgit