From 4d36cbf6ad412822b8fb029f517f9228e2c8d4ee Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: May 19 2017 10:31:24 +0000 Subject: install: introduce generic Kerberos Augeas lens Introduce new IPAKrb5 lens to handle krb5.conf and kdc.conf changes using Augeas. The stock Krb5 lens does not work on our krb5.conf and kdc.conf. https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka Reviewed-By: Martin Babinsky --- diff --git a/freeipa.spec.in b/freeipa.spec.in index da3c24b..beb11bc 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1367,6 +1367,7 @@ fi %dir %{_usr}/share/ipa/schema.d %attr(0644,root,root) %{_usr}/share/ipa/schema.d/README %attr(0644,root,root) %{_usr}/share/ipa/gssapi.login +%{_usr}/share/ipa/ipakrb5.aug %files server-dns %defattr(-,root,root,-) diff --git a/install/share/Makefile.am b/install/share/Makefile.am index e7fac0c..7a36551 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -90,6 +90,7 @@ dist_app_DATA = \ ipa.conf.tmpfiles \ gssproxy.conf.template \ kdcproxy.wsgi \ + ipakrb5.aug \ $(NULL) kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy diff --git a/install/share/ipakrb5.aug b/install/share/ipakrb5.aug new file mode 100644 index 0000000..4a31a84 --- /dev/null +++ b/install/share/ipakrb5.aug @@ -0,0 +1,46 @@ +module IPAKrb5 = + autoload xfm + + let dels (s:string) = Util.del_str s + + let indent = Util.indent + let space = Sep.space + let opt_space = Sep.opt_space + let sep = Sep.space_equal + let eol = IniFile.eol + + let kw = Rx.word + let val = Rx.space_in + + let comment = IniFile.comment IniFile.comment_re "# " + let empty = IniFile.empty + + let entry_generic (v:lens) = [ indent . key kw . sep . v . eol ] + + (* + FIXME: combine entry and subrecord into a single recursive lens + + This does not work for some reason: + let rec entry = entry_generic ( store ( val - "{" ) ) + | entry_generic ( dels "{" . eol + . ( entry | comment | empty )* + . indent . dels "}" ) + *) + let entry = entry_generic ( store ( val - "{" ) ) + let subrecord = entry_generic ( dels "{" . eol + . ( entry | comment | empty )* + . indent . dels "}" ) + + let title = IniFile.indented_title kw + let record = IniFile.record title ( entry | subrecord | comment ) + + let directive = Build.key_value_line kw space ( store val ) + + let lns = IniFile.lns record ( directive | comment ) + + let filter = incl "/etc/krb5.conf" + . incl "/etc/krb5.conf.d/*" + . incl "/var/kerberos/krb5kdc/kdc.conf" + . Util.stdexcl + + let xfm = transform lns filter