[SCM] Samba Shared Repository - branch master updated

Isaac Boukris Thu, 18 Jun 2020 09:45:16 -0700

The branch, master has been updated
       via  9a447fb7e07 Properly handle msDS-AdditionalDnsHostName returned 
from Windows DC
       via  4605d7aec5c selftest: add tests for binary 
msDS-AdditionalDnsHostName
       via  4e51e832176 Fix a typo in recent net man page changes
      from  53e3a959b95 s3:lib:tls: Use better priority lists for modern GnuTLS


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9a447fb7e0701bf8b2fd922aed44d89f40420251
Author: Isaac Boukris <[email protected]>
Date:   Thu Jun 11 16:51:27 2020 +0300

    Properly handle msDS-AdditionalDnsHostName returned from Windows DC
    
    Windows DC adds short names for each specified msDS-AdditionalDnsHostName
    attribute, but these have a suffix of "\0$" and thus fail with
    ldap_get_values(), use ldap_get_values_len() instead.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
    
    Signed-off-by: Isaac Boukris <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>
    
    Autobuild-User(master): Isaac Boukris <[email protected]>
    Autobuild-Date(master): Thu Jun 18 16:43:47 UTC 2020 on sn-devel-184

commit 4605d7aec5caf494a23f2c9800d6689f710ffbce
Author: Isaac Boukris <[email protected]>
Date:   Tue Jun 16 22:01:49 2020 +0300

    selftest: add tests for binary msDS-AdditionalDnsHostName
    
    Like the short names added implicitly by Windows DC.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
    
    Signed-off-by: Isaac Boukris <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

commit 4e51e832176a99f2a841c7a0d78fb0424f02956e
Author: Isaac Boukris <[email protected]>
Date:   Thu Jun 11 21:05:07 2020 +0300

    Fix a typo in recent net man page changes
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
    
    Signed-off-by: Isaac Boukris <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages/net.8.xml        |  2 +-
 source3/libads/ldap.c              | 38 +++++++++++++++++++++++++++++++++++---
 testprogs/blackbox/test_net_ads.sh | 22 ++++++++++++++++++++++
 3 files changed, 58 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index cbab9c63a5e..951ddcd7c3a 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -497,7 +497,7 @@ joining the domain.
 </para>
 
 <para>
-[FQDN] (ADS only) set the dnsHosName attribute during the join.
+[FQDN] (ADS only) set the dnsHostName attribute during the join.
 The default format is netbiosname.dnsdomain.
 </para>
 
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index d443e3ee20c..51ceb447254 100755
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -3685,6 +3685,40 @@ out:
 /********************************************************************
 ********************************************************************/
 
+static char **get_addl_hosts(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+                             LDAPMessage *msg, size_t *num_values)
+{
+       const char *field = "msDS-AdditionalDnsHostName";
+       struct berval **values = NULL;
+       char **ret = NULL;
+       size_t i, converted_size;
+
+       values = ldap_get_values_len(ads->ldap.ld, msg, field);
+       if (values == NULL) {
+               return NULL;
+       }
+
+       *num_values = ldap_count_values_len(values);
+
+       ret = talloc_array(mem_ctx, char *, *num_values + 1);
+       if (ret == NULL) {
+               ldap_value_free_len(values);
+               return NULL;
+       }
+
+       for (i = 0; i < *num_values; i++) {
+               if (!pull_utf8_talloc(mem_ctx, &ret[i], values[i]->bv_val,
+                                     &converted_size)) {
+                       ldap_value_free_len(values);
+                       return NULL;
+               }
+       }
+       ret[i] = NULL;
+
+       ldap_value_free_len(values);
+       return ret;
+}
+
 ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
                                            ADS_STRUCT *ads,
                                            const char *machine_name,
@@ -3710,9 +3744,7 @@ ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX 
*mem_ctx,
                goto done;
        }
 
-       *hostnames_array = ads_pull_strings(ads, mem_ctx, res,
-                                           "msDS-AdditionalDnsHostName",
-                                           num_hostnames);
+       *hostnames_array = get_addl_hosts(ads, mem_ctx, res, num_hostnames);
        if (*hostnames_array == NULL) {
                DEBUG(1, ("Host account for %s does not have 
msDS-AdditionalDnsHostName.\n",
                          machine_name));
diff --git a/testprogs/blackbox/test_net_ads.sh 
b/testprogs/blackbox/test_net_ads.sh
index 85257f445d8..eef4a31a6a7 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -41,6 +41,11 @@ if [ -x "$BINDIR/ldbdel" ]; then
        ldbdel="$BINDIR/ldbdel"
 fi
 
+ldbmodify="ldbmodify"
+if [ -x "$BINDIR/ldbmodify" ]; then
+       ldbmodify="$BINDIR/ldbmodify"
+fi
+
 # Load test functions
 . `dirname $0`/subunit.sh
 
@@ -217,12 +222,29 @@ testit_grep "dns alias SPN" $dns_alias2 $VALGRIND 
$net_tool ads search -P samacc
 testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P 
samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 
1`
 testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P 
samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 
1`
 
+# Test binary msDS-AdditionalDnsHostName like ones added by Windows DC
+short_alias_file="$PREFIX_ABS/short_alias_file"
+printf 'short_alias\0$' > $short_alias_file
+cat > $PREFIX_ABS/tmpldbmodify <<EOF
+dn: CN=$HOSTNAME,$computers_dn
+changetype: modify
+add: msDS-AdditionalDnsHostName
+msDS-AdditionalDnsHostName:< file://$short_alias_file
+EOF
+
+testit "add binary msDS-AdditionalDnsHostName" $VALGRIND $ldbmodify -k yes 
-U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM $PREFIX_ABS/tmpldbmodify 
|| failed=`expr $failed + 1`
+
+testit_grep "addl short alias" short_alias $ldbsearch --show-binary 
-U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b 
"CN=$HOSTNAME,CN=Computers,$base_dn" msDS-AdditionalDnsHostName || failed=`expr 
$failed + 1`
+
+rm -f $PREFIX_ABS/tmpldbmodify $short_alias_file
+
 dedicated_keytab_file="$PREFIX_ABS/test_dns_aliases_dedicated_krb5.keytab"
 
 testit "dns alias create_keytab" $VALGRIND $net_tool ads keytab create 
--option="kerberosmethod=dedicatedkeytab" 
--option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 
1`
 
 testit_grep "dns alias1 check keytab" "host/${dns_alias1}@$REALM" $net_tool 
ads keytab list --option="kerberosmethod=dedicatedkeytab" 
--option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 
1`
 testit_grep "dns alias2 check keytab" "host/${dns_alias2}@$REALM" $net_tool 
ads keytab list --option="kerberosmethod=dedicatedkeytab" 
--option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 
1`
+testit_grep "addl short check keytab" "host/short_alias@$REALM" $net_tool ads 
keytab list --option="kerberosmethod=dedicatedkeytab" 
--option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 
1`
 
 rm -f $dedicated_keytab_file
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to