in api/src/gmsa_service.cpp [2285:2355]
int parse_cred_spec_domainless( std::string credspec_data, krb_ticket_info_t* krb_ticket_info,
krb_ticket_arn_mapping_t* krb_ticket_mapping )
{
try
{
if ( credspec_data.empty() )
{
std::cerr << Util::getCurrentTime() << '\t' << "ERROR: credspec is empty" << std::endl;
return -1;
}
Json::Value root;
Json::CharReaderBuilder reader;
std::istringstream credspec_stream( credspec_data );
std::string errors;
Json::parseFromStream( reader, credspec_stream, &root, &errors );
// get domain name from credspec
std::string domain_name = root["DomainJoinConfig"]["DnsName"].asString();
// get service account name from credspec
std::string service_account_name;
const Json::Value& gmsa_array =
root["ActiveDirectoryConfig"]["GroupManagedServiceAccounts"];
for ( const Json::Value& gmsa : gmsa_array )
{
service_account_name = gmsa["Name"].asString();
if ( !service_account_name.empty() )
break;
}
if ( service_account_name.empty() || domain_name.empty() )
return -1;
if ( !isValidDomain( domain_name ) ||
Util::contains_invalid_characters_in_ad_account_name( service_account_name ) )
{
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: credentialspec file is not formatted"
" properly"
<< std::endl;
return -1;
}
// get credentialspec arn
std::string domainless_user_arn =
root["ActiveDirectoryConfig"]["HostAccountConfig"]["PluginInput"]["CredentialArn"]
.asString();
if ( domainless_user_arn.empty() )
{
std::cerr << Util::getCurrentTime() << '\t' << "ERROR: secrets manager arn is not valid"
<< std::endl;
return -1;
}
krb_ticket_info->domain_name = domain_name;
krb_ticket_info->service_account_name = service_account_name;
krb_ticket_info->credspec_info = krb_ticket_mapping->credential_spec_arn;
krb_ticket_mapping->credential_domainless_user_arn = domainless_user_arn;
krb_ticket_mapping->krb_file_path = krb_ticket_info->krb_file_path;
}
catch ( ... )
{
std::cerr << Util::getCurrentTime() << '\t'
<< "ERROR: domainless credspec is not properly "
"formatted "
"failed"
<< std::endl;
return -1;
}
return 0;
}