Re: [Freeipa-devel] [PATCH] [WIP] 108 Fix client enrollment

[Alexander Bokovoy]

On 11.08.2011 12:19, Martin Kosek wrote:
> This is a first shot for client enrollment fix. I had to pull the new
> version of xmlrpc-c from koji as it is not in updates-testing repo yet:
> 
> http://koji.fedoraproject.org/koji/buildinfo?buildID=257947
> 
> Fixed curl package is already in stable repos.
> 
> Unfortunately, it seems that credentials are not delegated yet. I still
> get "did not receive Kerberos credentials" error from the server. Any
> idea what went wrong? Adding xmlrpc-c maintainer on CC.

Looking at ipa-join.c patch, I noticed one thing:
> diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
> index 
> 95f2939cd9812d70aab6d29fb526ac9eb7b5479d..23af923e9d3ae1c466ffa19ea5f2aaac89ebec37
>  100644
> --- a/ipa-client/ipa-join.c
> +++ b/ipa-client/ipa-join.c
> @@ -149,6 +149,8 @@ callRPC(xmlrpc_env *            const envP,
>      curlXportParmsP->no_ssl_verifypeer = 1;
>      curlXportParmsP->no_ssl_verifyhost = 1;
>      curlXportParmsP->cainfo = "/etc/ipa/ca.crt";
> +    /* Enable GSSAPI credentials delegation */
> +    curlXportParmsP->gssapi_delegation = 1;
>  
>      clientparms.transport = "curl";
>      clientparms.transportparmsP = (struct xmlrpc_xportparms *)

I think you also need to bump XMLRPC_CXPSIZE() to gssapi_delegation:

diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index 95f2939..f6ca693 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -149,11 +149,13 @@ callRPC(xmlrpc_env *            const envP,
     curlXportParmsP->no_ssl_verifypeer = 1;
     curlXportParmsP->no_ssl_verifyhost = 1;
     curlXportParmsP->cainfo = "/etc/ipa/ca.crt";
+    /* Enable GSSAPI credentials delegation */
+    curlXportParmsP->gssapi_delegation = 1;

     clientparms.transport = "curl";
     clientparms.transportparmsP = (struct xmlrpc_xportparms *)
             curlXportParmsP;
-    clientparms.transportparm_size = XMLRPC_CXPSIZE(cainfo);
+    clientparms.transportparm_size = XMLRPC_CXPSIZE(gssapi_delegation);
     xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION,
                          &clientparms, sizeof(clientparms),
                          &clientP);

-- 
/ Alexander Bokovoy

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel