in api/src/gmsa_service.cpp [2215:2275]
int parse_cred_spec( std::string credspec_data, krb_ticket_info_t* krb_ticket_info )
{
try
{
if ( credspec_data.empty() )
{
std::cerr << Util::getCurrentTime() << '\t' << "ERROR: credspec is empty" << std::endl;
return -1;
}
Json::Value root;
Json::CharReaderBuilder reader;
std::istringstream credspec_stream( credspec_data );
std::string errors;
Json::parseFromStream( reader, credspec_stream, &root, &errors );
// get domain name from credspec
std::string domain_name = root["DomainJoinConfig"]["DnsName"].asString();
// get service account name from credspec
std::string service_account_name;
const Json::Value& gmsa_array =
root["ActiveDirectoryConfig"]["GroupManagedServiceAccounts"];
for ( const Json::Value& gmsa : gmsa_array )
{
service_account_name = gmsa["Name"].asString();
if ( !service_account_name.empty() )
break;
}
if ( service_account_name.empty() || domain_name.empty() )
return -1;
if ( !isValidDomain( domain_name ) ||
Util::contains_invalid_characters_in_ad_account_name( service_account_name ) )
{
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: credentialspec file is not formatted"
" properly"
<< std::endl;
return -1;
}
// get credentialspec arn
std::string credential_arn =
root["ActiveDirectoryConfig"]["HostAccountConfig"]["PluginInput"]["CredentialArn"]
.asString();
krb_ticket_info->domain_name = domain_name;
krb_ticket_info->service_account_name = service_account_name;
krb_ticket_info->credential_arn = credential_arn;
}
catch ( ... )
{
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: domain-joined credspec is not properly "
"formatted "
"failed"
<< std::endl;
return -1;
}
return 0;
}