ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / share / augeas / lenses / dist

module Krb5 =

autoload xfm

let comment = Inifile.comment IniFile.comment_re "#"
let empty = Inifile.empty
let eol = Inifile.eol
let dels = Util.del_str

let indent = del /[ \t]*/ ""
let comma_or_space_sep = del /[ \t,]{1,}/ " "
let eq = del /[ \t]*=[ \t]*/ " = "
let eq_openbr = del /[ \t]*=[ \t\n]*\{[ \t]*\n/ " = {\n"
let closebr = del /[ \t]*\}/ "}"

(* These two regexps for realms and apps are not entirely true
   - strictly speaking, there's no requirement that a realm is all upper case
   and an application only uses lowercase. But it's what's used in practice.

Without that distinction we couldn't distinguish between applications
   and realms in the [appdefaults] section.
*)

let include_re = /include(dir)?/
let realm_re = /[A-Z0-9][.a-zA-Z0-9-]*/
let realm_anycase_re = /[A-Za-z0-9][.a-zA-Z0-9-]*/
let app_re = /[a-z][a-zA-Z0-9_]*/
let name_re = /[.a-zA-Z0-9_-]+/ - include_re

let value_br = store /[^;# \t\r\n{}]+/
let value = store /[^;# \t\r\n]+/
let entry (kw:regexp) (sep:lens) (value:lens) (comment:lens)
    = [ indent . key kw . sep . value . (comment|eol) ] | comment

let subsec_entry (kw:regexp) (sep:lens) (comment:lens)
    = ( entry kw sep value_br comment ) | empty

let simple_section (n:string) (k:regexp) =
  let title = Inifile.indented_title n in
  let entry = entry k eq value comment in
    Inifile.record title entry

let record (t:string) (e:lens) =
  let title = Inifile.indented_title t in
    Inifile.record title e

let v4_name_convert (subsec:lens) = [ indent . key "v4_name_convert" .
                        eq_openbr .  subsec* . closebr . eol ]

(*
  For the enctypes this appears to be a list of the valid entries:
       c4-hmac arcfour-hmac aes128-cts rc4-hmac
       arcfour-hmac-md5 des3-cbc-sha1 des-cbc-md5 des-cbc-crc
*)
let enctype_re = /[a-zA-Z0-9-]{3,}/
let enctypes = /permitted_enctypes|default_tgs_enctypes|default_tkt_enctypes/i

(* An #eol label prevents ambiguity between "k = v1 v2" and "k = v1\n k = v2" *)
let enctype_list (nr:regexp) (ns:string) =
  indent . del nr ns . eq
    . Build.opt_list [ label ns . store enctype_re ] comma_or_space_sep
    . (comment|eol) . [ label "#eol" ]

let libdefaults =
  let option = entry (name_re - ("v4_name_convert" |enctypes)) eq value comment in
  let enctype_lists = enctype_list /permitted_enctypes/i "permitted_enctypes"
                      | enctype_list /default_tgs_enctypes/i "default_tgs_enctypes"
                      | enctype_list /default_tkt_enctypes/i "default_tkt_enctypes" in
  let subsec = [ indent . key /host|plain/ . eq_openbr .
                   (subsec_entry name_re eq comment)* . closebr . eol ] in
  record "libdefaults" (option|enctype_lists|v4_name_convert subsec)

let login =
  let keys = /krb[45]_get_tickets|krb4_convert|krb_run_aklog/
    |/aklog_path|accept_passwd/ in
    simple_section "login" keys

let appdefaults =
  let option = entry (name_re - ("realm" | "application")) eq value_br comment in
  let realm = [ indent . label "realm" . store realm_re .
                  eq_openbr . (option|empty)* . closebr . eol ] in
  let app = [ indent . label "application" . store app_re .
                eq_openbr . (realm|option|empty)* . closebr . eol] in
    record "appdefaults" (option|realm|app)

let realms =
  let simple_option = /kdc|admin_server|database_module|default_domain/
      |/v4_realm|auth_to_local(_names)?|master_kdc|kpasswd_server/
      |/admin_server|ticket_lifetime|pkinit_(anchors|identities|identity|pool)/
      |/krb524_server/ in
  let subsec_option = /v4_instance_convert/ in
  let option = subsec_entry simple_option eq comment in
  let subsec = [ indent . key subsec_option . eq_openbr .
                   (subsec_entry name_re eq comment)* . closebr . eol ] in
  let v4subsec = [ indent . key /host|plain/ . eq_openbr .
                   (subsec_entry name_re eq comment)* . closebr . eol ] in
  let realm = [ indent . label "realm" . store realm_anycase_re .
                  eq_openbr . (option|subsec|(v4_name_convert v4subsec))* .
                  closebr . eol ] in
    record "realms" (realm|comment)

let domain_realm =
  simple_section "domain_realm" name_re

let logging =
  let keys = /kdc|admin_server|default/ in
  let xchg (m:regexp) (d:string) (l:string) =
    del m d . label l in
  let xchgs (m:string) (l:string) = xchg m m l in
  let dest =
    [ xchg /FILE[=:]/ "FILE=" "file" . value ]
    |[ xchgs "STDERR" "stderr" ]
    |[ xchgs "CONSOLE" "console" ]
    |[ xchgs "DEVICE=" "device" . value ]
    |[ xchgs "SYSLOG" "syslog" .
         ([ xchgs ":" "severity" . store /[A-Za-z0-9]+/ ].
          [ xchgs ":" "facility" . store /[A-Za-z0-9]+/ ]?)? ] in
  let entry = [ indent . key keys . eq . dest . (comment|eol) ] | comment in
    record "logging" entry

let capaths =
  let realm = [ indent . key realm_re .
                  eq_openbr .
                  (entry realm_re eq value_br comment)* . closebr . eol ] in
    record "capaths" (realm|comment)

(* This section is not documented in the krb5.conf manpage,
   but the Fermi example uses it. *)
let instance_mapping =
  let value = dels "\"" . store /[^;# \t\r\n{}]*/ . dels "\"" in
  let map_node = label "mapping" . store /[a-zA-Z0-9\/*]+/ in
  let mapping = [ indent . map_node . eq .
                    [ label "value" . value ] . (comment|eol) ] in
  let instance = [ indent . key name_re .
                     eq_openbr . (mapping|comment)* . closebr . eol ] in
    record "instancemapping" instance

let kdc =
  simple_section "kdc" /profile/

let pam =
  simple_section "pam" name_re

let includes = Build.key_value_line include_re Sep.space (store Rx.fspath)
let include_lines = includes . (comment|empty)*

let filter = (incl "/etc/krb5.conf.d/*.conf")
           . (incl "/etc/krb5.conf")

let xfm = transform lns filter

[+] ..
[-] mailscanner.aug [edit]
[-] access.aug [edit]
[-] gshadow.aug [edit]
[-] activemq_conf.aug [edit]
[-] gtkbookmarks.aug [edit]
[-] activemq_xml.aug [edit]
[-] hostname.aug [edit]
[-] afs_cellalias.aug [edit]
[-] mcollective.aug [edit]
[-] aliases.aug [edit]
[-] mdadm_conf.aug [edit]
[-] anacron.aug [edit]
[-] memcached.aug [edit]
[-] approx.aug [edit]
[-] group.aug [edit]
[-] phpvars.aug [edit]
[-] apt_update_manager.aug [edit]
[-] grub.aug [edit]
[-] puppet.aug [edit]
[-] aptcacherngsecurity.aug [edit]
[-] mongodbserver.aug [edit]
[-] aptconf.aug [edit]
[-] host_conf.aug [edit]
[-] aptpreferences.aug [edit]
[-] hosts.aug [edit]
[-] aptsources.aug [edit]
[-] hosts_access.aug [edit]
[-] authorized_keys.aug [edit]
[-] htpasswd.aug [edit]
[-] automaster.aug [edit]
[-] jettyrealm.aug [edit]
[-] automounter.aug [edit]
[-] mke2fs.aug [edit]
[-] avahi.aug [edit]
[-] jaas.aug [edit]
[-] backuppchosts.aug [edit]
[-] modprobe.aug [edit]
[-] bbhosts.aug [edit]
[-] jmxaccess.aug [edit]
[-] bootconf.aug [edit]
[-] modules.aug [edit]
[-] build.aug [edit]
[-] jmxpassword.aug [edit]
[-] cachefilesd.aug [edit]
[-] modules_conf.aug [edit]
[-] carbon.aug [edit]
[-] json.aug [edit]
[-] cgconfig.aug [edit]
[-] nagiosobjects.aug [edit]
[-] cgrules.aug [edit]
[-] kdump.aug [edit]
[-] channels.aug [edit]
[-] monit.aug [edit]
[-] chrony.aug [edit]
[-] multipath.aug [edit]
[-] clamav.aug [edit]
[-] keepalived.aug [edit]
[-] cobblermodules.aug [edit]
[-] known_hosts.aug [edit]
[-] cobblersettings.aug [edit]
[-] koji.aug [edit]
[-] collectd.aug [edit]
[-] mysql.aug [edit]
[-] cpanel.aug [edit]
[-] nagioscfg.aug [edit]
[-] cron.aug [edit]
[-] krb5.aug [edit]
[-] crypttab.aug [edit]
[-] netmasks.aug [edit]
[-] cups.aug [edit]
[-] ldif.aug [edit]
[-] cyrus_imapd.aug [edit]
[-] networkmanager.aug [edit]
[-] darkice.aug [edit]
[-] networks.aug [edit]
[-] debctrl.aug [edit]
[-] nrpe.aug [edit]
[-] desktop.aug [edit]
[-] ldso.aug [edit]
[-] device_map.aug [edit]
[-] lightdm.aug [edit]
[-] dhclient.aug [edit]
[-] nginx.aug [edit]
[-] dhcpd.aug [edit]
[-] limits.aug [edit]
[-] dhcpd_140.aug [edit]
[-] login_defs.aug [edit]
[-] dns_zone.aug [edit]
[-] ntpd.aug [edit]
[-] dnsmasq.aug [edit]
[-] nsswitch.aug [edit]
[-] dovecot.aug [edit]
[-] ntp.aug [edit]
[-] dpkg.aug [edit]
[-] odbc.aug [edit]
[-] dput.aug [edit]
[-] openshift_http.aug [edit]
[-] erlang.aug [edit]
[-] openshift_config.aug [edit]
[-] ethers.aug [edit]
[-] pamconf.aug [edit]
[-] exports.aug [edit]
[-] logrotate.aug [edit]
[-] fai_diskconfig.aug [edit]
[-] openvpn.aug [edit]
[-] fonts.aug [edit]
[-] pagekite.aug [edit]
[-] fstab.aug [edit]
[-] pam.aug [edit]
[-] fuse.aug [edit]
[-] passwd.aug [edit]
[-] gdm.aug [edit]
[-] httpd.aug [edit]
[-] postfix_access.aug [edit]
[-] inetd.aug [edit]
[-] pbuilder.aug [edit]
[-] inifile.aug [edit]
[-] pg_hba.aug [edit]
[-] inittab.aug [edit]
[-] pgbouncer.aug [edit]
[-] inputrc.aug [edit]
[-] logwatch.aug [edit]
[-] interfaces.aug [edit]
[-] lokkit.aug [edit]
[-] iproute2.aug [edit]
[-] mailscanner_rules.aug [edit]
[-] iptables.aug [edit]
[-] php.aug [edit]
[-] iscsid.aug [edit]
[-] lvm.aug [edit]
[-] util.aug [edit]
[-] openshift_quickstarts.aug [edit]
[-] xinetd.aug [edit]
[-] postfix_main.aug [edit]
[-] xendconfsxp.aug [edit]
[-] postfix_master.aug [edit]
[-] vfstab.aug [edit]
[-] postfix_sasl_smtpd.aug [edit]
[-] vmware_config.aug [edit]
[-] postfix_transport.aug [edit]
[-] xml.aug [edit]
[-] postfix_virtual.aug [edit]
[-] xorg.aug [edit]
[-] postgresql.aug [edit]
[-] xymon.aug [edit]
[-] properties.aug [edit]
[-] xymon_alerting.aug [edit]
[-] protocols.aug [edit]
[-] yum.aug [edit]
[-] puppet_auth.aug [edit]
[-] puppetfile.aug [edit]
[-] vsftpd.aug [edit]
[-] puppetfileserver.aug [edit]
[-] anaconda.aug [edit]
[-] pylonspaste.aug [edit]
[-] pythonpaste.aug [edit]
[-] qpid.aug [edit]
[-] quote.aug [edit]
[-] rabbitmq.aug [edit]
[-] redis.aug [edit]
[-] webmin.aug [edit]
[-] reprepro_uploaders.aug [edit]
[-] resolv.aug [edit]
[-] rhsm.aug [edit]
[-] rmt.aug [edit]
[-] rsyncd.aug [edit]
[-] rsyslog.aug [edit]
[-] rx.aug [edit]
[-] samba.aug [edit]
[-] schroot.aug [edit]
[-] securetty.aug [edit]
[-] sep.aug [edit]
[-] services.aug [edit]
[-] shadow.aug [edit]
[-] shells.aug [edit]
[-] shellvars.aug [edit]
[-] shellvars_list.aug [edit]
[-] simplelines.aug [edit]
[-] simplevars.aug [edit]
[-] sip_conf.aug [edit]
[-] slapd.aug [edit]
[-] slapd_140.aug [edit]
[-] smbusers.aug [edit]
[-] solaris_system.aug [edit]
[-] soma.aug [edit]
[-] spacevars.aug [edit]
[-] splunk.aug [edit]
[-] squid.aug [edit]
[-] ssh.aug [edit]
[-] sshd.aug [edit]
[-] sshd_140.aug [edit]
[-] sssd.aug [edit]
[-] stunnel.aug [edit]
[-] subversion.aug [edit]
[-] sudoers.aug [edit]
[-] sysconfig.aug [edit]
[-] sysconfig_route.aug [edit]
[-] sysctl.aug [edit]
[-] syslog.aug [edit]
[-] systemd.aug [edit]
[-] thttpd.aug [edit]
[-] tuned.aug [edit]
[-] up2date.aug [edit]
[-] updatedb.aug [edit]
[-] wine.aug [edit]