summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/providers/ad/ad_subdomains.c2
-rw-r--r--src/providers/ipa/ipa_subdomains.c4
-rw-r--r--src/util/domain_info_utils.c51
-rw-r--r--src/util/util.h3
4 files changed, 56 insertions, 4 deletions
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index e8345ae54..f6d2eb810 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -482,7 +482,7 @@ static void ad_subdomains_get_slave_domain_done(struct tevent_req *req)
goto done;
}
- ret = sss_write_domain_mappings(ctx->sd_ctx->be_ctx->domain);
+ ret = sss_write_domain_mappings(ctx->sd_ctx->be_ctx->domain, false);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("sss_krb5_write_mappings failed.\n"));
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 03b780d6c..ab0fdf656 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -932,7 +932,9 @@ static void ipa_subdomains_handler_done(struct tevent_req *req)
goto done;
}
- ret = sss_write_domain_mappings(domain);
+ ret = sss_write_domain_mappings(domain,
+ dp_opt_get_bool(ctx->sd_ctx->id_ctx->ipa_options->basic,
+ IPA_SERVER_MODE));
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("sss_krb5_write_mappings failed.\n"));
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 4af967cfd..9d7bb5f5a 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -336,9 +336,10 @@ sss_krb5_touch_config(void)
}
errno_t
-sss_write_domain_mappings(struct sss_domain_info *domain)
+sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths)
{
struct sss_domain_info *dom;
+ struct sss_domain_info *parent_dom;
errno_t ret;
errno_t err;
TALLOC_CTX *tmp_ctx;
@@ -349,6 +350,9 @@ sss_write_domain_mappings(struct sss_domain_info *domain)
mode_t old_mode;
FILE *fstream = NULL;
int i;
+ bool capaths_started;
+ char *uc_forest;
+ char *uc_parent;
if (domain == NULL || domain->name == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
@@ -434,6 +438,51 @@ sss_write_domain_mappings(struct sss_domain_info *domain)
}
}
+ if (add_capaths) {
+ capaths_started = false;
+ parent_dom = domain;
+ uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name);
+ if (uc_parent == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
+ for (dom = get_next_domain(domain, true);
+ dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
+ dom = get_next_domain(dom, false)) {
+
+ if (dom->forest == NULL) {
+ continue;
+ }
+
+ uc_forest = get_uppercase_realm(tmp_ctx, dom->forest);
+ if (uc_forest == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (!capaths_started) {
+ ret = fprintf(fstream, "[capaths]\n");
+ if (ret < 0) {
+ DEBUG(SSSDBG_OP_FAILURE, ("fprintf failed\n"));
+ ret = EIO;
+ goto done;
+ }
+ capaths_started = true;
+ }
+
+ ret = fprintf(fstream, "%s = {\n %s = %s\n}\n%s = {\n %s = %s\n}\n",
+ dom->realm, uc_parent, uc_forest,
+ uc_parent, dom->realm, uc_forest);
+ if (ret < 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("fprintf failed\n"));
+ goto done;
+ }
+ }
+ }
+
ret = fclose(fstream);
fstream = NULL;
if (ret != 0) {
diff --git a/src/util/util.h b/src/util/util.h
index 4c2013ec8..058c1c279 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -575,7 +575,8 @@ errno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
#define IS_SUBDOMAIN(dom) ((dom)->parent != NULL)
-errno_t sss_write_domain_mappings(struct sss_domain_info *domain);
+errno_t sss_write_domain_mappings(struct sss_domain_info *domain,
+ bool add_capaths);
/* from util_lock.c */
errno_t sss_br_lock_file(int fd, size_t start, size_t len,