On Thu, 2014-07-24 at 17:19 +0300, Alexander Bokovoy wrote:
On Thu, 24 Jul 2014, Nathaniel McCallum wrote:
Also, make the error messages for this fallback case less scary and
clean up some indentation issues in the nearby code which made this
code difficult to read.
ACK. Here is how it looks now in /var/log/ipaclient-install.log:
2014-07-24T14:15:36Z DEBUG Starting external process
2014-07-24T14:15:36Z DEBUG args='/usr/sbin/ipa-join' '-s'
'ipa-07-f20.t.vda.li' '-b' 'dc=t,dc=vda,dc=li' '-h' 'ipa-01.t.vda.li'
2014-07-24T14:15:38Z DEBUG Process finished, return code=0
2014-07-24T14:15:38Z DEBUG stdout=
2014-07-24T14:15:38Z DEBUG stderr=Failed to parse result: unsupported
extended operation
Retrying with pre-4.0 keytab retrieval method...
Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=T.VDA.LI
2014-07-24T14:15:38Z INFO Enrolled in IPA realm T.VDA.LI
Attached is the same patch with the bug link in the commit message.
From 94d66c803e412d6415da0d62a6fa3d03d3ebd997 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum npmccal...@redhat.com
Date: Thu, 24 Jul 2014 09:50:57 -0400
Subject: [PATCH] Fix ipa-getkeytab for pre-4.0 servers
Also, make the error messages for this fallback case less scary and
clean up some indentation issues in the nearby code which made this
code difficult to read.
https://fedorahosted.org/freeipa/ticket/4446
---
ipa-client/ipa-getkeytab.c | 38 +-
1 file changed, 21 insertions(+), 17 deletions(-)
diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index c887cff9bb5e3688cc84b5c28f791eb922f4fe61..7861e4e508ce956a92d80d2e91294215854a2a32 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -258,10 +258,10 @@ static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid,
int msgid;
int ret, rc;
-ret = ldap_extended_operation(ld, KEYTAB_GET_OID, control,
+ret = ldap_extended_operation(ld, reqoid, control,
NULL, NULL, msgid);
if (ret != LDAP_SUCCESS) {
-fprintf(stderr, _(Operation failed! %s\n), ldap_err2string(ret));
+fprintf(stderr, _(Operation failed: %s\n), ldap_err2string(ret));
return ret;
}
@@ -270,20 +270,20 @@ static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid,
tv.tv_usec = 0;
ret = ldap_result(ld, msgid, 1, tv, res);
if (ret == -1) {
-fprintf(stderr, _(Failed to get result! %s\n), ldap_err2string(ret));
+fprintf(stderr, _(Failed to get result: %s\n), ldap_err2string(ret));
goto done;
}
ret = ldap_parse_extended_result(ld, res, retoid, retdata, 0);
if (ret != LDAP_SUCCESS) {
-fprintf(stderr, _(Failed to parse extended result! %s\n),
+fprintf(stderr, _(Failed to parse extended result: %s\n),
ldap_err2string(ret));
goto done;
}
ret = ldap_parse_result(ld, res, rc, NULL, err, NULL, srvctrl, 0);
if (ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) {
-fprintf(stderr, _(Failed to parse result! %s\n),
+fprintf(stderr, _(Failed to parse result: %s\n),
err ? err : ldap_err2string(ret));
if (ret == LDAP_SUCCESS) ret = rc;
goto done;
@@ -917,20 +917,24 @@ int main(int argc, const char *argv[])
}
}
-if (password (retrieve == 0) (kvno == -1)) {
-if (!quiet) fprintf(stderr, _(Retrying with old method\n));
+if (retrieve == 0 kvno == -1) {
+if (!quiet) {
+fprintf(stderr,
+_(Retrying with pre-4.0 keytab retrieval method...\n));
+}
- /* create key material */
- ret = create_keys(krbctx, sprinc, password, enctypes_string, keys, err_msg);
- if (!ret) {
- if (err_msg != NULL) {
- fprintf(stderr, %s, err_msg);
- }
- fprintf(stderr, _(Failed to create key material\n));
- exit(8);
- }
+/* create key material */
+ret = create_keys(krbctx, sprinc, password, enctypes_string, keys, err_msg);
+if (!ret) {
+if (err_msg != NULL) {
+fprintf(stderr, %s, err_msg);
+}
- kvno = ldap_set_keytab(krbctx, server, principal, uprinc, binddn, bindpw, keys);
+fprintf(stderr, _(Failed to create key material\n));
+exit(8);
+}
+
+kvno = ldap_set_keytab(krbctx, server, principal, uprinc, binddn, bindpw, keys);
}
if (kvno == -1) {
--
2.0.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
