fix firewall web proxy sso keytab creation.

linuxmuster · Feb 19, 2024 · 10f7bb3 · 10f7bb3
1 parent 05df6b7
commit 10f7bb3
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 4 deletions.
diff --git a/lib/setup.d/z_final.py b/lib/setup.d/z_final.py
@@ -2,7 +2,7 @@
 #
 # final tasks
 # thomas@linuxmuster.net
-# 20240219
+# 20220105
 #
 
 import configparser
@@ -20,6 +20,16 @@
 if os.path.isfile('/tmp/setup.ini'):
     os.unlink('/tmp/setup.ini')
 
+# get various setup values
+msg = 'Reading setup data '
+printScript(msg, '', False, False, True)
+try:
+    adminpw = getSetupValue('adminpw')
+    printScript(' Success!', '', True, True, False, len(msg))
+except:
+    printScript(' Failed!', '', True, True, False, len(msg))
+    sys.exit(1)
+
 # restart apparmor service
 msg = 'Restarting apparmor service '
 printScript(msg, '', False, False, True)
@@ -78,7 +88,7 @@
 msg = 'Creating web proxy sso keytab '
 printScript(msg, '', False, False, True)
 try:
-    subProc(constants.FWSHAREDIR + '/create-keytab.py -v', logfile)
+    subProc(constants.FWSHAREDIR + "/create-keytab.py -v -a '" + adminpw + "'", logfile)
     printScript(' Success!', '', True, True, False, len(msg))
 except Exception as error:
     printScript(error, '', True, True, False, len(msg))

diff --git a/share/firewall/opnsense/create-keytab.py b/share/firewall/opnsense/create-keytab.py
@@ -1,13 +1,14 @@
 #!/usr/bin/python3
 #
-#  create web proxy sso keytab
+# create web proxy sso keytab
 # thomas@linuxmuster.net
-# 20200311
+# 20240219
 #
 
 import constants
 import getopt
 import os
+import subprocess
 import sys
 
 from functions import datetime
@@ -93,6 +94,14 @@ def usage():
     if verbose:
         print(res)
 
+    # set firewall spn if it does not exist yet
+    entry = 'HTTP/firewall\n'
+    output = subprocess.check_output(['samba-tool', 'spn', 'list', 'FIREWALL-K$']).decode('utf-8')
+    if entry not in output:
+        entry = entry.replace('\n', '')
+        printScript('Adding servicePrincipalName ' + entry + ' for FIREWALL-K$')
+        subprocess.run(['samba-tool', 'spn', 'add', entry, 'FIREWALL-K$'])
+
 
 # check success
 keytabtest = 'No keytab'