Blame SOURCES/0001-join-always-add-service-principals.patch

ee8dc1
From cd296bf24e7cc56fb8d00bad7e9a56c539894309 Mon Sep 17 00:00:00 2001
ee8dc1
From: Sumit Bose <sbose@redhat.com>
ee8dc1
Date: Tue, 19 Mar 2019 20:44:36 +0100
ee8dc1
Subject: [PATCH 1/2] join: always add service principals
ee8dc1
ee8dc1
If currently --service-name is given during the join only the service
ee8dc1
names given by this option are added as service principal names. As a
ee8dc1
result the default 'host' service principal name might be missing which
ee8dc1
might cause issues e.g. with SSSD and sshd.
ee8dc1
ee8dc1
The patch makes sure the default service principals 'host' and
ee8dc1
'RestrictedKrbHost' are always added during join.
ee8dc1
ee8dc1
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1644311
ee8dc1
---
ee8dc1
 library/adenroll.c | 36 ++++++++++++++++++++++++++++++------
ee8dc1
 1 file changed, 30 insertions(+), 6 deletions(-)
ee8dc1
ee8dc1
diff --git a/library/adenroll.c b/library/adenroll.c
ee8dc1
index 58362c2..d1f746c 100644
ee8dc1
--- a/library/adenroll.c
ee8dc1
+++ b/library/adenroll.c
ee8dc1
@@ -288,16 +288,23 @@ ensure_computer_password (adcli_result res,
ee8dc1
 }
ee8dc1
 
ee8dc1
 static adcli_result
ee8dc1
-ensure_service_names (adcli_result res,
ee8dc1
-                      adcli_enroll *enroll)
ee8dc1
+ensure_default_service_names (adcli_enroll *enroll)
ee8dc1
 {
ee8dc1
 	int length = 0;
ee8dc1
 
ee8dc1
-	if (res != ADCLI_SUCCESS)
ee8dc1
-		return res;
ee8dc1
+	if (enroll->service_names != NULL) {
ee8dc1
+		length = seq_count (enroll->service_names);
ee8dc1
 
ee8dc1
-	if (enroll->service_names || enroll->service_principals)
ee8dc1
-		return ADCLI_SUCCESS;
ee8dc1
+		/* Make sure there is no entry with an unexpected case. AD
ee8dc1
+		 * would not care but since the client side is case-sensitive
ee8dc1
+		 * we should make sure we use the expected spelling. */
ee8dc1
+		seq_remove_unsorted (enroll->service_names,
ee8dc1
+		                     &length, "host",
ee8dc1
+		                     (seq_compar)strcasecmp, free);
ee8dc1
+		seq_remove_unsorted (enroll->service_names,
ee8dc1
+		                     &length, "RestrictedKrbHost",
ee8dc1
+		                     (seq_compar)strcasecmp, free);
ee8dc1
+	}
ee8dc1
 
ee8dc1
 	/* The default ones specified by MS */
ee8dc1
 	enroll->service_names = _adcli_strv_add (enroll->service_names,
ee8dc1
@@ -307,6 +314,19 @@ ensure_service_names (adcli_result res,
ee8dc1
 	return ADCLI_SUCCESS;
ee8dc1
 }
ee8dc1
 
ee8dc1
+static adcli_result
ee8dc1
+ensure_service_names (adcli_result res,
ee8dc1
+                      adcli_enroll *enroll)
ee8dc1
+{
ee8dc1
+	if (res != ADCLI_SUCCESS)
ee8dc1
+		return res;
ee8dc1
+
ee8dc1
+	if (enroll->service_names || enroll->service_principals)
ee8dc1
+		return ADCLI_SUCCESS;
ee8dc1
+
ee8dc1
+	return ensure_default_service_names (enroll);
ee8dc1
+}
ee8dc1
+
ee8dc1
 static adcli_result
ee8dc1
 add_service_names_to_service_principals (adcli_enroll *enroll)
ee8dc1
 {
ee8dc1
@@ -2039,6 +2059,10 @@ adcli_enroll_join (adcli_enroll *enroll,
ee8dc1
 	if (res != ADCLI_SUCCESS)
ee8dc1
 		return res;
ee8dc1
 
ee8dc1
+	res = ensure_default_service_names (enroll);
ee8dc1
+	if (res != ADCLI_SUCCESS)
ee8dc1
+		return res;
ee8dc1
+
ee8dc1
 	res = adcli_enroll_prepare (enroll, flags);
ee8dc1
 	if (res != ADCLI_SUCCESS)
ee8dc1
 		return res;
ee8dc1
-- 
ee8dc1
2.20.1
ee8dc1