Commit 4f2d905f authored by Isaac Boukris's avatar Isaac Boukris

libnet_join: add SPNs for additional-dns-hostnames entries

and set msDS-AdditionalDnsHostName to the specified list.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116Signed-off-by: default avatarIsaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy's avatarAlexander Bokovoy <ab@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184
parent 8eeecdfa
Pipeline #91969367 passed with stage
in 62 minutes and 39 seconds
......@@ -511,6 +511,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
size_t num_spns = 0;
char *spn = NULL;
const char **netbios_aliases = NULL;
const char **addl_hostnames = NULL;
/* Find our DN */
......@@ -602,6 +603,22 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
}
}
for (addl_hostnames = lp_additional_dns_hostnames();
addl_hostnames != NULL && *addl_hostnames != NULL;
addl_hostnames++) {
spn = talloc_asprintf(frame, "HOST/%s", *addl_hostnames);
if (spn == NULL) {
status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
goto done;
}
status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
if (!ADS_ERR_OK(status)) {
goto done;
}
}
/* make sure to NULL terminate the array */
spn_array = talloc_realloc(frame, spn_array, const char *, num_spns + 1);
if (spn_array == NULL) {
......@@ -629,6 +646,16 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
goto done;
}
addl_hostnames = lp_additional_dns_hostnames();
if (addl_hostnames != NULL && *addl_hostnames != NULL) {
status = ads_mod_strlist(mem_ctx, &mods,
"msDS-AdditionalDnsHostName",
addl_hostnames);
if (!ADS_ERR_OK(status)) {
goto done;
}
}
status = ads_gen_mod(r->in.ads, r->out.dn, mods);
done:
......
......@@ -202,13 +202,21 @@ base_dn="DC=addom,DC=samba,DC=example,DC=com"
computers_dn="CN=Computers,$base_dn"
testit "ldb check for existence of machine account" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "cn=$HOSTNAME,$computers_dn" || failed=`expr $failed + 1`
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
dns_alias1="${netbios}_alias1.other.${lc_realm}"
dns_alias2="${netbios}_alias2.other2.${lc_realm}"
testit "join" $VALGRIND $net_tool --option=additionaldnshostnames=$dns_alias1,$dns_alias2 ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1`
testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1`
testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
testit_grep "dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
##Goodbye...
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment