The Samba-Bugzilla – Attachment 16060 Details for
Bug 14406
Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for v4-12-test branch
addl_fixup.patch (text/plain), 7.32 KB, created by
Isaac Boukris
on 2020-06-19 08:09:42 UTC
(
hide
)
Description:
patch for v4-12-test branch
Filename:
MIME Type:
Creator:
Isaac Boukris
Created:
2020-06-19 08:09:42 UTC
Size:
7.32 KB
patch
obsolete
>From 107bfa0d6b16a095dfb0e2f960155a03fa9709a2 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Thu, 11 Jun 2020 21:05:07 +0300 >Subject: [PATCH 1/3] Fix a typo in recent net man page changes > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > docs-xml/manpages/net.8.xml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml >index cbab9c63a5e..951ddcd7c3a 100644 >--- a/docs-xml/manpages/net.8.xml >+++ b/docs-xml/manpages/net.8.xml >@@ -497,7 +497,7 @@ joining the domain. > </para> > > <para> >-[FQDN] (ADS only) set the dnsHosName attribute during the join. >+[FQDN] (ADS only) set the dnsHostName attribute during the join. > The default format is netbiosname.dnsdomain. > </para> > >-- >2.25.4 > > >From a1fce870eb024a2109c54bcc90bf9d5c6a1a45a8 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Tue, 16 Jun 2020 22:01:49 +0300 >Subject: [PATCH 2/3] selftest: add tests for binary msDS-AdditionalDnsHostName > >Like the short names added implicitly by Windows DC. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > selftest/knownfail.d/binary_addl_hostname | 3 +++ > testprogs/blackbox/test_net_ads.sh | 22 ++++++++++++++++++++++ > 2 files changed, 25 insertions(+) > create mode 100644 selftest/knownfail.d/binary_addl_hostname > >diff --git a/selftest/knownfail.d/binary_addl_hostname b/selftest/knownfail.d/binary_addl_hostname >new file mode 100644 >index 00000000000..559db1df507 >--- /dev/null >+++ b/selftest/knownfail.d/binary_addl_hostname >@@ -0,0 +1,3 @@ >+^samba4.blackbox.net_ads.dns alias1 check keytab >+^samba4.blackbox.net_ads.dns alias2 check keytab >+^samba4.blackbox.net_ads.addl short check keytab >diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh >index 85257f445d8..eef4a31a6a7 100755 >--- a/testprogs/blackbox/test_net_ads.sh >+++ b/testprogs/blackbox/test_net_ads.sh >@@ -41,6 +41,11 @@ if [ -x "$BINDIR/ldbdel" ]; then > ldbdel="$BINDIR/ldbdel" > fi > >+ldbmodify="ldbmodify" >+if [ -x "$BINDIR/ldbmodify" ]; then >+ ldbmodify="$BINDIR/ldbmodify" >+fi >+ > # Load test functions > . `dirname $0`/subunit.sh > >@@ -217,12 +222,29 @@ testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samacc > testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1` > testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1` > >+# Test binary msDS-AdditionalDnsHostName like ones added by Windows DC >+short_alias_file="$PREFIX_ABS/short_alias_file" >+printf 'short_alias\0$' > $short_alias_file >+cat > $PREFIX_ABS/tmpldbmodify <<EOF >+dn: CN=$HOSTNAME,$computers_dn >+changetype: modify >+add: msDS-AdditionalDnsHostName >+msDS-AdditionalDnsHostName:< file://$short_alias_file >+EOF >+ >+testit "add binary msDS-AdditionalDnsHostName" $VALGRIND $ldbmodify -k yes -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM $PREFIX_ABS/tmpldbmodify || failed=`expr $failed + 1` >+ >+testit_grep "addl short alias" short_alias $ldbsearch --show-binary -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "CN=$HOSTNAME,CN=Computers,$base_dn" msDS-AdditionalDnsHostName || failed=`expr $failed + 1` >+ >+rm -f $PREFIX_ABS/tmpldbmodify $short_alias_file >+ > dedicated_keytab_file="$PREFIX_ABS/test_dns_aliases_dedicated_krb5.keytab" > > testit "dns alias create_keytab" $VALGRIND $net_tool ads keytab create --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` > > testit_grep "dns alias1 check keytab" "host/${dns_alias1}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` > testit_grep "dns alias2 check keytab" "host/${dns_alias2}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` >+testit_grep "addl short check keytab" "host/short_alias@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` > > rm -f $dedicated_keytab_file > >-- >2.25.4 > > >From b601abf246755cdb116920f6bf5b16037111e980 Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Thu, 11 Jun 2020 16:51:27 +0300 >Subject: [PATCH 3/3] Properly handle msDS-AdditionalDnsHostName returned from > Windows DC > >Windows DC adds short names for each specified msDS-AdditionalDnsHostName >attribute, but these have a suffix of "\0$" and thus fail with >ldap_get_values(), use ldap_get_values_len() instead. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406 > >Signed-off-by: Isaac Boukris <iboukris@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > selftest/knownfail.d/binary_addl_hostname | 3 -- > source3/libads/ldap.c | 38 +++++++++++++++++++++-- > 2 files changed, 35 insertions(+), 6 deletions(-) > delete mode 100644 selftest/knownfail.d/binary_addl_hostname > >diff --git a/selftest/knownfail.d/binary_addl_hostname b/selftest/knownfail.d/binary_addl_hostname >deleted file mode 100644 >index 559db1df507..00000000000 >--- a/selftest/knownfail.d/binary_addl_hostname >+++ /dev/null >@@ -1,3 +0,0 @@ >-^samba4.blackbox.net_ads.dns alias1 check keytab >-^samba4.blackbox.net_ads.dns alias2 check keytab >-^samba4.blackbox.net_ads.addl short check keytab >diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c >index d443e3ee20c..51ceb447254 100755 >--- a/source3/libads/ldap.c >+++ b/source3/libads/ldap.c >@@ -3685,6 +3685,40 @@ out: > /******************************************************************** > ********************************************************************/ > >+static char **get_addl_hosts(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, >+ LDAPMessage *msg, size_t *num_values) >+{ >+ const char *field = "msDS-AdditionalDnsHostName"; >+ struct berval **values = NULL; >+ char **ret = NULL; >+ size_t i, converted_size; >+ >+ values = ldap_get_values_len(ads->ldap.ld, msg, field); >+ if (values == NULL) { >+ return NULL; >+ } >+ >+ *num_values = ldap_count_values_len(values); >+ >+ ret = talloc_array(mem_ctx, char *, *num_values + 1); >+ if (ret == NULL) { >+ ldap_value_free_len(values); >+ return NULL; >+ } >+ >+ for (i = 0; i < *num_values; i++) { >+ if (!pull_utf8_talloc(mem_ctx, &ret[i], values[i]->bv_val, >+ &converted_size)) { >+ ldap_value_free_len(values); >+ return NULL; >+ } >+ } >+ ret[i] = NULL; >+ >+ ldap_value_free_len(values); >+ return ret; >+} >+ > ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx, > ADS_STRUCT *ads, > const char *machine_name, >@@ -3710,9 +3744,7 @@ ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx, > goto done; > } > >- *hostnames_array = ads_pull_strings(ads, mem_ctx, res, >- "msDS-AdditionalDnsHostName", >- num_hostnames); >+ *hostnames_array = get_addl_hosts(ads, mem_ctx, res, num_hostnames); > if (*hostnames_array == NULL) { > DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n", > machine_name)); >-- >2.25.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
iboukris
:
review+
iboukris
:
ci-passed+
Actions:
View
Attachments on
bug 14406
:
16060
|
16062