|
 |
ac7d03 |
From 01440531b0805d647b0a0a37e2c3ea9489d19a35 Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Jan Cholasta <jcholast@redhat.com>
|
|
|
ac7d03 |
Date: Thu, 18 May 2017 07:57:40 +0000
|
|
|
ac7d03 |
Subject: [PATCH] install: introduce generic Kerberos Augeas lens
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Introduce new IPAKrb5 lens to handle krb5.conf and kdc.conf changes using
|
|
|
ac7d03 |
Augeas. The stock Krb5 lens does not work on our krb5.conf and kdc.conf.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/6831
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
freeipa.spec.in | 1 +
|
|
|
ac7d03 |
install/share/Makefile.am | 1 +
|
|
|
ac7d03 |
install/share/ipakrb5.aug | 46 ++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
ac7d03 |
3 files changed, 48 insertions(+)
|
|
|
ac7d03 |
create mode 100644 install/share/ipakrb5.aug
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/freeipa.spec.in b/freeipa.spec.in
|
|
|
ac7d03 |
index 6cb37ae53b039aa1d0e0509f62a3237504be6555..790e5838e0ba45ea9bbfe3bc3a1bd40c0bd3ac1a 100644
|
|
|
ac7d03 |
--- a/freeipa.spec.in
|
|
|
ac7d03 |
+++ b/freeipa.spec.in
|
|
|
ac7d03 |
@@ -1362,6 +1362,7 @@ fi
|
|
|
ac7d03 |
%dir %{_usr}/share/ipa/schema.d
|
|
|
ac7d03 |
%attr(0644,root,root) %{_usr}/share/ipa/schema.d/README
|
|
|
ac7d03 |
%attr(0644,root,root) %{_usr}/share/ipa/gssapi.login
|
|
|
ac7d03 |
+%{_usr}/share/ipa/ipakrb5.aug
|
|
|
ac7d03 |
|
|
|
ac7d03 |
%files server-dns
|
|
|
ac7d03 |
%defattr(-,root,root,-)
|
|
|
ac7d03 |
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
|
|
|
ac7d03 |
index b27861da37153d77d693ce6e46340525bbd50173..85a061c6976dcc55b0ba2250423a344e14f2ce97 100644
|
|
|
ac7d03 |
--- a/install/share/Makefile.am
|
|
|
ac7d03 |
+++ b/install/share/Makefile.am
|
|
|
ac7d03 |
@@ -89,6 +89,7 @@ dist_app_DATA = \
|
|
|
ac7d03 |
gssapi.login \
|
|
|
ac7d03 |
ipa.conf.tmpfiles \
|
|
|
ac7d03 |
gssproxy.conf.template \
|
|
|
ac7d03 |
+ ipakrb5.aug \
|
|
|
ac7d03 |
$(NULL)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy
|
|
|
ac7d03 |
diff --git a/install/share/ipakrb5.aug b/install/share/ipakrb5.aug
|
|
|
ac7d03 |
new file mode 100644
|
|
|
ac7d03 |
index 0000000000000000000000000000000000000000..4a31a84e147a680067acddac683c672ccb6f9c31
|
|
|
ac7d03 |
--- /dev/null
|
|
|
ac7d03 |
+++ b/install/share/ipakrb5.aug
|
|
|
ac7d03 |
@@ -0,0 +1,46 @@
|
|
|
ac7d03 |
+module IPAKrb5 =
|
|
|
ac7d03 |
+ autoload xfm
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let dels (s:string) = Util.del_str s
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let indent = Util.indent
|
|
|
ac7d03 |
+ let space = Sep.space
|
|
|
ac7d03 |
+ let opt_space = Sep.opt_space
|
|
|
ac7d03 |
+ let sep = Sep.space_equal
|
|
|
ac7d03 |
+ let eol = IniFile.eol
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let kw = Rx.word
|
|
|
ac7d03 |
+ let val = Rx.space_in
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let comment = IniFile.comment IniFile.comment_re "# "
|
|
|
ac7d03 |
+ let empty = IniFile.empty
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let entry_generic (v:lens) = [ indent . key kw . sep . v . eol ]
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ (*
|
|
|
ac7d03 |
+ FIXME: combine entry and subrecord into a single recursive lens
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ This does not work for some reason:
|
|
|
ac7d03 |
+ let rec entry = entry_generic ( store ( val - "{" ) )
|
|
|
ac7d03 |
+ | entry_generic ( dels "{" . eol
|
|
|
ac7d03 |
+ . ( entry | comment | empty )*
|
|
|
ac7d03 |
+ . indent . dels "}" )
|
|
|
ac7d03 |
+ *)
|
|
|
ac7d03 |
+ let entry = entry_generic ( store ( val - "{" ) )
|
|
|
ac7d03 |
+ let subrecord = entry_generic ( dels "{" . eol
|
|
|
ac7d03 |
+ . ( entry | comment | empty )*
|
|
|
ac7d03 |
+ . indent . dels "}" )
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let title = IniFile.indented_title kw
|
|
|
ac7d03 |
+ let record = IniFile.record title ( entry | subrecord | comment )
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let directive = Build.key_value_line kw space ( store val )
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let lns = IniFile.lns record ( directive | comment )
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let filter = incl "/etc/krb5.conf"
|
|
|
ac7d03 |
+ . incl "/etc/krb5.conf.d/*"
|
|
|
ac7d03 |
+ . incl "/var/kerberos/krb5kdc/kdc.conf"
|
|
|
ac7d03 |
+ . Util.stdexcl
|
|
|
ac7d03 |
+
|
|
|
ac7d03 |
+ let xfm = transform lns filter
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.9.4
|
|
|
ac7d03 |
|