diff options
| author | Sumit Bose <sbose@redhat.com> | 2019-03-22 10:37:57 +0100 |
|---|---|---|
| committer | Sumit Bose <sbose@redhat.com> | 2019-03-22 11:50:02 +0100 |
| commit | 972f1a2f35829ed89f5353bd204683aa9ad6a2d2 (patch) | |
| tree | 7954bef11adc3345d8b2d6699e4705d7cd13cc10 /library | |
| parent | 10a4dbb5978b6f05cf75f820d97da908e735ace8 (diff) | |
library: make sure server side SPNs are preserved
adcli should not delete service principal names (SPNs) unexpectedly. If
a SPN was added on the server while presetting a host or updating an
existing entry and upcoming adcli join or update should preserver this
change.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1630187
Diffstat (limited to 'library')
| -rw-r--r-- | library/adenroll.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/library/adenroll.c b/library/adenroll.c index 48cb4cf..1cce86a 100644 --- a/library/adenroll.c +++ b/library/adenroll.c @@ -1962,6 +1962,47 @@ adcli_enroll_prepare (adcli_enroll *enroll, } static adcli_result +add_server_side_service_principals (adcli_enroll *enroll) +{ + char **spn_list; + LDAP *ldap; + size_t c; + int length = 0; + adcli_result res; + + ldap = adcli_conn_get_ldap_connection (enroll->conn); + assert (ldap != NULL); + + spn_list = _adcli_ldap_parse_values (ldap, enroll->computer_attributes, + "servicePrincipalName"); + if (spn_list == NULL) { + return ADCLI_SUCCESS; + } + + if (enroll->service_principals != NULL) { + length = seq_count (enroll->service_principals); + } + + for (c = 0; spn_list[c] != NULL; c++) { + _adcli_info ("Checking %s", spn_list[c]); + if (!_adcli_strv_has_ex (enroll->service_principals_to_remove, spn_list[c], strcasecmp)) { + enroll->service_principals = _adcli_strv_add_unique (enroll->service_principals, + spn_list[c], &length, false); + assert (enroll->service_principals != NULL); + _adcli_info (" Added %s", spn_list[c]); + } + } + _adcli_strv_free (spn_list); + + res = ensure_keytab_principals (ADCLI_SUCCESS, enroll); + if (res != ADCLI_SUCCESS) { + return res; + } + + return ADCLI_SUCCESS; +} + +static adcli_result enroll_join_or_update_tasks (adcli_enroll *enroll, adcli_enroll_flags flags) { @@ -2019,6 +2060,11 @@ enroll_join_or_update_tasks (adcli_enroll *enroll, update_and_calculate_enctypes (enroll); update_computer_account (enroll); + res = add_server_side_service_principals (enroll); + if (res != ADCLI_SUCCESS) { + return res; + } + /* service_names is only set from input on the command line, so no * additional check for explicit is needed here */ if (enroll->service_names != NULL) { |