UTIL: Always write capaths

We used to only generate the [capaths] section on the IPA server itself, when running in a trusted setup. But we also found out that the capaths are often required to make SSO fully work, so it's better to always generate them. Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2014-09-24 16:10:41 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-10-16 18:08:52 +0200
commit: 06424c5ac5ffb871476208155762bb5b73e0b665 (patch)
tree: d25855e1d131caa852467a914481cb5f4e00e987 /src/util
parent: ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae (diff)
download: sssd-06424c5ac5ffb871476208155762bb5b73e0b665.tar.gz
sssd-06424c5ac5ffb871476208155762bb5b73e0b665.tar.xz
sssd-06424c5ac5ffb871476208155762bb5b73e0b665.zip
2 files changed, 34 insertions, 38 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 520feb36d..8ffbec2f3 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -364,7 +364,7 @@ sss_krb5_touch_config(void)
 }
 
 errno_t
-sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths)
+sss_write_domain_mappings(struct sss_domain_info *domain)
 {
     struct sss_domain_info *dom;
     struct sss_domain_info *parent_dom;
@@ -378,7 +378,7 @@ sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths)
     mode_t old_mode;
     FILE *fstream = NULL;
     int i;
-    bool capaths_started;
+    bool capaths_started = false;
     char *uc_forest;
     char *uc_parent;
 
@@ -466,48 +466,45 @@ sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths)
         }
     }
 
-    if (add_capaths) {
-        capaths_started = false;
-        parent_dom = domain;
-        uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name);
-        if (uc_parent == NULL) {
+    parent_dom = domain;
+    uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name);
+    if (uc_parent == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "get_uppercase_realm failed.\n");
+        ret = ENOMEM;
+        goto done;
+    }
+
+    for (dom = get_next_domain(domain, true);
+            dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
+            dom = get_next_domain(dom, false)) {
+
+        if (dom->forest == NULL) {
+            continue;
+        }
+
+        uc_forest = get_uppercase_realm(tmp_ctx, dom->forest);
+        if (uc_forest == NULL) {
             DEBUG(SSSDBG_OP_FAILURE, "get_uppercase_realm failed.\n");
             ret = ENOMEM;
             goto done;
         }
 
-        for (dom = get_next_domain(domain, true);
-             dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
-             dom = get_next_domain(dom, false)) {
-
-            if (dom->forest == NULL) {
-                continue;
-            }
-
-            uc_forest = get_uppercase_realm(tmp_ctx, dom->forest);
-            if (uc_forest == NULL) {
-                DEBUG(SSSDBG_OP_FAILURE, "get_uppercase_realm failed.\n");
-                ret = ENOMEM;
-                goto done;
-            }
-
-            if (!capaths_started) {
-                ret = fprintf(fstream, "[capaths]\n");
-                if (ret < 0) {
-                    DEBUG(SSSDBG_OP_FAILURE, "fprintf failed\n");
-                    ret = EIO;
-                    goto done;
-                }
-                capaths_started = true;
-            }
-
-            ret = fprintf(fstream, "%s = {\n  %s = %s\n}\n%s = {\n  %s = %s\n}\n",
-                                   dom->realm, uc_parent, uc_forest,
-                                   uc_parent, dom->realm, uc_forest);
+        if (!capaths_started) {
+            ret = fprintf(fstream, "[capaths]\n");
             if (ret < 0) {
-                DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
+                DEBUG(SSSDBG_OP_FAILURE, "fprintf failed\n");
+                ret = EIO;
                 goto done;
             }
+            capaths_started = true;
+        }
+
+        ret = fprintf(fstream, "%s = {\n  %s = %s\n}\n%s = {\n  %s = %s\n}\n",
+                                dom->realm, uc_parent, uc_forest,
+                                uc_parent, dom->realm, uc_forest);
+        if (ret < 0) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
+            goto done;
         }
     }
 
diff --git a/src/util/util.h b/src/util/util.h
index c497f605b..2b9f49979 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -546,8 +546,7 @@ errno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
 
 #define IS_SUBDOMAIN(dom) ((dom)->parent != NULL)
 
-errno_t sss_write_domain_mappings(struct sss_domain_info *domain,
-                                  bool add_capaths);
+errno_t sss_write_domain_mappings(struct sss_domain_info *domain);
 
 errno_t get_dom_names(TALLOC_CTX *mem_ctx,
                       struct sss_domain_info *start_dom,
author	Jakub Hrozek <jhrozek@redhat.com>	2014-09-24 16:10:41 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-10-16 18:08:52 +0200
commit	06424c5ac5ffb871476208155762bb5b73e0b665 (patch)
tree	d25855e1d131caa852467a914481cb5f4e00e987 /src/util
parent	ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae (diff)
download	sssd-06424c5ac5ffb871476208155762bb5b73e0b665.tar.gz sssd-06424c5ac5ffb871476208155762bb5b73e0b665.tar.xz sssd-06424c5ac5ffb871476208155762bb5b73e0b665.zip