summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch')
-rw-r--r--meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch159
1 files changed, 0 insertions, 159 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch
deleted file mode 100644
index 2174e153a..000000000
--- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch
+++ /dev/null
@@ -1,159 +0,0 @@
1From 3516236ec6eb42f29eda42542b109fa10217e68c Mon Sep 17 00:00:00 2001
2From: Andreas Schneider <asn@samba.org>
3Date: Wed, 24 Sep 2014 10:51:33 +0200
4Subject: [PATCH] s3-libads: Add all machine account principals to the keytab.
5
6This adds all SPNs defined in the DC for the computer account to the
7keytab using 'net ads keytab create -P'.
8
9BUG: https://bugzilla.samba.org/show_bug.cgi?id=9985
10
11Signed-off-by: Andreas Schneider <asn@samba.org>
12Reviewed-by: Guenther Deschner <gd@samba.org>
13(cherry picked from commit 5d58b92f8fcbc509f4fe2bd3617bcaeada1806b6)
14---
15 source3/libads/kerberos_keytab.c | 74 ++++++++++++++++++++++++++++------------
16 1 file changed, 52 insertions(+), 22 deletions(-)
17
18diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
19index 83df088..d13625b 100644
20--- a/source3/libads/kerberos_keytab.c
21+++ b/source3/libads/kerberos_keytab.c
22@@ -507,20 +507,57 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
23 krb5_kt_cursor cursor;
24 krb5_keytab_entry kt_entry;
25 krb5_kvno kvno;
26- int i, found = 0;
27+ size_t found = 0;
28 char *sam_account_name, *upn;
29 char **oldEntries = NULL, *princ_s[26];
30- TALLOC_CTX *tmpctx = NULL;
31+ TALLOC_CTX *frame;
32 char *machine_name;
33+ char **spn_array;
34+ size_t num_spns;
35+ size_t i;
36+ ADS_STATUS status;
37
38- /* these are the main ones we need */
39- ret = ads_keytab_add_entry(ads, "host");
40- if (ret != 0) {
41- DEBUG(1, (__location__ ": ads_keytab_add_entry failed while "
42- "adding 'host' principal.\n"));
43- return ret;
44+ frame = talloc_stackframe();
45+ if (frame == NULL) {
46+ ret = -1;
47+ goto done;
48+ }
49+
50+ status = ads_get_service_principal_names(frame,
51+ ads,
52+ lp_netbios_name(),
53+ &spn_array,
54+ &num_spns);
55+ if (!ADS_ERR_OK(status)) {
56+ ret = -1;
57+ goto done;
58 }
59
60+ for (i = 0; i < num_spns; i++) {
61+ char *srv_princ;
62+ char *p;
63+
64+ srv_princ = strlower_talloc(frame, spn_array[i]);
65+ if (srv_princ == NULL) {
66+ ret = -1;
67+ goto done;
68+ }
69+
70+ p = strchr_m(srv_princ, '/');
71+ if (p == NULL) {
72+ continue;
73+ }
74+ p[0] = '\0';
75+
76+ /* Add the SPNs found on the DC */
77+ ret = ads_keytab_add_entry(ads, srv_princ);
78+ if (ret != 0) {
79+ DEBUG(1, ("ads_keytab_add_entry failed while "
80+ "adding '%s' principal.\n",
81+ spn_array[i]));
82+ goto done;
83+ }
84+ }
85
86 #if 0 /* don't create the CIFS/... keytab entries since no one except smbd
87 really needs them and we will fall back to verifying against
88@@ -543,24 +580,17 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
89 if (ret) {
90 DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
91 error_message(ret)));
92- return ret;
93- }
94-
95- tmpctx = talloc_init(__location__);
96- if (!tmpctx) {
97- DEBUG(0, (__location__ ": talloc_init() failed!\n"));
98- ret = -1;
99 goto done;
100 }
101
102- machine_name = talloc_strdup(tmpctx, lp_netbios_name());
103+ machine_name = talloc_strdup(frame, lp_netbios_name());
104 if (!machine_name) {
105 ret = -1;
106 goto done;
107 }
108
109 /* now add the userPrincipalName and sAMAccountName entries */
110- sam_account_name = ads_get_samaccountname(ads, tmpctx, machine_name);
111+ sam_account_name = ads_get_samaccountname(ads, frame, machine_name);
112 if (!sam_account_name) {
113 DEBUG(0, (__location__ ": unable to determine machine "
114 "account's name in AD!\n"));
115@@ -584,7 +614,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
116 }
117
118 /* remember that not every machine account will have a upn */
119- upn = ads_get_upn(ads, tmpctx, machine_name);
120+ upn = ads_get_upn(ads, frame, machine_name);
121 if (upn) {
122 ret = ads_keytab_add_entry(ads, upn);
123 if (ret != 0) {
124@@ -596,7 +626,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
125
126 /* Now loop through the keytab and update any other existing entries */
127 kvno = (krb5_kvno)ads_get_machine_kvno(ads, machine_name);
128- if (kvno == -1) {
129+ if (kvno == (krb5_kvno)-1) {
130 DEBUG(1, (__location__ ": ads_get_machine_kvno() failed to "
131 "determine the system's kvno.\n"));
132 goto done;
133@@ -629,12 +659,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
134 * have a race condition where someone else could add entries after
135 * we've counted them. Re-open asap to minimise the race. JRA.
136 */
137- DEBUG(3, (__location__ ": Found %d entries in the keytab.\n", found));
138+ DEBUG(3, (__location__ ": Found %zd entries in the keytab.\n", found));
139 if (!found) {
140 goto done;
141 }
142
143- oldEntries = talloc_array(tmpctx, char *, found);
144+ oldEntries = talloc_array(frame, char *, found);
145 if (!oldEntries) {
146 DEBUG(1, (__location__ ": Failed to allocate space to store "
147 "the old keytab entries (talloc failed?).\n"));
148@@ -708,7 +738,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
149
150 done:
151 TALLOC_FREE(oldEntries);
152- TALLOC_FREE(tmpctx);
153+ TALLOC_FREE(frame);
154
155 {
156 krb5_keytab_entry zero_kt_entry;
157--
1582.1.0
159
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-06 18:12:57 +0000