From 01440531b0805d647b0a0a37e2c3ea9489d19a35 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 18 May 2017 07:57:40 +0000 Subject: [PATCH] install: introduce generic Kerberos Augeas lens Introduce new IPAKrb5 lens to handle krb5.conf and kdc.conf changes using Augeas. The stock Krb5 lens does not work on our krb5.conf and kdc.conf. https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka Reviewed-By: Martin Babinsky --- freeipa.spec.in | 1 + install/share/Makefile.am | 1 + install/share/ipakrb5.aug | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+) create mode 100644 install/share/ipakrb5.aug diff --git a/freeipa.spec.in b/freeipa.spec.in index 6cb37ae53b039aa1d0e0509f62a3237504be6555..790e5838e0ba45ea9bbfe3bc3a1bd40c0bd3ac1a 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1362,6 +1362,7 @@ fi %dir %{_usr}/share/ipa/schema.d %attr(0644,root,root) %{_usr}/share/ipa/schema.d/README %attr(0644,root,root) %{_usr}/share/ipa/gssapi.login +%{_usr}/share/ipa/ipakrb5.aug %files server-dns %defattr(-,root,root,-) diff --git a/install/share/Makefile.am b/install/share/Makefile.am index b27861da37153d77d693ce6e46340525bbd50173..85a061c6976dcc55b0ba2250423a344e14f2ce97 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -89,6 +89,7 @@ dist_app_DATA = \ gssapi.login \ ipa.conf.tmpfiles \ gssproxy.conf.template \ + ipakrb5.aug \ $(NULL) kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy diff --git a/install/share/ipakrb5.aug b/install/share/ipakrb5.aug new file mode 100644 index 0000000000000000000000000000000000000000..4a31a84e147a680067acddac683c672ccb6f9c31 --- /dev/null +++ b/install/share/ipakrb5.aug @@ -0,0 +1,46 @@ +module IPAKrb5 = + autoload xfm + + let dels (s:string) = Util.del_str s + + let indent = Util.indent + let space = Sep.space + let opt_space = Sep.opt_space + let sep = Sep.space_equal + let eol = IniFile.eol + + let kw = Rx.word + let val = Rx.space_in + + let comment = IniFile.comment IniFile.comment_re "# " + let empty = IniFile.empty + + let entry_generic (v:lens) = [ indent . key kw . sep . v . eol ] + + (* + FIXME: combine entry and subrecord into a single recursive lens + + This does not work for some reason: + let rec entry = entry_generic ( store ( val - "{" ) ) + | entry_generic ( dels "{" . eol + . ( entry | comment | empty )* + . indent . dels "}" ) + *) + let entry = entry_generic ( store ( val - "{" ) ) + let subrecord = entry_generic ( dels "{" . eol + . ( entry | comment | empty )* + . indent . dels "}" ) + + let title = IniFile.indented_title kw + let record = IniFile.record title ( entry | subrecord | comment ) + + let directive = Build.key_value_line kw space ( store val ) + + let lns = IniFile.lns record ( directive | comment ) + + let filter = incl "/etc/krb5.conf" + . incl "/etc/krb5.conf.d/*" + . incl "/var/kerberos/krb5kdc/kdc.conf" + . Util.stdexcl + + let xfm = transform lns filter -- 2.9.4