diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch')
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch | 329 |
1 files changed, 329 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch new file mode 100644 index 000000000..5d309f111 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch | |||
@@ -0,0 +1,329 @@ | |||
1 | From 1925edc67e223d73d672af48c2ebd3e5865e01d9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andreas Schneider <asn@samba.org> | ||
3 | Date: Wed, 24 Sep 2014 09:22:03 +0200 | ||
4 | Subject: [PATCH 1/4] s3-libads: Add a function to retrieve the SPNs of a | ||
5 | computer account. | ||
6 | |||
7 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 | ||
8 | |||
9 | Signed-off-by: Andreas Schneider <asn@samba.org> | ||
10 | Reviewed-by: Guenther Deschner <gd@samba.org> | ||
11 | (cherry picked from commit 4eaa4ccbdf279f1ff6d8218b36d92aeea0114cd8) | ||
12 | --- | ||
13 | source3/libads/ads_proto.h | 6 +++++ | ||
14 | source3/libads/ldap.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++ | ||
15 | 2 files changed, 66 insertions(+) | ||
16 | |||
17 | diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h | ||
18 | index 17a84d1..6a22807 100644 | ||
19 | --- a/source3/libads/ads_proto.h | ||
20 | +++ b/source3/libads/ads_proto.h | ||
21 | @@ -87,6 +87,12 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, | ||
22 | const char *name, const char **vals); | ||
23 | uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); | ||
24 | uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name); | ||
25 | + | ||
26 | +ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, | ||
27 | + ADS_STRUCT *ads, | ||
28 | + const char *machine_name, | ||
29 | + char ***spn_array, | ||
30 | + size_t *num_spns); | ||
31 | ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name); | ||
32 | ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, | ||
33 | const char *my_fqdn, const char *spn); | ||
34 | diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c | ||
35 | index fb99132..51a0883 100644 | ||
36 | --- a/source3/libads/ldap.c | ||
37 | +++ b/source3/libads/ldap.c | ||
38 | @@ -1927,6 +1927,66 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin | ||
39 | } | ||
40 | |||
41 | /** | ||
42 | + * @brief This gets the service principal names of an existing computer account. | ||
43 | + * | ||
44 | + * @param[in] mem_ctx The memory context to use to allocate the spn array. | ||
45 | + * | ||
46 | + * @param[in] ads The ADS context to use. | ||
47 | + * | ||
48 | + * @param[in] machine_name The NetBIOS name of the computer, which is used to | ||
49 | + * identify the computer account. | ||
50 | + * | ||
51 | + * @param[in] spn_array A pointer to store the array for SPNs. | ||
52 | + * | ||
53 | + * @param[in] num_spns The number of principals stored in the array. | ||
54 | + * | ||
55 | + * @return 0 on success, or a ADS error if a failure occured. | ||
56 | + */ | ||
57 | +ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, | ||
58 | + ADS_STRUCT *ads, | ||
59 | + const char *machine_name, | ||
60 | + char ***spn_array, | ||
61 | + size_t *num_spns) | ||
62 | +{ | ||
63 | + ADS_STATUS status; | ||
64 | + LDAPMessage *res = NULL; | ||
65 | + char *dn; | ||
66 | + int count; | ||
67 | + | ||
68 | + status = ads_find_machine_acct(ads, | ||
69 | + &res, | ||
70 | + machine_name); | ||
71 | + if (!ADS_ERR_OK(status)) { | ||
72 | + DEBUG(1,("Host Account for %s not found... skipping operation.\n", | ||
73 | + machine_name)); | ||
74 | + return status; | ||
75 | + } | ||
76 | + | ||
77 | + count = ads_count_replies(ads, res); | ||
78 | + if (count != 1) { | ||
79 | + status = ADS_ERROR(LDAP_NO_SUCH_OBJECT); | ||
80 | + goto done; | ||
81 | + } | ||
82 | + | ||
83 | + dn = ads_get_dn(ads, mem_ctx, res); | ||
84 | + if (dn == NULL) { | ||
85 | + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); | ||
86 | + goto done; | ||
87 | + } | ||
88 | + | ||
89 | + *spn_array = ads_pull_strings(ads, | ||
90 | + mem_ctx, | ||
91 | + res, | ||
92 | + "servicePrincipalName", | ||
93 | + num_spns); | ||
94 | + | ||
95 | +done: | ||
96 | + ads_msgfree(ads, res); | ||
97 | + | ||
98 | + return status; | ||
99 | +} | ||
100 | + | ||
101 | +/** | ||
102 | * This adds a service principal name to an existing computer account | ||
103 | * (found by hostname) in AD. | ||
104 | * @param ads An initialized ADS_STRUCT | ||
105 | -- | ||
106 | 2.1.0 | ||
107 | |||
108 | |||
109 | From ed3b6536e1027a26d7983942f62677aa2bc0e93c Mon Sep 17 00:00:00 2001 | ||
110 | From: Andreas Schneider <asn@samba.org> | ||
111 | Date: Wed, 24 Sep 2014 09:23:58 +0200 | ||
112 | Subject: [PATCH 2/4] s3-libads: Add function to search for an element in an | ||
113 | array. | ||
114 | |||
115 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 | ||
116 | |||
117 | Signed-off-by: Andreas Schneider <asn@samba.org> | ||
118 | Reviewed-by: Guenther Deschner <gd@samba.org> | ||
119 | (cherry picked from commit e1ee4c8bc7018db7787dd9a0be6d3aa40a477ee2) | ||
120 | --- | ||
121 | source3/libads/ads_proto.h | 2 ++ | ||
122 | source3/libads/ldap.c | 31 +++++++++++++++++++++++++++++++ | ||
123 | 2 files changed, 33 insertions(+) | ||
124 | |||
125 | diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h | ||
126 | index 6a22807..1e34247 100644 | ||
127 | --- a/source3/libads/ads_proto.h | ||
128 | +++ b/source3/libads/ads_proto.h | ||
129 | @@ -88,6 +88,8 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, | ||
130 | uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); | ||
131 | uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name); | ||
132 | |||
133 | +bool ads_element_in_array(const char **el_array, size_t num_el, const char *el); | ||
134 | + | ||
135 | ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, | ||
136 | ADS_STRUCT *ads, | ||
137 | const char *machine_name, | ||
138 | diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c | ||
139 | index 51a0883..8d104c2 100644 | ||
140 | --- a/source3/libads/ldap.c | ||
141 | +++ b/source3/libads/ldap.c | ||
142 | @@ -1927,6 +1927,37 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin | ||
143 | } | ||
144 | |||
145 | /** | ||
146 | + * @brief Search for an element in a string array. | ||
147 | + * | ||
148 | + * @param[in] el_array The string array to search. | ||
149 | + * | ||
150 | + * @param[in] num_el The number of elements in the string array. | ||
151 | + * | ||
152 | + * @param[in] el The string to search. | ||
153 | + * | ||
154 | + * @return True if found, false if not. | ||
155 | + */ | ||
156 | +bool ads_element_in_array(const char **el_array, size_t num_el, const char *el) | ||
157 | +{ | ||
158 | + size_t i; | ||
159 | + | ||
160 | + if (el_array == NULL || num_el == 0 || el == NULL) { | ||
161 | + return false; | ||
162 | + } | ||
163 | + | ||
164 | + for (i = 0; i < num_el && el_array[i] != NULL; i++) { | ||
165 | + int cmp; | ||
166 | + | ||
167 | + cmp = strcasecmp_m(el_array[i], el); | ||
168 | + if (cmp == 0) { | ||
169 | + return true; | ||
170 | + } | ||
171 | + } | ||
172 | + | ||
173 | + return false; | ||
174 | +} | ||
175 | + | ||
176 | +/** | ||
177 | * @brief This gets the service principal names of an existing computer account. | ||
178 | * | ||
179 | * @param[in] mem_ctx The memory context to use to allocate the spn array. | ||
180 | -- | ||
181 | 2.1.0 | ||
182 | |||
183 | |||
184 | From 11700f1398d6197a99c686f1a43b45d6305ceae8 Mon Sep 17 00:00:00 2001 | ||
185 | From: Andreas Schneider <asn@samba.org> | ||
186 | Date: Fri, 26 Sep 2014 03:09:08 +0200 | ||
187 | Subject: [PATCH 3/4] s3-libnet: Add libnet_join_get_machine_spns(). | ||
188 | |||
189 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 | ||
190 | |||
191 | Signed-off-by: Andreas Schneider <asn@samba.org> | ||
192 | Reviewed-by: Guenther Deschner <gd@samba.org> | ||
193 | (cherry picked from commit 7e0b8fcce5572c88d50993a1dbd90f65638ba90f) | ||
194 | --- | ||
195 | source3/libnet/libnet_join.c | 20 ++++++++++++++++++++ | ||
196 | 1 file changed, 20 insertions(+) | ||
197 | |||
198 | diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c | ||
199 | index 1418385..3611cc7 100644 | ||
200 | --- a/source3/libnet/libnet_join.c | ||
201 | +++ b/source3/libnet/libnet_join.c | ||
202 | @@ -358,6 +358,26 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx, | ||
203 | return status; | ||
204 | } | ||
205 | |||
206 | +static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx, | ||
207 | + struct libnet_JoinCtx *r, | ||
208 | + char ***spn_array, | ||
209 | + size_t *num_spns) | ||
210 | +{ | ||
211 | + ADS_STATUS status; | ||
212 | + | ||
213 | + if (r->in.machine_name == NULL) { | ||
214 | + return ADS_ERROR_SYSTEM(EINVAL); | ||
215 | + } | ||
216 | + | ||
217 | + status = ads_get_service_principal_names(mem_ctx, | ||
218 | + r->in.ads, | ||
219 | + r->in.machine_name, | ||
220 | + spn_array, | ||
221 | + num_spns); | ||
222 | + | ||
223 | + return status; | ||
224 | +} | ||
225 | + | ||
226 | /**************************************************************** | ||
227 | Set a machines dNSHostName and servicePrincipalName attributes | ||
228 | ****************************************************************/ | ||
229 | -- | ||
230 | 2.1.0 | ||
231 | |||
232 | |||
233 | From 472256e27ad5cb5e7657efaece71744269ca8d16 Mon Sep 17 00:00:00 2001 | ||
234 | From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> | ||
235 | Date: Fri, 26 Sep 2014 03:35:43 +0200 | ||
236 | Subject: [PATCH 4/4] s3-libnet: Make sure we do not overwrite precreated SPNs. | ||
237 | MIME-Version: 1.0 | ||
238 | Content-Type: text/plain; charset=UTF-8 | ||
239 | Content-Transfer-Encoding: 8bit | ||
240 | |||
241 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 | ||
242 | |||
243 | Signed-off-by: Günther Deschner <gd@samba.org> | ||
244 | Reviewed-by: Andreas Schneider <asn@samba.org> | ||
245 | |||
246 | Autobuild-User(master): Günther Deschner <gd@samba.org> | ||
247 | Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104 | ||
248 | |||
249 | (cherry picked from commit 0aacbe78bb40d76b65087c2a197c92b0101e625e) | ||
250 | --- | ||
251 | source3/libnet/libnet_join.c | 39 ++++++++++++++++++++++++++++++++++++--- | ||
252 | 1 file changed, 36 insertions(+), 3 deletions(-) | ||
253 | |||
254 | diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c | ||
255 | index 3611cc7..aa7b5cb 100644 | ||
256 | --- a/source3/libnet/libnet_join.c | ||
257 | +++ b/source3/libnet/libnet_join.c | ||
258 | @@ -388,8 +388,10 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, | ||
259 | ADS_STATUS status; | ||
260 | ADS_MODLIST mods; | ||
261 | fstring my_fqdn; | ||
262 | - const char *spn_array[3] = {NULL, NULL, NULL}; | ||
263 | + const char **spn_array = NULL; | ||
264 | + size_t num_spns = 0; | ||
265 | char *spn = NULL; | ||
266 | + bool ok; | ||
267 | |||
268 | /* Find our DN */ | ||
269 | |||
270 | @@ -398,6 +400,14 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, | ||
271 | return status; | ||
272 | } | ||
273 | |||
274 | + status = libnet_join_get_machine_spns(mem_ctx, | ||
275 | + r, | ||
276 | + discard_const_p(char **, &spn_array), | ||
277 | + &num_spns); | ||
278 | + if (!ADS_ERR_OK(status)) { | ||
279 | + DEBUG(5, ("Retrieving the servicePrincipalNames failed.\n")); | ||
280 | + } | ||
281 | + | ||
282 | /* Windows only creates HOST/shortname & HOST/fqdn. */ | ||
283 | |||
284 | spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name); | ||
285 | @@ -407,7 +417,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, | ||
286 | if (!strupper_m(spn)) { | ||
287 | return ADS_ERROR_LDAP(LDAP_NO_MEMORY); | ||
288 | } | ||
289 | - spn_array[0] = spn; | ||
290 | + | ||
291 | + ok = ads_element_in_array(spn_array, num_spns, spn); | ||
292 | + if (!ok) { | ||
293 | + ok = add_string_to_array(spn_array, spn, | ||
294 | + &spn_array, (int *)&num_spns); | ||
295 | + if (!ok) { | ||
296 | + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); | ||
297 | + } | ||
298 | + } | ||
299 | |||
300 | if (!name_to_fqdn(my_fqdn, r->in.machine_name) | ||
301 | || (strchr(my_fqdn, '.') == NULL)) { | ||
302 | @@ -424,8 +442,23 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, | ||
303 | if (!spn) { | ||
304 | return ADS_ERROR_LDAP(LDAP_NO_MEMORY); | ||
305 | } | ||
306 | - spn_array[1] = spn; | ||
307 | + | ||
308 | + ok = ads_element_in_array(spn_array, num_spns, spn); | ||
309 | + if (!ok) { | ||
310 | + ok = add_string_to_array(spn_array, spn, | ||
311 | + &spn_array, (int *)&num_spns); | ||
312 | + if (!ok) { | ||
313 | + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); | ||
314 | + } | ||
315 | + } | ||
316 | + } | ||
317 | + | ||
318 | + /* make sure to NULL terminate the array */ | ||
319 | + spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1); | ||
320 | + if (spn_array == NULL) { | ||
321 | + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); | ||
322 | } | ||
323 | + spn_array[num_spns] = NULL; | ||
324 | |||
325 | mods = ads_init_mods(mem_ctx); | ||
326 | if (!mods) { | ||
327 | -- | ||
328 | 2.1.0 | ||
329 | |||