[SCM] Samba Shared Repository - branch v4-10-test updated

Karolin Seeger kseeger at samba.org
Tue Nov 5 14:32:02 UTC 2019


The branch, v4-10-test has been updated
       via  466b19feef4 libnet_join: add SPNs for additional-dns-hostnames entries
       via  d57753e3476 docs-xml: add "additional dns hostnames" smb.conf option
       via  3d9240bf3cf libnet_join_set_machine_spn: simplify adding uniq spn to array
       via  5ec4cead4ed libnet_join_set_machine_spn: simplify memory handling
       via  b4350bee2d2 libnet_join_set_machine_spn: improve style and make a bit room for indentation
       via  025af7a1789 libnet_join: build dnsHostName from netbios name and lp_dnsdomain()
       via  7e0d00eaa69 s4:dirsync: fix interaction of dirsync and extended_dn controls
       via  328f89cb9b8 s4:tests/dirsync: add tests for dirsync with extended_dn
      from  bb4dd482917 replace: Only link libnsl and libsocket if requrired

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test


- Log -----------------------------------------------------------------
commit 466b19feef435c82bbb8feea401714c808ff05da
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Fri Sep 13 10:56:10 2019 +0300

    libnet_join: add SPNs for additional-dns-hostnames entries
    
    and set msDS-AdditionalDnsHostName to the specified list.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184
    
    Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-10-test): Tue Nov  5 14:31:48 UTC 2019 on sn-devel-144

commit d57753e3476cd2a4402e005ead031ca9d44af3d6
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Tue Sep 17 21:38:07 2019 +0300

    docs-xml: add "additional dns hostnames" smb.conf option
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit 3d9240bf3cf112209a268e77718d646e0c83afcd
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Wed Sep 18 23:15:57 2019 +0300

    libnet_join_set_machine_spn: simplify adding uniq spn to array
    
    and do not skip adding a fully qualified spn to netbios-aliases
    in case a short spn already existed.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit 5ec4cead4edc355b3d30f332ada05c14d744a489
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Wed Sep 18 21:29:47 2019 +0300

    libnet_join_set_machine_spn: simplify memory handling
    
    and avoid a possible memory leak when passing null to
    add_string_to_array() as mem_ctx.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit b4350bee2d2f4bec8946a9b4aaa0961c12bf3366
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Wed Sep 18 20:00:34 2019 +0300

    libnet_join_set_machine_spn: improve style and make a bit room for indentation
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit 025af7a1789d73f5594a0426f748b66cd7a1371b
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Fri Aug 30 00:22:15 2019 +0300

    libnet_join: build dnsHostName from netbios name and lp_dnsdomain()
    
    This make the join process much more reliable, and avoids "Constraint
    violation" error when the fqdn returned from getaddrinfo has already
    got assigned an SPN.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

commit 7e0d00eaa69e9a2aefacd5baabb2b5279a84e2d5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Oct 4 14:57:40 2019 +0200

    s4:dirsync: fix interaction of dirsync and extended_dn controls
    
    Azure AD connect reports discovery errors:
      reference-value-not-ldap-conformant
    for attributes member and manager.
    The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
    an ExtendedDNRequestValue blob, which means the flag value should
    be treated as 0 and the HEX string format should be used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
    RN: Prevent azure ad connect from reporting discovery errors:
    reference-value-not-ldap-conformant
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Thu Oct 24 11:06:58 UTC 2019 on sn-devel-184
    
    (cherry picked from commit d0f566c4ad32d69a1cf896e2dde56fc2489bb7fc)

commit 328f89cb9b86cc4312c23c043674c9f91f972c60
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Oct 22 12:12:32 2019 +0200

    s4:tests/dirsync: add tests for dirsync with extended_dn
    
    This demonstrates a problems that the extended_dn returned
    by the dirsync module always uses the SDDL format for GUID/SID
    components.
    
    Azure AD connect reports discovery errors:
      reference-value-not-ldap-conformant
    for attributes member and manager.
    The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
    an ExtendedDNRequestValue blob, which means the flag value should
    be treated as 0 and the HEX string format should be used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 6d43d82b49c8cd47da2f1489fe8b52d5a873a19c)

-----------------------------------------------------------------------

Summary of changes:
 .../smbdotconf/base/additionaldnshostnames.xml     |  11 ++
 source3/libnet/libnet_join.c                       | 195 +++++++++++----------
 source4/dsdb/samdb/ldb_modules/dirsync.c           |  19 +-
 source4/dsdb/tests/python/dirsync.py               |  31 ++++
 testprogs/blackbox/test_net_ads.sh                 |  17 +-
 5 files changed, 179 insertions(+), 94 deletions(-)
 create mode 100644 docs-xml/smbdotconf/base/additionaldnshostnames.xml


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/base/additionaldnshostnames.xml b/docs-xml/smbdotconf/base/additionaldnshostnames.xml
new file mode 100644
index 00000000000..ddc04ee9f81
--- /dev/null
+++ b/docs-xml/smbdotconf/base/additionaldnshostnames.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="additional dns hostnames"
+                 context="G"
+                 type="cmdlist"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+ <description>
+        <para> A list of additional DNS names by which this host can be identified
+        </para>
+</description>
+<value type="default"><comment>empty string (no additional dns names)</comment></value>
+<value type="example"> host2.example.com host3.other.com </value>
+</samba:parameter>
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 1052afde641..9d4f656ffec 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -483,6 +483,19 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
 	return status;
 }
 
+static ADS_STATUS add_uniq_spn(TALLOC_CTX *mem_ctx, const  char *spn,
+			       const char ***array, size_t *num)
+{
+	bool ok = ads_element_in_array(*array, *num, spn);
+	if (!ok) {
+		ok = add_string_to_array(mem_ctx, spn, array, num);
+		if (!ok) {
+			return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		}
+	}
+	return ADS_SUCCESS;
+}
+
 /****************************************************************
  Set a machines dNSHostName and servicePrincipalName attributes
 ****************************************************************/
@@ -490,14 +503,15 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
 static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
 					      struct libnet_JoinCtx *r)
 {
+	TALLOC_CTX *frame = talloc_stackframe();
 	ADS_STATUS status;
 	ADS_MODLIST mods;
 	fstring my_fqdn;
 	const char **spn_array = NULL;
 	size_t num_spns = 0;
 	char *spn = NULL;
-	bool ok;
 	const char **netbios_aliases = NULL;
+	const char **addl_hostnames = NULL;
 
 	/* Find our DN */
 
@@ -506,7 +520,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	status = libnet_join_get_machine_spns(mem_ctx,
+	status = libnet_join_get_machine_spns(frame,
 					      r,
 					      discard_const_p(char **, &spn_array),
 					      &num_spns);
@@ -516,134 +530,137 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
 
 	/* Windows only creates HOST/shortname & HOST/fqdn. */
 
-	spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name);
-	if (!spn) {
-		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+	spn = talloc_asprintf(frame, "HOST/%s", r->in.machine_name);
+	if (spn == NULL) {
+		status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
 	}
 	if (!strupper_m(spn)) {
-		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
 	}
 
-	ok = ads_element_in_array(spn_array, num_spns, spn);
-	if (!ok) {
-		ok = add_string_to_array(spn_array, spn,
-					 &spn_array, &num_spns);
-		if (!ok) {
-			return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-		}
+	status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+	if (!ADS_ERR_OK(status)) {
+		goto done;
 	}
 
-	if (!name_to_fqdn(my_fqdn, r->in.machine_name)
-	    || (strchr(my_fqdn, '.') == NULL)) {
-		fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name,
-			     r->out.dns_domain_name);
-	}
+	fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, lp_dnsdomain());
 
 	if (!strlower_m(my_fqdn)) {
-		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
 	}
 
-	if (!strequal(my_fqdn, r->in.machine_name)) {
-		spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
-		if (!spn) {
-			return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+	spn = talloc_asprintf(frame, "HOST/%s", my_fqdn);
+	if (spn == NULL) {
+		status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
+	}
+
+	status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+	if (!ADS_ERR_OK(status)) {
+		goto done;
+	}
+
+	for (netbios_aliases = lp_netbios_aliases();
+	     netbios_aliases != NULL && *netbios_aliases != NULL;
+	     netbios_aliases++) {
+		/*
+		 * Add HOST/NETBIOSNAME
+		 */
+		spn = talloc_asprintf(frame, "HOST/%s", *netbios_aliases);
+		if (spn == NULL) {
+			status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+			goto done;
+		}
+		if (!strupper_m(spn)) {
+			status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+			goto done;
 		}
 
-		ok = ads_element_in_array(spn_array, num_spns, spn);
-		if (!ok) {
-			ok = add_string_to_array(spn_array, spn,
-						 &spn_array, &num_spns);
-			if (!ok) {
-				return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-			}
+		status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+		if (!ADS_ERR_OK(status)) {
+			goto done;
 		}
-	}
 
-	netbios_aliases = lp_netbios_aliases();
-	if (netbios_aliases != NULL) {
-		for (; *netbios_aliases != NULL; netbios_aliases++) {
-			/*
-			 * Add HOST/NETBIOSNAME
-			 */
-			spn = talloc_asprintf(mem_ctx, "HOST/%s", *netbios_aliases);
-			if (spn == NULL) {
-				TALLOC_FREE(spn);
-				return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-			}
-			if (!strupper_m(spn)) {
-				TALLOC_FREE(spn);
-				return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-			}
+		/*
+		 * Add HOST/netbiosname.domainname
+		 */
+		fstr_sprintf(my_fqdn, "%s.%s",
+			     *netbios_aliases,
+			     lp_dnsdomain());
 
-			ok = ads_element_in_array(spn_array, num_spns, spn);
-			if (ok) {
-				TALLOC_FREE(spn);
-				continue;
-			}
-			ok = add_string_to_array(spn_array, spn,
-						 &spn_array, &num_spns);
-			if (!ok) {
-				TALLOC_FREE(spn);
-				return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-			}
-			TALLOC_FREE(spn);
+		spn = talloc_asprintf(frame, "HOST/%s", my_fqdn);
+		if (spn == NULL) {
+			status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+			goto done;
+		}
 
-			/*
-			 * Add HOST/netbiosname.domainname
-			 */
-			if (r->out.dns_domain_name == NULL) {
-				continue;
-			}
-			fstr_sprintf(my_fqdn, "%s.%s",
-				     *netbios_aliases,
-				     r->out.dns_domain_name);
+		status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+		if (!ADS_ERR_OK(status)) {
+			goto done;
+		}
+	}
 
-			spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
-			if (spn == NULL) {
-				return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-			}
+	for (addl_hostnames = lp_additional_dns_hostnames();
+	     addl_hostnames != NULL && *addl_hostnames != NULL;
+	     addl_hostnames++) {
 
-			ok = ads_element_in_array(spn_array, num_spns, spn);
-			if (ok) {
-				TALLOC_FREE(spn);
-				continue;
-			}
-			ok = add_string_to_array(spn_array, spn,
-						 &spn_array, &num_spns);
-			if (!ok) {
-				TALLOC_FREE(spn);
-				return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-			}
-			TALLOC_FREE(spn);
+		spn = talloc_asprintf(frame, "HOST/%s", *addl_hostnames);
+		if (spn == NULL) {
+			status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+			goto done;
+		}
+
+		status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+		if (!ADS_ERR_OK(status)) {
+			goto done;
 		}
 	}
 
 	/* make sure to NULL terminate the array */
-	spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1);
+	spn_array = talloc_realloc(frame, spn_array, const char *, num_spns + 1);
 	if (spn_array == NULL) {
-		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
 	}
 	spn_array[num_spns] = NULL;
 
 	mods = ads_init_mods(mem_ctx);
 	if (!mods) {
-		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
 	}
 
 	/* fields of primary importance */
 
 	status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn);
 	if (!ADS_ERR_OK(status)) {
-		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
 	}
 
 	status = ads_mod_strlist(mem_ctx, &mods, "servicePrincipalName",
 				 spn_array);
 	if (!ADS_ERR_OK(status)) {
-		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+		goto done;
 	}
 
-	return ads_gen_mod(r->in.ads, r->out.dn, mods);
+	addl_hostnames = lp_additional_dns_hostnames();
+	if (addl_hostnames != NULL && *addl_hostnames != NULL) {
+		status = ads_mod_strlist(mem_ctx, &mods,
+					 "msDS-AdditionalDnsHostName",
+					 addl_hostnames);
+		if (!ADS_ERR_OK(status)) {
+			goto done;
+		}
+	}
+
+	status = ads_gen_mod(r->in.ads, r->out.dn, mods);
+
+done:
+	TALLOC_FREE(frame);
+	return status;
 }
 
 /****************************************************************
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
index face6790754..2d19c653706 100644
--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -51,6 +51,7 @@ struct dirsync_context {
 	uint64_t fromreqUSN;
 	uint32_t cursor_size;
 	bool noextended;
+	int extended_type;
 	bool linkIncrVal;
 	bool localonly;
 	bool partial;
@@ -468,7 +469,8 @@ skip:
 				}
 
 				ldb_dn_extended_filter(dn->dn, myaccept);
-				dn_ln = ldb_dn_get_extended_linearized(dn, dn->dn, 1);
+				dn_ln = dsdb_dn_get_extended_linearized(dn, dn,
+							dsc->extended_type);
 				if (dn_ln == NULL)
 				{
 					talloc_free(dn);
@@ -982,6 +984,7 @@ static int dirsync_ldb_search(struct ldb_module *module, struct ldb_request *req
 	struct ldb_control *control;
 	struct ldb_result *acl_res;
 	struct ldb_dirsync_control *dirsync_ctl;
+	struct ldb_control *extended = NULL;
 	struct ldb_request *down_req;
 	struct dirsync_context *dsc;
 	struct ldb_context *ldb;
@@ -1213,7 +1216,19 @@ static int dirsync_ldb_search(struct ldb_module *module, struct ldb_request *req
 		dsc->nbDefaultAttrs = 3;
 	}
 
-	if (!ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID)) {
+	/* check if there's an extended dn control */
+	extended = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID);
+	if (extended != NULL) {
+		struct ldb_extended_dn_control *extended_ctrl = NULL;
+
+		if (extended->data != NULL) {
+			extended_ctrl = talloc_get_type(extended->data,
+						struct ldb_extended_dn_control);
+		}
+		if (extended_ctrl != NULL) {
+			dsc->extended_type = extended_ctrl->type;
+		}
+	} else {
 		ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID, false, NULL);
 		if (ret != LDB_SUCCESS) {
 			return ret;
diff --git a/source4/dsdb/tests/python/dirsync.py b/source4/dsdb/tests/python/dirsync.py
index e177bfbbfdc..35293c084e8 100755
--- a/source4/dsdb/tests/python/dirsync.py
+++ b/source4/dsdb/tests/python/dirsync.py
@@ -681,6 +681,37 @@ class ExtendedDirsyncTests(SimpleDirsyncTests):
         self.assertEqual(res[0].get("member;range=1-1"), None)
         self.assertEqual(len(res[0].get("member;range=0-0")), 2)
 
+    def test_dirsync_extended_dn(self):
+        """Check that dirsync works together with the extended_dn control"""
+        # Let's search for members
+        self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
+        res = self.ldb_simple.search(self.base_dn,
+                                     expression="(name=Administrators)",
+                                     controls=["dirsync:1:1:1"])
+
+        self.assertTrue(len(res[0].get("member")) > 0)
+        size = len(res[0].get("member"))
+
+        resEX1 = self.ldb_simple.search(self.base_dn,
+                                        expression="(name=Administrators)",
+                                        controls=["dirsync:1:1:1","extended_dn:1:1"])
+        self.assertTrue(len(resEX1[0].get("member")) > 0)
+        sizeEX1 = len(resEX1[0].get("member"))
+        self.assertEqual(sizeEX1, size)
+        self.assertIn(res[0]["member"][0], resEX1[0]["member"][0])
+        self.assertIn(b"<GUID=", resEX1[0]["member"][0])
+        self.assertIn(b">;<SID=S-1-5-21-", resEX1[0]["member"][0])
+
+        resEX0 = self.ldb_simple.search(self.base_dn,
+                                        expression="(name=Administrators)",
+                                        controls=["dirsync:1:1:1","extended_dn:1:0"])
+        self.assertTrue(len(resEX0[0].get("member")) > 0)
+        sizeEX0 = len(resEX0[0].get("member"))
+        self.assertEqual(sizeEX0, size)
+        self.assertIn(res[0]["member"][0], resEX0[0]["member"][0])
+        self.assertIn(b"<GUID=", resEX0[0]["member"][0])
+        self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0])
+
     def test_dirsync_deleted_items(self):
         """Check that dirsync returnd deleted objects too"""
         # Let's create an OU
diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index cc8345c4624..8bcff006b8e 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -81,7 +81,7 @@ testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || fai
 netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
 uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]')
 lc_realm=$(echo $REALM | tr '[:upper:]' '[:lower:]')
-fqdns="$netbios.$lc_realm"
+fqdn="$netbios.$lc_realm"
 
 krb_princ="primary/instance@$REALM"
 testit "test (dedicated keytab) add a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab add $krb_princ -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
@@ -99,7 +99,7 @@ testit "test (dedicated keytab) at least one krb5 principal created from $machin
 service="nfs"
 testit "test (dedicated keytab) add a $service service to keytab" $VALGRIND $net_tool ads keytab add $service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
 
-search_str="$service/$fqdns@$REALM"
+search_str="$service/$fqdn@$REALM"
 found=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
 testit "test (dedicated keytab) at least one (long form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed=`expr $failed + 1`
 
@@ -202,10 +202,21 @@ base_dn="DC=addom,DC=samba,DC=example,DC=com"
 computers_dn="CN=Computers,$base_dn"
 testit "ldb check for existence of machine account" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "cn=$HOSTNAME,$computers_dn" || failed=`expr $failed + 1`
 
-testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+dns_alias1="${netbios}_alias1.other.${lc_realm}"
+dns_alias2="${netbios}_alias2.other2.${lc_realm}"
+testit "join" $VALGRIND $net_tool --option=additionaldnshostnames=$dns_alias1,$dns_alias2 ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
 
 testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1`
 
+testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1`
+testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+
+testit_grep "dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+
+testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+
 ##Goodbye...
 testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list