From 01440531b0805d647b0a0a37e2c3ea9489d19a35 Mon Sep 17 00:00:00 2001

From: Jan Cholasta <jcholast@redhat.com>

Date: Thu, 18 May 2017 07:57:40 +0000

Subject: [PATCH] install: introduce generic Kerberos Augeas lens

Introduce new IPAKrb5 lens to handle krb5.conf and kdc.conf changes using

Augeas. The stock Krb5 lens does not work on our krb5.conf and kdc.conf.

https://pagure.io/freeipa/issue/6831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

---

 freeipa.spec.in           |  1 +

 install/share/Makefile.am |  1 +

 install/share/ipakrb5.aug | 46 ++++++++++++++++++++++++++++++++++++++++++++++

 3 files changed, 48 insertions(+)

 create mode 100644 install/share/ipakrb5.aug

diff --git a/freeipa.spec.in b/freeipa.spec.in

index 6cb37ae53b039aa1d0e0509f62a3237504be6555..790e5838e0ba45ea9bbfe3bc3a1bd40c0bd3ac1a 100644

--- a/freeipa.spec.in

+++ b/freeipa.spec.in

@@ -1362,6 +1362,7 @@ fi

 %dir %{_usr}/share/ipa/schema.d

 %attr(0644,root,root) %{_usr}/share/ipa/schema.d/README

 %attr(0644,root,root) %{_usr}/share/ipa/gssapi.login

+%{_usr}/share/ipa/ipakrb5.aug

 %files server-dns

 %defattr(-,root,root,-)

diff --git a/install/share/Makefile.am b/install/share/Makefile.am

index b27861da37153d77d693ce6e46340525bbd50173..85a061c6976dcc55b0ba2250423a344e14f2ce97 100644

--- a/install/share/Makefile.am

+++ b/install/share/Makefile.am

@@ -89,6 +89,7 @@ dist_app_DATA =				\

 	gssapi.login			\

 	ipa.conf.tmpfiles		\

 	gssproxy.conf.template		\

+	ipakrb5.aug			\

 	$(NULL)

 kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy

diff --git a/install/share/ipakrb5.aug b/install/share/ipakrb5.aug

new file mode 100644

index 0000000000000000000000000000000000000000..4a31a84e147a680067acddac683c672ccb6f9c31

--- /dev/null

+++ b/install/share/ipakrb5.aug

@@ -0,0 +1,46 @@

+module IPAKrb5 =

+  autoload xfm

+

+  let dels (s:string) = Util.del_str s

+

+  let indent    = Util.indent

+  let space     = Sep.space

+  let opt_space = Sep.opt_space

+  let sep       = Sep.space_equal

+  let eol       = IniFile.eol

+

+  let kw  = Rx.word

+  let val = Rx.space_in

+

+  let comment = IniFile.comment IniFile.comment_re "# "

+  let empty   = IniFile.empty

+

+  let entry_generic (v:lens) = [ indent . key kw . sep . v . eol ]

+

+  (*

+    FIXME: combine entry and subrecord into a single recursive lens

+

+    This does not work for some reason:

+      let rec entry = entry_generic ( store ( val - "{" ) )

+                    | entry_generic ( dels "{" . eol

+                                    . ( entry | comment | empty )*

+                                    . indent . dels "}" )

+  *)

+  let entry     = entry_generic ( store ( val - "{" ) )

+  let subrecord = entry_generic ( dels "{" . eol

+                                . ( entry | comment | empty )*

+                                . indent . dels "}" )

+

+  let title  = IniFile.indented_title kw

+  let record = IniFile.record title ( entry | subrecord | comment )

+

+  let directive = Build.key_value_line kw space ( store val )

+

+  let lns = IniFile.lns record ( directive | comment )

+

+  let filter = incl "/etc/krb5.conf"

+             . incl "/etc/krb5.conf.d/*"

+             . incl "/var/kerberos/krb5kdc/kdc.conf"

+             . Util.stdexcl

+

+  let xfm = transform lns filter

-- 

2.9.4