|
 |
541bac |
From 2a695dfe09cafeee3a648d3b969c364f8d3f494f Mon Sep 17 00:00:00 2001
|
|
|
541bac |
From: Sumit Bose <sbose@redhat.com>
|
|
|
541bac |
Date: Tue, 27 Oct 2020 14:49:55 +0100
|
|
|
541bac |
Subject: [PATCH 6/7] enroll: allow fqdn for locate_computer_account
|
|
|
541bac |
|
|
|
541bac |
Make it possible to find existing manages service account by the
|
|
|
541bac |
fully-qualified name.
|
|
|
541bac |
|
|
|
541bac |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1854112
|
|
|
541bac |
---
|
|
|
541bac |
library/adenroll.c | 45 +++++++++++++++++++++++++++++++--------------
|
|
|
541bac |
1 file changed, 31 insertions(+), 14 deletions(-)
|
|
|
541bac |
|
|
|
541bac |
diff --git a/library/adenroll.c b/library/adenroll.c
|
|
|
541bac |
index 05bb085..98cd5fa 100644
|
|
|
541bac |
--- a/library/adenroll.c
|
|
|
541bac |
+++ b/library/adenroll.c
|
|
|
541bac |
@@ -990,10 +990,11 @@ delete_computer_account (adcli_enroll *enroll,
|
|
|
541bac |
static adcli_result
|
|
|
541bac |
locate_computer_account (adcli_enroll *enroll,
|
|
|
541bac |
LDAP *ldap,
|
|
|
541bac |
+ bool use_fqdn,
|
|
|
541bac |
LDAPMessage **rresults,
|
|
|
541bac |
LDAPMessage **rentry)
|
|
|
541bac |
{
|
|
|
541bac |
- char *attrs[] = { "objectClass", NULL };
|
|
|
541bac |
+ char *attrs[] = { "objectClass", "CN", NULL };
|
|
|
541bac |
LDAPMessage *results = NULL;
|
|
|
541bac |
LDAPMessage *entry = NULL;
|
|
|
541bac |
const char *base;
|
|
|
541bac |
@@ -1003,12 +1004,22 @@ locate_computer_account (adcli_enroll *enroll,
|
|
|
541bac |
int ret = 0;
|
|
|
541bac |
|
|
|
541bac |
/* If we don't yet know our computer dn, then try and find it */
|
|
|
541bac |
- value = _adcli_ldap_escape_filter (enroll->computer_sam);
|
|
|
541bac |
- return_unexpected_if_fail (value != NULL);
|
|
|
541bac |
- if (asprintf (&filter, "(&(objectClass=%s)(sAMAccountName=%s))",
|
|
|
541bac |
- enroll->is_service ? "msDS-ManagedServiceAccount" : "computer",
|
|
|
541bac |
- value) < 0)
|
|
|
541bac |
- return_unexpected_if_reached ();
|
|
|
541bac |
+ if (use_fqdn) {
|
|
|
541bac |
+ return_unexpected_if_fail (enroll->host_fqdn != NULL);
|
|
|
541bac |
+ value = _adcli_ldap_escape_filter (enroll->host_fqdn);
|
|
|
541bac |
+ return_unexpected_if_fail (value != NULL);
|
|
|
541bac |
+ if (asprintf (&filter, "(&(objectClass=%s)(dNSHostName=%s))",
|
|
|
541bac |
+ enroll->is_service ? "msDS-ManagedServiceAccount" : "computer",
|
|
|
541bac |
+ value) < 0)
|
|
|
541bac |
+ return_unexpected_if_reached ();
|
|
|
541bac |
+ } else {
|
|
|
541bac |
+ value = _adcli_ldap_escape_filter (enroll->computer_sam);
|
|
|
541bac |
+ return_unexpected_if_fail (value != NULL);
|
|
|
541bac |
+ if (asprintf (&filter, "(&(objectClass=%s)(sAMAccountName=%s))",
|
|
|
541bac |
+ enroll->is_service ? "msDS-ManagedServiceAccount" : "computer",
|
|
|
541bac |
+ value) < 0)
|
|
|
541bac |
+ return_unexpected_if_reached ();
|
|
|
541bac |
+ }
|
|
|
541bac |
free (value);
|
|
|
541bac |
|
|
|
541bac |
base = adcli_conn_get_default_naming_context (enroll->conn);
|
|
|
541bac |
@@ -1031,21 +1042,26 @@ locate_computer_account (adcli_enroll *enroll,
|
|
|
541bac |
enroll->computer_dn = strdup (dn);
|
|
|
541bac |
return_unexpected_if_fail (enroll->computer_dn != NULL);
|
|
|
541bac |
_adcli_info ("Found %s account for %s at: %s",
|
|
|
541bac |
- s_or_c (enroll), enroll->computer_sam, dn);
|
|
|
541bac |
+ s_or_c (enroll),
|
|
|
541bac |
+ use_fqdn ? enroll->host_fqdn
|
|
|
541bac |
+ : enroll->computer_sam, dn);
|
|
|
541bac |
ldap_memfree (dn);
|
|
|
541bac |
|
|
|
541bac |
} else {
|
|
|
541bac |
ldap_msgfree (results);
|
|
|
541bac |
results = NULL;
|
|
|
541bac |
_adcli_info ("A %s account for %s does not exist",
|
|
|
541bac |
- s_or_c (enroll), enroll->computer_sam);
|
|
|
541bac |
+ s_or_c (enroll),
|
|
|
541bac |
+ use_fqdn ? enroll->host_fqdn
|
|
|
541bac |
+ : enroll->computer_sam);
|
|
|
541bac |
}
|
|
|
541bac |
|
|
|
541bac |
} else {
|
|
|
541bac |
return _adcli_ldap_handle_failure (ldap, ADCLI_ERR_DIRECTORY,
|
|
|
541bac |
"Couldn't lookup %s account: %s",
|
|
|
541bac |
s_or_c (enroll),
|
|
|
541bac |
- enroll->computer_sam);
|
|
|
541bac |
+ use_fqdn ? enroll->host_fqdn
|
|
|
541bac |
+ :enroll->computer_sam);
|
|
|
541bac |
}
|
|
|
541bac |
|
|
|
541bac |
if (rresults)
|
|
|
541bac |
@@ -1120,7 +1136,8 @@ locate_or_create_computer_account (adcli_enroll *enroll,
|
|
|
541bac |
|
|
|
541bac |
/* Try to find the computer account */
|
|
|
541bac |
if (!enroll->computer_dn) {
|
|
|
541bac |
- res = locate_computer_account (enroll, ldap, &results, &entry);
|
|
|
541bac |
+ res = locate_computer_account (enroll, ldap, false,
|
|
|
541bac |
+ &results, &entry);
|
|
|
541bac |
if (res != ADCLI_SUCCESS)
|
|
|
541bac |
return res;
|
|
|
541bac |
searched = 1;
|
|
|
541bac |
@@ -2395,7 +2412,7 @@ adcli_enroll_read_computer_account (adcli_enroll *enroll,
|
|
|
541bac |
|
|
|
541bac |
/* Find the computer dn */
|
|
|
541bac |
if (!enroll->computer_dn) {
|
|
|
541bac |
- res = locate_computer_account (enroll, ldap, NULL, NULL);
|
|
|
541bac |
+ res = locate_computer_account (enroll, ldap, false, NULL, NULL);
|
|
|
541bac |
if (res != ADCLI_SUCCESS)
|
|
|
541bac |
return res;
|
|
|
541bac |
if (!enroll->computer_dn) {
|
|
|
541bac |
@@ -2508,7 +2525,7 @@ adcli_enroll_delete (adcli_enroll *enroll,
|
|
|
541bac |
|
|
|
541bac |
/* Find the computer dn */
|
|
|
541bac |
if (!enroll->computer_dn) {
|
|
|
541bac |
- res = locate_computer_account (enroll, ldap, NULL, NULL);
|
|
|
541bac |
+ res = locate_computer_account (enroll, ldap, false, NULL, NULL);
|
|
|
541bac |
if (res != ADCLI_SUCCESS)
|
|
|
541bac |
return res;
|
|
|
541bac |
if (!enroll->computer_dn) {
|
|
|
541bac |
@@ -2552,7 +2569,7 @@ adcli_enroll_password (adcli_enroll *enroll,
|
|
|
541bac |
|
|
|
541bac |
/* Find the computer dn */
|
|
|
541bac |
if (!enroll->computer_dn) {
|
|
|
541bac |
- res = locate_computer_account (enroll, ldap, NULL, NULL);
|
|
|
541bac |
+ res = locate_computer_account (enroll, ldap, false, NULL, NULL);
|
|
|
541bac |
if (res != ADCLI_SUCCESS)
|
|
|
541bac |
return res;
|
|
|
541bac |
if (!enroll->computer_dn) {
|
|
|
541bac |
--
|
|
|
541bac |
2.28.0
|
|
|
541bac |
|