diff options
author | Tim Smith <tsmith@chef.io> | 2020-02-18 09:40:48 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-18 09:40:48 -0800 |
commit | 4e88f05635ad97cca520a41fc5a837624c91c0ab (patch) | |
tree | 6b99c93c68df4bffb8a7c750c2041792b8a4b7f7 | |
parent | 5a9f64b83e4605ee4d23190a3afcf08b000e3da1 (diff) | |
parent | 46efd8542d419db6e3bbce6c99031ab64308ade1 (diff) | |
download | chef-4e88f05635ad97cca520a41fc5a837624c91c0ab.tar.gz |
Merge pull request #9370 from srb3/ad_join_fix
windows_ad_join: Fix joining specific domains when domain trusts are involved
-rw-r--r-- | lib/chef/resource/windows_ad_join.rb | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/lib/chef/resource/windows_ad_join.rb b/lib/chef/resource/windows_ad_join.rb index 4a72ab13cf..b807abaa93 100644 --- a/lib/chef/resource/windows_ad_join.rb +++ b/lib/chef/resource/windows_ad_join.rb @@ -70,7 +70,7 @@ class Chef unless on_desired_domain? cmd = "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;" - cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{new_resource.domain_user}@#{new_resource.domain_name}\",$pswd);" + cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{sanitize_usename}\",$pswd);" cmd << "Add-Computer -DomainName #{new_resource.domain_name} -Credential $credential" cmd << " -OUPath \"#{new_resource.ou_path}\"" if new_resource.ou_path cmd << " -NewName \"#{new_resource.new_hostname}\"" if new_resource.new_hostname @@ -102,7 +102,7 @@ class Chef if joined_to_domain? cmd = "" cmd << "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;" - cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{new_resource.domain_user}@#{new_resource.domain_name}\",$pswd);" + cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{sanitize_usename}\",$pswd);" cmd << "Remove-Computer" cmd << " -UnjoinDomainCredential $credential" cmd << " -NewName \"#{new_resource.new_hostname}\"" if new_resource.new_hostname @@ -169,6 +169,23 @@ class Chef node_domain == new_resource.domain_name.downcase end + # + # @return [String] the correct user and domain to use. + # if the domain_user property contains an @ symbol followed by any number of non white space characheters + # then we assume it is a user from another domain than the one specifed in the resource domain_name property. + # if this is the case we do not append the domain_name property to the domain_user property + # the domain_user and domain_name form the UPN (userPrincipalName) + # The specification for the UPN format is RFC 822 + # links: https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname https://tools.ietf.org/html/rfc822 + # regex: https://rubular.com/r/isAWojpTMKzlnp + def sanitize_usename + if new_resource.domain_user =~ /@/ + new_resource.domain_user + else + "#{new_resource.domain_user}@#{new_resource.domain_name}" + end + end + # This resource historically took `:immediate` and `:delayed` as arguments to the reboot property but then # tried to shove that straight to the `reboot` resource which objected strenuously def clarify_reboot(reboot_action) |