From d9d30fa38f90cf0cfc87a30bc866b5162539700f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 25 Apr 2013 11:04:39 +0200 Subject: [PATCH] Enable usage of explicit servers when joining domains * Use of explicit host names when joining domains is now possible * If done, configures sssd/winbind to use only that server * Use discovery information correctly in various locations rather than making assumptions https://bugs.freedesktop.org/show_bug.cgi?id=63907 --- service/realm-adcli-enroll.c | 37 ++++++++------------ service/realm-adcli-enroll.h | 4 +-- service/realm-kerberos.c | 4 +++ service/realm-samba-enroll.c | 78 +++++++++++++++++++----------------------- service/realm-samba-enroll.h | 6 ++-- service/realm-samba.c | 46 +++++++++++-------------- service/realm-sssd-ad.c | 80 ++++++++++++++------------------------------ service/realm-sssd-ipa.c | 15 +++++++-- 8 files changed, 114 insertions(+), 156 deletions(-) diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c index 760bab9..ce7a75e 100644 --- a/service/realm-adcli-enroll.c +++ b/service/realm-adcli-enroll.c @@ -31,7 +31,6 @@ on_join_process (GObject *source, { EggTask *task = EGG_TASK (user_data); GError *error = NULL; - RealmIniConfig *config; GString *output = NULL; gint status; @@ -53,11 +52,8 @@ on_join_process (GObject *source, } } - /* Because of --print-details, we can parse the output */ if (error == NULL) { - config = realm_ini_config_new (REALM_INI_NONE); - realm_ini_config_read_string (config, output->str); - egg_task_return_pointer (task, config, g_object_unref); + egg_task_return_boolean (task, TRUE); } else { egg_task_return_error (task, error); @@ -69,7 +65,7 @@ on_join_process (GObject *source, } void -realm_adcli_enroll_join_async (const gchar *realm, +realm_adcli_enroll_join_async (RealmDisco *disco, RealmCredential *cred, GVariant *options, GDBusMethodInvocation *invocation, @@ -87,7 +83,7 @@ realm_adcli_enroll_join_async (const gchar *realm, gchar *upn_arg = NULL; g_return_if_fail (cred != NULL); - g_return_if_fail (realm != NULL); + g_return_if_fail (disco != NULL); g_return_if_fail (invocation != NULL); task = egg_task_new (NULL, NULL, callback, user_data); @@ -97,11 +93,17 @@ realm_adcli_enroll_join_async (const gchar *realm, g_ptr_array_add (args, (gpointer)realm_settings_path ("adcli")); g_ptr_array_add (args, "join"); g_ptr_array_add (args, "--verbose"); - g_ptr_array_add (args, "--show-details"); g_ptr_array_add (args, "--domain"); - g_ptr_array_add (args, (gpointer)realm); + g_ptr_array_add (args, (gpointer)disco->domain_name); + g_ptr_array_add (args, "--domain-realm"); + g_ptr_array_add (args, (gpointer)disco->kerberos_realm); - computer_ou = realm_options_computer_ou (options, realm); + if (disco->explicit_server) { + g_ptr_array_add (args, "--domain-controller"); + g_ptr_array_add (args, (gpointer)disco->explicit_server); + } + + computer_ou = realm_options_computer_ou (options, disco->domain_name); if (computer_ou) { g_ptr_array_add (args, "--computer-ou"); g_ptr_array_add (args, (gpointer)computer_ou); @@ -146,7 +148,7 @@ realm_adcli_enroll_join_async (const gchar *realm, break; } - upn = realm_options_user_principal (options, realm); + upn = realm_options_user_principal (options, disco->domain_name); if (upn) { if (g_str_equal (upn, "")) { g_ptr_array_add (args, "--user-principal"); @@ -174,19 +176,8 @@ realm_adcli_enroll_join_async (const gchar *realm, gboolean realm_adcli_enroll_join_finish (GAsyncResult *result, - gchar **workgroup, GError **error) { - RealmIniConfig *config; - g_return_val_if_fail (egg_task_is_valid (result, NULL), FALSE); - - config = egg_task_propagate_pointer (EGG_TASK (result), error); - if (config) { - *workgroup = realm_ini_config_get (config, "domain", "domain-short"); - g_object_unref (config); - return TRUE; - } - - return FALSE; + return egg_task_propagate_boolean (EGG_TASK (result), error); } diff --git a/service/realm-adcli-enroll.h b/service/realm-adcli-enroll.h index 2e2dcff..07398fe 100644 --- a/service/realm-adcli-enroll.h +++ b/service/realm-adcli-enroll.h @@ -18,6 +18,7 @@ #define __REALM_ADCLI_ENROLL_H__ #include "realm-credential.h" +#include "realm-disco.h" #include @@ -25,7 +26,7 @@ G_BEGIN_DECLS -void realm_adcli_enroll_join_async (const gchar *realm, +void realm_adcli_enroll_join_async (RealmDisco *disco, RealmCredential *cred, GVariant *options, GDBusMethodInvocation *invocation, @@ -33,7 +34,6 @@ void realm_adcli_enroll_join_async (const gchar *realm, gpointer user_data); gboolean realm_adcli_enroll_join_finish (GAsyncResult *result, - gchar **workgroup, GError **error); G_END_DECLS diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c index 5a0eeec..55320dc 100644 --- a/service/realm-kerberos.c +++ b/service/realm-kerberos.c @@ -669,6 +669,10 @@ RealmDisco * realm_kerberos_get_disco (RealmKerberos *self) { g_return_val_if_fail (REALM_IS_KERBEROS (self), NULL); + if (!self->pv->disco) { + self->pv->disco = realm_disco_new (realm_kerberos_get_name (self)); + self->pv->disco->kerberos_realm = g_strdup (realm_kerberos_get_realm_name (self)); + } return self->pv->disco; } diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c index c6c48dc..8d981e4 100644 --- a/service/realm-samba-enroll.c +++ b/service/realm-samba-enroll.c @@ -37,8 +37,8 @@ typedef struct { GDBusMethodInvocation *invocation; - gchar *join_args[5]; - gchar *realm; + gchar *join_args[8]; + RealmDisco *disco; gchar *user_name; GBytes *password_input; RealmIniConfig *config; @@ -56,7 +56,7 @@ join_closure_free (gpointer data) g_free (join->user_name); for (i = 0; i < G_N_ELEMENTS (join->join_args); i++) g_free (join->join_args[i]); - g_free (join->realm); + realm_disco_unref (join->disco); g_free (join->envvar); g_clear_object (&join->invocation); g_clear_object (&join->config); @@ -83,7 +83,6 @@ fallback_workgroup (const gchar *realm) static JoinClosure * join_closure_init (EggTask *task, - const gchar *realm, RealmDisco *disco, GDBusMethodInvocation *invocation) { @@ -93,7 +92,7 @@ join_closure_init (EggTask *task, int temp_fd; join = g_slice_new0 (JoinClosure); - join->realm = g_strdup (realm); + join->disco = disco ? realm_disco_ref (disco) : NULL; join->invocation = invocation ? g_object_ref (invocation) : NULL; egg_task_set_task_data (task, join, join_closure_free); @@ -101,7 +100,7 @@ join_closure_init (EggTask *task, realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL, "security", "ads", "kerberos method", "system keytab", - "realm", disco && disco->kerberos_realm ? disco->kerberos_realm : join->realm, + "realm", disco->kerberos_realm, NULL); /* @@ -115,7 +114,7 @@ join_closure_init (EggTask *task, "workgroup", disco->workgroup, NULL); } else { - workgroup = fallback_workgroup (realm); + workgroup = fallback_workgroup (disco->domain_name); realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL, "workgroup", workgroup, NULL); if (disco) @@ -170,6 +169,11 @@ begin_net_process (JoinClosure *join, g_ptr_array_add (args, join->custom_smb_conf); } + if (join->disco->explicit_server) { + g_ptr_array_add (args, "-S"); + g_ptr_array_add (args, join->disco->explicit_server); + } + va_start (va, user_data); do { arg = va_arg (va, gchar *); @@ -242,7 +246,7 @@ on_join_do_keytab (GObject *source, g_pattern_match_simple ("*failure*: *specified account is not allowed to authenticate to the machine*", output->str)) { g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED, "Insufficient permissions to join the domain %s", - join->realm); + join->disco->domain_name); } else if (g_pattern_match_simple ("*: Logon failure*", output->str) || g_pattern_match_simple ("*: Password expired*", output->str)) { g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED, @@ -250,7 +254,7 @@ on_join_do_keytab (GObject *source, join->user_name); } else { g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL, - "Joining the domain %s failed", join->realm); + "Joining the domain %s failed", join->disco->domain_name); } } @@ -279,7 +283,6 @@ on_join_do_keytab (GObject *source, static void begin_join (EggTask *task, JoinClosure *join, - const gchar *realm, GVariant *options) { const gchar *computer_ou; @@ -289,9 +292,9 @@ begin_join (EggTask *task, const gchar *os; int at = 0; - computer_ou = realm_options_computer_ou (options, realm); + computer_ou = realm_options_computer_ou (options, join->disco->domain_name); if (computer_ou != NULL) { - strange_ou = realm_samba_util_build_strange_ou (computer_ou, realm); + strange_ou = realm_samba_util_build_strange_ou (computer_ou, join->disco->domain_name); if (strange_ou) { if (!g_str_equal (strange_ou, "")) join->join_args[at++] = g_strdup_printf ("createcomputer=%s", strange_ou); @@ -310,7 +313,7 @@ begin_join (EggTask *task, if (os != NULL && !g_str_equal (os, "")) join->join_args[at++] = g_strdup_printf ("osVer=%s", os); - upn = realm_options_user_principal (options, realm); + upn = realm_options_user_principal (options, join->disco->domain_name); if (upn) { if (g_str_equal (upn, "")) upn = NULL; @@ -327,28 +330,27 @@ begin_join (EggTask *task, /* Do join with a user name */ } else if (join->user_name) { begin_net_process (join, join->password_input, - on_join_do_keytab, g_object_ref (task), - "-U", join->user_name, "ads", "join", join->realm, - join->join_args[0], join->join_args[1], - join->join_args[2], join->join_args[3], - join->join_args[4], NULL); + on_join_do_keytab, g_object_ref (task), + "-U", join->user_name, "ads", "join", join->disco->domain_name, + join->join_args[0], join->join_args[1], + join->join_args[2], join->join_args[3], + join->join_args[4], NULL); /* Do join with a ccache */ } else { begin_net_process (join, NULL, - on_join_do_keytab, g_object_ref (task), - "-k", "ads", "join", join->realm, - join->join_args[0], join->join_args[1], - join->join_args[2], join->join_args[3], - join->join_args[4], NULL); + on_join_do_keytab, g_object_ref (task), + "-k", "ads", "join", join->disco->domain_name, + join->join_args[0], join->join_args[1], + join->join_args[2], join->join_args[3], + join->join_args[4], NULL); } } void -realm_samba_enroll_join_async (const gchar *realm, +realm_samba_enroll_join_async (RealmDisco *disco, RealmCredential *cred, GVariant *options, - RealmDisco *disco, GDBusMethodInvocation *invocation, GAsyncReadyCallback callback, gpointer user_data) @@ -356,11 +358,11 @@ realm_samba_enroll_join_async (const gchar *realm, EggTask *task; JoinClosure *join; - g_return_if_fail (realm != NULL); + g_return_if_fail (disco != NULL); g_return_if_fail (cred != NULL); task = egg_task_new (NULL, NULL, callback, user_data); - join = join_closure_init (task, realm, disco, invocation); + join = join_closure_init (task, disco, invocation); switch (cred->type) { case REALM_CREDENTIAL_PASSWORD: @@ -374,29 +376,17 @@ realm_samba_enroll_join_async (const gchar *realm, g_return_if_reached (); } - begin_join (task, join, realm, options); + begin_join (task, join, options); g_object_unref (task); } gboolean realm_samba_enroll_join_finish (GAsyncResult *result, - GHashTable **settings, GError **error) { - JoinClosure *join; - g_return_val_if_fail (egg_task_is_valid (result, NULL), FALSE); - - if (!egg_task_propagate_boolean (EGG_TASK (result), error)) - return FALSE; - - if (settings != NULL) { - join = egg_task_get_task_data (EGG_TASK (result)); - *settings = realm_ini_config_get_all (join->config, REALM_SAMBA_CONFIG_GLOBAL); - } - - return TRUE; + return egg_task_propagate_boolean (EGG_TASK (result), error); } static void @@ -412,7 +402,7 @@ on_leave_complete (GObject *source, status = realm_command_run_finish (result, NULL, &error); if (error == NULL && status != 0) g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL, - "Leaving the domain %s failed", join->realm); + "Leaving the domain %s failed", join->disco->domain_name); if (error != NULL) egg_task_return_error (task, error); @@ -422,7 +412,7 @@ on_leave_complete (GObject *source, } void -realm_samba_enroll_leave_async (const gchar *realm, +realm_samba_enroll_leave_async (RealmDisco *disco, RealmCredential *cred, GVariant *options, GDBusMethodInvocation *invocation, @@ -433,7 +423,7 @@ realm_samba_enroll_leave_async (const gchar *realm, JoinClosure *join; task = egg_task_new (NULL, NULL, callback, user_data); - join = join_closure_init (task, realm, NULL, invocation); + join = join_closure_init (task, disco, invocation); switch (cred->type) { case REALM_CREDENTIAL_PASSWORD: diff --git a/service/realm-samba-enroll.h b/service/realm-samba-enroll.h index 163c8dc..84e8b2f 100644 --- a/service/realm-samba-enroll.h +++ b/service/realm-samba-enroll.h @@ -26,19 +26,17 @@ G_BEGIN_DECLS -void realm_samba_enroll_join_async (const gchar *realm, +void realm_samba_enroll_join_async (RealmDisco *disco, RealmCredential *cred, GVariant *options, - RealmDisco *disco, GDBusMethodInvocation *invocation, GAsyncReadyCallback callback, gpointer user_data); gboolean realm_samba_enroll_join_finish (GAsyncResult *result, - GHashTable **settings, GError **error); -void realm_samba_enroll_leave_async (const gchar *realm, +void realm_samba_enroll_leave_async (RealmDisco *disco, RealmCredential *cred, GVariant *options, GDBusMethodInvocation *invocation, diff --git a/service/realm-samba.c b/service/realm-samba.c index 58a098b..178b89f 100644 --- a/service/realm-samba.c +++ b/service/realm-samba.c @@ -141,7 +141,7 @@ lookup_login_prefix (RealmSamba *self) typedef struct { GDBusMethodInvocation *invocation; GVariant *options; - gchar *realm_name; + RealmDisco *disco; RealmCredential *cred; } EnrollClosure; @@ -149,7 +149,7 @@ static void enroll_closure_free (gpointer data) { EnrollClosure *enroll = data; - g_free (enroll->realm_name); + realm_disco_unref (enroll->disco); g_variant_unref (enroll->options); realm_credential_unref (enroll->cred); g_object_unref (enroll->invocation); @@ -182,25 +182,17 @@ on_join_do_winbind (GObject *source, RealmSamba *self = egg_task_get_source_object (task); GHashTable *settings = NULL; GError *error = NULL; - const gchar *workgroup = NULL; const gchar *name; - realm_samba_enroll_join_finish (result, &settings, &error); - if (error == NULL) { - workgroup = g_hash_table_lookup (settings, "workgroup"); - if (workgroup == NULL) { - g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL, - _("Failed to calculate domain workgroup")); - } - } - + realm_samba_enroll_join_finish (result, &error); if (error == NULL) { realm_ini_config_change (self->config, REALM_SAMBA_CONFIG_GLOBAL, &error, "security", "ads", - "realm", enroll->realm_name, - "workgroup", workgroup, + "realm", enroll->disco->kerberos_realm, + "workgroup", enroll->disco->workgroup, "template homedir", realm_settings_string ("users", "default-home"), "template shell", realm_settings_string ("users", "default-shell"), + enroll->disco->explicit_server ? "password server" : NULL, enroll->disco->explicit_server, NULL); } @@ -231,9 +223,10 @@ on_install_do_join (GObject *source, realm_packages_install_finish (result, &error); if (error == NULL) { - realm_samba_enroll_join_async (enroll->realm_name, enroll->cred, - enroll->options, realm_kerberos_get_disco (kerberos), - enroll->invocation, on_join_do_winbind, g_object_ref (task)); + realm_samba_enroll_join_async (realm_kerberos_get_disco (kerberos), + enroll->cred, enroll->options, + enroll->invocation, on_join_do_winbind, + g_object_ref (task)); } else { egg_task_return_error (task, error); @@ -278,7 +271,7 @@ realm_samba_join_async (RealmKerberosMembership *membership, task = egg_task_new (realm, NULL, callback, user_data); enroll = g_slice_new0 (EnrollClosure); - enroll->realm_name = g_strdup (realm_kerberos_get_realm_name (realm)); + enroll->disco = realm_disco_ref (realm_kerberos_get_disco (realm)); enroll->invocation = g_object_ref (invocation); enroll->options = g_variant_ref (options); enroll->cred = realm_credential_ref (cred); @@ -308,14 +301,14 @@ realm_samba_join_async (RealmKerberosMembership *membership, typedef struct { GDBusMethodInvocation *invocation; - gchar *realm_name; + RealmDisco *disco; } LeaveClosure; static void leave_closure_free (gpointer data) { LeaveClosure *leave = data; - g_free (leave->realm_name); + realm_disco_unref (leave->disco); g_object_unref (leave->invocation); g_slice_free (LeaveClosure, leave); } @@ -348,7 +341,7 @@ leave_deconfigure_begin (RealmSamba *self, /* Flush the keytab of all the entries for this realm */ realm_diagnostics_info (leave->invocation, "Removing entries from keytab for realm"); - if (!realm_kerberos_flush_keytab (leave->realm_name, &error)) { + if (!realm_kerberos_flush_keytab (leave->disco->kerberos_realm, &error)) { egg_task_return_error (task, error); return; } @@ -400,16 +393,17 @@ realm_samba_leave_async (RealmKerberosMembership *membership, gpointer user_data) { RealmSamba *self = REALM_SAMBA (membership); + RealmKerberos *kerberos = REALM_KERBEROS (self); EggTask *task; LeaveClosure *leave; const gchar *realm_name; gchar *enrolled; - realm_name = realm_kerberos_get_realm_name (REALM_KERBEROS (self)); + realm_name = realm_kerberos_get_realm_name (kerberos); task = egg_task_new (self, NULL, callback, user_data); leave = g_slice_new0 (LeaveClosure); - leave->realm_name = g_strdup (realm_name); + leave->disco = realm_disco_ref (realm_kerberos_get_disco (kerberos)); leave->invocation = g_object_ref (invocation); egg_task_set_task_data (task, leave, leave_closure_free); @@ -424,9 +418,9 @@ realm_samba_leave_async (RealmKerberosMembership *membership, switch (cred->type) { case REALM_CREDENTIAL_PASSWORD: - realm_samba_enroll_leave_async (leave->realm_name, cred, options, - leave->invocation, on_leave_do_deconfigure, - g_object_ref (task)); + realm_samba_enroll_leave_async (realm_kerberos_get_disco (kerberos), + cred, options, leave->invocation, + on_leave_do_deconfigure, g_object_ref (task)); break; case REALM_CREDENTIAL_AUTOMATIC: leave_deconfigure_begin (self, task); diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c index b0a9ab4..9fa67e2 100644 --- a/service/realm-sssd-ad.c +++ b/service/realm-sssd-ad.c @@ -99,7 +99,7 @@ typedef struct { GDBusMethodInvocation *invocation; RealmCredential *cred; GVariant *options; - gchar *realm_name; + RealmDisco *disco; gboolean use_adcli; const gchar **packages; } JoinClosure; @@ -108,7 +108,7 @@ static void join_closure_free (gpointer data) { JoinClosure *join = data; - g_free (join->realm_name); + realm_disco_unref (join->disco); g_object_unref (join->invocation); realm_credential_unref (join->cred); g_variant_ref (join->options); @@ -159,35 +159,18 @@ on_sssd_enable_nss (GObject *source, static gboolean configure_sssd_for_domain (RealmIniConfig *config, - const gchar *realm, - const gchar *workgroup, + RealmDisco *disco, GVariant *options, GError **error) { const gchar *access_provider; gboolean ret; - gchar *domain; gchar *section; - gchar **parts; - gchar *rdn; - gchar *dn; gchar *home; - gint i; - - /* Calculate the domain and dn */ - domain = g_ascii_strdown (realm, -1); - parts = g_strsplit (domain, ".", -1); - for (i = 0; parts[i] != NULL; i++) { - rdn = g_strdup_printf ("dc=%s", parts[i]); - g_free (parts[i]); - parts[i] = rdn; - } - dn = g_strjoinv (",", parts); - g_strfreev (parts); home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home")); - ret = realm_sssd_config_add_domain (config, workgroup, error, + ret = realm_sssd_config_add_domain (config, disco->workgroup, error, "re_expression", "(?P[^\\\\]+)\\\\(?P[^\\\\]+)", "full_name_format", "%2$s\\%1$s", "cache_credentials", "True", @@ -195,27 +178,26 @@ configure_sssd_for_domain (RealmIniConfig *config, "id_provider", "ad", - "ad_domain", domain, - "krb5_realm", realm, + "ad_domain", disco->domain_name, + "krb5_realm", disco->kerberos_realm, "krb5_store_password_if_offline", "True", - "ldap_id_mapping", realm_options_automatic_mapping (domain) ? "True" : "False", + "ldap_id_mapping", realm_options_automatic_mapping (disco->domain_name) ? "True" : "False", "fallback_homedir", home, + disco->explicit_server ? "ad_server" : NULL, disco->explicit_server, NULL); if (ret) { - if (realm_options_manage_system (options, domain)) + if (realm_options_manage_system (options, disco->domain_name)) access_provider = "ad"; else access_provider = "simple"; - section = realm_sssd_config_domain_to_section (workgroup); + section = realm_sssd_config_domain_to_section (disco->workgroup); ret = realm_sssd_set_login_policy (config, section, access_provider, NULL, NULL, error); free (section); } g_free (home); - g_free (domain); - g_free (dn); return ret; } @@ -228,14 +210,10 @@ on_join_do_sssd (GObject *source, EggTask *task = EGG_TASK (user_data); JoinClosure *join = egg_task_get_task_data (task); RealmSssd *sssd = egg_task_get_source_object (task); - GHashTable *settings = NULL; GError *error = NULL; - gchar *workgroup = NULL; - if (join->use_adcli) { - if (!realm_adcli_enroll_join_finish (result, &workgroup, &error)) { - workgroup = NULL; + if (!realm_adcli_enroll_join_finish (result, &error)) { if (join->cred->type == REALM_CREDENTIAL_AUTOMATIC && g_error_matches (error, REALM_ERROR, REALM_ERROR_AUTH_FAILED)) { g_clear_error (&error); @@ -244,20 +222,11 @@ on_join_do_sssd (GObject *source, } } } else { - if (realm_samba_enroll_join_finish (result, &settings, &error)) { - workgroup = g_strdup (g_hash_table_lookup (settings, "workgroup")); - g_hash_table_unref (settings); - } - } - - if (error == NULL && workgroup == NULL) { - g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL, - _("Failed to calculate domain workgroup")); + realm_samba_enroll_join_finish (result, &error); } if (error == NULL) { - configure_sssd_for_domain (realm_sssd_get_config (sssd), - join->realm_name, workgroup, + configure_sssd_for_domain (realm_sssd_get_config (sssd), join->disco, join->options, &error); } @@ -269,7 +238,6 @@ on_join_do_sssd (GObject *source, egg_task_return_error (task, error); } - g_free (workgroup); g_object_unref (task); } @@ -280,23 +248,21 @@ on_install_do_join (GObject *source, { EggTask *task = EGG_TASK (user_data); JoinClosure *join = egg_task_get_task_data (task); - RealmKerberos *kerberos = egg_task_get_source_object (task); GError *error = NULL; realm_packages_install_finish (result, &error); if (error == NULL) { if (join->use_adcli) { - realm_adcli_enroll_join_async (join->realm_name, + realm_adcli_enroll_join_async (join->disco, join->cred, join->options, join->invocation, on_join_do_sssd, g_object_ref (task)); } else { - realm_samba_enroll_join_async (join->realm_name, + realm_samba_enroll_join_async (join->disco, join->cred, join->options, - realm_kerberos_get_disco (kerberos), join->invocation, on_join_do_sssd, g_object_ref (task)); } @@ -369,10 +335,13 @@ parse_join_options (JoinClosure *join, /* * For other supported enrolling credentials, we support either adcli or * samba. But since adcli is pretty immature at this point, we use samba - * by default. + * by default. Samba falls over with hostnames that are not perfectly + * specified, so use adcli there. */ } else if (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN) { - if (!software) + if (!software && join->disco->explicit_server) + software = REALM_DBUS_IDENTIFIER_ADCLI; + else if (!software) software = REALM_DBUS_IDENTIFIER_SAMBA; /* It would be odd to get here */ @@ -411,7 +380,7 @@ realm_sssd_ad_join_async (RealmKerberosMembership *membership, task = egg_task_new (realm, NULL, callback, user_data); join = g_slice_new0 (JoinClosure); - join->realm_name = g_strdup (realm_kerberos_get_realm_name (realm)); + join->disco = realm_disco_ref (realm_kerberos_get_disco (realm)); join->invocation = g_object_ref (invocation); join->options = g_variant_ref (options); join->cred = realm_credential_ref (cred); @@ -422,7 +391,7 @@ realm_sssd_ad_join_async (RealmKerberosMembership *membership, egg_task_return_new_error (task, REALM_ERROR, REALM_ERROR_ALREADY_CONFIGURED, _("Already joined to this domain")); - } else if (realm_sssd_config_have_domain (realm_sssd_get_config (sssd), join->realm_name)) { + } else if (realm_sssd_config_have_domain (realm_sssd_get_config (sssd), realm_kerberos_get_realm_name (realm))) { egg_task_return_new_error (task, REALM_ERROR, REALM_ERROR_ALREADY_CONFIGURED, _("A domain with this name is already configured")); @@ -485,6 +454,7 @@ realm_sssd_ad_leave_async (RealmKerberosMembership *membership, gpointer user_data) { RealmSssdAd *self = REALM_SSSD_AD (membership); + RealmKerberos *realm = REALM_KERBEROS (self); EggTask *task; LeaveClosure *leave; @@ -505,10 +475,10 @@ realm_sssd_ad_leave_async (RealmKerberosMembership *membership, case REALM_CREDENTIAL_CCACHE: case REALM_CREDENTIAL_PASSWORD: leave = g_slice_new0 (LeaveClosure); - leave->realm_name = g_strdup (realm_kerberos_get_realm_name (REALM_KERBEROS (self))); + leave->realm_name = g_strdup (realm_kerberos_get_realm_name (realm)); leave->invocation = g_object_ref (invocation); egg_task_set_task_data (task, leave, leave_closure_free); - realm_samba_enroll_leave_async (leave->realm_name, cred, options, invocation, + realm_samba_enroll_leave_async (realm_kerberos_get_disco (realm), cred, options, invocation, on_leave_do_deconfigure, g_object_ref (task)); break; default: diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c index aa7f937..6f71800 100644 --- a/service/realm-sssd-ipa.c +++ b/service/realm-sssd-ipa.c @@ -292,6 +292,7 @@ realm_sssd_ipa_join_async (RealmKerberosMembership *membership, RealmSssd *sssd = REALM_SSSD (realm); EggTask *task; EnrollClosure *enroll; + RealmDisco *disco; const gchar *domain_name; const gchar *computer_ou; const gchar *software; @@ -328,16 +329,26 @@ realm_sssd_ipa_join_async (RealmKerberosMembership *membership, if (realm_options_assume_packages (options)) packages = NO_PACKAGES; + disco = realm_kerberos_get_disco (realm); + g_return_if_fail (disco != NULL); + argv = g_ptr_array_new (); push_arg (argv, realm_settings_string ("paths", "ipa-client-install")); push_arg (argv, "--domain"); - push_arg (argv, realm_kerberos_get_name (realm)); + push_arg (argv, disco->domain_name); push_arg (argv, "--realm"); - push_arg (argv, realm_kerberos_get_realm_name (realm)); + push_arg (argv, disco->kerberos_realm); push_arg (argv, "--mkhomedir"); push_arg (argv, "--enable-dns-updates"); push_arg (argv, "--unattended"); + /* If the caller specified a server directly */ + if (disco->explicit_server) { + push_arg (argv, "--server"); + push_arg (argv, disco->explicit_server); + push_arg (argv, "--fixed-primary"); + } + switch (cred->type) { case REALM_CREDENTIAL_SECRET: /* -- 1.8.1.4