diff options
author | Isaac Boukris <iboukris@gmail.com> | 2020-05-27 15:36:28 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-06-04 11:47:48 +0000 |
commit | 71efed33f47dfc4f294881257add9121623e29ce (patch) | |
tree | 578adf2136e5a8e4eff6584c520a3448fa6a010f | |
parent | 279e72fe334d8ac375f0e5a8cfccc0fcf0b6d02f (diff) | |
download | samba-71efed33f47dfc4f294881257add9121623e29ce.tar.gz |
Add msDS-AdditionalDnsHostName entries to the keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r-- | selftest/knownfail.d/dns_alias_keytab | 2 | ||||
-rw-r--r-- | source3/libads/ads_proto.h | 5 | ||||
-rw-r--r-- | source3/libads/kerberos_keytab.c | 21 | ||||
-rwxr-xr-x | source3/libads/ldap.c | 45 |
4 files changed, 71 insertions, 2 deletions
diff --git a/selftest/knownfail.d/dns_alias_keytab b/selftest/knownfail.d/dns_alias_keytab deleted file mode 100644 index 216592e1210..00000000000 --- a/selftest/knownfail.d/dns_alias_keytab +++ /dev/null @@ -1,2 +0,0 @@ -^samba4.blackbox.net_ads.dns alias1 check keytab -^samba4.blackbox.net_ads.dns alias2 check keytab diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h index 495ef5d3325..cd9c1082681 100644 --- a/source3/libads/ads_proto.h +++ b/source3/libads/ads_proto.h @@ -137,6 +137,11 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, enum ads_extended_dn_flags flags, struct dom_sid *sid); char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); +ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx, + ADS_STRUCT *ads, + const char *machine_name, + char ***hostnames_array, + size_t *num_hostnames); char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); bool ads_has_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name, diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index c46e98a4270..da363741d10 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -349,6 +349,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads) char *password_s = NULL; char *my_fqdn; TALLOC_CTX *tmpctx = NULL; + char **hostnames_array = NULL; + size_t num_hostnames = 0; ret = smb_krb5_init_context_common(&context); if (ret) { @@ -425,6 +427,25 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads) goto out; } + if (ADS_ERR_OK(ads_get_additional_dns_hostnames(tmpctx, ads, + lp_netbios_name(), + &hostnames_array, + &num_hostnames))) { + size_t i; + + for (i = 0; i < num_hostnames; i++) { + + ret = add_kt_entry_etypes(context, tmpctx, ads, + salt_princ_s, keytab, + kvno, srvPrinc, + hostnames_array[i], + &password, update_ads); + if (ret != 0) { + goto out; + } + } + } + out: SAFE_FREE(salt_princ_s); TALLOC_FREE(tmpctx); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index f0fcf9fcd56..f6fde5e19e1 100755 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1377,6 +1377,7 @@ char *ads_parent_dn(const char *dn) "unicodePwd", /* Additional attributes Samba checks */ + "msDS-AdditionalDnsHostName", "msDS-SupportedEncryptionTypes", "nTSecurityDescriptor", @@ -3668,6 +3669,50 @@ out: /******************************************************************** ********************************************************************/ +ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx, + ADS_STRUCT *ads, + const char *machine_name, + char ***hostnames_array, + size_t *num_hostnames) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + int count; + + status = ads_find_machine_acct(ads, + &res, + machine_name); + if (!ADS_ERR_OK(status)) { + DEBUG(1,("Host Account for %s not found... skipping operation.\n", + machine_name)); + return status; + } + + count = ads_count_replies(ads, res); + if (count != 1) { + status = ADS_ERROR(LDAP_NO_SUCH_OBJECT); + goto done; + } + + *hostnames_array = ads_pull_strings(ads, mem_ctx, res, + "msDS-AdditionalDnsHostName", + num_hostnames); + if (*hostnames_array == NULL) { + DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n", + machine_name)); + status = ADS_ERROR(LDAP_NO_SUCH_OBJECT); + goto done; + } + +done: + ads_msgfree(ads, res); + + return status; +} + +/******************************************************************** +********************************************************************/ + char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ) { LDAPMessage *res = NULL; |