diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch')
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch | 159 |
1 files changed, 0 insertions, 159 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch deleted file mode 100644 index 2174e153a..000000000 --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch +++ /dev/null | |||
@@ -1,159 +0,0 @@ | |||
1 | From 3516236ec6eb42f29eda42542b109fa10217e68c Mon Sep 17 00:00:00 2001 | ||
2 | From: Andreas Schneider <asn@samba.org> | ||
3 | Date: Wed, 24 Sep 2014 10:51:33 +0200 | ||
4 | Subject: [PATCH] s3-libads: Add all machine account principals to the keytab. | ||
5 | |||
6 | This adds all SPNs defined in the DC for the computer account to the | ||
7 | keytab using 'net ads keytab create -P'. | ||
8 | |||
9 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9985 | ||
10 | |||
11 | Signed-off-by: Andreas Schneider <asn@samba.org> | ||
12 | Reviewed-by: Guenther Deschner <gd@samba.org> | ||
13 | (cherry picked from commit 5d58b92f8fcbc509f4fe2bd3617bcaeada1806b6) | ||
14 | --- | ||
15 | source3/libads/kerberos_keytab.c | 74 ++++++++++++++++++++++++++++------------ | ||
16 | 1 file changed, 52 insertions(+), 22 deletions(-) | ||
17 | |||
18 | diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c | ||
19 | index 83df088..d13625b 100644 | ||
20 | --- a/source3/libads/kerberos_keytab.c | ||
21 | +++ b/source3/libads/kerberos_keytab.c | ||
22 | @@ -507,20 +507,57 @@ int ads_keytab_create_default(ADS_STRUCT *ads) | ||
23 | krb5_kt_cursor cursor; | ||
24 | krb5_keytab_entry kt_entry; | ||
25 | krb5_kvno kvno; | ||
26 | - int i, found = 0; | ||
27 | + size_t found = 0; | ||
28 | char *sam_account_name, *upn; | ||
29 | char **oldEntries = NULL, *princ_s[26]; | ||
30 | - TALLOC_CTX *tmpctx = NULL; | ||
31 | + TALLOC_CTX *frame; | ||
32 | char *machine_name; | ||
33 | + char **spn_array; | ||
34 | + size_t num_spns; | ||
35 | + size_t i; | ||
36 | + ADS_STATUS status; | ||
37 | |||
38 | - /* these are the main ones we need */ | ||
39 | - ret = ads_keytab_add_entry(ads, "host"); | ||
40 | - if (ret != 0) { | ||
41 | - DEBUG(1, (__location__ ": ads_keytab_add_entry failed while " | ||
42 | - "adding 'host' principal.\n")); | ||
43 | - return ret; | ||
44 | + frame = talloc_stackframe(); | ||
45 | + if (frame == NULL) { | ||
46 | + ret = -1; | ||
47 | + goto done; | ||
48 | + } | ||
49 | + | ||
50 | + status = ads_get_service_principal_names(frame, | ||
51 | + ads, | ||
52 | + lp_netbios_name(), | ||
53 | + &spn_array, | ||
54 | + &num_spns); | ||
55 | + if (!ADS_ERR_OK(status)) { | ||
56 | + ret = -1; | ||
57 | + goto done; | ||
58 | } | ||
59 | |||
60 | + for (i = 0; i < num_spns; i++) { | ||
61 | + char *srv_princ; | ||
62 | + char *p; | ||
63 | + | ||
64 | + srv_princ = strlower_talloc(frame, spn_array[i]); | ||
65 | + if (srv_princ == NULL) { | ||
66 | + ret = -1; | ||
67 | + goto done; | ||
68 | + } | ||
69 | + | ||
70 | + p = strchr_m(srv_princ, '/'); | ||
71 | + if (p == NULL) { | ||
72 | + continue; | ||
73 | + } | ||
74 | + p[0] = '\0'; | ||
75 | + | ||
76 | + /* Add the SPNs found on the DC */ | ||
77 | + ret = ads_keytab_add_entry(ads, srv_princ); | ||
78 | + if (ret != 0) { | ||
79 | + DEBUG(1, ("ads_keytab_add_entry failed while " | ||
80 | + "adding '%s' principal.\n", | ||
81 | + spn_array[i])); | ||
82 | + goto done; | ||
83 | + } | ||
84 | + } | ||
85 | |||
86 | #if 0 /* don't create the CIFS/... keytab entries since no one except smbd | ||
87 | really needs them and we will fall back to verifying against | ||
88 | @@ -543,24 +580,17 @@ int ads_keytab_create_default(ADS_STRUCT *ads) | ||
89 | if (ret) { | ||
90 | DEBUG(1, (__location__ ": could not krb5_init_context: %s\n", | ||
91 | error_message(ret))); | ||
92 | - return ret; | ||
93 | - } | ||
94 | - | ||
95 | - tmpctx = talloc_init(__location__); | ||
96 | - if (!tmpctx) { | ||
97 | - DEBUG(0, (__location__ ": talloc_init() failed!\n")); | ||
98 | - ret = -1; | ||
99 | goto done; | ||
100 | } | ||
101 | |||
102 | - machine_name = talloc_strdup(tmpctx, lp_netbios_name()); | ||
103 | + machine_name = talloc_strdup(frame, lp_netbios_name()); | ||
104 | if (!machine_name) { | ||
105 | ret = -1; | ||
106 | goto done; | ||
107 | } | ||
108 | |||
109 | /* now add the userPrincipalName and sAMAccountName entries */ | ||
110 | - sam_account_name = ads_get_samaccountname(ads, tmpctx, machine_name); | ||
111 | + sam_account_name = ads_get_samaccountname(ads, frame, machine_name); | ||
112 | if (!sam_account_name) { | ||
113 | DEBUG(0, (__location__ ": unable to determine machine " | ||
114 | "account's name in AD!\n")); | ||
115 | @@ -584,7 +614,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) | ||
116 | } | ||
117 | |||
118 | /* remember that not every machine account will have a upn */ | ||
119 | - upn = ads_get_upn(ads, tmpctx, machine_name); | ||
120 | + upn = ads_get_upn(ads, frame, machine_name); | ||
121 | if (upn) { | ||
122 | ret = ads_keytab_add_entry(ads, upn); | ||
123 | if (ret != 0) { | ||
124 | @@ -596,7 +626,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) | ||
125 | |||
126 | /* Now loop through the keytab and update any other existing entries */ | ||
127 | kvno = (krb5_kvno)ads_get_machine_kvno(ads, machine_name); | ||
128 | - if (kvno == -1) { | ||
129 | + if (kvno == (krb5_kvno)-1) { | ||
130 | DEBUG(1, (__location__ ": ads_get_machine_kvno() failed to " | ||
131 | "determine the system's kvno.\n")); | ||
132 | goto done; | ||
133 | @@ -629,12 +659,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads) | ||
134 | * have a race condition where someone else could add entries after | ||
135 | * we've counted them. Re-open asap to minimise the race. JRA. | ||
136 | */ | ||
137 | - DEBUG(3, (__location__ ": Found %d entries in the keytab.\n", found)); | ||
138 | + DEBUG(3, (__location__ ": Found %zd entries in the keytab.\n", found)); | ||
139 | if (!found) { | ||
140 | goto done; | ||
141 | } | ||
142 | |||
143 | - oldEntries = talloc_array(tmpctx, char *, found); | ||
144 | + oldEntries = talloc_array(frame, char *, found); | ||
145 | if (!oldEntries) { | ||
146 | DEBUG(1, (__location__ ": Failed to allocate space to store " | ||
147 | "the old keytab entries (talloc failed?).\n")); | ||
148 | @@ -708,7 +738,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) | ||
149 | |||
150 | done: | ||
151 | TALLOC_FREE(oldEntries); | ||
152 | - TALLOC_FREE(tmpctx); | ||
153 | + TALLOC_FREE(frame); | ||
154 | |||
155 | { | ||
156 | krb5_keytab_entry zero_kt_entry; | ||
157 | -- | ||
158 | 2.1.0 | ||
159 | |||