|
 |
cd9052 |
From ae247ae2ad87858741d64341633cd4e74f72e873 Mon Sep 17 00:00:00 2001
|
|
|
cd9052 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
cd9052 |
Date: Fri, 30 Oct 2020 13:28:52 +0100
|
|
|
cd9052 |
Subject: [PATCH 3/6] service: add ldaps support when using adcli
|
|
|
cd9052 |
|
|
|
cd9052 |
Call adcli with the --use-ldaps option if the realmd service is
|
|
|
cd9052 |
requested to do so.
|
|
|
cd9052 |
|
|
|
cd9052 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1826964
|
|
|
cd9052 |
---
|
|
|
cd9052 |
service/realm-adcli-enroll.c | 10 ++++++++++
|
|
|
cd9052 |
service/realm-adcli-enroll.h | 2 ++
|
|
|
cd9052 |
service/realm-samba.c | 11 +++++++++--
|
|
|
cd9052 |
service/realm-sssd-ad.c | 27 ++++++++++++++++++++++++++-
|
|
|
cd9052 |
4 files changed, 47 insertions(+), 3 deletions(-)
|
|
|
cd9052 |
|
|
|
cd9052 |
diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
|
|
|
cd9052 |
index 05947fa..2731283 100644
|
|
|
cd9052 |
--- a/service/realm-adcli-enroll.c
|
|
|
cd9052 |
+++ b/service/realm-adcli-enroll.c
|
|
|
cd9052 |
@@ -68,6 +68,7 @@ void
|
|
|
cd9052 |
realm_adcli_enroll_join_async (RealmDisco *disco,
|
|
|
cd9052 |
RealmCredential *cred,
|
|
|
cd9052 |
GVariant *options,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
gpointer user_data)
|
|
|
cd9052 |
@@ -102,6 +103,10 @@ realm_adcli_enroll_join_async (RealmDisco *disco,
|
|
|
cd9052 |
g_ptr_array_add (args, "--domain-realm");
|
|
|
cd9052 |
g_ptr_array_add (args, (gpointer)disco->kerberos_realm);
|
|
|
cd9052 |
|
|
|
cd9052 |
+ if (use_ldaps) {
|
|
|
cd9052 |
+ g_ptr_array_add (args, "--use-ldaps");
|
|
|
cd9052 |
+ }
|
|
|
cd9052 |
+
|
|
|
cd9052 |
if (G_IS_INET_SOCKET_ADDRESS (disco->server_address)) {
|
|
|
cd9052 |
address = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (disco->server_address));
|
|
|
cd9052 |
server_arg = g_inet_address_to_string (address);
|
|
|
cd9052 |
@@ -218,6 +223,7 @@ void
|
|
|
cd9052 |
realm_adcli_enroll_delete_async (RealmDisco *disco,
|
|
|
cd9052 |
RealmCredential *cred,
|
|
|
cd9052 |
GVariant *options,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
gpointer user_data)
|
|
|
cd9052 |
@@ -246,6 +252,10 @@ realm_adcli_enroll_delete_async (RealmDisco *disco,
|
|
|
cd9052 |
g_ptr_array_add (args, "--domain-realm");
|
|
|
cd9052 |
g_ptr_array_add (args, (gpointer)disco->kerberos_realm);
|
|
|
cd9052 |
|
|
|
cd9052 |
+ if (use_ldaps) {
|
|
|
cd9052 |
+ g_ptr_array_add (args, "--use-ldaps");
|
|
|
cd9052 |
+ }
|
|
|
cd9052 |
+
|
|
|
cd9052 |
if (G_IS_INET_SOCKET_ADDRESS (disco->server_address)) {
|
|
|
cd9052 |
address = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (disco->server_address));
|
|
|
cd9052 |
server_arg = g_inet_address_to_string (address);
|
|
|
cd9052 |
diff --git a/service/realm-adcli-enroll.h b/service/realm-adcli-enroll.h
|
|
|
cd9052 |
index 855b2f7..3f535d0 100644
|
|
|
cd9052 |
--- a/service/realm-adcli-enroll.h
|
|
|
cd9052 |
+++ b/service/realm-adcli-enroll.h
|
|
|
cd9052 |
@@ -29,6 +29,7 @@ G_BEGIN_DECLS
|
|
|
cd9052 |
void realm_adcli_enroll_join_async (RealmDisco *disco,
|
|
|
cd9052 |
RealmCredential *cred,
|
|
|
cd9052 |
GVariant *options,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
gpointer user_data);
|
|
|
cd9052 |
@@ -39,6 +40,7 @@ gboolean realm_adcli_enroll_join_finish (GAsyncResult *result,
|
|
|
cd9052 |
void realm_adcli_enroll_delete_async (RealmDisco *disco,
|
|
|
cd9052 |
RealmCredential *cred,
|
|
|
cd9052 |
GVariant *options,
|
|
|
cd9052 |
+ gboolean use_ldaps,
|
|
|
cd9052 |
GDBusMethodInvocation *invocation,
|
|
|
cd9052 |
GAsyncReadyCallback callback,
|
|
|
cd9052 |
gpointer user_data);
|
|
|
cd9052 |
diff --git a/service/realm-samba.c b/service/realm-samba.c
|
|
|
cd9052 |
index e7b80a0..7aa5416 100644
|
|
|
cd9052 |
--- a/service/realm-samba.c
|
|
|
cd9052 |
+++ b/service/realm-samba.c
|
|
|
cd9052 |
@@ -257,7 +257,8 @@ on_install_do_join (GObject *source,
|
|
|
cd9052 |
}
|
|
|
cd9052 |
|
|
|
cd9052 |
static gboolean
|
|
|
cd9052 |
-validate_membership_options (GVariant *options,
|
|
|
cd9052 |
+validate_membership_options (EnrollClosure *enroll,
|
|
|
cd9052 |
+ GVariant *options,
|
|
|
cd9052 |
GError **error)
|
|
|
cd9052 |
{
|
|
|
cd9052 |
const gchar *software;
|
|
|
cd9052 |
@@ -271,6 +272,12 @@ validate_membership_options (GVariant *options,
|
|
|
cd9052 |
}
|
|
|
cd9052 |
}
|
|
|
cd9052 |
|
|
|
cd9052 |
+ if (realm_option_use_ldaps (options)) {
|
|
|
cd9052 |
+ realm_diagnostics_info (enroll->invocation,
|
|
|
cd9052 |
+ "Membership software %s does "
|
|
|
cd9052 |
+ "not support ldaps, trying without.",
|
|
|
cd9052 |
+ software);
|
|
|
cd9052 |
+ }
|
|
|
cd9052 |
return TRUE;
|
|
|
cd9052 |
}
|
|
|
cd9052 |
|
|
|
cd9052 |
@@ -303,7 +310,7 @@ realm_samba_join_async (RealmKerberosMembership *membership,
|
|
|
cd9052 |
g_task_return_new_error (task, REALM_ERROR, REALM_ERROR_ALREADY_CONFIGURED,
|
|
|
cd9052 |
_("Already joined to a domain"));
|
|
|
cd9052 |
|
|
|
cd9052 |
- } else if (!validate_membership_options (options, &error)) {
|
|
|
cd9052 |
+ } else if (!validate_membership_options (enroll, options, &error)) {
|
|
|
cd9052 |
g_task_return_error (task, error);
|
|
|
cd9052 |
|
|
|
cd9052 |
} else {
|
|
|
cd9052 |
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
|
|
|
cd9052 |
index 6b2f9f8..00a9093 100644
|
|
|
cd9052 |
--- a/service/realm-sssd-ad.c
|
|
|
cd9052 |
+++ b/service/realm-sssd-ad.c
|
|
|
cd9052 |
@@ -98,6 +98,7 @@ typedef struct {
|
|
|
cd9052 |
GVariant *options;
|
|
|
cd9052 |
RealmDisco *disco;
|
|
|
cd9052 |
gboolean use_adcli;
|
|
|
cd9052 |
+ gboolean use_ldaps;
|
|
|
cd9052 |
const gchar **packages;
|
|
|
cd9052 |
} JoinClosure;
|
|
|
cd9052 |
|
|
|
cd9052 |
@@ -294,6 +295,7 @@ on_install_do_join (GObject *source,
|
|
|
cd9052 |
realm_adcli_enroll_join_async (join->disco,
|
|
|
cd9052 |
join->cred,
|
|
|
cd9052 |
join->options,
|
|
|
cd9052 |
+ join->use_ldaps,
|
|
|
cd9052 |
join->invocation,
|
|
|
cd9052 |
on_join_do_sssd,
|
|
|
cd9052 |
g_object_ref (task));
|
|
|
cd9052 |
@@ -347,6 +349,19 @@ parse_join_options (JoinClosure *join,
|
|
|
cd9052 |
return FALSE;
|
|
|
cd9052 |
}
|
|
|
cd9052 |
|
|
|
cd9052 |
+ /*
|
|
|
cd9052 |
+ * Check if ldaps should be used and if membership software supports
|
|
|
cd9052 |
+ * it.
|
|
|
cd9052 |
+ */
|
|
|
cd9052 |
+ join->use_ldaps = realm_option_use_ldaps (options);
|
|
|
cd9052 |
+ if (join->use_ldaps &&
|
|
|
cd9052 |
+ g_str_equal (software, REALM_DBUS_IDENTIFIER_SAMBA)) {
|
|
|
cd9052 |
+ realm_diagnostics_info (join->invocation,
|
|
|
cd9052 |
+ "Membership software %s does "
|
|
|
cd9052 |
+ "not support ldaps, trying "
|
|
|
cd9052 |
+ "without.", software);
|
|
|
cd9052 |
+ }
|
|
|
cd9052 |
+
|
|
|
cd9052 |
/*
|
|
|
cd9052 |
* If we are enrolling with a user password, then we have to use samba,
|
|
|
cd9052 |
* adcli only supports admin passwords.
|
|
|
cd9052 |
@@ -523,6 +538,7 @@ realm_sssd_ad_leave_async (RealmKerberosMembership *membership,
|
|
|
cd9052 |
GTask *task;
|
|
|
cd9052 |
LeaveClosure *leave;
|
|
|
cd9052 |
gchar *tags;
|
|
|
cd9052 |
+ gboolean use_ldaps = FALSE;
|
|
|
cd9052 |
|
|
|
cd9052 |
task = g_task_new (self, NULL, callback, user_data);
|
|
|
cd9052 |
|
|
|
cd9052 |
@@ -551,10 +567,19 @@ realm_sssd_ad_leave_async (RealmKerberosMembership *membership,
|
|
|
cd9052 |
leave->invocation = g_object_ref (invocation);
|
|
|
cd9052 |
leave->use_adcli = strstr (tags ? tags : "", "joined-with-adcli") ? TRUE : FALSE;
|
|
|
cd9052 |
g_task_set_task_data (task, leave, leave_closure_free);
|
|
|
cd9052 |
+
|
|
|
cd9052 |
+ use_ldaps = realm_option_use_ldaps (options);
|
|
|
cd9052 |
if (leave->use_adcli) {
|
|
|
cd9052 |
- realm_adcli_enroll_delete_async (disco, cred, options, invocation,
|
|
|
cd9052 |
+ realm_adcli_enroll_delete_async (disco, cred, options,
|
|
|
cd9052 |
+ use_ldaps, invocation,
|
|
|
cd9052 |
on_leave_do_deconfigure, g_object_ref (task));
|
|
|
cd9052 |
} else {
|
|
|
cd9052 |
+ if (use_ldaps) {
|
|
|
cd9052 |
+ realm_diagnostics_info (leave->invocation,
|
|
|
cd9052 |
+ "Membership software does "
|
|
|
cd9052 |
+ "not support ldaps, trying "
|
|
|
cd9052 |
+ "without.");
|
|
|
cd9052 |
+ }
|
|
|
cd9052 |
realm_samba_enroll_leave_async (disco, cred, options, invocation,
|
|
|
cd9052 |
on_leave_do_deconfigure, g_object_ref (task));
|
|
|
cd9052 |
}
|
|
|
cd9052 |
--
|
|
|
cd9052 |
2.26.2
|
|
|
cd9052 |
|