fixing issue with domainless mode. It was never actually checking if …

…ticket was expired because of domainless mode check
aws · Dec 5, 2023 · 2535e37 · 2535e37
1 parent b831330
commit 2535e37
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/renewal/src/renewal.cpp b/renewal/src/renewal.cpp
@@ -54,8 +54,10 @@ int krb_ticket_renew_handler( creds_fetcher::Daemon cf_daemon )
                     std::pair<int, std::string> gmsa_ticket_result;
                     std::string krb_cc_name = krb_ticket->krb_file_path;
                     std::string domainless_user = krb_ticket->domainless_user;
-                    // check if the ticket is ready for renewal and not created in domainless mode
-                    if ( domainless_user.empty() && is_ticket_ready_for_renewal( krb_ticket ))
+                    // check if the ticket is ready for renewal
+                    if ( (domainless_user.empty() || domainless_user.find("awsdomainlessusersecret") !=
+                                                           std::string::npos) && is_ticket_ready_for_renewal( krb_ticket ))
+
                     {
                         std::cout << "gMSA ticket is at " + krb_cc_name +
                                         " is ready for renewal!"