On Thu, 2014-07-24 at 17:19 +0300, Alexander Bokovoy wrote:
> On Thu, 24 Jul 2014, Nathaniel McCallum wrote:
> >Also, make the error messages for this fallback case less scary and
> >clean up some indentation issues in the nearby code which made this
> >code difficult to read.
> ACK. Here is how it looks now in /var/log/ipaclient-install.log:
> 
> 2014-07-24T14:15:36Z DEBUG Starting external process
> 2014-07-24T14:15:36Z DEBUG args='/usr/sbin/ipa-join' '-s' 
> 'ipa-07-f20.t.vda.li' '-b' 'dc=t,dc=vda,dc=li' '-h' 'ipa-01.t.vda.li'
> 2014-07-24T14:15:38Z DEBUG Process finished, return code=0
> 2014-07-24T14:15:38Z DEBUG stdout=
> 2014-07-24T14:15:38Z DEBUG stderr=Failed to parse result: unsupported 
> extended operation
> Retrying with pre-4.0 keytab retrieval method...
> Keytab successfully retrieved and stored in: /etc/krb5.keytab
> Certificate subject base is: O=T.VDA.LI
> 
> 2014-07-24T14:15:38Z INFO Enrolled in IPA realm T.VDA.LI

Attached is the same patch with the bug link in the commit message.
From 94d66c803e412d6415da0d62a6fa3d03d3ebd997 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Thu, 24 Jul 2014 09:50:57 -0400
Subject: [PATCH] Fix ipa-getkeytab for pre-4.0 servers

Also, make the error messages for this fallback case less scary and
clean up some indentation issues in the nearby code which made this
code difficult to read.

https://fedorahosted.org/freeipa/ticket/4446
---
 ipa-client/ipa-getkeytab.c | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index c887cff9bb5e3688cc84b5c28f791eb922f4fe61..7861e4e508ce956a92d80d2e91294215854a2a32 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -258,10 +258,10 @@ static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid,
     int msgid;
     int ret, rc;
 
-    ret = ldap_extended_operation(ld, KEYTAB_GET_OID, control,
+    ret = ldap_extended_operation(ld, reqoid, control,
                                   NULL, NULL, &msgid);
     if (ret != LDAP_SUCCESS) {
-        fprintf(stderr, _("Operation failed! %s\n"), ldap_err2string(ret));
+        fprintf(stderr, _("Operation failed: %s\n"), ldap_err2string(ret));
         return ret;
     }
 
@@ -270,20 +270,20 @@ static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid,
     tv.tv_usec = 0;
     ret = ldap_result(ld, msgid, 1, &tv, &res);
     if (ret == -1) {
-        fprintf(stderr, _("Failed to get result! %s\n"), ldap_err2string(ret));
+        fprintf(stderr, _("Failed to get result: %s\n"), ldap_err2string(ret));
         goto done;
     }
 
     ret = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0);
     if (ret != LDAP_SUCCESS) {
-        fprintf(stderr, _("Failed to parse extended result! %s\n"),
+        fprintf(stderr, _("Failed to parse extended result: %s\n"),
                         ldap_err2string(ret));
         goto done;
     }
 
     ret = ldap_parse_result(ld, res, &rc, NULL, &err, NULL, srvctrl, 0);
     if (ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) {
-        fprintf(stderr, _("Failed to parse result! %s\n"),
+        fprintf(stderr, _("Failed to parse result: %s\n"),
                         err ? err : ldap_err2string(ret));
         if (ret == LDAP_SUCCESS) ret = rc;
         goto done;
@@ -917,20 +917,24 @@ int main(int argc, const char *argv[])
         }
     }
 
-    if (password && (retrieve == 0) && (kvno == -1)) {
-        if (!quiet) fprintf(stderr, _("Retrying with old method\n"));
+    if (retrieve == 0 && kvno == -1) {
+        if (!quiet) {
+            fprintf(stderr,
+                    _("Retrying with pre-4.0 keytab retrieval method...\n"));
+        }
 
-	/* create key material */
-	ret = create_keys(krbctx, sprinc, password, enctypes_string, &keys, &err_msg);
-	if (!ret) {
-		if (err_msg != NULL) {
-			fprintf(stderr, "%s", err_msg);
-		}
-		fprintf(stderr, _("Failed to create key material\n"));
-		exit(8);
-	}
+        /* create key material */
+        ret = create_keys(krbctx, sprinc, password, enctypes_string, &keys, &err_msg);
+        if (!ret) {
+            if (err_msg != NULL) {
+                fprintf(stderr, "%s", err_msg);
+            }
 
-	kvno = ldap_set_keytab(krbctx, server, principal, uprinc, binddn, bindpw, &keys);
+            fprintf(stderr, _("Failed to create key material\n"));
+            exit(8);
+        }
+
+        kvno = ldap_set_keytab(krbctx, server, principal, uprinc, binddn, bindpw, &keys);
     }
 
     if (kvno == -1) {
-- 
2.0.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to