Codebase list realmd / scrub-obsolete/main service / realm-kerberos-config.c
scrub-obsolete/main

Tree @scrub-obsolete/main (Download .tar.gz)

realm-kerberos-config.c @scrub-obsolete/mainraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/* realmd -- Realm configuration service
 *
 * Copyright 2020 Red Hat Inc
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published
 * by the Free Software Foundation; either version 2 of the licence or (at
 * your option) any later version.
 *
 * See the included COPYING file for more information.
 *
 * Author: Sumit Bose <sbose@redhat.com>
 */

#include "config.h"

#include "realm-ini-config.h"
#include "realm-kerberos-config.h"
#include "realm-settings.h"

#include <string.h>

RealmIniConfig *
realm_kerberos_config_new_with_flags (RealmIniFlags flags,
                                      GError **error)
{
	RealmIniConfig *config;
	const gchar *filename;
	GError *err = NULL;

	config = realm_ini_config_new (REALM_INI_LINE_CONTINUATIONS | flags);

	filename = realm_settings_path ("krb5.conf");

	realm_ini_config_read_file (config, filename, &err);

	if (err != NULL) {
		/* If the caller wants errors, then don't return an invalid samba config */
		if (error) {
			g_propagate_error (error, err);
			g_object_unref (config);
			config = NULL;

		/* If the caller doesn't care, then warn but continue */
		} else {
			g_warning ("Couldn't load config file: %s: %s", filename,
			           err->message);
			g_error_free (err);
		}
	}

	return config;
}

RealmIniConfig *
realm_kerberos_config_new (GError **error)
{
	return realm_kerberos_config_new_with_flags (REALM_INI_NONE, error);
}

gboolean
configure_krb5_conf_for_domain (const gchar *realm, GError **error )
{
	RealmIniConfig *config;
	gboolean res;
	GFile *gfile;
	GFileInfo *file_info = NULL;

	config = realm_kerberos_config_new (error);
	if (config == NULL) {
		return FALSE;
	}

	/* When writing to a file glib will replace the original file with a
	 * new one. To make sure permissions and other attributes like e.g.
	 * SELinux labels stay the same this information is saved before the
	 * change and applied to the new file afterwards. */
	gfile = g_file_new_for_path (realm_ini_config_get_filename (config));
	file_info = g_file_query_info (gfile, "*", 0, NULL, error);
	g_object_unref (gfile);
	if (*error != NULL) {
		g_warning ("Couldn't load file attributes, "
		           "will continue without: %s: %s",
		           realm_ini_config_get_filename (config),
		           (*error)->message);
		g_clear_error (error);
	}

	if (!realm_ini_config_begin_change (config, error)) {
		g_object_unref (config);
		return FALSE;
	}

	realm_ini_config_set (config, "libdefaults",
	                              "default_realm", realm,
	                              "udp_preference_limit", "0",
	                               NULL);

	res = realm_ini_config_finish_change (config, error);

	if (file_info != NULL) {
		gfile = g_file_new_for_path (realm_ini_config_get_filename (config));
		if (!g_file_set_attributes_from_info (gfile, file_info,
		                                      0, NULL, error)) {
			g_warning ("Couldn't set file attributes: %s: %s",
			           realm_ini_config_get_filename (config),
			           (*error)->message);
		}
		g_object_unref (file_info);
		g_object_unref (gfile);
	}

	g_object_unref (config);

	return res;
}