7f6164b
From 81c98e367ba4bc8d77668acd31e462ad31cf12be Mon Sep 17 00:00:00 2001
7f6164b
From: Sumit Bose <sbose@redhat.com>
7f6164b
Date: Tue, 27 Oct 2020 14:47:31 +0100
7f6164b
Subject: [PATCH 08/10] enroll: make
7f6164b
 adcli_enroll_add_keytab_for_service_account public
7f6164b
7f6164b
Determine keytab name more early to catch errors more early.
7f6164b
7f6164b
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
7f6164b
---
7f6164b
 library/adenroll.c | 13 +++++++------
7f6164b
 library/adenroll.h |  2 ++
7f6164b
 tools/computer.c   |  6 ++++++
7f6164b
 3 files changed, 15 insertions(+), 6 deletions(-)
7f6164b
7f6164b
diff --git a/library/adenroll.c b/library/adenroll.c
7f6164b
index 44383cc..05bb085 100644
7f6164b
--- a/library/adenroll.c
7f6164b
+++ b/library/adenroll.c
7f6164b
@@ -2276,9 +2276,10 @@ adcli_enroll_add_description_for_service_account (adcli_enroll *enroll)
7f6164b
 	return ADCLI_SUCCESS;
7f6164b
 }
7f6164b
 
7f6164b
-static adcli_result
7f6164b
+adcli_result
7f6164b
 adcli_enroll_add_keytab_for_service_account (adcli_enroll *enroll)
7f6164b
 {
7f6164b
+	adcli_result res;
7f6164b
 	krb5_context k5;
7f6164b
 	krb5_error_code code;
7f6164b
 	char def_keytab_name[MAX_KEYTAB_NAME_LEN];
7f6164b
@@ -2286,11 +2287,14 @@ adcli_enroll_add_keytab_for_service_account (adcli_enroll *enroll)
7f6164b
 	int ret;
7f6164b
 
7f6164b
 	if (adcli_enroll_get_keytab_name (enroll) == NULL) {
7f6164b
-		k5 = adcli_conn_get_krb5_context (enroll->conn);
7f6164b
-		return_unexpected_if_fail (k5 != NULL);
7f6164b
+		res = _adcli_krb5_init_context (&k5;;
7f6164b
+		if (res != ADCLI_SUCCESS) {
7f6164b
+			return res;
7f6164b
+		}
7f6164b
 
7f6164b
 		code = krb5_kt_default_name (k5, def_keytab_name,
7f6164b
 		                             sizeof (def_keytab_name));
7f6164b
+		krb5_free_context (k5);
7f6164b
 		return_unexpected_if_fail (code == 0);
7f6164b
 
7f6164b
 		lc_dom_name = strdup (adcli_conn_get_domain_name (enroll->conn));
7f6164b
@@ -2326,9 +2330,6 @@ adcli_enroll_join (adcli_enroll *enroll,
7f6164b
 
7f6164b
 	if (enroll->is_service) {
7f6164b
 		res = adcli_enroll_add_description_for_service_account (enroll);
7f6164b
-		if (res == ADCLI_SUCCESS) {
7f6164b
-			res = adcli_enroll_add_keytab_for_service_account (enroll);
7f6164b
-		}
7f6164b
 	} else {
7f6164b
 		res = ensure_default_service_names (enroll);
7f6164b
 	}
7f6164b
diff --git a/library/adenroll.h b/library/adenroll.h
7f6164b
index 7765ed4..11a30c8 100644
7f6164b
--- a/library/adenroll.h
7f6164b
+++ b/library/adenroll.h
7f6164b
@@ -146,6 +146,8 @@ const char *       adcli_enroll_get_keytab_name         (adcli_enroll *enroll);
7f6164b
 void               adcli_enroll_set_keytab_name         (adcli_enroll *enroll,
7f6164b
                                                          const char *value);
7f6164b
 
7f6164b
+adcli_result       adcli_enroll_add_keytab_for_service_account (adcli_enroll *enroll);
7f6164b
+
7f6164b
 krb5_enctype *     adcli_enroll_get_keytab_enctypes     (adcli_enroll *enroll);
7f6164b
 
7f6164b
 void               adcli_enroll_set_keytab_enctypes     (adcli_enroll *enroll,
7f6164b
diff --git a/tools/computer.c b/tools/computer.c
7f6164b
index 63fd374..98a0472 100644
7f6164b
--- a/tools/computer.c
7f6164b
+++ b/tools/computer.c
7f6164b
@@ -1166,6 +1166,12 @@ adcli_tool_computer_managed_service_account (adcli_conn *conn,
7f6164b
 
7f6164b
 	adcli_enroll_set_is_service (enroll, true);
7f6164b
 	adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
7f6164b
+	res = adcli_enroll_add_keytab_for_service_account (enroll);
7f6164b
+	if (res != ADCLI_SUCCESS) {
7f6164b
+		warnx ("Failed to set domain specific keytab name");
7f6164b
+		adcli_enroll_unref (enroll);
7f6164b
+		return 2;
7f6164b
+	}
7f6164b
 
7f6164b
 	res = adcli_enroll_load (enroll);
7f6164b
 	if (res != ADCLI_SUCCESS) {
7f6164b
-- 
7f6164b
2.28.0
7f6164b