diff options
| author | B Stack <bgstack15@gmail.com> | 2019-05-29 10:23:06 -0400 |
|---|---|---|
| committer | B Stack <bgstack15@gmail.com> | 2019-05-29 10:23:06 -0400 |
| commit | 6172152ff4ea7a0cce52ac4386aad09995c7bf87 (patch) | |
| tree | 73dfdf8d8a13ffe1fb06312ebc38766e720cf0d3 /src/usr | |
| parent | Merge branch 'michaelweiser/laps-empty-timestamp' (diff) | |
| download | laps-6172152ff4ea7a0cce52ac4386aad09995c7bf87.tar.gz laps-6172152ff4ea7a0cce52ac4386aad09995c7bf87.tar.bz2 laps-6172152ff4ea7a0cce52ac4386aad09995c7bf87.zip | |
fix #7: add LAPS_KINIT_HOST_SCRIPT_OPTS
This option provides the mechanism required to send "--atdomain
AD.EXAMPLE.COM" to kinit-host.
Diffstat (limited to 'src/usr')
| -rwxr-xr-x | src/usr/share/laps/laps.sh | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/usr/share/laps/laps.sh b/src/usr/share/laps/laps.sh index c81e7a4..ace99c6 100755 --- a/src/usr/share/laps/laps.sh +++ b/src/usr/share/laps/laps.sh @@ -23,7 +23,7 @@ # sed (sed) # awk (gawk) fiversion="2018-09-12a" -lapsversion="2019-03-01a" +lapsversion="2019-05-29a" usage() { ${PAGER:-/usr/bin/less -F} >&2 <<ENDUSAGE @@ -104,7 +104,7 @@ main_workflow() { fi # 1. kinit-host - get_host_keytab "${LAPS_KINIT_HOST_SCRIPT}" "${LAPS_KLIST_BIN}" "${LAPS_KRB5CC_TMPFILE}" || { ferror "${0}: unable to get host kerberos ticket. Aborted." ; exit 6 ; } + get_host_keytab "${LAPS_KINIT_HOST_SCRIPT}" "${LAPS_KINIT_HOST_SCRIPT_OPTS}" "${LAPS_KLIST_BIN}" "${LAPS_KRB5CC_TMPFILE}" || { ferror "${0}: unable to get host kerberos ticket. Aborted." ; exit 6 ; } # 2. fetch timestamp from ldap LAPS_epoch="$( wrapper_get_timestamp_from_ldap "${LAPS_LDAPSEARCH_BIN}" "${LAPS_LDAPSEARCH_FLAGS}" "${LAPS_LDAPSEARCH_FILTER}" "${LAPS_ATTRIB_TIME}" "${LAPS_LDAPCONF}" "${LAPS_DATETIME_PY}" "${LAPS_KRB5CC_TMPFILE}" )" @@ -129,19 +129,20 @@ main_workflow() { } get_host_keytab() { - # call: get_host_keytab "${LAPS_KINIT_HOST_SCRIPT}" "${LAPS_KLIST_BIN}" "${LAPS_KRB5CC_TMPFILE}" + # call: get_host_keytab "${LAPS_KINIT_HOST_SCRIPT}" "${LAPS_KINIT_HOST_SCRIPT_OPTS}" "${LAPS_KLIST_BIN}" "${LAPS_KRB5CC_TMPFILE}" # returns: nothing. # action: get host kerberos ticket-granting ticket debuglev 10 && ferror "get_host_keytab $@" ___ghk_kinit_host_script="${1}" - ___ghk_klist_bin="${2}" - ___ghk_krb5cc_tmpfile="${3}" + ___ghk_kinit_host_script_opts="${2}" + ___ghk_klist_bin="${3}" + ___ghk_krb5cc_tmpfile="${4}" test -z "${___ghk_kinit_host_script}" && ___ghk_kinit_host_script="${LAPS_KINIT_HOST_SCRIPT_DEFAULT}" if test -e "${___ghk_kinit_host_script}" ; then - KRB5CCNAME=FILE:"${___ghk_krb5cc_tmpfile}" "${___ghk_kinit_host_script}" + KRB5CCNAME=FILE:"${___ghk_krb5cc_tmpfile}" "${___ghk_kinit_host_script}" ${___ghk_kinit_host_script_opts} else debuglev 3 && ferror "debug3: Using built-in logic to fetch host kerberos ticket because unable to find LAPS_KINIT_HOST_SCRIPT=${___ghk_kinit_host_script}" # do internal logic here @@ -662,6 +663,7 @@ test -z "${LAPS_LDAPMODIFY_STATUS_TMPFILE}" && LAPS_LDAPMODIFY_STATUS_TMPFILE="$ test -z "${LAPS_LDAPSEARCH_STATUS_TMPFILE}" && LAPS_LDAPSEARCH_STATUS_TMPFILE="$( TMPDIR="${LAPS_TMPDIR}" mktemp )" test -z "${LAPS_PASSWORD_STATUS_TMPFILE}" && LAPS_PASSWORD_STATUS_TMPFILE="$( TMPDIR="${LAPS_TMPDIR}" mktemp )" define_if_new LAPS_KINIT_HOST_SCRIPT "/usr/share/bgscripts/work/kinit-host.sh" +define_if_new LAPS_KINIT_HOST_SCRIPT_OPTS "" define_if_new LAPS_KINIT_HOST_SCRIPT_DEFAULT "/usr/share/bgscripts/work/kinit-host.sh" define_if_new LAPS_KLIST_BIN "/usr/bin/klist" define_if_new LAPS_KINIT_BIN "/usr/bin/kinit" |