Compare commits
No commits in common. 'c9' and 'c9-beta' have entirely different histories.
@ -0,0 +1,74 @@
|
||||
From 19923985b69ccd5f2a33a067bfc3ed020889377e Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 13 Jun 2023 18:02:52 +0200
|
||||
Subject: [PATCH 1/3] service: allow multiple names and _srv_ ad_server option
|
||||
|
||||
realmd checks if the 'ad_server' option is set in sssd.conf before
|
||||
calling adcli to remove the host from the AD server. If set the value is
|
||||
used as value for dcli's '--domain-controller' option. But if multiple
|
||||
names are set in sssd.conf this currently fails because the whole string
|
||||
is used.
|
||||
|
||||
With this patch the 'ad_server' option is properly evaluated and only
|
||||
the first domain controller name is used.
|
||||
---
|
||||
service/realm-sssd-ad.c | 36 +++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 35 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
|
||||
index 2817e73..096b6c5 100644
|
||||
--- a/service/realm-sssd-ad.c
|
||||
+++ b/service/realm-sssd-ad.c
|
||||
@@ -649,6 +649,40 @@ realm_sssd_ad_generic_finish (RealmKerberosMembership *realm,
|
||||
return g_task_propagate_boolean (G_TASK (result), error);
|
||||
}
|
||||
|
||||
+static gchar *get_ad_server_from_config (RealmKerberos *realm)
|
||||
+{
|
||||
+ RealmSssd *sssd = REALM_SSSD (realm);
|
||||
+ RealmIniConfig *config;
|
||||
+ const gchar *section;
|
||||
+ gchar **servers;
|
||||
+ gchar *tmp;
|
||||
+ size_t c;
|
||||
+ gchar *value = NULL;
|
||||
+
|
||||
+ config = realm_sssd_get_config (sssd);
|
||||
+ section = realm_sssd_get_config_section (sssd);
|
||||
+
|
||||
+ if (section == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ servers = realm_ini_config_get_list (config, section, "ad_server", ",");
|
||||
+ /* Only use the first server defined given in 'ad_server' and ignore
|
||||
+ * '_srv_'. */
|
||||
+ if (servers != NULL) {
|
||||
+ for (c = 0; servers[c] != NULL; c++) {
|
||||
+ tmp = g_strstrip (servers[c]);
|
||||
+ if (strcasecmp ("_srv_", tmp) != 0) {
|
||||
+ value = g_strdup (tmp);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ g_strfreev (servers);
|
||||
+ }
|
||||
+
|
||||
+ return value;
|
||||
+}
|
||||
+
|
||||
static void
|
||||
realm_sssd_ad_discover_myself (RealmKerberos *realm,
|
||||
RealmDisco *disco)
|
||||
@@ -665,7 +699,7 @@ realm_sssd_ad_discover_myself (RealmKerberos *realm,
|
||||
if (section == NULL)
|
||||
return;
|
||||
|
||||
- value = realm_ini_config_get (config, section, "ad_server");
|
||||
+ value = get_ad_server_from_config (realm);
|
||||
g_free (disco->explicit_server);
|
||||
disco->explicit_server = value;
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
@ -0,0 +1,69 @@
|
||||
From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 10 Jan 2024 09:18:20 +0100
|
||||
Subject: [PATCH] tools: fix ccache handling for leave operation
|
||||
|
||||
krb5_cc_initialize() must be called before anything can be written into
|
||||
a ccache.
|
||||
|
||||
While checking the available credential types the order/preference was
|
||||
not respected.
|
||||
|
||||
Resolves: https://issues.redhat.com/browse/SSSD-6420
|
||||
---
|
||||
tools/realm-client.c | 25 ++++++++++++++++---------
|
||||
1 file changed, 16 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/tools/realm-client.c b/tools/realm-client.c
|
||||
index c386e64..06420ea 100644
|
||||
--- a/tools/realm-client.c
|
||||
+++ b/tools/realm-client.c
|
||||
@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported,
|
||||
GVariantIter iter;
|
||||
const gchar *type;
|
||||
const gchar *owner;
|
||||
-
|
||||
- g_variant_iter_init (&iter, supported);
|
||||
- while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
||||
- if (g_strcmp0 (credential_type_1, type) == 0 ||
|
||||
- g_strcmp0 (credential_type_2, type) == 0) {
|
||||
- *ret_owner = owner;
|
||||
- return type;
|
||||
+ const gchar *list[] = {credential_type_1, credential_type_2, NULL};
|
||||
+ size_t c;
|
||||
+
|
||||
+ for (c = 0; list[c] != NULL; c++) {
|
||||
+ g_variant_iter_init (&iter, supported);
|
||||
+ while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
|
||||
+ if (g_strcmp0 (list[c], type) == 0) {
|
||||
+ *ret_owner = owner;
|
||||
+ return type;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5,
|
||||
memset (&mcred, 0, sizeof (mcred));
|
||||
mcred.client = principal;
|
||||
mcred.server = server;
|
||||
- mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND;
|
||||
- mcred.times.endtime = mcred.times.starttime;
|
||||
|
||||
code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES,
|
||||
&mcred, &creds);
|
||||
@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
+ code = krb5_cc_initialize (krb5, ccache, creds.client);
|
||||
+ if (code != 0) {
|
||||
+ g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
code = krb5_cc_store_cred (krb5, ccache, &creds);
|
||||
krb5_free_cred_contents (krb5, &creds);
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
@ -0,0 +1,88 @@
|
||||
From d691c679c1531b3eb457c494141bafdc4e0bc692 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 1 Dec 2023 12:14:06 +0100
|
||||
Subject: [PATCH 2/3] service: fix error message when removing host from AD
|
||||
|
||||
If there is an error while trying to remove the host from AD with the
|
||||
help of adcli the error message talks about "joining" which might be
|
||||
irritating when figuring out the reason for the failure. This patch
|
||||
adds a better message when leaving the domain.
|
||||
---
|
||||
service/realm-adcli-enroll.c | 34 +++++++++++++++++++++++++++-------
|
||||
1 file changed, 27 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
|
||||
index e0d752b..c913987 100644
|
||||
--- a/service/realm-adcli-enroll.c
|
||||
+++ b/service/realm-adcli-enroll.c
|
||||
@@ -25,9 +25,10 @@
|
||||
#include "realm-settings.h"
|
||||
|
||||
static void
|
||||
-on_join_process (GObject *source,
|
||||
- GAsyncResult *result,
|
||||
- gpointer user_data)
|
||||
+on_join_leave_process (GObject *source,
|
||||
+ GAsyncResult *result,
|
||||
+ gpointer user_data,
|
||||
+ gboolean is_join)
|
||||
{
|
||||
GTask *task = G_TASK (user_data);
|
||||
GError *error = NULL;
|
||||
@@ -39,15 +40,18 @@ on_join_process (GObject *source,
|
||||
switch (status) {
|
||||
case 2: /* ADCLI_ERR_UNEXPECTED */
|
||||
g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
|
||||
- "Internal unexpected error joining the domain");
|
||||
+ is_join ? "Internal unexpected error joining the domain"
|
||||
+ : "Internal unexpected error removing host from the domain");
|
||||
break;
|
||||
case 6: /* ADCLI_ERR_CREDENTIALS */
|
||||
g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED,
|
||||
- "Insufficient permissions to join the domain");
|
||||
+ is_join ? "Insufficient permissions to join the domain"
|
||||
+ : "Insufficient permissions to remove the host from the domain");
|
||||
break;
|
||||
default:
|
||||
g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED,
|
||||
- "Failed to join the domain");
|
||||
+ is_join ? "Failed to join the domain"
|
||||
+ : "Failed to remove the host from the domain");
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -64,6 +68,22 @@ on_join_process (GObject *source,
|
||||
g_object_unref (task);
|
||||
}
|
||||
|
||||
+static void
|
||||
+on_join_process (GObject *source,
|
||||
+ GAsyncResult *result,
|
||||
+ gpointer user_data)
|
||||
+{
|
||||
+ on_join_leave_process (source, result, user_data, TRUE);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+on_leave_process (GObject *source,
|
||||
+ GAsyncResult *result,
|
||||
+ gpointer user_data)
|
||||
+{
|
||||
+ on_join_leave_process (source, result, user_data, FALSE);
|
||||
+}
|
||||
+
|
||||
void
|
||||
realm_adcli_enroll_join_async (RealmDisco *disco,
|
||||
RealmCredential *cred,
|
||||
@@ -290,7 +310,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco,
|
||||
g_ptr_array_add (args, NULL);
|
||||
|
||||
realm_command_runv_async ((gchar **)args->pdata, environ, input,
|
||||
- invocation, on_join_process,
|
||||
+ invocation, on_leave_process,
|
||||
g_object_ref (task));
|
||||
|
||||
g_ptr_array_free (args, TRUE);
|
||||
--
|
||||
2.43.0
|
||||
|
@ -0,0 +1,26 @@
|
||||
From 56aedbceec3e6ff0d6142a16ca0c343c523b6d7a Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 1 Dec 2023 13:07:10 +0100
|
||||
Subject: [PATCH 3/3] doc: fix reference in realmd.conf man page
|
||||
|
||||
---
|
||||
doc/manual/realmd.conf.xml | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
|
||||
index 72b706c..ad17639 100644
|
||||
--- a/doc/manual/realmd.conf.xml
|
||||
+++ b/doc/manual/realmd.conf.xml
|
||||
@@ -110,7 +110,8 @@ default-client = sssd
|
||||
</para>
|
||||
|
||||
<para>Some callers of <command>realmd</command> such as the
|
||||
- <link linkend="realm"><command>realm</command></link>
|
||||
+ <citerefentry><refentrytitle>realm</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry>
|
||||
command line tool allow specifying which client software should
|
||||
be used. Others, such as GNOME Control Center, simplify choose
|
||||
the default.</para>
|
||||
--
|
||||
2.43.0
|
||||
|
Loading…
Reference in new issue