87 lines
2.7 KiB
Diff
87 lines
2.7 KiB
Diff
|
From cd296bf24e7cc56fb8d00bad7e9a56c539894309 Mon Sep 17 00:00:00 2001
|
||
|
From: Sumit Bose <sbose@redhat.com>
|
||
|
Date: Tue, 19 Mar 2019 20:44:36 +0100
|
||
|
Subject: [PATCH 1/2] join: always add service principals
|
||
|
|
||
|
If currently --service-name is given during the join only the service
|
||
|
names given by this option are added as service principal names. As a
|
||
|
result the default 'host' service principal name might be missing which
|
||
|
might cause issues e.g. with SSSD and sshd.
|
||
|
|
||
|
The patch makes sure the default service principals 'host' and
|
||
|
'RestrictedKrbHost' are always added during join.
|
||
|
|
||
|
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
|
||
|
---
|
||
|
library/adenroll.c | 36 ++++++++++++++++++++++++++++++------
|
||
|
1 file changed, 30 insertions(+), 6 deletions(-)
|
||
|
|
||
|
diff --git a/library/adenroll.c b/library/adenroll.c
|
||
|
index 58362c2..d1f746c 100644
|
||
|
--- a/library/adenroll.c
|
||
|
+++ b/library/adenroll.c
|
||
|
@@ -288,16 +288,23 @@ ensure_computer_password (adcli_result res,
|
||
|
}
|
||
|
|
||
|
static adcli_result
|
||
|
-ensure_service_names (adcli_result res,
|
||
|
- adcli_enroll *enroll)
|
||
|
+ensure_default_service_names (adcli_enroll *enroll)
|
||
|
{
|
||
|
int length = 0;
|
||
|
|
||
|
- if (res != ADCLI_SUCCESS)
|
||
|
- return res;
|
||
|
+ if (enroll->service_names != NULL) {
|
||
|
+ length = seq_count (enroll->service_names);
|
||
|
|
||
|
- if (enroll->service_names || enroll->service_principals)
|
||
|
- return ADCLI_SUCCESS;
|
||
|
+ /* Make sure there is no entry with an unexpected case. AD
|
||
|
+ * would not care but since the client side is case-sensitive
|
||
|
+ * we should make sure we use the expected spelling. */
|
||
|
+ seq_remove_unsorted (enroll->service_names,
|
||
|
+ &length, "host",
|
||
|
+ (seq_compar)strcasecmp, free);
|
||
|
+ seq_remove_unsorted (enroll->service_names,
|
||
|
+ &length, "RestrictedKrbHost",
|
||
|
+ (seq_compar)strcasecmp, free);
|
||
|
+ }
|
||
|
|
||
|
/* The default ones specified by MS */
|
||
|
enroll->service_names = _adcli_strv_add (enroll->service_names,
|
||
|
@@ -307,6 +314,19 @@ ensure_service_names (adcli_result res,
|
||
|
return ADCLI_SUCCESS;
|
||
|
}
|
||
|
|
||
|
+static adcli_result
|
||
|
+ensure_service_names (adcli_result res,
|
||
|
+ adcli_enroll *enroll)
|
||
|
+{
|
||
|
+ if (res != ADCLI_SUCCESS)
|
||
|
+ return res;
|
||
|
+
|
||
|
+ if (enroll->service_names || enroll->service_principals)
|
||
|
+ return ADCLI_SUCCESS;
|
||
|
+
|
||
|
+ return ensure_default_service_names (enroll);
|
||
|
+}
|
||
|
+
|
||
|
static adcli_result
|
||
|
add_service_names_to_service_principals (adcli_enroll *enroll)
|
||
|
{
|
||
|
@@ -2039,6 +2059,10 @@ adcli_enroll_join (adcli_enroll *enroll,
|
||
|
if (res != ADCLI_SUCCESS)
|
||
|
return res;
|
||
|
|
||
|
+ res = ensure_default_service_names (enroll);
|
||
|
+ if (res != ADCLI_SUCCESS)
|
||
|
+ return res;
|
||
|
+
|
||
|
res = adcli_enroll_prepare (enroll, flags);
|
||
|
if (res != ADCLI_SUCCESS)
|
||
|
return res;
|
||
|
--
|
||
|
2.20.1
|
||
|
|