Blame SOURCES/0001-join-always-add-service-principals.patch

341f9a
From cd296bf24e7cc56fb8d00bad7e9a56c539894309 Mon Sep 17 00:00:00 2001
341f9a
From: Sumit Bose <sbose@redhat.com>
341f9a
Date: Tue, 19 Mar 2019 20:44:36 +0100
341f9a
Subject: [PATCH 1/2] join: always add service principals
341f9a
341f9a
If currently --service-name is given during the join only the service
341f9a
names given by this option are added as service principal names. As a
341f9a
result the default 'host' service principal name might be missing which
341f9a
might cause issues e.g. with SSSD and sshd.
341f9a
341f9a
The patch makes sure the default service principals 'host' and
341f9a
'RestrictedKrbHost' are always added during join.
341f9a
341f9a
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
341f9a
---
341f9a
 library/adenroll.c | 36 ++++++++++++++++++++++++++++++------
341f9a
 1 file changed, 30 insertions(+), 6 deletions(-)
341f9a
341f9a
diff --git a/library/adenroll.c b/library/adenroll.c
341f9a
index 58362c2..d1f746c 100644
341f9a
--- a/library/adenroll.c
341f9a
+++ b/library/adenroll.c
341f9a
@@ -288,16 +288,23 @@ ensure_computer_password (adcli_result res,
341f9a
 }
341f9a
 
341f9a
 static adcli_result
341f9a
-ensure_service_names (adcli_result res,
341f9a
-                      adcli_enroll *enroll)
341f9a
+ensure_default_service_names (adcli_enroll *enroll)
341f9a
 {
341f9a
 	int length = 0;
341f9a
 
341f9a
-	if (res != ADCLI_SUCCESS)
341f9a
-		return res;
341f9a
+	if (enroll->service_names != NULL) {
341f9a
+		length = seq_count (enroll->service_names);
341f9a
 
341f9a
-	if (enroll->service_names || enroll->service_principals)
341f9a
-		return ADCLI_SUCCESS;
341f9a
+		/* Make sure there is no entry with an unexpected case. AD
341f9a
+		 * would not care but since the client side is case-sensitive
341f9a
+		 * we should make sure we use the expected spelling. */
341f9a
+		seq_remove_unsorted (enroll->service_names,
341f9a
+		                     &length, "host",
341f9a
+		                     (seq_compar)strcasecmp, free);
341f9a
+		seq_remove_unsorted (enroll->service_names,
341f9a
+		                     &length, "RestrictedKrbHost",
341f9a
+		                     (seq_compar)strcasecmp, free);
341f9a
+	}
341f9a
 
341f9a
 	/* The default ones specified by MS */
341f9a
 	enroll->service_names = _adcli_strv_add (enroll->service_names,
341f9a
@@ -307,6 +314,19 @@ ensure_service_names (adcli_result res,
341f9a
 	return ADCLI_SUCCESS;
341f9a
 }
341f9a
 
341f9a
+static adcli_result
341f9a
+ensure_service_names (adcli_result res,
341f9a
+                      adcli_enroll *enroll)
341f9a
+{
341f9a
+	if (res != ADCLI_SUCCESS)
341f9a
+		return res;
341f9a
+
341f9a
+	if (enroll->service_names || enroll->service_principals)
341f9a
+		return ADCLI_SUCCESS;
341f9a
+
341f9a
+	return ensure_default_service_names (enroll);
341f9a
+}
341f9a
+
341f9a
 static adcli_result
341f9a
 add_service_names_to_service_principals (adcli_enroll *enroll)
341f9a
 {
341f9a
@@ -2039,6 +2059,10 @@ adcli_enroll_join (adcli_enroll *enroll,
341f9a
 	if (res != ADCLI_SUCCESS)
341f9a
 		return res;
341f9a
 
341f9a
+	res = ensure_default_service_names (enroll);
341f9a
+	if (res != ADCLI_SUCCESS)
341f9a
+		return res;
341f9a
+
341f9a
 	res = adcli_enroll_prepare (enroll, flags);
341f9a
 	if (res != ADCLI_SUCCESS)
341f9a
 		return res;
341f9a
-- 
341f9a
2.20.1
341f9a