File 0029-tools-store-Samba-data-if-requested.patch of Package adcli.22052
From 87f60b57a9593ae7947a579711e4039fa22d1ba4 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 30 Jan 2018 18:24:15 +0100
Subject: [PATCH 29/34] tools: store Samba data if requested
Use Samba's net utility to add the machine account password and the
domain SID to the Samba configuration.
https://bugs.freedesktop.org/show_bug.cgi?id=100118
https://gitlab.freedesktop.org/realmd/adcli/issues/6
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a79e03c5a559389c5c9c0e9d72831e5fe5c62f54)
---
library/adenroll.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/library/adenroll.c b/library/adenroll.c
index 6a17d92..3f11e63 100644
--- a/library/adenroll.c
+++ b/library/adenroll.c
@@ -1794,6 +1794,36 @@ update_keytab_for_principals (adcli_enroll *enroll,
return ADCLI_SUCCESS;
}
+static adcli_result
+update_samba_data (adcli_enroll *enroll)
+{
+ int ret;
+ char *argv_pw[] = { "/usr/bin/net", "changesecretpw", "-i", "-f", NULL };
+ char *argv_sid[] = { "/usr/bin/net", "setdomainsid", NULL, NULL };
+
+ _adcli_info ("Trying to set Samba secret.\n");
+ ret = _adcli_call_external_program (argv_pw[0], argv_pw,
+ enroll->computer_password, NULL, NULL);
+ if (ret != ADCLI_SUCCESS) {
+ _adcli_err ("Failed to set Samba computer account password.\n");
+ }
+
+ argv_sid[2] = (char *) adcli_conn_get_domain_sid (enroll->conn);
+ if (argv_sid[2] == NULL) {
+ _adcli_err ("Domain SID not available.\n");
+ } else {
+ _adcli_info ("Trying to set domain SID %s for Samba.\n",
+ argv_sid[2]);
+ ret = _adcli_call_external_program (argv_sid[0], argv_sid,
+ NULL, NULL, NULL);
+ if (ret != ADCLI_SUCCESS) {
+ _adcli_err ("Failed to set Samba domain SID.\n");
+ }
+ }
+
+ return ret;
+}
+
static void
enroll_clear_state (adcli_enroll *enroll)
{
@@ -1962,6 +1992,15 @@ enroll_join_or_update_tasks (adcli_enroll *enroll,
update_service_principals (enroll);
+ if ( (flags & ADCLI_ENROLL_ADD_SAMBA_DATA) && ! (flags & ADCLI_ENROLL_PASSWORD_VALID)) {
+ res = update_samba_data (enroll);
+ if (res != ADCLI_SUCCESS) {
+ _adcli_info ("Failed to add Samba specific data, smbd "
+ "or winbindd might not work as "
+ "expected.\n");
+ }
+ }
+
if (flags & ADCLI_ENROLL_NO_KEYTAB)
return ADCLI_SUCCESS;
--
2.25.1