in api/src/gmsa_service.cpp [1701:1799]
void Proceed( std::string krb_files_dir, CF_logger& cf_logger,
std::string aws_sm_secret_name )
{
if ( cookie.compare( CLASS_NAME_CallDataRenewNonDomainJoinedKerberosLease ) != 0 )
{
return;
}
std::cerr << Util::getCurrentTime() << '\t'
<< "INFO: RenewNonDomainJoinedKerberosLease " << this << "status: " << status_
<< std::endl;
if ( status_ == CREATE )
{
// Make this instance progress to the PROCESS state.
status_ = PROCESS;
// As part of the initial CREATE state, we *request* that the system
// start processing RequestHandleNonDomainJoinedKerberosLease requests. In this
// request, "this" acts are the tag uniquely identifying the request (so that
// different CallData instances can serve different requests concurrently), in this
// case the memory address of this CallData instance.
service_->RequestRenewNonDomainJoinedKerberosLease(
&add_krb_ctx_, &renew_domainless_krb_request_, &handle_krb_responder_, cq_, cq_,
this );
}
else if ( status_ == PROCESS )
{
// Spawn a new CallData instance to serve new clients while we process
// the one for this CallData. The instance will deallocate itself as
// part of its FINISH state.
new CallDataRenewNonDomainJoinedKerberosLease( service_, cq_ );
// The actual processing.
std::string username = renew_domainless_krb_request_.username();
std::string password = renew_domainless_krb_request_.password();
std::string domain = renew_domainless_krb_request_.domain();
std::string err_msg;
if ( isValidDomain( domain ) &&
!Util::contains_invalid_characters_in_ad_account_name( username ) )
{
if ( !username.empty() && !password.empty() && !domain.empty() &&
username.length() < INPUT_CREDENTIALS_LENGTH &&
password.length() < INPUT_CREDENTIALS_LENGTH &&
domain.length() < DOMAIN_LENGTH )
{
std::list<std::string> renewed_krb_file_paths =
renew_kerberos_tickets_domainless( krb_files_dir, domain, username,
password, cf_logger );
for ( auto renewed_krb_path : renewed_krb_file_paths )
{
renew_domainless_krb_reply_.add_renewed_kerberos_file_paths(
renewed_krb_path );
}
}
else
{
err_msg = "Error: domainless AD user credentials is not valid/ "
"credentials should not be more than 256 charaters";
std::cerr << Util::getCurrentTime() << '\t' << err_msg << std::endl;
}
}
else
{
err_msg = "Error: invalid domainName/username";
std::cerr << Util::getCurrentTime() << '\t' << err_msg << std::endl;
}
secureClearString( username );
secureClearString( password );
// And we are done! Let the gRPC runtime know we've finished, using the
// memory address of this instance as the uniquely identifying tag for
// the event.
if ( !err_msg.empty() )
{
status_ = FINISH;
handle_krb_responder_.Finish(
renew_domainless_krb_reply_,
grpc::Status( grpc::StatusCode::INTERNAL, err_msg ), this );
}
else
{
status_ = FINISH;
handle_krb_responder_.Finish( renew_domainless_krb_reply_, grpc::Status::OK,
this );
}
}
else
{
GPR_ASSERT( status_ == FINISH );
// Once in the FINISH state, deallocate ourselves (CallData).
delete this;
}
return;
}