|
 |
7f6164b |
From 2a695dfe09cafeee3a648d3b969c364f8d3f494f Mon Sep 17 00:00:00 2001
|
|
|
7f6164b |
From: Sumit Bose <sbose@redhat.com>
|
|
|
7f6164b |
Date: Tue, 27 Oct 2020 14:49:55 +0100
|
|
|
7f6164b |
Subject: [PATCH 09/10] enroll: allow fqdn for locate_computer_account
|
|
|
7f6164b |
|
|
|
7f6164b |
Make it possible to find existing manages service account by the
|
|
|
7f6164b |
fully-qualified name.
|
|
|
7f6164b |
|
|
|
7f6164b |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
|
|
|
7f6164b |
---
|
|
|
7f6164b |
library/adenroll.c | 45 +++++++++++++++++++++++++++++++--------------
|
|
|
7f6164b |
1 file changed, 31 insertions(+), 14 deletions(-)
|
|
|
7f6164b |
|
|
|
7f6164b |
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
|
7f6164b |
index 05bb085..98cd5fa 100644
|
|
|
7f6164b |
--- a/library/adenroll.c
|
|
|
7f6164b |
+++ b/library/adenroll.c
|
|
|
7f6164b |
@@ -990,10 +990,11 @@ delete_computer_account (adcli_enroll *enroll,
|
|
|
7f6164b |
static adcli_result
|
|
|
7f6164b |
locate_computer_account (adcli_enroll *enroll,
|
|
|
7f6164b |
LDAP *ldap,
|
|
|
7f6164b |
+ bool use_fqdn,
|
|
|
7f6164b |
LDAPMessage **rresults,
|
|
|
7f6164b |
LDAPMessage **rentry)
|
|
|
7f6164b |
{
|
|
|
7f6164b |
- char *attrs[] = { "objectClass", NULL };
|
|
|
7f6164b |
+ char *attrs[] = { "objectClass", "CN", NULL };
|
|
|
7f6164b |
LDAPMessage *results = NULL;
|
|
|
7f6164b |
LDAPMessage *entry = NULL;
|
|
|
7f6164b |
const char *base;
|
|
|
7f6164b |
@@ -1003,12 +1004,22 @@ locate_computer_account (adcli_enroll *enroll,
|
|
|
7f6164b |
int ret = 0;
|
|
|
7f6164b |
|
|
|
7f6164b |
/* If we don't yet know our computer dn, then try and find it */
|
|
|
7f6164b |
- value = _adcli_ldap_escape_filter (enroll->computer_sam);
|
|
|
7f6164b |
- return_unexpected_if_fail (value != NULL);
|
|
|
7f6164b |
- if (asprintf (&filter, "(&(objectClass=%s)(sAMAccountName=%s))",
|
|
|
7f6164b |
- enroll->is_service ? "msDS-ManagedServiceAccount" : "computer",
|
|
|
7f6164b |
- value) < 0)
|
|
|
7f6164b |
- return_unexpected_if_reached ();
|
|
|
7f6164b |
+ if (use_fqdn) {
|
|
|
7f6164b |
+ return_unexpected_if_fail (enroll->host_fqdn != NULL);
|
|
|
7f6164b |
+ value = _adcli_ldap_escape_filter (enroll->host_fqdn);
|
|
|
7f6164b |
+ return_unexpected_if_fail (value != NULL);
|
|
|
7f6164b |
+ if (asprintf (&filter, "(&(objectClass=%s)(dNSHostName=%s))",
|
|
|
7f6164b |
+ enroll->is_service ? "msDS-ManagedServiceAccount" : "computer",
|
|
|
7f6164b |
+ value) < 0)
|
|
|
7f6164b |
+ return_unexpected_if_reached ();
|
|
|
7f6164b |
+ } else {
|
|
|
7f6164b |
+ value = _adcli_ldap_escape_filter (enroll->computer_sam);
|
|
|
7f6164b |
+ return_unexpected_if_fail (value != NULL);
|
|
|
7f6164b |
+ if (asprintf (&filter, "(&(objectClass=%s)(sAMAccountName=%s))",
|
|
|
7f6164b |
+ enroll->is_service ? "msDS-ManagedServiceAccount" : "computer",
|
|
|
7f6164b |
+ value) < 0)
|
|
|
7f6164b |
+ return_unexpected_if_reached ();
|
|
|
7f6164b |
+ }
|
|
|
7f6164b |
free (value);
|
|
|
7f6164b |
|
|
|
7f6164b |
base = adcli_conn_get_default_naming_context (enroll->conn);
|
|
|
7f6164b |
@@ -1031,21 +1042,26 @@ locate_computer_account (adcli_enroll *enroll,
|
|
|
7f6164b |
enroll->computer_dn = strdup (dn);
|
|
|
7f6164b |
return_unexpected_if_fail (enroll->computer_dn != NULL);
|
|
|
7f6164b |
_adcli_info ("Found %s account for %s at: %s",
|
|
|
7f6164b |
- s_or_c (enroll), enroll->computer_sam, dn);
|
|
|
7f6164b |
+ s_or_c (enroll),
|
|
|
7f6164b |
+ use_fqdn ? enroll->host_fqdn
|
|
|
7f6164b |
+ : enroll->computer_sam, dn);
|
|
|
7f6164b |
ldap_memfree (dn);
|
|
|
7f6164b |
|
|
|
7f6164b |
} else {
|
|
|
7f6164b |
ldap_msgfree (results);
|
|
|
7f6164b |
results = NULL;
|
|
|
7f6164b |
_adcli_info ("A %s account for %s does not exist",
|
|
|
7f6164b |
- s_or_c (enroll), enroll->computer_sam);
|
|
|
7f6164b |
+ s_or_c (enroll),
|
|
|
7f6164b |
+ use_fqdn ? enroll->host_fqdn
|
|
|
7f6164b |
+ : enroll->computer_sam);
|
|
|
7f6164b |
}
|
|
|
7f6164b |
|
|
|
7f6164b |
} else {
|
|
|
7f6164b |
return _adcli_ldap_handle_failure (ldap, ADCLI_ERR_DIRECTORY,
|
|
|
7f6164b |
"Couldn't lookup %s account: %s",
|
|
|
7f6164b |
s_or_c (enroll),
|
|
|
7f6164b |
- enroll->computer_sam);
|
|
|
7f6164b |
+ use_fqdn ? enroll->host_fqdn
|
|
|
7f6164b |
+ :enroll->computer_sam);
|
|
|
7f6164b |
}
|
|
|
7f6164b |
|
|
|
7f6164b |
if (rresults)
|
|
|
7f6164b |
@@ -1120,7 +1136,8 @@ locate_or_create_computer_account (adcli_enroll *enroll,
|
|
|
7f6164b |
|
|
|
7f6164b |
/* Try to find the computer account */
|
|
|
7f6164b |
if (!enroll->computer_dn) {
|
|
|
7f6164b |
- res = locate_computer_account (enroll, ldap, &results, &entry);
|
|
|
7f6164b |
+ res = locate_computer_account (enroll, ldap, false,
|
|
|
7f6164b |
+ &results, &entry);
|
|
|
7f6164b |
if (res != ADCLI_SUCCESS)
|
|
|
7f6164b |
return res;
|
|
|
7f6164b |
searched = 1;
|
|
|
7f6164b |
@@ -2395,7 +2412,7 @@ adcli_enroll_read_computer_account (adcli_enroll *enroll,
|
|
|
7f6164b |
|
|
|
7f6164b |
/* Find the computer dn */
|
|
|
7f6164b |
if (!enroll->computer_dn) {
|
|
|
7f6164b |
- res = locate_computer_account (enroll, ldap, NULL, NULL);
|
|
|
7f6164b |
+ res = locate_computer_account (enroll, ldap, false, NULL, NULL);
|
|
|
7f6164b |
if (res != ADCLI_SUCCESS)
|
|
|
7f6164b |
return res;
|
|
|
7f6164b |
if (!enroll->computer_dn) {
|
|
|
7f6164b |
@@ -2508,7 +2525,7 @@ adcli_enroll_delete (adcli_enroll *enroll,
|
|
|
7f6164b |
|
|
|
7f6164b |
/* Find the computer dn */
|
|
|
7f6164b |
if (!enroll->computer_dn) {
|
|
|
7f6164b |
- res = locate_computer_account (enroll, ldap, NULL, NULL);
|
|
|
7f6164b |
+ res = locate_computer_account (enroll, ldap, false, NULL, NULL);
|
|
|
7f6164b |
if (res != ADCLI_SUCCESS)
|
|
|
7f6164b |
return res;
|
|
|
7f6164b |
if (!enroll->computer_dn) {
|
|
|
7f6164b |
@@ -2552,7 +2569,7 @@ adcli_enroll_password (adcli_enroll *enroll,
|
|
|
7f6164b |
|
|
|
7f6164b |
/* Find the computer dn */
|
|
|
7f6164b |
if (!enroll->computer_dn) {
|
|
|
7f6164b |
- res = locate_computer_account (enroll, ldap, NULL, NULL);
|
|
|
7f6164b |
+ res = locate_computer_account (enroll, ldap, false, NULL, NULL);
|
|
|
7f6164b |
if (res != ADCLI_SUCCESS)
|
|
|
7f6164b |
return res;
|
|
|
7f6164b |
if (!enroll->computer_dn) {
|
|
|
7f6164b |
--
|
|
|
7f6164b |
2.28.0
|
|
|
7f6164b |
|