rpms / adcli

Clone
Source Code
GIT

Blame SOURCES/0001-join-always-add-service-principals.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c8-beta el6 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   2e5ed6e680dda23bd2bd0e136bce117697b9bff9
  2.   SOURCES
  3.   0001-join-always-add-service-principals.patch
Blob History Raw
2e5ed6 
From cd296bf24e7cc56fb8d00bad7e9a56c539894309 Mon Sep 17 00:00:00 2001
2e5ed6 
From: Sumit Bose <sbose@redhat.com>
2e5ed6 
Date: Tue, 19 Mar 2019 20:44:36 +0100
2e5ed6 
Subject: [PATCH 1/2] join: always add service principals
2e5ed6
2e5ed6 
If currently --service-name is given during the join only the service
2e5ed6 
names given by this option are added as service principal names. As a
2e5ed6 
result the default 'host' service principal name might be missing which
2e5ed6 
might cause issues e.g. with SSSD and sshd.
2e5ed6
2e5ed6 
The patch makes sure the default service principals 'host' and
2e5ed6 
'RestrictedKrbHost' are always added during join.
2e5ed6
2e5ed6 
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
2e5ed6 
---
2e5ed6 
 library/adenroll.c | 36 ++++++++++++++++++++++++++++++------
2e5ed6 
 1 file changed, 30 insertions(+), 6 deletions(-)
2e5ed6
2e5ed6 
diff --git a/library/adenroll.c b/library/adenroll.c
2e5ed6 
index 58362c2..d1f746c 100644
2e5ed6 
--- a/library/adenroll.c
2e5ed6 
+++ b/library/adenroll.c
2e5ed6 
@@ -288,16 +288,23 @@ ensure_computer_password (adcli_result res,
2e5ed6 
 }
2e5ed6
2e5ed6 
 static adcli_result
2e5ed6 
-ensure_service_names (adcli_result res,
2e5ed6 
-                      adcli_enroll *enroll)
2e5ed6 
+ensure_default_service_names (adcli_enroll *enroll)
2e5ed6 
 {
2e5ed6 
 	int length = 0;
2e5ed6
2e5ed6 
-	if (res != ADCLI_SUCCESS)
2e5ed6 
-		return res;
2e5ed6 
+	if (enroll->service_names != NULL) {
2e5ed6 
+		length = seq_count (enroll->service_names);
2e5ed6
2e5ed6 
-	if (enroll->service_names || enroll->service_principals)
2e5ed6 
-		return ADCLI_SUCCESS;
2e5ed6 
+		/* Make sure there is no entry with an unexpected case. AD
2e5ed6 
+		 * would not care but since the client side is case-sensitive
2e5ed6 
+		 * we should make sure we use the expected spelling. */
2e5ed6 
+		seq_remove_unsorted (enroll->service_names,
2e5ed6 
+		                     &length, "host",
2e5ed6 
+		                     (seq_compar)strcasecmp, free);
2e5ed6 
+		seq_remove_unsorted (enroll->service_names,
2e5ed6 
+		                     &length, "RestrictedKrbHost",
2e5ed6 
+		                     (seq_compar)strcasecmp, free);
2e5ed6 
+	}
2e5ed6
2e5ed6 
 	/* The default ones specified by MS */
2e5ed6 
 	enroll->service_names = _adcli_strv_add (enroll->service_names,
2e5ed6 
@@ -307,6 +314,19 @@ ensure_service_names (adcli_result res,
2e5ed6 
 	return ADCLI_SUCCESS;
2e5ed6 
 }
2e5ed6
2e5ed6 
+static adcli_result
2e5ed6 
+ensure_service_names (adcli_result res,
2e5ed6 
+                      adcli_enroll *enroll)
2e5ed6 
+{
2e5ed6 
+	if (res != ADCLI_SUCCESS)
2e5ed6 
+		return res;
2e5ed6 
+
2e5ed6 
+	if (enroll->service_names || enroll->service_principals)
2e5ed6 
+		return ADCLI_SUCCESS;
2e5ed6 
+
2e5ed6 
+	return ensure_default_service_names (enroll);
2e5ed6 
+}
2e5ed6 
+
2e5ed6 
 static adcli_result
2e5ed6 
 add_service_names_to_service_principals (adcli_enroll *enroll)
2e5ed6 
 {
2e5ed6 
@@ -2039,6 +2059,10 @@ adcli_enroll_join (adcli_enroll *enroll,
2e5ed6 
 	if (res != ADCLI_SUCCESS)
2e5ed6 
 		return res;
2e5ed6
2e5ed6 
+	res = ensure_default_service_names (enroll);
2e5ed6 
+	if (res != ADCLI_SUCCESS)
2e5ed6 
+		return res;
2e5ed6 
+
2e5ed6 
 	res = adcli_enroll_prepare (enroll, flags);
2e5ed6 
 	if (res != ADCLI_SUCCESS)
2e5ed6 
 		return res;
2e5ed6 
--
2e5ed6 
2.20.1
2e5ed6

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation