|
 |
8fc58f6 |
From cd296bf24e7cc56fb8d00bad7e9a56c539894309 Mon Sep 17 00:00:00 2001
|
|
|
8fc58f6 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
8fc58f6 |
Date: Tue, 19 Mar 2019 20:44:36 +0100
|
|
|
8fc58f6 |
Subject: [PATCH 1/2] join: always add service principals
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
If currently --service-name is given during the join only the service
|
|
|
8fc58f6 |
names given by this option are added as service principal names. As a
|
|
|
8fc58f6 |
result the default 'host' service principal name might be missing which
|
|
|
8fc58f6 |
might cause issues e.g. with SSSD and sshd.
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
The patch makes sure the default service principals 'host' and
|
|
|
8fc58f6 |
'RestrictedKrbHost' are always added during join.
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
|
|
|
8fc58f6 |
---
|
|
|
8fc58f6 |
library/adenroll.c | 36 ++++++++++++++++++++++++++++++------
|
|
|
8fc58f6 |
1 file changed, 30 insertions(+), 6 deletions(-)
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
|
8fc58f6 |
index 58362c2..d1f746c 100644
|
|
|
8fc58f6 |
--- a/library/adenroll.c
|
|
|
8fc58f6 |
+++ b/library/adenroll.c
|
|
|
8fc58f6 |
@@ -288,16 +288,23 @@ ensure_computer_password (adcli_result res,
|
|
|
8fc58f6 |
}
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
static adcli_result
|
|
|
8fc58f6 |
-ensure_service_names (adcli_result res,
|
|
|
8fc58f6 |
- adcli_enroll *enroll)
|
|
|
8fc58f6 |
+ensure_default_service_names (adcli_enroll *enroll)
|
|
|
8fc58f6 |
{
|
|
|
8fc58f6 |
int length = 0;
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
- if (res != ADCLI_SUCCESS)
|
|
|
8fc58f6 |
- return res;
|
|
|
8fc58f6 |
+ if (enroll->service_names != NULL) {
|
|
|
8fc58f6 |
+ length = seq_count (enroll->service_names);
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
- if (enroll->service_names || enroll->service_principals)
|
|
|
8fc58f6 |
- return ADCLI_SUCCESS;
|
|
|
8fc58f6 |
+ /* Make sure there is no entry with an unexpected case. AD
|
|
|
8fc58f6 |
+ * would not care but since the client side is case-sensitive
|
|
|
8fc58f6 |
+ * we should make sure we use the expected spelling. */
|
|
|
8fc58f6 |
+ seq_remove_unsorted (enroll->service_names,
|
|
|
8fc58f6 |
+ &length, "host",
|
|
|
8fc58f6 |
+ (seq_compar)strcasecmp, free);
|
|
|
8fc58f6 |
+ seq_remove_unsorted (enroll->service_names,
|
|
|
8fc58f6 |
+ &length, "RestrictedKrbHost",
|
|
|
8fc58f6 |
+ (seq_compar)strcasecmp, free);
|
|
|
8fc58f6 |
+ }
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
/* The default ones specified by MS */
|
|
|
8fc58f6 |
enroll->service_names = _adcli_strv_add (enroll->service_names,
|
|
|
8fc58f6 |
@@ -307,6 +314,19 @@ ensure_service_names (adcli_result res,
|
|
|
8fc58f6 |
return ADCLI_SUCCESS;
|
|
|
8fc58f6 |
}
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
+static adcli_result
|
|
|
8fc58f6 |
+ensure_service_names (adcli_result res,
|
|
|
8fc58f6 |
+ adcli_enroll *enroll)
|
|
|
8fc58f6 |
+{
|
|
|
8fc58f6 |
+ if (res != ADCLI_SUCCESS)
|
|
|
8fc58f6 |
+ return res;
|
|
|
8fc58f6 |
+
|
|
|
8fc58f6 |
+ if (enroll->service_names || enroll->service_principals)
|
|
|
8fc58f6 |
+ return ADCLI_SUCCESS;
|
|
|
8fc58f6 |
+
|
|
|
8fc58f6 |
+ return ensure_default_service_names (enroll);
|
|
|
8fc58f6 |
+}
|
|
|
8fc58f6 |
+
|
|
|
8fc58f6 |
static adcli_result
|
|
|
8fc58f6 |
add_service_names_to_service_principals (adcli_enroll *enroll)
|
|
|
8fc58f6 |
{
|
|
|
8fc58f6 |
@@ -2039,6 +2059,10 @@ adcli_enroll_join (adcli_enroll *enroll,
|
|
|
8fc58f6 |
if (res != ADCLI_SUCCESS)
|
|
|
8fc58f6 |
return res;
|
|
|
8fc58f6 |
|
|
|
8fc58f6 |
+ res = ensure_default_service_names (enroll);
|
|
|
8fc58f6 |
+ if (res != ADCLI_SUCCESS)
|
|
|
8fc58f6 |
+ return res;
|
|
|
8fc58f6 |
+
|
|
|
8fc58f6 |
res = adcli_enroll_prepare (enroll, flags);
|
|
|
8fc58f6 |
if (res != ADCLI_SUCCESS)
|
|
|
8fc58f6 |
return res;
|
|
|
8fc58f6 |
--
|
|
|
8fc58f6 |
2.20.1
|
|
|
8fc58f6 |
|