The Samba-Bugzilla – Attachment 15572 Details for
Bug 14116
Join using netbios name and realm instead of machine fqdn
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v4-10-test and v4-11-test branches
iboukris_nb_join.patch (text/plain), 23.24 KB, created by
Isaac Boukris
on 2019-10-28 13:03:36 UTC
(
hide
)
Description:
Patch for v4-10-test and v4-11-test branches
Filename:
MIME Type:
Creator:
Isaac Boukris
Created:
2019-10-28 13:03:36 UTC
Size:
23.24 KB
patch
obsolete
>From 05f7e9a72a1769af9d41b1ca40fe6a14b3f069d1 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Fri, 30 Aug 2019 00:22:15 +0300 >Subject: [PATCH 1/6] libnet_join: build dnsHostName from netbios name and > lp_dnsdomain() > >This make the join process much more reliable, and avoids "Constraint >violation" error when the fqdn returned from getaddrinfo has already >got assigned an SPN. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 > >Signed-off-by: Isaac Boukris <iboukris@redhat.com> >Reviewed-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >--- > source3/libnet/libnet_join.c | 31 +++++++++++------------------- > testprogs/blackbox/test_net_ads.sh | 7 +++++-- > 2 files changed, 16 insertions(+), 22 deletions(-) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 7943bef2cf6..818b3039cb9 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -533,29 +533,23 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > } > } > >- if (!name_to_fqdn(my_fqdn, r->in.machine_name) >- || (strchr(my_fqdn, '.') == NULL)) { >- fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, >- r->out.dns_domain_name); >- } >+ fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, lp_dnsdomain()); > > if (!strlower_m(my_fqdn)) { > return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > } > >- if (!strequal(my_fqdn, r->in.machine_name)) { >- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); >- if (!spn) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- } >+ spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); >+ if (spn == NULL) { >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ } > >- ok = ads_element_in_array(spn_array, num_spns, spn); >+ ok = ads_element_in_array(spn_array, num_spns, spn); >+ if (!ok) { >+ ok = add_string_to_array(spn_array, spn, >+ &spn_array, &num_spns); > if (!ok) { >- ok = add_string_to_array(spn_array, spn, >- &spn_array, &num_spns); >- if (!ok) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- } >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > } > } > >@@ -591,12 +585,9 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > /* > * Add HOST/netbiosname.domainname > */ >- if (r->out.dns_domain_name == NULL) { >- continue; >- } > fstr_sprintf(my_fqdn, "%s.%s", > *netbios_aliases, >- r->out.dns_domain_name); >+ lp_dnsdomain()); > > spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); > if (spn == NULL) { >diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh >index cc8345c4624..ef6f99ddea4 100755 >--- a/testprogs/blackbox/test_net_ads.sh >+++ b/testprogs/blackbox/test_net_ads.sh >@@ -81,7 +81,7 @@ testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || fai > netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1') > uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]') > lc_realm=$(echo $REALM | tr '[:upper:]' '[:lower:]') >-fqdns="$netbios.$lc_realm" >+fqdn="$netbios.$lc_realm" > > krb_princ="primary/instance@$REALM" > testit "test (dedicated keytab) add a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab add $krb_princ -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` >@@ -99,7 +99,7 @@ testit "test (dedicated keytab) at least one krb5 principal created from $machin > service="nfs" > testit "test (dedicated keytab) add a $service service to keytab" $VALGRIND $net_tool ads keytab add $service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` > >-search_str="$service/$fqdns@$REALM" >+search_str="$service/$fqdn@$REALM" > found=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l` > testit "test (dedicated keytab) at least one (long form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed=`expr $failed + 1` > >@@ -206,6 +206,9 @@ testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed > > testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1` > >+testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1` >+testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1` >+ > ##Goodbye... > testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` > >-- >2.21.0 > > >From 4cbad1eb46896bbd74c5b19dbb0a8937ffde90c2 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Wed, 18 Sep 2019 20:00:34 +0300 >Subject: [PATCH 2/6] libnet_join_set_machine_spn: improve style and make a bit > room for indentation > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 > >Signed-off-by: Isaac Boukris <iboukris@redhat.com> >Reviewed-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >--- > source3/libnet/libnet_join.c | 95 ++++++++++++++++++------------------ > 1 file changed, 47 insertions(+), 48 deletions(-) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 818b3039cb9..67ab50c68a8 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -517,7 +517,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > /* Windows only creates HOST/shortname & HOST/fqdn. */ > > spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name); >- if (!spn) { >+ if (spn == NULL) { > return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > } > if (!strupper_m(spn)) { >@@ -553,60 +553,59 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > } > } > >- netbios_aliases = lp_netbios_aliases(); >- if (netbios_aliases != NULL) { >- for (; *netbios_aliases != NULL; netbios_aliases++) { >- /* >- * Add HOST/NETBIOSNAME >- */ >- spn = talloc_asprintf(mem_ctx, "HOST/%s", *netbios_aliases); >- if (spn == NULL) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- } >- if (!strupper_m(spn)) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- } >+ for (netbios_aliases = lp_netbios_aliases(); >+ netbios_aliases != NULL && *netbios_aliases != NULL; >+ netbios_aliases++) { >+ /* >+ * Add HOST/NETBIOSNAME >+ */ >+ spn = talloc_asprintf(mem_ctx, "HOST/%s", *netbios_aliases); >+ if (spn == NULL) { >+ TALLOC_FREE(spn); >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ } >+ if (!strupper_m(spn)) { >+ TALLOC_FREE(spn); >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ } > >- ok = ads_element_in_array(spn_array, num_spns, spn); >- if (ok) { >- TALLOC_FREE(spn); >- continue; >- } >- ok = add_string_to_array(spn_array, spn, >- &spn_array, &num_spns); >- if (!ok) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- } >+ ok = ads_element_in_array(spn_array, num_spns, spn); >+ if (ok) { >+ TALLOC_FREE(spn); >+ continue; >+ } >+ ok = add_string_to_array(spn_array, spn, >+ &spn_array, &num_spns); >+ if (!ok) { > TALLOC_FREE(spn); >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ } >+ TALLOC_FREE(spn); > >- /* >- * Add HOST/netbiosname.domainname >- */ >- fstr_sprintf(my_fqdn, "%s.%s", >- *netbios_aliases, >- lp_dnsdomain()); >+ /* >+ * Add HOST/netbiosname.domainname >+ */ >+ fstr_sprintf(my_fqdn, "%s.%s", >+ *netbios_aliases, >+ lp_dnsdomain()); > >- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); >- if (spn == NULL) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- } >+ spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); >+ if (spn == NULL) { >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ } > >- ok = ads_element_in_array(spn_array, num_spns, spn); >- if (ok) { >- TALLOC_FREE(spn); >- continue; >- } >- ok = add_string_to_array(spn_array, spn, >- &spn_array, &num_spns); >- if (!ok) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- } >+ ok = ads_element_in_array(spn_array, num_spns, spn); >+ if (ok) { >+ TALLOC_FREE(spn); >+ continue; >+ } >+ ok = add_string_to_array(spn_array, spn, >+ &spn_array, &num_spns); >+ if (!ok) { > TALLOC_FREE(spn); >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); > } >+ TALLOC_FREE(spn); > } > > /* make sure to NULL terminate the array */ >-- >2.21.0 > > >From b8e1264ececf38681ca9a519a51e8336044673f0 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Wed, 18 Sep 2019 21:29:47 +0300 >Subject: [PATCH 3/6] libnet_join_set_machine_spn: simplify memory handling > >and avoid a possible memory leak when passing null to >add_string_to_array() as mem_ctx. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 > >Signed-off-by: Isaac Boukris <iboukris@redhat.com> >Reviewed-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >--- > source3/libnet/libnet_join.c | 74 ++++++++++++++++++++---------------- > 1 file changed, 42 insertions(+), 32 deletions(-) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 67ab50c68a8..43035370526 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -490,6 +490,7 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx, > static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > struct libnet_JoinCtx *r) > { >+ TALLOC_CTX *frame = talloc_stackframe(); > ADS_STATUS status; > ADS_MODLIST mods; > fstring my_fqdn; >@@ -506,7 +507,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > return status; > } > >- status = libnet_join_get_machine_spns(mem_ctx, >+ status = libnet_join_get_machine_spns(frame, > r, > discard_const_p(char **, &spn_array), > &num_spns); >@@ -516,40 +517,46 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > > /* Windows only creates HOST/shortname & HOST/fqdn. */ > >- spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name); >+ spn = talloc_asprintf(frame, "HOST/%s", r->in.machine_name); > if (spn == NULL) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > if (!strupper_m(spn)) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > > ok = ads_element_in_array(spn_array, num_spns, spn); > if (!ok) { >- ok = add_string_to_array(spn_array, spn, >+ ok = add_string_to_array(frame, spn, > &spn_array, &num_spns); > if (!ok) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > } > > fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, lp_dnsdomain()); > > if (!strlower_m(my_fqdn)) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > >- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); >+ spn = talloc_asprintf(frame, "HOST/%s", my_fqdn); > if (spn == NULL) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > > ok = ads_element_in_array(spn_array, num_spns, spn); > if (!ok) { >- ok = add_string_to_array(spn_array, spn, >+ ok = add_string_to_array(frame, spn, > &spn_array, &num_spns); > if (!ok) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > } > >@@ -559,28 +566,26 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > /* > * Add HOST/NETBIOSNAME > */ >- spn = talloc_asprintf(mem_ctx, "HOST/%s", *netbios_aliases); >+ spn = talloc_asprintf(frame, "HOST/%s", *netbios_aliases); > if (spn == NULL) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > if (!strupper_m(spn)) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > > ok = ads_element_in_array(spn_array, num_spns, spn); > if (ok) { >- TALLOC_FREE(spn); > continue; > } > ok = add_string_to_array(spn_array, spn, > &spn_array, &num_spns); > if (!ok) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } >- TALLOC_FREE(spn); > > /* > * Add HOST/netbiosname.domainname >@@ -589,51 +594,56 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > *netbios_aliases, > lp_dnsdomain()); > >- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); >+ spn = talloc_asprintf(frame, "HOST/%s", my_fqdn); > if (spn == NULL) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > > ok = ads_element_in_array(spn_array, num_spns, spn); > if (ok) { >- TALLOC_FREE(spn); > continue; > } > ok = add_string_to_array(spn_array, spn, > &spn_array, &num_spns); > if (!ok) { >- TALLOC_FREE(spn); >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } >- TALLOC_FREE(spn); > } > > /* make sure to NULL terminate the array */ >- spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1); >+ spn_array = talloc_realloc(frame, spn_array, const char *, num_spns + 1); > if (spn_array == NULL) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > spn_array[num_spns] = NULL; > > mods = ads_init_mods(mem_ctx); > if (!mods) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > > /* fields of primary importance */ > > status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn); > if (!ADS_ERR_OK(status)) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > > status = ads_mod_strlist(mem_ctx, &mods, "servicePrincipalName", > spn_array); > if (!ADS_ERR_OK(status)) { >- return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; > } > >- return ads_gen_mod(r->in.ads, r->out.dn, mods); >+ status = ads_gen_mod(r->in.ads, r->out.dn, mods); >+ >+done: >+ TALLOC_FREE(frame); >+ return status; > } > > /**************************************************************** >-- >2.21.0 > > >From 3e65f72b141a7ee256ae581e5f48f1d930aed76a Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Wed, 18 Sep 2019 23:15:57 +0300 >Subject: [PATCH 4/6] libnet_join_set_machine_spn: simplify adding uniq spn to > array > >and do not skip adding a fully qualified spn to netbios-aliases >in case a short spn already existed. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 > >Signed-off-by: Isaac Boukris <iboukris@redhat.com> >Reviewed-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >--- > source3/libnet/libnet_join.c | 56 +++++++++++++++--------------------- > 1 file changed, 23 insertions(+), 33 deletions(-) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 43035370526..a1d8a25bbc2 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -483,6 +483,19 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx, > return status; > } > >+static ADS_STATUS add_uniq_spn(TALLOC_CTX *mem_ctx, const char *spn, >+ const char ***array, size_t *num) >+{ >+ bool ok = ads_element_in_array(*array, *num, spn); >+ if (!ok) { >+ ok = add_string_to_array(mem_ctx, spn, array, num); >+ if (!ok) { >+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ } >+ } >+ return ADS_SUCCESS; >+} >+ > /**************************************************************** > Set a machines dNSHostName and servicePrincipalName attributes > ****************************************************************/ >@@ -497,7 +510,6 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > const char **spn_array = NULL; > size_t num_spns = 0; > char *spn = NULL; >- bool ok; > const char **netbios_aliases = NULL; > > /* Find our DN */ >@@ -527,14 +539,9 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > goto done; > } > >- ok = ads_element_in_array(spn_array, num_spns, spn); >- if (!ok) { >- ok = add_string_to_array(frame, spn, >- &spn_array, &num_spns); >- if (!ok) { >- status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- goto done; >- } >+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns); >+ if (!ADS_ERR_OK(status)) { >+ goto done; > } > > fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, lp_dnsdomain()); >@@ -550,14 +557,9 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > goto done; > } > >- ok = ads_element_in_array(spn_array, num_spns, spn); >- if (!ok) { >- ok = add_string_to_array(frame, spn, >- &spn_array, &num_spns); >- if (!ok) { >- status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >- goto done; >- } >+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns); >+ if (!ADS_ERR_OK(status)) { >+ goto done; > } > > for (netbios_aliases = lp_netbios_aliases(); >@@ -576,14 +578,8 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > goto done; > } > >- ok = ads_element_in_array(spn_array, num_spns, spn); >- if (ok) { >- continue; >- } >- ok = add_string_to_array(spn_array, spn, >- &spn_array, &num_spns); >- if (!ok) { >- status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns); >+ if (!ADS_ERR_OK(status)) { > goto done; > } > >@@ -600,14 +596,8 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > goto done; > } > >- ok = ads_element_in_array(spn_array, num_spns, spn); >- if (ok) { >- continue; >- } >- ok = add_string_to_array(spn_array, spn, >- &spn_array, &num_spns); >- if (!ok) { >- status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns); >+ if (!ADS_ERR_OK(status)) { > goto done; > } > } >-- >2.21.0 > > >From db7560ff0fb861552406bb4c422cff55c82f58bf Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Tue, 17 Sep 2019 21:38:07 +0300 >Subject: [PATCH 5/6] docs-xml: add "additional dns hostnames" smb.conf option > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 > >Signed-off-by: Isaac Boukris <iboukris@redhat.com> >Reviewed-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >--- > docs-xml/smbdotconf/base/additionaldnshostnames.xml | 11 +++++++++++ > 1 file changed, 11 insertions(+) > create mode 100644 docs-xml/smbdotconf/base/additionaldnshostnames.xml > >diff --git a/docs-xml/smbdotconf/base/additionaldnshostnames.xml b/docs-xml/smbdotconf/base/additionaldnshostnames.xml >new file mode 100644 >index 00000000000..ddc04ee9f81 >--- /dev/null >+++ b/docs-xml/smbdotconf/base/additionaldnshostnames.xml >@@ -0,0 +1,11 @@ >+<samba:parameter name="additional dns hostnames" >+ context="G" >+ type="cmdlist" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+ <description> >+ <para> A list of additional DNS names by which this host can be identified >+ </para> >+</description> >+<value type="default"><comment>empty string (no additional dns names)</comment></value> >+<value type="example"> host2.example.com host3.other.com </value> >+</samba:parameter> >-- >2.21.0 > > >From 2669cecc51f8f7d6675b4dac9b345b3c5a7fc879 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Fri, 13 Sep 2019 10:56:10 +0300 >Subject: [PATCH 6/6] libnet_join: add SPNs for additional-dns-hostnames > entries >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >and set msDS-AdditionalDnsHostName to the specified list. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 > >Signed-off-by: Isaac Boukris <iboukris@redhat.com> >Reviewed-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184 >--- > source3/libnet/libnet_join.c | 27 +++++++++++++++++++++++++++ > testprogs/blackbox/test_net_ads.sh | 10 +++++++++- > 2 files changed, 36 insertions(+), 1 deletion(-) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index a1d8a25bbc2..eb8e0ea17f7 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -511,6 +511,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > size_t num_spns = 0; > char *spn = NULL; > const char **netbios_aliases = NULL; >+ const char **addl_hostnames = NULL; > > /* Find our DN */ > >@@ -602,6 +603,22 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > } > } > >+ for (addl_hostnames = lp_additional_dns_hostnames(); >+ addl_hostnames != NULL && *addl_hostnames != NULL; >+ addl_hostnames++) { >+ >+ spn = talloc_asprintf(frame, "HOST/%s", *addl_hostnames); >+ if (spn == NULL) { >+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); >+ goto done; >+ } >+ >+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns); >+ if (!ADS_ERR_OK(status)) { >+ goto done; >+ } >+ } >+ > /* make sure to NULL terminate the array */ > spn_array = talloc_realloc(frame, spn_array, const char *, num_spns + 1); > if (spn_array == NULL) { >@@ -629,6 +646,16 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, > goto done; > } > >+ addl_hostnames = lp_additional_dns_hostnames(); >+ if (addl_hostnames != NULL && *addl_hostnames != NULL) { >+ status = ads_mod_strlist(mem_ctx, &mods, >+ "msDS-AdditionalDnsHostName", >+ addl_hostnames); >+ if (!ADS_ERR_OK(status)) { >+ goto done; >+ } >+ } >+ > status = ads_gen_mod(r->in.ads, r->out.dn, mods); > > done: >diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh >index ef6f99ddea4..8bcff006b8e 100755 >--- a/testprogs/blackbox/test_net_ads.sh >+++ b/testprogs/blackbox/test_net_ads.sh >@@ -202,13 +202,21 @@ base_dn="DC=addom,DC=samba,DC=example,DC=com" > computers_dn="CN=Computers,$base_dn" > testit "ldb check for existence of machine account" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "cn=$HOSTNAME,$computers_dn" || failed=`expr $failed + 1` > >-testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` >+dns_alias1="${netbios}_alias1.other.${lc_realm}" >+dns_alias2="${netbios}_alias2.other2.${lc_realm}" >+testit "join" $VALGRIND $net_tool --option=additionaldnshostnames=$dns_alias1,$dns_alias2 ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` > > testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1` > > testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1` > testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1` > >+testit_grep "dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1` >+testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1` >+ >+testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1` >+testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1` >+ > ##Goodbye... > testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` > >-- >2.21.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
ab
:
review+
asn
:
ci-passed+
Actions:
View
Attachments on
bug 14116
:
15468
| 15572