libnet_join: build dnsHostName from netbios name and lp_dnsdomain()

This make the join process much more reliable, and avoids "Constraint
violation" error when the fqdn returned from getaddrinfo has already
got assigned an SPN.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 7943bef2cf691ef7e44895a78dc49ece360756cc..818b3039cb905dc907f7e775793e0beab72b871d 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -533,29 +533,23 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
                }
        }
 
-       if (!name_to_fqdn(my_fqdn, r->in.machine_name)
-           || (strchr(my_fqdn, '.') == NULL)) {
-               fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name,
-                            r->out.dns_domain_name);
-       }
+       fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, lp_dnsdomain());
 
        if (!strlower_m(my_fqdn)) {
                return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
        }
 
-       if (!strequal(my_fqdn, r->in.machine_name)) {
-               spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
-               if (!spn) {
-                       return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-               }
+       spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
+       if (spn == NULL) {
+               return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+       }
 
-               ok = ads_element_in_array(spn_array, num_spns, spn);
+       ok = ads_element_in_array(spn_array, num_spns, spn);
+       if (!ok) {
+               ok = add_string_to_array(spn_array, spn,
+                                        &spn_array, &num_spns);
                if (!ok) {
-                       ok = add_string_to_array(spn_array, spn,
-                                                &spn_array, &num_spns);
-                       if (!ok) {
-                               return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
-                       }
+                       return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
                }
        }
 
@@ -591,12 +585,9 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
                        /*
                         * Add HOST/netbiosname.domainname
                         */
-                       if (r->out.dns_domain_name == NULL) {
-                               continue;
-                       }
                        fstr_sprintf(my_fqdn, "%s.%s",
                                     *netbios_aliases,
-                                    r->out.dns_domain_name);
+                                    lp_dnsdomain());
 
                        spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
                        if (spn == NULL) {

diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index cc8345c4624ffb66d70ee5eb14df5b01c0ea4121..ef6f99ddea46ffc158d8a9d110055def3ee5c17b 100755 (executable)
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -81,7 +81,7 @@ testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || fai
 netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1')
 uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]')
 lc_realm=$(echo $REALM | tr '[:upper:]' '[:lower:]')
-fqdns="$netbios.$lc_realm"
+fqdn="$netbios.$lc_realm"
 
 krb_princ="primary/instance@$REALM"
 testit "test (dedicated keytab) add a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab add $krb_princ -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
@@ -99,7 +99,7 @@ testit "test (dedicated keytab) at least one krb5 principal created from $machin
 service="nfs"
 testit "test (dedicated keytab) add a $service service to keytab" $VALGRIND $net_tool ads keytab add $service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
 
-search_str="$service/$fqdns@$REALM"
+search_str="$service/$fqdn@$REALM"
 found=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
 testit "test (dedicated keytab) at least one (long form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed=`expr $failed + 1`
 
@@ -206,6 +206,9 @@ testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed
 
 testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1`
 
+testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1`
+testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+
 ##Goodbye...
 testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`