[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Fri Oct 25 10:44:07 UTC 2019
The branch, master has been updated
via 2669cecc51f libnet_join: add SPNs for additional-dns-hostnames entries
via db7560ff0fb docs-xml: add "additional dns hostnames" smb.conf option
via 3e65f72b141 libnet_join_set_machine_spn: simplify adding uniq spn to array
via b8e1264ecec libnet_join_set_machine_spn: simplify memory handling
via 4cbad1eb468 libnet_join_set_machine_spn: improve style and make a bit room for indentation
via 05f7e9a72a1 libnet_join: build dnsHostName from netbios name and lp_dnsdomain()
from d0f566c4ad3 s4:dirsync: fix interaction of dirsync and extended_dn controls
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2669cecc51f8f7d6675b4dac9b345b3c5a7fc879
Author: Isaac Boukris <iboukris at gmail.com>
Date: Fri Sep 13 10:56:10 2019 +0300
libnet_join: add SPNs for additional-dns-hostnames entries
and set msDS-AdditionalDnsHostName to the specified list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184
commit db7560ff0fb861552406bb4c422cff55c82f58bf
Author: Isaac Boukris <iboukris at gmail.com>
Date: Tue Sep 17 21:38:07 2019 +0300
docs-xml: add "additional dns hostnames" smb.conf option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 3e65f72b141a7ee256ae581e5f48f1d930aed76a
Author: Isaac Boukris <iboukris at gmail.com>
Date: Wed Sep 18 23:15:57 2019 +0300
libnet_join_set_machine_spn: simplify adding uniq spn to array
and do not skip adding a fully qualified spn to netbios-aliases
in case a short spn already existed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit b8e1264ececf38681ca9a519a51e8336044673f0
Author: Isaac Boukris <iboukris at gmail.com>
Date: Wed Sep 18 21:29:47 2019 +0300
libnet_join_set_machine_spn: simplify memory handling
and avoid a possible memory leak when passing null to
add_string_to_array() as mem_ctx.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 4cbad1eb46896bbd74c5b19dbb0a8937ffde90c2
Author: Isaac Boukris <iboukris at gmail.com>
Date: Wed Sep 18 20:00:34 2019 +0300
libnet_join_set_machine_spn: improve style and make a bit room for indentation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 05f7e9a72a1769af9d41b1ca40fe6a14b3f069d1
Author: Isaac Boukris <iboukris at gmail.com>
Date: Fri Aug 30 00:22:15 2019 +0300
libnet_join: build dnsHostName from netbios name and lp_dnsdomain()
This make the join process much more reliable, and avoids "Constraint
violation" error when the fqdn returned from getaddrinfo has already
got assigned an SPN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.../smbdotconf/base/additionaldnshostnames.xml | 11 ++
source3/libnet/libnet_join.c | 195 +++++++++++----------
testprogs/blackbox/test_net_ads.sh | 17 +-
3 files changed, 131 insertions(+), 92 deletions(-)
create mode 100644 docs-xml/smbdotconf/base/additionaldnshostnames.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/base/additionaldnshostnames.xml b/docs-xml/smbdotconf/base/additionaldnshostnames.xml
new file mode 100644
index 00000000000..ddc04ee9f81
--- /dev/null
+++ b/docs-xml/smbdotconf/base/additionaldnshostnames.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="additional dns hostnames"
+ context="G"
+ type="cmdlist"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+ <description>
+ <para> A list of additional DNS names by which this host can be identified
+ </para>
+</description>
+<value type="default"><comment>empty string (no additional dns names)</comment></value>
+<value type="example"> host2.example.com host3.other.com </value>
+</samba:parameter>
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 7943bef2cf6..eb8e0ea17f7 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -483,6 +483,19 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
return status;
}
+static ADS_STATUS add_uniq_spn(TALLOC_CTX *mem_ctx, const char *spn,
+ const char ***array, size_t *num)
+{
+ bool ok = ads_element_in_array(*array, *num, spn);
+ if (!ok) {
+ ok = add_string_to_array(mem_ctx, spn, array, num);
+ if (!ok) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+ }
+ return ADS_SUCCESS;
+}
+
/****************************************************************
Set a machines dNSHostName and servicePrincipalName attributes
****************************************************************/
@@ -490,14 +503,15 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
+ TALLOC_CTX *frame = talloc_stackframe();
ADS_STATUS status;
ADS_MODLIST mods;
fstring my_fqdn;
const char **spn_array = NULL;
size_t num_spns = 0;
char *spn = NULL;
- bool ok;
const char **netbios_aliases = NULL;
+ const char **addl_hostnames = NULL;
/* Find our DN */
@@ -506,7 +520,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
return status;
}
- status = libnet_join_get_machine_spns(mem_ctx,
+ status = libnet_join_get_machine_spns(frame,
r,
discard_const_p(char **, &spn_array),
&num_spns);
@@ -516,134 +530,137 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
/* Windows only creates HOST/shortname & HOST/fqdn. */
- spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name);
- if (!spn) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ spn = talloc_asprintf(frame, "HOST/%s", r->in.machine_name);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
if (!strupper_m(spn)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (!ok) {
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
}
- if (!name_to_fqdn(my_fqdn, r->in.machine_name)
- || (strchr(my_fqdn, '.') == NULL)) {
- fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name,
- r->out.dns_domain_name);
- }
+ fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, lp_dnsdomain());
if (!strlower_m(my_fqdn)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- if (!strequal(my_fqdn, r->in.machine_name)) {
- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
- if (!spn) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ spn = talloc_asprintf(frame, "HOST/%s", my_fqdn);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ for (netbios_aliases = lp_netbios_aliases();
+ netbios_aliases != NULL && *netbios_aliases != NULL;
+ netbios_aliases++) {
+ /*
+ * Add HOST/NETBIOSNAME
+ */
+ spn = talloc_asprintf(frame, "HOST/%s", *netbios_aliases);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+ if (!strupper_m(spn)) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (!ok) {
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
}
- }
- netbios_aliases = lp_netbios_aliases();
- if (netbios_aliases != NULL) {
- for (; *netbios_aliases != NULL; netbios_aliases++) {
- /*
- * Add HOST/NETBIOSNAME
- */
- spn = talloc_asprintf(mem_ctx, "HOST/%s", *netbios_aliases);
- if (spn == NULL) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- if (!strupper_m(spn)) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ /*
+ * Add HOST/netbiosname.domainname
+ */
+ fstr_sprintf(my_fqdn, "%s.%s",
+ *netbios_aliases,
+ lp_dnsdomain());
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (ok) {
- TALLOC_FREE(spn);
- continue;
- }
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- TALLOC_FREE(spn);
+ spn = talloc_asprintf(frame, "HOST/%s", my_fqdn);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
- /*
- * Add HOST/netbiosname.domainname
- */
- if (r->out.dns_domain_name == NULL) {
- continue;
- }
- fstr_sprintf(my_fqdn, "%s.%s",
- *netbios_aliases,
- r->out.dns_domain_name);
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
- if (spn == NULL) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ for (addl_hostnames = lp_additional_dns_hostnames();
+ addl_hostnames != NULL && *addl_hostnames != NULL;
+ addl_hostnames++) {
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (ok) {
- TALLOC_FREE(spn);
- continue;
- }
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- TALLOC_FREE(spn);
+ spn = talloc_asprintf(frame, "HOST/%s", *addl_hostnames);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
}
}
/* make sure to NULL terminate the array */
- spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1);
+ spn_array = talloc_realloc(frame, spn_array, const char *, num_spns + 1);
if (spn_array == NULL) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
spn_array[num_spns] = NULL;
mods = ads_init_mods(mem_ctx);
if (!mods) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
/* fields of primary importance */
status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn);
if (!ADS_ERR_OK(status)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
status = ads_mod_strlist(mem_ctx, &mods, "servicePrincipalName",
spn_array);
if (!ADS_ERR_OK(status)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- return ads_gen_mod(r->in.ads, r->out.dn, mods);
+ addl_hostnames = lp_additional_dns_hostnames();
+ if (addl_hostnames != NULL && *addl_hostnames != NULL) {
+ status = ads_mod_strlist(mem_ctx, &mods,
+ "msDS-AdditionalDnsHostName",
+ addl_hostnames);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
+
+ status = ads_gen_mod(r->in.ads, r->out.dn, mods);
+
+done:
+ TALLOC_FREE(frame);
+ return status;
}
/****************************************************************
diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index cc8345c4624..8bcff006b8e 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -81,7 +81,7 @@ testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || fai
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]')
lc_realm=$(echo $REALM | tr '[:upper:]' '[:lower:]')
-fqdns="$netbios.$lc_realm"
+fqdn="$netbios.$lc_realm"
krb_princ="primary/instance@$REALM"
testit "test (dedicated keytab) add a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab add $krb_princ -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
@@ -99,7 +99,7 @@ testit "test (dedicated keytab) at least one krb5 principal created from $machin
service="nfs"
testit "test (dedicated keytab) add a $service service to keytab" $VALGRIND $net_tool ads keytab add $service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
-search_str="$service/$fqdns@$REALM"
+search_str="$service/$fqdn@$REALM"
found=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
testit "test (dedicated keytab) at least one (long form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed=`expr $failed + 1`
@@ -202,10 +202,21 @@ base_dn="DC=addom,DC=samba,DC=example,DC=com"
computers_dn="CN=Computers,$base_dn"
testit "ldb check for existence of machine account" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "cn=$HOSTNAME,$computers_dn" || failed=`expr $failed + 1`
-testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+dns_alias1="${netbios}_alias1.other.${lc_realm}"
+dns_alias2="${netbios}_alias2.other2.${lc_realm}"
+testit "join" $VALGRIND $net_tool --option=additionaldnshostnames=$dns_alias1,$dns_alias2 ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1`
+testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1`
+testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+
+testit_grep "dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+
+testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+
##Goodbye...
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
--
Samba Shared Repository
More information about the samba-cvs
mailing list