7f6164b3c3
- use-ldaps fixes - man page improvements - new sub-command to create managed service accounts
92 lines
3.1 KiB
Diff
92 lines
3.1 KiB
Diff
From 81c98e367ba4bc8d77668acd31e462ad31cf12be Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Tue, 27 Oct 2020 14:47:31 +0100
|
|
Subject: [PATCH 08/10] enroll: make
|
|
adcli_enroll_add_keytab_for_service_account public
|
|
|
|
Determine keytab name more early to catch errors more early.
|
|
|
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
|
|
---
|
|
library/adenroll.c | 13 +++++++------
|
|
library/adenroll.h | 2 ++
|
|
tools/computer.c | 6 ++++++
|
|
3 files changed, 15 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
index 44383cc..05bb085 100644
|
|
--- a/library/adenroll.c
|
|
+++ b/library/adenroll.c
|
|
@@ -2276,9 +2276,10 @@ adcli_enroll_add_description_for_service_account (adcli_enroll *enroll)
|
|
return ADCLI_SUCCESS;
|
|
}
|
|
|
|
-static adcli_result
|
|
+adcli_result
|
|
adcli_enroll_add_keytab_for_service_account (adcli_enroll *enroll)
|
|
{
|
|
+ adcli_result res;
|
|
krb5_context k5;
|
|
krb5_error_code code;
|
|
char def_keytab_name[MAX_KEYTAB_NAME_LEN];
|
|
@@ -2286,11 +2287,14 @@ adcli_enroll_add_keytab_for_service_account (adcli_enroll *enroll)
|
|
int ret;
|
|
|
|
if (adcli_enroll_get_keytab_name (enroll) == NULL) {
|
|
- k5 = adcli_conn_get_krb5_context (enroll->conn);
|
|
- return_unexpected_if_fail (k5 != NULL);
|
|
+ res = _adcli_krb5_init_context (&k5);
|
|
+ if (res != ADCLI_SUCCESS) {
|
|
+ return res;
|
|
+ }
|
|
|
|
code = krb5_kt_default_name (k5, def_keytab_name,
|
|
sizeof (def_keytab_name));
|
|
+ krb5_free_context (k5);
|
|
return_unexpected_if_fail (code == 0);
|
|
|
|
lc_dom_name = strdup (adcli_conn_get_domain_name (enroll->conn));
|
|
@@ -2326,9 +2330,6 @@ adcli_enroll_join (adcli_enroll *enroll,
|
|
|
|
if (enroll->is_service) {
|
|
res = adcli_enroll_add_description_for_service_account (enroll);
|
|
- if (res == ADCLI_SUCCESS) {
|
|
- res = adcli_enroll_add_keytab_for_service_account (enroll);
|
|
- }
|
|
} else {
|
|
res = ensure_default_service_names (enroll);
|
|
}
|
|
diff --git a/library/adenroll.h b/library/adenroll.h
|
|
index 7765ed4..11a30c8 100644
|
|
--- a/library/adenroll.h
|
|
+++ b/library/adenroll.h
|
|
@@ -146,6 +146,8 @@ const char * adcli_enroll_get_keytab_name (adcli_enroll *enroll);
|
|
void adcli_enroll_set_keytab_name (adcli_enroll *enroll,
|
|
const char *value);
|
|
|
|
+adcli_result adcli_enroll_add_keytab_for_service_account (adcli_enroll *enroll);
|
|
+
|
|
krb5_enctype * adcli_enroll_get_keytab_enctypes (adcli_enroll *enroll);
|
|
|
|
void adcli_enroll_set_keytab_enctypes (adcli_enroll *enroll,
|
|
diff --git a/tools/computer.c b/tools/computer.c
|
|
index 63fd374..98a0472 100644
|
|
--- a/tools/computer.c
|
|
+++ b/tools/computer.c
|
|
@@ -1166,6 +1166,12 @@ adcli_tool_computer_managed_service_account (adcli_conn *conn,
|
|
|
|
adcli_enroll_set_is_service (enroll, true);
|
|
adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
|
|
+ res = adcli_enroll_add_keytab_for_service_account (enroll);
|
|
+ if (res != ADCLI_SUCCESS) {
|
|
+ warnx ("Failed to set domain specific keytab name");
|
|
+ adcli_enroll_unref (enroll);
|
|
+ return 2;
|
|
+ }
|
|
|
|
res = adcli_enroll_load (enroll);
|
|
if (res != ADCLI_SUCCESS) {
|
|
--
|
|
2.28.0
|
|
|