Blame SOURCES/0004-library-make-sure-server-side-SPNs-are-preserved.patch

48b328
From 972f1a2f35829ed89f5353bd204683aa9ad6a2d2 Mon Sep 17 00:00:00 2001
48b328
From: Sumit Bose <sbose@redhat.com>
48b328
Date: Fri, 22 Mar 2019 10:37:57 +0100
48b328
Subject: [PATCH 4/4] library: make sure server side SPNs are preserved
48b328
48b328
adcli should not delete service principal names (SPNs) unexpectedly. If
48b328
a SPN was added on the server while presetting a host or updating an
48b328
existing entry and upcoming adcli join or update should preserver this
48b328
change.
48b328
48b328
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
48b328
---
48b328
 library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
48b328
 1 file changed, 46 insertions(+)
48b328
48b328
diff --git a/library/adenroll.c b/library/adenroll.c
48b328
index 48cb4cf..1cce86a 100644
48b328
--- a/library/adenroll.c
48b328
+++ b/library/adenroll.c
48b328
@@ -1961,6 +1961,47 @@ adcli_enroll_prepare (adcli_enroll *enroll,
48b328
 	return res;
48b328
 }
48b328
 
48b328
+static adcli_result
48b328
+add_server_side_service_principals (adcli_enroll *enroll)
48b328
+{
48b328
+	char **spn_list;
48b328
+	LDAP *ldap;
48b328
+	size_t c;
48b328
+	int length = 0;
48b328
+	adcli_result res;
48b328
+
48b328
+	ldap = adcli_conn_get_ldap_connection (enroll->conn);
48b328
+	assert (ldap != NULL);
48b328
+
48b328
+	spn_list = _adcli_ldap_parse_values (ldap, enroll->computer_attributes,
48b328
+	                                     "servicePrincipalName");
48b328
+	if (spn_list == NULL) {
48b328
+		return ADCLI_SUCCESS;
48b328
+	}
48b328
+
48b328
+	if (enroll->service_principals != NULL) {
48b328
+		length = seq_count (enroll->service_principals);
48b328
+	}
48b328
+
48b328
+	for (c = 0; spn_list[c] != NULL; c++) {
48b328
+		_adcli_info ("Checking %s", spn_list[c]);
48b328
+		if (!_adcli_strv_has_ex (enroll->service_principals_to_remove, spn_list[c], strcasecmp)) {
48b328
+			enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals,
48b328
+		                                                             spn_list[c], &length, false);
48b328
+			assert (enroll->service_principals != NULL);
48b328
+			_adcli_info ("   Added %s", spn_list[c]);
48b328
+		}
48b328
+	}
48b328
+	_adcli_strv_free (spn_list);
48b328
+
48b328
+	res = ensure_keytab_principals (ADCLI_SUCCESS, enroll);
48b328
+	if (res != ADCLI_SUCCESS) {
48b328
+		return res;
48b328
+	}
48b328
+
48b328
+	return ADCLI_SUCCESS;
48b328
+}
48b328
+
48b328
 static adcli_result
48b328
 enroll_join_or_update_tasks (adcli_enroll *enroll,
48b328
 		             adcli_enroll_flags flags)
48b328
@@ -2019,6 +2060,11 @@ enroll_join_or_update_tasks (adcli_enroll *enroll,
48b328
 	update_and_calculate_enctypes (enroll);
48b328
 	update_computer_account (enroll);
48b328
 
48b328
+	res = add_server_side_service_principals (enroll);
48b328
+	if (res != ADCLI_SUCCESS) {
48b328
+		return res;
48b328
+	}
48b328
+
48b328
 	/* service_names is only set from input on the command line, so no
48b328
 	 * additional check for explicit is needed here */
48b328
 	if (enroll->service_names != NULL) {
48b328
-- 
48b328
2.20.1
48b328