|
 |
776d17 |
From 4d46d295458286e4a268f37ea900e58177ac903c Mon Sep 17 00:00:00 2001
|
|
|
776d17 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
776d17 |
Date: Tue, 30 Jan 2018 18:24:15 +0100
|
|
|
776d17 |
Subject: [PATCH 8/9] tools: store Samba data if requested
|
|
|
776d17 |
|
|
|
776d17 |
Use Samba's net utility to add the machine account password and the
|
|
|
776d17 |
domain SID to the Samba configuration.
|
|
|
776d17 |
|
|
|
776d17 |
https://bugs.freedesktop.org/show_bug.cgi?id=100118
|
|
|
776d17 |
|
|
|
776d17 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
776d17 |
---
|
|
|
776d17 |
library/adenroll.c | 39 +++++++++++++++++++++++++++++++++++++++
|
|
|
776d17 |
1 file changed, 39 insertions(+)
|
|
|
776d17 |
|
|
|
776d17 |
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
|
776d17 |
index 40c3920..6b1aae5 100644
|
|
|
776d17 |
--- a/library/adenroll.c
|
|
|
776d17 |
+++ b/library/adenroll.c
|
|
|
776d17 |
@@ -1533,6 +1533,36 @@ update_keytab_for_principals (adcli_enroll *enroll)
|
|
|
776d17 |
return ADCLI_SUCCESS;
|
|
|
776d17 |
}
|
|
|
776d17 |
|
|
|
776d17 |
+static adcli_result
|
|
|
776d17 |
+update_samba_data (adcli_enroll *enroll)
|
|
|
776d17 |
+{
|
|
|
776d17 |
+ int ret;
|
|
|
776d17 |
+ char *argv_pw[] = { "/usr/bin/net", "changesecretpw", "-i", "-f", NULL };
|
|
|
776d17 |
+ char *argv_sid[] = { "/usr/bin/net", "setdomainsid", NULL, NULL };
|
|
|
776d17 |
+
|
|
|
776d17 |
+ _adcli_info ("Trying to set Samba secret.\n");
|
|
|
776d17 |
+ ret = _adcli_call_external_program (argv_pw[0], argv_pw,
|
|
|
776d17 |
+ enroll->computer_password, NULL, NULL);
|
|
|
776d17 |
+ if (ret != ADCLI_SUCCESS) {
|
|
|
776d17 |
+ _adcli_err ("Failed to set Samba computer account password.\n");
|
|
|
776d17 |
+ }
|
|
|
776d17 |
+
|
|
|
776d17 |
+ argv_sid[2] = (char *) adcli_conn_get_domain_sid (enroll->conn);
|
|
|
776d17 |
+ if (argv_sid[2] == NULL) {
|
|
|
776d17 |
+ _adcli_err ("Domain SID not available.\n");
|
|
|
776d17 |
+ } else {
|
|
|
776d17 |
+ _adcli_info ("Trying to set domain SID %s for Samba.\n",
|
|
|
776d17 |
+ argv_sid[2]);
|
|
|
776d17 |
+ ret = _adcli_call_external_program (argv_sid[0], argv_sid,
|
|
|
776d17 |
+ NULL, NULL, NULL);
|
|
|
776d17 |
+ if (ret != ADCLI_SUCCESS) {
|
|
|
776d17 |
+ _adcli_err ("Failed to set Samba domain SID.\n");
|
|
|
776d17 |
+ }
|
|
|
776d17 |
+ }
|
|
|
776d17 |
+
|
|
|
776d17 |
+ return ret;
|
|
|
776d17 |
+}
|
|
|
776d17 |
+
|
|
|
776d17 |
static void
|
|
|
776d17 |
enroll_clear_state (adcli_enroll *enroll)
|
|
|
776d17 |
{
|
|
|
776d17 |
@@ -1687,6 +1717,15 @@ enroll_join_or_update_tasks (adcli_enroll *enroll,
|
|
|
776d17 |
update_computer_account (enroll);
|
|
|
776d17 |
update_service_principals (enroll);
|
|
|
776d17 |
|
|
|
776d17 |
+ if ( (flags & ADCLI_ENROLL_ADD_SAMBA_DATA) && ! (flags & ADCLI_ENROLL_PASSWORD_VALID)) {
|
|
|
776d17 |
+ res = update_samba_data (enroll);
|
|
|
776d17 |
+ if (res != ADCLI_SUCCESS) {
|
|
|
776d17 |
+ _adcli_info ("Failed to add Samba specific data, smbd "
|
|
|
776d17 |
+ "or winbindd might not work as "
|
|
|
776d17 |
+ "expected.\n");
|
|
|
776d17 |
+ }
|
|
|
776d17 |
+ }
|
|
|
776d17 |
+
|
|
|
776d17 |
if (flags & ADCLI_ENROLL_NO_KEYTAB)
|
|
|
776d17 |
return ADCLI_SUCCESS;
|
|
|
776d17 |
|
|
|
776d17 |
--
|
|
|
776d17 |
2.14.4
|
|
|
776d17 |
|