|
|
48b328 |
From 972f1a2f35829ed89f5353bd204683aa9ad6a2d2 Mon Sep 17 00:00:00 2001
|
|
|
48b328 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
48b328 |
Date: Fri, 22 Mar 2019 10:37:57 +0100
|
|
|
48b328 |
Subject: [PATCH 4/4] library: make sure server side SPNs are preserved
|
|
|
48b328 |
|
|
|
48b328 |
adcli should not delete service principal names (SPNs) unexpectedly. If
|
|
|
48b328 |
a SPN was added on the server while presetting a host or updating an
|
|
|
48b328 |
existing entry and upcoming adcli join or update should preserver this
|
|
|
48b328 |
change.
|
|
|
48b328 |
|
|
|
48b328 |
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
|
|
|
48b328 |
---
|
|
|
48b328 |
library/adenroll.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
48b328 |
1 file changed, 46 insertions(+)
|
|
|
48b328 |
|
|
|
48b328 |
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
|
48b328 |
index 48cb4cf..1cce86a 100644
|
|
|
48b328 |
--- a/library/adenroll.c
|
|
|
48b328 |
+++ b/library/adenroll.c
|
|
|
48b328 |
@@ -1961,6 +1961,47 @@ adcli_enroll_prepare (adcli_enroll *enroll,
|
|
|
48b328 |
return res;
|
|
|
48b328 |
}
|
|
|
48b328 |
|
|
|
48b328 |
+static adcli_result
|
|
|
48b328 |
+add_server_side_service_principals (adcli_enroll *enroll)
|
|
|
48b328 |
+{
|
|
|
48b328 |
+ char **spn_list;
|
|
|
48b328 |
+ LDAP *ldap;
|
|
|
48b328 |
+ size_t c;
|
|
|
48b328 |
+ int length = 0;
|
|
|
48b328 |
+ adcli_result res;
|
|
|
48b328 |
+
|
|
|
48b328 |
+ ldap = adcli_conn_get_ldap_connection (enroll->conn);
|
|
|
48b328 |
+ assert (ldap != NULL);
|
|
|
48b328 |
+
|
|
|
48b328 |
+ spn_list = _adcli_ldap_parse_values (ldap, enroll->computer_attributes,
|
|
|
48b328 |
+ "servicePrincipalName");
|
|
|
48b328 |
+ if (spn_list == NULL) {
|
|
|
48b328 |
+ return ADCLI_SUCCESS;
|
|
|
48b328 |
+ }
|
|
|
48b328 |
+
|
|
|
48b328 |
+ if (enroll->service_principals != NULL) {
|
|
|
48b328 |
+ length = seq_count (enroll->service_principals);
|
|
|
48b328 |
+ }
|
|
|
48b328 |
+
|
|
|
48b328 |
+ for (c = 0; spn_list[c] != NULL; c++) {
|
|
|
48b328 |
+ _adcli_info ("Checking %s", spn_list[c]);
|
|
|
48b328 |
+ if (!_adcli_strv_has_ex (enroll->service_principals_to_remove, spn_list[c], strcasecmp)) {
|
|
|
48b328 |
+ enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals,
|
|
|
48b328 |
+ spn_list[c], &length, false);
|
|
|
48b328 |
+ assert (enroll->service_principals != NULL);
|
|
|
48b328 |
+ _adcli_info (" Added %s", spn_list[c]);
|
|
|
48b328 |
+ }
|
|
|
48b328 |
+ }
|
|
|
48b328 |
+ _adcli_strv_free (spn_list);
|
|
|
48b328 |
+
|
|
|
48b328 |
+ res = ensure_keytab_principals (ADCLI_SUCCESS, enroll);
|
|
|
48b328 |
+ if (res != ADCLI_SUCCESS) {
|
|
|
48b328 |
+ return res;
|
|
|
48b328 |
+ }
|
|
|
48b328 |
+
|
|
|
48b328 |
+ return ADCLI_SUCCESS;
|
|
|
48b328 |
+}
|
|
|
48b328 |
+
|
|
|
48b328 |
static adcli_result
|
|
|
48b328 |
enroll_join_or_update_tasks (adcli_enroll *enroll,
|
|
|
48b328 |
adcli_enroll_flags flags)
|
|
|
48b328 |
@@ -2019,6 +2060,11 @@ enroll_join_or_update_tasks (adcli_enroll *enroll,
|
|
|
48b328 |
update_and_calculate_enctypes (enroll);
|
|
|
48b328 |
update_computer_account (enroll);
|
|
|
48b328 |
|
|
|
48b328 |
+ res = add_server_side_service_principals (enroll);
|
|
|
48b328 |
+ if (res != ADCLI_SUCCESS) {
|
|
|
48b328 |
+ return res;
|
|
|
48b328 |
+ }
|
|
|
48b328 |
+
|
|
|
48b328 |
/* service_names is only set from input on the command line, so no
|
|
|
48b328 |
* additional check for explicit is needed here */
|
|
|
48b328 |
if (enroll->service_names != NULL) {
|
|
|
48b328 |
--
|
|
|
48b328 |
2.20.1
|
|
|
48b328 |
|