From 4fa184e2c60b377fd71e0115a618bd68dc73627d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 21 Nov 2014 18:07:10 +0100 Subject: AD/IPA: add krb5_confd_path configuration option With this new parameter the directory where Kerberos configuration snippets are created can be specified. Fixes https://fedorahosted.org/sssd/ticket/2473 Reviewed-by: Jakub Hrozek --- src/providers/ad/ad_common.h | 1 + src/providers/ad/ad_opts.h | 1 + src/providers/ad/ad_subdomains.c | 8 ++++++++ src/providers/ipa/ipa_common.h | 1 + src/providers/ipa/ipa_opts.h | 1 + src/providers/ipa/ipa_subdomains.c | 8 ++++++++ 6 files changed, 20 insertions(+) (limited to 'src/providers') diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index df8dcffea..b39ade40c 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -60,6 +60,7 @@ enum ad_basic_opt { AD_GPO_MAP_PERMIT, AD_GPO_MAP_DENY, AD_GPO_DEFAULT_RIGHT, + AD_KRB5_CONFD_PATH, AD_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index ac6006c92..c3de3d94b 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -48,6 +48,7 @@ struct dp_option ad_basic_opts[] = { { "ad_gpo_map_permit", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_gpo_map_deny", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_gpo_default_right", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_confd_path", DP_OPT_STRING, { KRB5_MAPPING_DIR }, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index bc5bc8914..3c61d1352 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -461,6 +461,14 @@ static errno_t ad_subdom_reinit(struct ad_subdomains_ctx *ctx) { errno_t ret; + ret = sss_write_krb5_conf_snippet( + dp_opt_get_string(ctx->ad_id_ctx->ad_options->basic, + AD_KRB5_CONFD_PATH)); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "sss_write_krb5_conf_snippet failed.\n"); + /* Just continue */ + } + ret = sysdb_update_subdomains(ctx->be_ctx->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n"); diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 495276548..33085197c 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -54,6 +54,7 @@ enum ipa_basic_opt { IPA_ENABLE_DNS_SITES, IPA_SERVER_MODE, IPA_VIEWS_SEARCH_BASE, + IPA_KRB5_CONFD_PATH, IPA_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 59282e869..f77ff1d05 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -51,6 +51,7 @@ struct dp_option ipa_basic_opts[] = { { "ipa_enable_dns_sites", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ipa_server_mode", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ipa_views_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_confd_path", DP_OPT_STRING, { KRB5_MAPPING_DIR }, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 9281aab1b..883558c4d 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -312,6 +312,14 @@ ipa_subdom_reinit(struct ipa_subdomains_ctx *ctx) { errno_t ret; + ret = sss_write_krb5_conf_snippet( + dp_opt_get_string(ctx->id_ctx->ipa_options->basic, + IPA_KRB5_CONFD_PATH)); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "sss_write_krb5_conf_snippet failed.\n"); + /* Just continue */ + } + ret = sysdb_update_subdomains(ctx->be_ctx->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n"); -- cgit