summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dns_server/dns_server.c61
1 files changed, 47 insertions, 14 deletions
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 8e2539664c..6824fef05a 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -748,7 +748,11 @@ static void dns_task_init(struct task_server *task)
int ret;
struct ldb_result *res;
static const char * const attrs[] = { "name", NULL};
+ static const char * const attrs_none[] = { NULL};
unsigned int i;
+ struct ldb_message *dns_acc;
+ char *hostname_lower;
+ char *dns_spn;
switch (lpcfg_server_role(task->lp_ctx)) {
case ROLE_STANDALONE:
@@ -787,29 +791,58 @@ static void dns_task_init(struct task_server *task)
return;
}
- cli_credentials_set_conf(dns->server_credentials, task->lp_ctx);
- status = cli_credentials_set_machine_account(dns->server_credentials, task->lp_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- task_server_terminate(task,
- talloc_asprintf(task, "Failed to obtain server credentials, perhaps a standalone server?: %s\n",
- nt_errstr(status)),
- true);
+ dns->samdb = samdb_connect(dns, dns->task->event_ctx, dns->task->lp_ctx,
+ system_session(dns->task->lp_ctx), 0);
+ if (!dns->samdb) {
+ task_server_terminate(task, "dns: samdb_connect failed", true);
return;
}
+ cli_credentials_set_conf(dns->server_credentials, task->lp_ctx);
+
+ hostname_lower = strlower_talloc(dns, lpcfg_netbios_name(task->lp_ctx));
+ dns_spn = talloc_asprintf(dns, "DNS/%s.%s",
+ hostname_lower,
+ lpcfg_dnsdomain(task->lp_ctx));
+ TALLOC_FREE(hostname_lower);
+
+ ret = dsdb_search_one(dns->samdb, dns, &dns_acc,
+ ldb_get_default_basedn(dns->samdb), LDB_SCOPE_SUBTREE,
+ attrs_none, 0, "(servicePrincipalName=%s)",
+ dns_spn);
+ if (ret == LDB_SUCCESS) {
+ TALLOC_FREE(dns_acc);
+ if (!dns_spn) {
+ task_server_terminate(task, "dns: talloc_asprintf failed", true);
+ return;
+ }
+ status = cli_credentials_set_stored_principal(dns->server_credentials, task->lp_ctx, dns_spn);
+ if (!NT_STATUS_IS_OK(status)) {
+ task_server_terminate(task,
+ talloc_asprintf(task, "Failed to obtain server credentials for DNS, "
+ "despite finding it in the samdb! %s\n",
+ nt_errstr(status)),
+ true);
+ return;
+ }
+ } else {
+ TALLOC_FREE(dns_spn);
+ status = cli_credentials_set_machine_account(dns->server_credentials, task->lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ task_server_terminate(task,
+ talloc_asprintf(task, "Failed to obtain server credentials, perhaps a standalone server?: %s\n",
+ nt_errstr(status)),
+ true);
+ return;
+ }
+ }
+
dns->tkeys = tkey_store_init(dns, TKEY_BUFFER_SIZE);
if (!dns->tkeys) {
task_server_terminate(task, "Failed to allocate tkey storage\n", true);
return;
}
- dns->samdb = samdb_connect(dns, dns->task->event_ctx, dns->task->lp_ctx,
- system_session(dns->task->lp_ctx), 0);
- if (!dns->samdb) {
- task_server_terminate(task, "dns: samdb_connect failed", true);
- return;
- }
-
// TODO: this search does not work against windows
ret = dsdb_search(dns->samdb, dns, &res, NULL, LDB_SCOPE_SUBTREE,
attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS, "(objectClass=dnsZone)");