git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: db7560f)
libnet_join: add SPNs for additional-dns-hostnames entries
authorIsaac Boukris <iboukris@gmail.com>
Fri, 13 Sep 2019 07:56:10 +0000 (10:56 +0300)
committerRalph Boehme <slow@samba.org>
Fri, 25 Oct 2019 10:43:08 +0000 (10:43 +0000)
and set msDS-AdditionalDnsHostName to the specified list.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184

source3/libnet/libnet_join.c patch | blob | history
testprogs/blackbox/test_net_ads.sh patch | blob | history

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index a1d8a25bbc2b697f7663f87d74ec4d6be7ba797c..eb8e0ea17f7abd21566663400f38c86407a89828 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -511,6 +511,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
        size_t num_spns = 0;
        char *spn = NULL;
        const char **netbios_aliases = NULL;
+       const char **addl_hostnames = NULL;
 
        /* Find our DN */
 
@@ -602,6 +603,22 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
                }
        }
 
+       for (addl_hostnames = lp_additional_dns_hostnames();
+            addl_hostnames != NULL && *addl_hostnames != NULL;
+            addl_hostnames++) {
+
+               spn = talloc_asprintf(frame, "HOST/%s", *addl_hostnames);
+               if (spn == NULL) {
+                       status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+                       goto done;
+               }
+
+               status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+               if (!ADS_ERR_OK(status)) {
+                       goto done;
+               }
+       }
+
        /* make sure to NULL terminate the array */
        spn_array = talloc_realloc(frame, spn_array, const char *, num_spns + 1);
        if (spn_array == NULL) {
@@ -629,6 +646,16 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
                goto done;
        }
 
+       addl_hostnames = lp_additional_dns_hostnames();
+       if (addl_hostnames != NULL && *addl_hostnames != NULL) {
+               status = ads_mod_strlist(mem_ctx, &mods,
+                                        "msDS-AdditionalDnsHostName",
+                                        addl_hostnames);
+               if (!ADS_ERR_OK(status)) {
+                       goto done;
+               }
+       }
+
        status = ads_gen_mod(r->in.ads, r->out.dn, mods);
 
 done:
diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index ef6f99ddea46ffc158d8a9d110055def3ee5c17b..8bcff006b8e4d0075b33defe921bd3a0cb199afd 100755 (executable)
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -202,13 +202,21 @@ base_dn="DC=addom,DC=samba,DC=example,DC=com"
 computers_dn="CN=Computers,$base_dn"
 testit "ldb check for existence of machine account" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "cn=$HOSTNAME,$computers_dn" || failed=`expr $failed + 1`
 
-testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+dns_alias1="${netbios}_alias1.other.${lc_realm}"
+dns_alias2="${netbios}_alias2.other2.${lc_realm}"
+testit "join" $VALGRIND $net_tool --option=additionaldnshostnames=$dns_alias1,$dns_alias2 ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
 
 testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1`
 
 testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1`
 testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
 
+testit_grep "dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+
+testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+
 ##Goodbye...
 testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
 
Work in progress branches