install: introduce generic Kerberos Augeas lens

Introduce new IPAKrb5 lens to handle krb5.conf and kdc.conf changes using Augeas. The stock Krb5 lens does not work on our krb5.conf and kdc.conf. https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-01-11 00:31:56 -06:00 · 2017-05-18 07:57:40 +00:00 · 2017-05-18 07:57:40 +00:00 · 4d36cbf6ad
commit 4d36cbf6ad
parent 11b8a34346
3 changed files with 48 additions and 0 deletions
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@ -1367,6 +1367,7 @@ fi
 %dir %{_usr}/share/ipa/schema.d
 %attr(0644,root,root) %{_usr}/share/ipa/schema.d/README
 %attr(0644,root,root) %{_usr}/share/ipa/gssapi.login
+%{_usr}/share/ipa/ipakrb5.aug

 %files server-dns
 %defattr(-,root,root,-)
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@ -90,6 +90,7 @@ dist_app_DATA =				\
 	ipa.conf.tmpfiles		\
 	gssproxy.conf.template		\
 	kdcproxy.wsgi			\
+	ipakrb5.aug			\
 	$(NULL)

 kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy
--- a/install/share/ipakrb5.aug
+++ b/install/share/ipakrb5.aug
@ -0,0 +1,46 @@
+module IPAKrb5 =
+  autoload xfm
+
+  let dels (s:string) = Util.del_str s
+
+  let indent    = Util.indent
+  let space     = Sep.space
+  let opt_space = Sep.opt_space
+  let sep       = Sep.space_equal
+  let eol       = IniFile.eol
+
+  let kw  = Rx.word
+  let val = Rx.space_in
+
+  let comment = IniFile.comment IniFile.comment_re "# "
+  let empty   = IniFile.empty
+
+  let entry_generic (v:lens) = [ indent . key kw . sep . v . eol ]
+
+  (*
+    FIXME: combine entry and subrecord into a single recursive lens
+
+    This does not work for some reason:
+      let rec entry = entry_generic ( store ( val - "{" ) )
+                    | entry_generic ( dels "{" . eol
+                                    . ( entry | comment | empty )*
+                                    . indent . dels "}" )
+  *)
+  let entry     = entry_generic ( store ( val - "{" ) )
+  let subrecord = entry_generic ( dels "{" . eol
+                                . ( entry | comment | empty )*
+                                . indent . dels "}" )
+
+  let title  = IniFile.indented_title kw
+  let record = IniFile.record title ( entry | subrecord | comment )
+
+  let directive = Build.key_value_line kw space ( store val )
+
+  let lns = IniFile.lns record ( directive | comment )
+
+  let filter = incl "/etc/krb5.conf"
+             . incl "/etc/krb5.conf.d/*"
+             . incl "/var/kerberos/krb5kdc/kdc.conf"
+             . Util.stdexcl
+
+  let xfm = transform lns filter