From cf161fe0317fd37e1c5ad826cb783905aaf1f048 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 18 Jul 2016 17:19:36 +0200
Subject: [PATCH 33/44] IPA: fix [capaths] output

the capaths for a single domain should be collected in a single
sub-section in the MIT Kerberos configuration not spread over multiple
one. See the capaths section of the krb5.conf man page for details.

Resolves:
https://fedorahosted.org/sssd/ticket/3103

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/util/domain_info_utils.c | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 360f70376c472466168d93d45b6c547d51dd18c6..8cdd50d8d521d734e9ffd9b4e81cd6fbd7d158c7 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -280,6 +280,7 @@ sss_write_domain_mappings(struct sss_domain_info *domain)
     bool capaths_started = false;
     char *uc_forest;
     char *uc_parent;
+    char *parent_capaths = NULL;
 
     if (domain == NULL || domain->name == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, "No domain name provided\n");
@@ -399,9 +400,31 @@ sss_write_domain_mappings(struct sss_domain_info *domain)
             capaths_started = true;
         }
 
-        ret = fprintf(fstream, "%s = {\n  %s = %s\n}\n%s = {\n  %s = %s\n}\n",
-                                dom->realm, uc_parent, uc_forest,
-                                uc_parent, dom->realm, uc_forest);
+        ret = fprintf(fstream, "%s = {\n  %s = %s\n}\n",
+                                dom->realm, uc_parent, uc_forest);
+        if (ret < 0) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
+            goto done;
+        }
+
+        if (parent_capaths == NULL) {
+            parent_capaths = talloc_asprintf(tmp_ctx, "  %s = %s\n", dom->realm,
+                                                                     uc_forest);
+        } else {
+            parent_capaths = talloc_asprintf_append(parent_capaths,
+                                                    "  %s = %s\n", dom->realm,
+                                                    uc_forest);
+        }
+        if (parent_capaths == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "talloc_asprintf/talloc_asprintf_append failed.\n");
+            ret = ENOMEM;
+            goto done;
+        }
+    }
+
+    if (parent_capaths != NULL) {
+        ret = fprintf(fstream, "%s = {\n%s}\n", uc_parent, parent_capaths);
         if (ret < 0) {
             DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
             goto done;
-- 
2.4.11