various other fixes and improvements add option to enable "Trust this computer for delegation" Resolves: rhbz#988349 fix typos in the adcli man page Resolves: rhbz#1440533
		
			
				
	
	
		
			76 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			76 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From c090131e4f912f6f6c4f79eb40fbe500eb31c171 Mon Sep 17 00:00:00 2001
 | |
| From: Sumit Bose <sbose@redhat.com>
 | |
| Date: Tue, 30 Jan 2018 18:24:15 +0100
 | |
| Subject: [PATCH 14/23] tools: store Samba data if requested
 | |
| 
 | |
| Use Samba's net utility to add the machine account password and the
 | |
| domain SID to the Samba configuration.
 | |
| 
 | |
| https://bugs.freedesktop.org/show_bug.cgi?id=100118
 | |
| 
 | |
| Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
 | |
| ---
 | |
|  library/adenroll.c | 39 +++++++++++++++++++++++++++++++++++++++
 | |
|  1 file changed, 39 insertions(+)
 | |
| 
 | |
| diff --git a/library/adenroll.c b/library/adenroll.c
 | |
| index bb970d1..20731cd 100644
 | |
| --- a/library/adenroll.c
 | |
| +++ b/library/adenroll.c
 | |
| @@ -1533,6 +1533,36 @@ update_keytab_for_principals (adcli_enroll *enroll)
 | |
|  	return ADCLI_SUCCESS;
 | |
|  }
 | |
|  
 | |
| +static adcli_result
 | |
| +update_samba_data (adcli_enroll *enroll)
 | |
| +{
 | |
| +	int ret;
 | |
| +	char *argv_pw[] = { "/usr/bin/net", "changesecretpw", "-i", "-f", NULL };
 | |
| +	char *argv_sid[] = { "/usr/bin/net", "setdomainsid", NULL, NULL };
 | |
| +
 | |
| +	_adcli_info ("Trying to set Samba secret.\n");
 | |
| +	ret = _adcli_call_external_program (argv_pw[0], argv_pw,
 | |
| +	                                    enroll->computer_password, NULL, NULL);
 | |
| +	if (ret != ADCLI_SUCCESS) {
 | |
| +		_adcli_err ("Failed to set Samba computer account password.\n");
 | |
| +	}
 | |
| +
 | |
| +	argv_sid[2] = (char *) adcli_conn_get_domain_sid (enroll->conn);
 | |
| +	if (argv_sid[2] == NULL) {
 | |
| +		_adcli_err ("Domain SID not available.\n");
 | |
| +	} else {
 | |
| +		_adcli_info ("Trying to set domain SID %s for Samba.\n",
 | |
| +		             argv_sid[2]);
 | |
| +		ret = _adcli_call_external_program (argv_sid[0], argv_sid,
 | |
| +		                                    NULL, NULL, NULL);
 | |
| +		if (ret != ADCLI_SUCCESS) {
 | |
| +			_adcli_err ("Failed to set Samba domain SID.\n");
 | |
| +		}
 | |
| +	}
 | |
| +
 | |
| +	return ret;
 | |
| +}
 | |
| +
 | |
|  static void
 | |
|  enroll_clear_state (adcli_enroll *enroll)
 | |
|  {
 | |
| @@ -1687,6 +1717,15 @@ enroll_join_or_update_tasks (adcli_enroll *enroll,
 | |
|  	update_computer_account (enroll);
 | |
|  	update_service_principals (enroll);
 | |
|  
 | |
| +	if ( (flags & ADCLI_ENROLL_ADD_SAMBA_DATA) && ! (flags & ADCLI_ENROLL_PASSWORD_VALID)) {
 | |
| +		res = update_samba_data (enroll);
 | |
| +		if (res != ADCLI_SUCCESS) {
 | |
| +			_adcli_info ("Failed to add Samba specific data, smbd "
 | |
| +			             "or winbindd might not work as "
 | |
| +			             "expected.\n");
 | |
| +		}
 | |
| +	}
 | |
| +
 | |
|  	if (flags & ADCLI_ENROLL_NO_KEYTAB)
 | |
|  		return ADCLI_SUCCESS;
 | |
|  
 | |
| -- 
 | |
| 2.14.4
 | |
| 
 |