1 files changed, 329 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch
new file mode 100644
index 000000000..5d309f111
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch
@@ -0,0 +1,329 @@
+From 1925edc67e223d73d672af48c2ebd3e5865e01d9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 24 Sep 2014 09:22:03 +0200
+Subject: [PATCH 1/4] s3-libads: Add a function to retrieve the SPNs of a
+ computer account.
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+(cherry picked from commit 4eaa4ccbdf279f1ff6d8218b36d92aeea0114cd8)
+---
+ source3/libads/ads_proto.h |  6 +++++
+ source3/libads/ldap.c      | 60 ++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 66 insertions(+)
+diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
+index 17a84d1..6a22807 100644
+--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
+@@ -87,6 +87,12 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+                                const char *name, const char **vals);
+ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
+ uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+                                          ADS_STRUCT *ads,
+                                          const char *machine_name,
+                                          char ***spn_array,
+                                          size_t *num_spns);
+ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
+ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
+                                           const char *my_fqdn, const char *spn);
+diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
+index fb99132..51a0883 100644
+--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
+@@ -1927,6 +1927,66 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
+ }
+ 
+ /**
+ * @brief This gets the service principal names of an existing computer account.
+ *
+ * @param[in]  mem_ctx      The memory context to use to allocate the spn array.
+ *
+ * @param[in]  ads          The ADS context to use.
+ *
+ * @param[in]  machine_name The NetBIOS name of the computer, which is used to
+ *                          identify the computer account.
+ *
+ * @param[in]  spn_array    A pointer to store the array for SPNs.
+ *
+ * @param[in]  num_spns     The number of principals stored in the array.
+ *
+ * @return                  0 on success, or a ADS error if a failure occured.
+ */
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+                                          ADS_STRUCT *ads,
+                                          const char *machine_name,
+                                          char ***spn_array,
+                                          size_t *num_spns)
+{
+       ADS_STATUS status;
+       LDAPMessage *res = NULL;
+       char *dn;
+       int count;
+
+       status = ads_find_machine_acct(ads,
+                                      &res,
+                                      machine_name);
+       if (!ADS_ERR_OK(status)) {
+               DEBUG(1,("Host Account for %s not found... skipping operation.\n",
+                        machine_name));
+               return status;
+       }
+
+       count = ads_count_replies(ads, res);
+       if (count != 1) {
+               status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+               goto done;
+       }
+
+       dn = ads_get_dn(ads, mem_ctx, res);
+       if (dn == NULL) {
+               status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+               goto done;
+       }
+
+       *spn_array = ads_pull_strings(ads,
+                                     mem_ctx,
+                                     res,
+                                     "servicePrincipalName",
+                                     num_spns);
+
+done:
+       ads_msgfree(ads, res);
+
+       return status;
+}
+
+/**
+  * This adds a service principal name to an existing computer account
+  * (found by hostname) in AD.
+  * @param ads An initialized ADS_STRUCT
+-- 
+2.1.0
+From ed3b6536e1027a26d7983942f62677aa2bc0e93c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 24 Sep 2014 09:23:58 +0200
+Subject: [PATCH 2/4] s3-libads: Add function to search for an element in an
+ array.
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+(cherry picked from commit e1ee4c8bc7018db7787dd9a0be6d3aa40a477ee2)
+---
+ source3/libads/ads_proto.h |  2 ++
+ source3/libads/ldap.c      | 31 +++++++++++++++++++++++++++++++
+ 2 files changed, 33 insertions(+)
+diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
+index 6a22807..1e34247 100644
+--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
+@@ -88,6 +88,8 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
+ uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+ 
+bool ads_element_in_array(const char **el_array, size_t num_el, const char *el);
+
+ ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+                                           ADS_STRUCT *ads,
+                                           const char *machine_name,
+diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
+index 51a0883..8d104c2 100644
+--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
+@@ -1927,6 +1927,37 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
+ }
+ 
+ /**
+ * @brief Search for an element in a string array.
+ *
+ * @param[in]  el_array  The string array to search.
+ *
+ * @param[in]  num_el    The number of elements in the string array.
+ *
+ * @param[in]  el        The string to search.
+ *
+ * @return               True if found, false if not.
+ */
+bool ads_element_in_array(const char **el_array, size_t num_el, const char *el)
+{
+       size_t i;
+
+       if (el_array == NULL || num_el == 0 || el == NULL) {
+               return false;
+       }
+
+       for (i = 0; i < num_el && el_array[i] != NULL; i++) {
+               int cmp;
+
+               cmp = strcasecmp_m(el_array[i], el);
+               if (cmp == 0) {
+                       return true;
+               }
+       }
+
+       return false;
+}
+
+/**
+  * @brief This gets the service principal names of an existing computer account.
+  *
+  * @param[in]  mem_ctx      The memory context to use to allocate the spn array.
+-- 
+2.1.0
+From 11700f1398d6197a99c686f1a43b45d6305ceae8 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 26 Sep 2014 03:09:08 +0200
+Subject: [PATCH 3/4] s3-libnet: Add libnet_join_get_machine_spns().
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+(cherry picked from commit 7e0b8fcce5572c88d50993a1dbd90f65638ba90f)
+---
+ source3/libnet/libnet_join.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index 1418385..3611cc7 100644
+--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
+@@ -358,6 +358,26 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx,
+        return status;
+ }
+ 
+static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
+                                              struct libnet_JoinCtx *r,
+                                              char ***spn_array,
+                                              size_t *num_spns)
+{
+       ADS_STATUS status;
+
+       if (r->in.machine_name == NULL) {
+               return ADS_ERROR_SYSTEM(EINVAL);
+       }
+
+       status = ads_get_service_principal_names(mem_ctx,
+                                                r->in.ads,
+                                                r->in.machine_name,
+                                                spn_array,
+                                                num_spns);
+
+       return status;
+}
+
+ /****************************************************************
+  Set a machines dNSHostName and servicePrincipalName attributes
+ ****************************************************************/
+-- 
+2.1.0
+From 472256e27ad5cb5e7657efaece71744269ca8d16 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 26 Sep 2014 03:35:43 +0200
+Subject: [PATCH 4/4] s3-libnet: Make sure we do not overwrite precreated SPNs.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104
+(cherry picked from commit 0aacbe78bb40d76b65087c2a197c92b0101e625e)
+---
+ source3/libnet/libnet_join.c | 39 ++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 36 insertions(+), 3 deletions(-)
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index 3611cc7..aa7b5cb 100644
+--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
+@@ -388,8 +388,10 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
+        ADS_STATUS status;
+        ADS_MODLIST mods;
+        fstring my_fqdn;
+-       const char *spn_array[3] = {NULL, NULL, NULL};
+       const char **spn_array = NULL;
+       size_t num_spns = 0;
+        char *spn = NULL;
+       bool ok;
+ 
+        /* Find our DN */
+ 
+@@ -398,6 +400,14 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
+                return status;
+        }
+ 
+       status = libnet_join_get_machine_spns(mem_ctx,
+                                             r,
+                                             discard_const_p(char **, &spn_array),
+                                             &num_spns);
+       if (!ADS_ERR_OK(status)) {
+               DEBUG(5, ("Retrieving the servicePrincipalNames failed.\n"));
+       }
+
+        /* Windows only creates HOST/shortname & HOST/fqdn. */
+ 
+        spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name);
+@@ -407,7 +417,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
+        if (!strupper_m(spn)) {
+                return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+        }
+-       spn_array[0] = spn;
+
+       ok = ads_element_in_array(spn_array, num_spns, spn);
+       if (!ok) {
+               ok = add_string_to_array(spn_array, spn,
+                                        &spn_array, (int *)&num_spns);
+               if (!ok) {
+                       return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+               }
+       }
+ 
+        if (!name_to_fqdn(my_fqdn, r->in.machine_name)
+            || (strchr(my_fqdn, '.') == NULL)) {
+@@ -424,8 +442,23 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
+                if (!spn) {
+                        return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+                }
+-               spn_array[1] = spn;
+
+               ok = ads_element_in_array(spn_array, num_spns, spn);
+               if (!ok) {
+                       ok = add_string_to_array(spn_array, spn,
+                                                &spn_array, (int *)&num_spns);
+                       if (!ok) {
+                               return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+                       }
+               }
+       }
+
+       /* make sure to NULL terminate the array */
+       spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1);
+       if (spn_array == NULL) {
+               return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+        }
+       spn_array[num_spns] = NULL;
+ 
+        mods = ads_init_mods(mem_ctx);
+        if (!mods) {
+-- 
+2.1.0

diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch new file mode 100644 index 000000000..5d309f111 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch
@@ -0,0 +1,329 @@
	1	From 1925edc67e223d73d672af48c2ebd3e5865e01d9 Mon Sep 17 00:00:00 2001
	2	From: Andreas Schneider <asn@samba.org>
	3	Date: Wed, 24 Sep 2014 09:22:03 +0200
	4	Subject: [PATCH 1/4] s3-libads: Add a function to retrieve the SPNs of a
	5	computer account.
	6
	7	BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
	8
	9	Signed-off-by: Andreas Schneider <asn@samba.org>
	10	Reviewed-by: Guenther Deschner <gd@samba.org>
	11	(cherry picked from commit 4eaa4ccbdf279f1ff6d8218b36d92aeea0114cd8)
	12	---
	13	source3/libads/ads_proto.h \| 6 +++++
	14	source3/libads/ldap.c \| 60 ++++++++++++++++++++++++++++++++++++++++++++++
	15	2 files changed, 66 insertions(+)
	16
	17	diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
	18	index 17a84d1..6a22807 100644
	19	--- a/source3/libads/ads_proto.h
	20	+++ b/source3/libads/ads_proto.h
	21	@@ -87,6 +87,12 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX ctx, ADS_MODLIST mods,
	22	const char name, const char *vals);
	23	uint32 ads_get_kvno(ADS_STRUCT ads, const char account_name);
	24	uint32_t ads_get_machine_kvno(ADS_STRUCT ads, const char machine_name);
	25	+
	26	+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
	27	+ ADS_STRUCT *ads,
	28	+ const char *machine_name,
	29	+ char ***spn_array,
	30	+ size_t *num_spns);
	31	ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT ads, const char machine_name);
	32	ADS_STATUS ads_add_service_principal_name(ADS_STRUCT ads, const char machine_name,
	33	const char my_fqdn, const char spn);
	34	diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
	35	index fb99132..51a0883 100644
	36	--- a/source3/libads/ldap.c
	37	+++ b/source3/libads/ldap.c
	38	@@ -1927,6 +1927,66 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT ads, const char machin
	39	}
	40
	41	/**
	42	+ * @brief This gets the service principal names of an existing computer account.
	43	+ *
	44	+ * @param[in] mem_ctx The memory context to use to allocate the spn array.
	45	+ *
	46	+ * @param[in] ads The ADS context to use.
	47	+ *
	48	+ * @param[in] machine_name The NetBIOS name of the computer, which is used to
	49	+ * identify the computer account.
	50	+ *
	51	+ * @param[in] spn_array A pointer to store the array for SPNs.
	52	+ *
	53	+ * @param[in] num_spns The number of principals stored in the array.
	54	+ *
	55	+ * @return 0 on success, or a ADS error if a failure occured.
	56	+ */
	57	+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
	58	+ ADS_STRUCT *ads,
	59	+ const char *machine_name,
	60	+ char ***spn_array,
	61	+ size_t *num_spns)
	62	+{
	63	+ ADS_STATUS status;
	64	+ LDAPMessage *res = NULL;
	65	+ char *dn;
	66	+ int count;
	67	+
	68	+ status = ads_find_machine_acct(ads,
	69	+ &res,
	70	+ machine_name);
	71	+ if (!ADS_ERR_OK(status)) {
	72	+ DEBUG(1,("Host Account for %s not found... skipping operation.\n",
	73	+ machine_name));
	74	+ return status;
	75	+ }
	76	+
	77	+ count = ads_count_replies(ads, res);
	78	+ if (count != 1) {
	79	+ status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
	80	+ goto done;
	81	+ }
	82	+
	83	+ dn = ads_get_dn(ads, mem_ctx, res);
	84	+ if (dn == NULL) {
	85	+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
	86	+ goto done;
	87	+ }
	88	+
	89	+ *spn_array = ads_pull_strings(ads,
	90	+ mem_ctx,
	91	+ res,
	92	+ "servicePrincipalName",
	93	+ num_spns);
	94	+
	95	+done:
	96	+ ads_msgfree(ads, res);
	97	+
	98	+ return status;
	99	+}
	100	+
	101	+/**
	102	* This adds a service principal name to an existing computer account
	103	* (found by hostname) in AD.
	104	* @param ads An initialized ADS_STRUCT
	105	--
	106	2.1.0
	107
	108
	109	From ed3b6536e1027a26d7983942f62677aa2bc0e93c Mon Sep 17 00:00:00 2001
	110	From: Andreas Schneider <asn@samba.org>
	111	Date: Wed, 24 Sep 2014 09:23:58 +0200
	112	Subject: [PATCH 2/4] s3-libads: Add function to search for an element in an
	113	array.
	114
	115	BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
	116
	117	Signed-off-by: Andreas Schneider <asn@samba.org>
	118	Reviewed-by: Guenther Deschner <gd@samba.org>
	119	(cherry picked from commit e1ee4c8bc7018db7787dd9a0be6d3aa40a477ee2)
	120	---
	121	source3/libads/ads_proto.h \| 2 ++
	122	source3/libads/ldap.c \| 31 +++++++++++++++++++++++++++++++
	123	2 files changed, 33 insertions(+)
	124
	125	diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
	126	index 6a22807..1e34247 100644
	127	--- a/source3/libads/ads_proto.h
	128	+++ b/source3/libads/ads_proto.h
	129	@@ -88,6 +88,8 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX ctx, ADS_MODLIST mods,
	130	uint32 ads_get_kvno(ADS_STRUCT ads, const char account_name);
	131	uint32_t ads_get_machine_kvno(ADS_STRUCT ads, const char machine_name);
	132
	133	+bool ads_element_in_array(const char *el_array, size_t num_el, const char el);
	134	+
	135	ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
	136	ADS_STRUCT *ads,
	137	const char *machine_name,
	138	diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
	139	index 51a0883..8d104c2 100644
	140	--- a/source3/libads/ldap.c
	141	+++ b/source3/libads/ldap.c
	142	@@ -1927,6 +1927,37 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT ads, const char machin
	143	}
	144
	145	/**
	146	+ * @brief Search for an element in a string array.
	147	+ *
	148	+ * @param[in] el_array The string array to search.
	149	+ *
	150	+ * @param[in] num_el The number of elements in the string array.
	151	+ *
	152	+ * @param[in] el The string to search.
	153	+ *
	154	+ * @return True if found, false if not.
	155	+ */
	156	+bool ads_element_in_array(const char *el_array, size_t num_el, const char el)
	157	+{
	158	+ size_t i;
	159	+
	160	+ if (el_array == NULL \|\| num_el == 0 \|\| el == NULL) {
	161	+ return false;
	162	+ }
	163	+
	164	+ for (i = 0; i < num_el && el_array[i] != NULL; i++) {
	165	+ int cmp;
	166	+
	167	+ cmp = strcasecmp_m(el_array[i], el);
	168	+ if (cmp == 0) {
	169	+ return true;
	170	+ }
	171	+ }
	172	+
	173	+ return false;
	174	+}
	175	+
	176	+/**
	177	* @brief This gets the service principal names of an existing computer account.
	178	*
	179	* @param[in] mem_ctx The memory context to use to allocate the spn array.
	180	--
	181	2.1.0
	182
	183
	184	From 11700f1398d6197a99c686f1a43b45d6305ceae8 Mon Sep 17 00:00:00 2001
	185	From: Andreas Schneider <asn@samba.org>
	186	Date: Fri, 26 Sep 2014 03:09:08 +0200
	187	Subject: [PATCH 3/4] s3-libnet: Add libnet_join_get_machine_spns().
	188
	189	BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
	190
	191	Signed-off-by: Andreas Schneider <asn@samba.org>
	192	Reviewed-by: Guenther Deschner <gd@samba.org>
	193	(cherry picked from commit 7e0b8fcce5572c88d50993a1dbd90f65638ba90f)
	194	---
	195	source3/libnet/libnet_join.c \| 20 ++++++++++++++++++++
	196	1 file changed, 20 insertions(+)
	197
	198	diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
	199	index 1418385..3611cc7 100644
	200	--- a/source3/libnet/libnet_join.c
	201	+++ b/source3/libnet/libnet_join.c
	202	@@ -358,6 +358,26 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx,
	203	return status;
	204	}
	205
	206	+static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
	207	+ struct libnet_JoinCtx *r,
	208	+ char ***spn_array,
	209	+ size_t *num_spns)
	210	+{
	211	+ ADS_STATUS status;
	212	+
	213	+ if (r->in.machine_name == NULL) {
	214	+ return ADS_ERROR_SYSTEM(EINVAL);
	215	+ }
	216	+
	217	+ status = ads_get_service_principal_names(mem_ctx,
	218	+ r->in.ads,
	219	+ r->in.machine_name,
	220	+ spn_array,
	221	+ num_spns);
	222	+
	223	+ return status;
	224	+}
	225	+
	226	/****************************************************************
	227	Set a machines dNSHostName and servicePrincipalName attributes
	228	****************************************************************/
	229	--
	230	2.1.0
	231
	232
	233	From 472256e27ad5cb5e7657efaece71744269ca8d16 Mon Sep 17 00:00:00 2001
	234	From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
	235	Date: Fri, 26 Sep 2014 03:35:43 +0200
	236	Subject: [PATCH 4/4] s3-libnet: Make sure we do not overwrite precreated SPNs.
	237	MIME-Version: 1.0
	238	Content-Type: text/plain; charset=UTF-8
	239	Content-Transfer-Encoding: 8bit
	240
	241	BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
	242
	243	Signed-off-by: Günther Deschner <gd@samba.org>
	244	Reviewed-by: Andreas Schneider <asn@samba.org>
	245
	246	Autobuild-User(master): Günther Deschner <gd@samba.org>
	247	Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104
	248
	249	(cherry picked from commit 0aacbe78bb40d76b65087c2a197c92b0101e625e)
	250	---
	251	source3/libnet/libnet_join.c \| 39 ++++++++++++++++++++++++++++++++++++---
	252	1 file changed, 36 insertions(+), 3 deletions(-)
	253
	254	diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
	255	index 3611cc7..aa7b5cb 100644
	256	--- a/source3/libnet/libnet_join.c
	257	+++ b/source3/libnet/libnet_join.c
	258	@@ -388,8 +388,10 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
	259	ADS_STATUS status;
	260	ADS_MODLIST mods;
	261	fstring my_fqdn;
	262	- const char *spn_array[3] = {NULL, NULL, NULL};
	263	+ const char **spn_array = NULL;
	264	+ size_t num_spns = 0;
	265	char *spn = NULL;
	266	+ bool ok;
	267
	268	/* Find our DN */
	269
	270	@@ -398,6 +400,14 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
	271	return status;
	272	}
	273
	274	+ status = libnet_join_get_machine_spns(mem_ctx,
	275	+ r,
	276	+ discard_const_p(char **, &spn_array),
	277	+ &num_spns);
	278	+ if (!ADS_ERR_OK(status)) {
	279	+ DEBUG(5, ("Retrieving the servicePrincipalNames failed.\n"));
	280	+ }
	281	+
	282	/* Windows only creates HOST/shortname & HOST/fqdn. */
	283
	284	spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name);
	285	@@ -407,7 +417,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
	286	if (!strupper_m(spn)) {
	287	return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
	288	}
	289	- spn_array[0] = spn;
	290	+
	291	+ ok = ads_element_in_array(spn_array, num_spns, spn);
	292	+ if (!ok) {
	293	+ ok = add_string_to_array(spn_array, spn,
	294	+ &spn_array, (int *)&num_spns);
	295	+ if (!ok) {
	296	+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
	297	+ }
	298	+ }
	299
	300	if (!name_to_fqdn(my_fqdn, r->in.machine_name)
	301	\|\| (strchr(my_fqdn, '.') == NULL)) {
	302	@@ -424,8 +442,23 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
	303	if (!spn) {
	304	return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
	305	}
	306	- spn_array[1] = spn;
	307	+
	308	+ ok = ads_element_in_array(spn_array, num_spns, spn);
	309	+ if (!ok) {
	310	+ ok = add_string_to_array(spn_array, spn,
	311	+ &spn_array, (int *)&num_spns);
	312	+ if (!ok) {
	313	+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
	314	+ }
	315	+ }
	316	+ }
	317	+
	318	+ /* make sure to NULL terminate the array */
	319	+ spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1);
	320	+ if (spn_array == NULL) {
	321	+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
	322	}
	323	+ spn_array[num_spns] = NULL;
	324
	325	mods = ads_init_mods(mem_ctx);
	326	if (!mods) {
	327	--
	328	2.1.0
	329