From 03713859dffacc7142393e53c73d8d4cf7dee8d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 12 Jun 2013 13:44:19 +0200
Subject: [PATCH 11/12] subdomains: touch krb5.conf when creating new
 domain-realm mappings

https://fedorahosted.org/sssd/ticket/1815
---
 configure.ac                       |  1 +
 src/conf_macros.m4                 | 13 +++++++++++++
 src/providers/ipa/ipa_subdomains.c |  8 ++++++++
 src/util/sss_krb5.c                | 22 ++++++++++++++++++++++
 src/util/sss_krb5.h                |  3 +++
 5 files changed, 47 insertions(+)

diff --git a/configure.ac b/configure.ac
index e63e678705ee059b984612a6ffab1a10a4f7e7f8..7eeee2e2a069b2c4f7a3408798740cb7aba88513 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,6 +110,7 @@ WITH_XML_CATALOG
 WITH_KRB5_PLUGIN_PATH
 WITH_KRB5_RCACHE_DIR
 WITH_KRB5AUTHDATA_PLUGIN_PATH
+WITH_KRB5_CONF
 WITH_PYTHON_BINDINGS
 WITH_SELINUX
 WITH_NSCD
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index c72b3dd73d5a3eac76c17d8ce2568088f78cfcb3..1dd296039719fb29b2dbd40710fe7428ef417e16 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -291,6 +291,19 @@ AC_DEFUN([WITH_KRB5AUTHDATA_PLUGIN_PATH],
     AC_SUBST(krb5authdatapluginpath)
   ])
 
+AC_DEFUN([WITH_KRB5_CONF],
+  [ AC_ARG_WITH([krb5_conf],
+                [AC_HELP_STRING([--with-krb5-conf=PATH], [Path to krb5.conf file [/etc/krb5.conf]])
+                ]
+               )
+
+    KRB5_CONF_PATH="${sysconfdir}/krb5.conf"
+    if test x"$with_krb5_conf" != x; then
+        KRB5_CONF_PATH=$with_krb5_conf
+    fi
+    AC_DEFINE_UNQUOTED([KRB5_CONF_PATH], ["$KRB5_CONF_PATH"], [KRB5 configuration file])
+  ])
+
 AC_DEFUN([WITH_PYTHON_BINDINGS],
   [ AC_ARG_WITH([python-bindings],
                 [AC_HELP_STRING([--with-python-bindings],
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 18878ae33dc014639cfce0be54f9ca3a44c4ddbb..881f27c5d83f03a7e3bb1afb74fee765906e9148 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -382,6 +382,14 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain)
         goto done;
     }
 
+    /* touch krb5.conf to ensure that new mappings are loaded */
+    ret = sss_krb5_touch_config();
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time "
+              "of krb5.conf. Created mappings may not be loaded.\n"));
+        /* just continue */
+    }
+
     ret = EOK;
 done:
     if (fstream) {
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 674e9fcdd99e3d1df26b0db9854a80a6e3870d33..74db98fe9ee4cba858de5b459f0a5540003c63f8 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <errno.h>
 #include <talloc.h>
+#include <utime.h>
 
 #include "config.h"
 
@@ -1176,3 +1177,24 @@ done:
     return ENOTSUP;
 #endif
 }
+
+errno_t sss_krb5_touch_config(void)
+{
+    const char *config = NULL;
+    errno_t ret;
+
+    config = getenv("KRB5_CONFIG");
+    if (config == NULL) {
+        config = KRB5_CONF_PATH;
+    }
+
+    ret = utime(config, NULL);
+    if (ret == -1) {
+        ret = errno;
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" "
+                                    "[%d]: %s\n", config, strerror(ret)));
+        return ret;
+    }
+
+    return EOK;
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 5fe7178c1aed8afaa9d85be99dd91634e0cedb36..9bae2f92b6d132ffd2631773deee4e9c56ad483d 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -191,4 +191,7 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
                                 krb5_principal client_principal,
                                 krb5_keytab keytab,
                                 krb5_authdata ***_pac_authdata);
+
+errno_t sss_krb5_touch_config(void);
+
 #endif /* __SSS_KRB5_H__ */
-- 
1.8.2.1