Add msDS-AdditionalDnsHostName entries to the keytab

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/selftest/knownfail.d/dns_alias_keytab b/selftest/knownfail.d/dns_alias_keytab
deleted file mode 100644 (file)
index 216592e..0000000
--- a/selftest/knownfail.d/dns_alias_keytab
+++ /dev/null
@@ -1,2 +0,0 @@
-^samba4.blackbox.net_ads.dns alias1 check keytab
-^samba4.blackbox.net_ads.dns alias2 check keytab

diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 495ef5d33253dee8d94da4ed0372d872de03c004..cd9c1082681fa6fbc3b26686c35937587b3f0457 100644 (file)
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -137,6 +137,11 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
                                        enum ads_extended_dn_flags flags,
                                        struct dom_sid *sid);
 char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
+                                            ADS_STRUCT *ads,
+                                            const char *machine_name,
+                                            char ***hostnames_array,
+                                            size_t *num_hostnames);
 char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
 bool ads_has_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
 ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index c46e98a4270b8775e11d98109ffbe5fd77cddc56..da363741d109e37440664794fe7943db831a4309 100644 (file)
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -349,6 +349,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads)
        char *password_s = NULL;
        char *my_fqdn;
        TALLOC_CTX *tmpctx = NULL;
+       char **hostnames_array = NULL;
+       size_t num_hostnames = 0;
 
        ret = smb_krb5_init_context_common(&context);
        if (ret) {
@@ -425,6 +427,25 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads)
                goto out;
        }
 
+       if (ADS_ERR_OK(ads_get_additional_dns_hostnames(tmpctx, ads,
+                                                       lp_netbios_name(),
+                                                       &hostnames_array,
+                                                       &num_hostnames))) {
+               size_t i;
+
+               for (i = 0; i < num_hostnames; i++) {
+
+                       ret = add_kt_entry_etypes(context, tmpctx, ads,
+                                                 salt_princ_s, keytab,
+                                                 kvno, srvPrinc,
+                                                 hostnames_array[i],
+                                                 &password, update_ads);
+                       if (ret != 0) {
+                               goto out;
+                       }
+               }
+       }
+
 out:
        SAFE_FREE(salt_princ_s);
        TALLOC_FREE(tmpctx);

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 0caa104464576ef593f642cde5e0292f1a06352e..eb5fef0c7f39175c4535d8338470870c85c10baf 100755 (executable)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1377,6 +1377,7 @@ char *ads_parent_dn(const char *dn)
                "unicodePwd",
 
                /* Additional attributes Samba checks */
+               "msDS-AdditionalDnsHostName",
                "msDS-SupportedEncryptionTypes",
                "nTSecurityDescriptor",
 
@@ -3668,6 +3669,50 @@ out:
 /********************************************************************
 ********************************************************************/
 
+ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
+                                           ADS_STRUCT *ads,
+                                           const char *machine_name,
+                                           char ***hostnames_array,
+                                           size_t *num_hostnames)
+{
+       ADS_STATUS status;
+       LDAPMessage *res = NULL;
+       int count;
+
+       status = ads_find_machine_acct(ads,
+                                      &res,
+                                      machine_name);
+       if (!ADS_ERR_OK(status)) {
+               DEBUG(1,("Host Account for %s not found... skipping operation.\n",
+                        machine_name));
+               return status;
+       }
+
+       count = ads_count_replies(ads, res);
+       if (count != 1) {
+               status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+               goto done;
+       }
+
+       *hostnames_array = ads_pull_strings(ads, mem_ctx, res,
+                                           "msDS-AdditionalDnsHostName",
+                                           num_hostnames);
+       if (*hostnames_array == NULL) {
+               DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n",
+                         machine_name));
+               status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+               goto done;
+       }
+
+done:
+       ads_msgfree(ads, res);
+
+       return status;
+}
+
+/********************************************************************
+********************************************************************/
+
 char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
 {
        LDAPMessage *res = NULL;