diff --git a/SOURCES/samba-4.10-redhat.patch b/SOURCES/samba-4.10-redhat.patch
index cc36c48..825630f 100644
--- a/SOURCES/samba-4.10-redhat.patch
+++ b/SOURCES/samba-4.10-redhat.patch
@@ -1,7 +1,7 @@
From 0ef46723cad274d0fe7948a67b33f9f20fab3f0d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Tue, 7 Jan 2020 19:25:53 +0200
-Subject: [PATCH 1/7] s3-rpcserver: fix security level check for
+Subject: [PATCH 01/11] s3-rpcserver: fix security level check for
DsRGetForestTrustInformation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
@@ -80,13 +80,13 @@ index d799ba4feef..87613b99fde 100644
}
--
-2.26.2
+2.25.4
From 67c40147a3c1da49a8d407282e1917ed3be511b0 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 16:50:45 +0200
-Subject: [PATCH 2/7] Add a test to check dNSHostName with netbios aliases
+Subject: [PATCH 02/11] Add a test to check dNSHostName with netbios aliases
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -132,13 +132,13 @@ index 95c0cf76f90..6073ea972f9 100755
# Test createcomputer option of 'net ads join'
#
--
-2.26.2
+2.25.4
From b3e19ea4f4f366e7f6b99114c71f65c303402ef8 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 15:52:46 +0200
-Subject: [PATCH 3/7] Fix accidental overwrite of dnsHostName by the last
+Subject: [PATCH 03/11] Fix accidental overwrite of dnsHostName by the last
netbios alias
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -186,13 +186,13 @@ index 9d4f656ffec..a31011b0ff8 100644
status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
goto done;
--
-2.26.2
+2.25.4
From 134c761913dcf84c8c18751a8ba9cc3652995138 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 24 Oct 2019 19:04:51 +0300
-Subject: [PATCH 4/7] Refactor ads_keytab_add_entry() to make it iterable
+Subject: [PATCH 04/11] Refactor ads_keytab_add_entry() to make it iterable
so we can more easily add msDS-AdditionalDnsHostName entries.
@@ -453,13 +453,13 @@ index 97d5535041c..0f450a09df5 100644
out:
SAFE_FREE(salt_princ_s);
--
-2.26.2
+2.25.4
From 7b2295db8683bb9432f49e2f09912799e65e2e6b Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 17:55:12 +0200
-Subject: [PATCH 5/7] Add a test for msDS-AdditionalDnsHostName entries in
+Subject: [PATCH 05/11] Add a test for msDS-AdditionalDnsHostName entries in
keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -501,13 +501,13 @@ index 6073ea972f9..a40b477a173 100755
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
--
-2.26.2
+2.25.4
From ca89f163524c317b6a2fffeb527194b34ede526d Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 15:36:28 +0200
-Subject: [PATCH 6/7] Add msDS-AdditionalDnsHostName entries to the keytab
+Subject: [PATCH 06/11] Add msDS-AdditionalDnsHostName entries to the keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -648,13 +648,13 @@ index db2b72ab1b5..02a628ee0e6 100644
{
LDAPMessage *res = NULL;
--
-2.26.2
+2.25.4
From 48d6a35118f2c8e51bbe3f31c1500f8ab097498e Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 27 May 2020 15:54:12 +0200
-Subject: [PATCH 7/7] Add net-ads-join dnshostname=fqdn option
+Subject: [PATCH 07/11] Add net-ads-join dnshostname=fqdn option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
@@ -794,5 +794,241 @@ index a40b477a173..85257f445d8 100755
exit $failed
--
-2.26.2
+2.25.4
+
+
+From 8cd52f39772bf6b9c008a4e281c3a75f150a043b Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Thu, 11 Jun 2020 21:05:07 +0300
+Subject: [PATCH 08/11] Fix a typo in recent net man page changes
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
+
+Signed-off-by: Isaac Boukris <iboukris@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index 69e18df8b6c..9b1d4458acc 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -470,7 +470,7 @@ joining the domain.
+ </para>
+
+ <para>
+-[FQDN] (ADS only) set the dnsHosName attribute during the join.
++[FQDN] (ADS only) set the dnsHostName attribute during the join.
+ The default format is netbiosname.dnsdomain.
+ </para>
+
+--
+2.25.4
+
+
+From 2741058ea556296869d8895eb4adc30a07ecd59a Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Tue, 16 Jun 2020 22:01:49 +0300
+Subject: [PATCH 09/11] selftest: add tests for binary
+ msDS-AdditionalDnsHostName
+
+Like the short names added implicitly by Windows DC.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
+
+Signed-off-by: Isaac Boukris <iboukris@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ selftest/knownfail.d/binary_addl_hostname | 3 +++
+ testprogs/blackbox/test_net_ads.sh | 22 ++++++++++++++++++++++
+ 2 files changed, 25 insertions(+)
+ create mode 100644 selftest/knownfail.d/binary_addl_hostname
+
+diff --git a/selftest/knownfail.d/binary_addl_hostname b/selftest/knownfail.d/binary_addl_hostname
+new file mode 100644
+index 00000000000..559db1df507
+--- /dev/null
++++ b/selftest/knownfail.d/binary_addl_hostname
+@@ -0,0 +1,3 @@
++^samba4.blackbox.net_ads.dns alias1 check keytab
++^samba4.blackbox.net_ads.dns alias2 check keytab
++^samba4.blackbox.net_ads.addl short check keytab
+diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
+index 85257f445d8..eef4a31a6a7 100755
+--- a/testprogs/blackbox/test_net_ads.sh
++++ b/testprogs/blackbox/test_net_ads.sh
+@@ -41,6 +41,11 @@ if [ -x "$BINDIR/ldbdel" ]; then
+ ldbdel="$BINDIR/ldbdel"
+ fi
+
++ldbmodify="ldbmodify"
++if [ -x "$BINDIR/ldbmodify" ]; then
++ ldbmodify="$BINDIR/ldbmodify"
++fi
++
+ # Load test functions
+ . `dirname $0`/subunit.sh
+
+@@ -217,12 +222,29 @@ testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P samacc
+ testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+ testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
+
++# Test binary msDS-AdditionalDnsHostName like ones added by Windows DC
++short_alias_file="$PREFIX_ABS/short_alias_file"
++printf 'short_alias\0$' > $short_alias_file
++cat > $PREFIX_ABS/tmpldbmodify <<EOF
++dn: CN=$HOSTNAME,$computers_dn
++changetype: modify
++add: msDS-AdditionalDnsHostName
++msDS-AdditionalDnsHostName:< file://$short_alias_file
++EOF
++
++testit "add binary msDS-AdditionalDnsHostName" $VALGRIND $ldbmodify -k yes -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM $PREFIX_ABS/tmpldbmodify || failed=`expr $failed + 1`
++
++testit_grep "addl short alias" short_alias $ldbsearch --show-binary -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "CN=$HOSTNAME,CN=Computers,$base_dn" msDS-AdditionalDnsHostName || failed=`expr $failed + 1`
++
++rm -f $PREFIX_ABS/tmpldbmodify $short_alias_file
++
+ dedicated_keytab_file="$PREFIX_ABS/test_dns_aliases_dedicated_krb5.keytab"
+
+ testit "dns alias create_keytab" $VALGRIND $net_tool ads keytab create --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
+
+ testit_grep "dns alias1 check keytab" "host/${dns_alias1}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
+ testit_grep "dns alias2 check keytab" "host/${dns_alias2}@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
++testit_grep "addl short check keytab" "host/short_alias@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
+
+ rm -f $dedicated_keytab_file
+
+--
+2.25.4
+
+
+From 8fc75d1992a2b736c14e8d6b76c04e8227757971 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Thu, 11 Jun 2020 16:51:27 +0300
+Subject: [PATCH 10/11] Properly handle msDS-AdditionalDnsHostName returned
+ from Windows DC
+
+Windows DC adds short names for each specified msDS-AdditionalDnsHostName
+attribute, but these have a suffix of "\0$" and thus fail with
+ldap_get_values(), use ldap_get_values_len() instead.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
+
+Signed-off-by: Isaac Boukris <iboukris@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ selftest/knownfail.d/binary_addl_hostname | 3 --
+ source3/libads/ldap.c | 38 +++++++++++++++++++++--
+ 2 files changed, 35 insertions(+), 6 deletions(-)
+ delete mode 100644 selftest/knownfail.d/binary_addl_hostname
+
+diff --git a/selftest/knownfail.d/binary_addl_hostname b/selftest/knownfail.d/binary_addl_hostname
+deleted file mode 100644
+index 559db1df507..00000000000
+--- a/selftest/knownfail.d/binary_addl_hostname
++++ /dev/null
+@@ -1,3 +0,0 @@
+-^samba4.blackbox.net_ads.dns alias1 check keytab
+-^samba4.blackbox.net_ads.dns alias2 check keytab
+-^samba4.blackbox.net_ads.addl short check keytab
+diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
+index 02a628ee0e6..2684bba63ec 100644
+--- a/source3/libads/ldap.c
++++ b/source3/libads/ldap.c
+@@ -3664,6 +3664,40 @@ out:
+ /********************************************************************
+ ********************************************************************/
+
++static char **get_addl_hosts(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
++ LDAPMessage *msg, size_t *num_values)
++{
++ const char *field = "msDS-AdditionalDnsHostName";
++ struct berval **values = NULL;
++ char **ret = NULL;
++ size_t i, converted_size;
++
++ values = ldap_get_values_len(ads->ldap.ld, msg, field);
++ if (values == NULL) {
++ return NULL;
++ }
++
++ *num_values = ldap_count_values_len(values);
++
++ ret = talloc_array(mem_ctx, char *, *num_values + 1);
++ if (ret == NULL) {
++ ldap_value_free_len(values);
++ return NULL;
++ }
++
++ for (i = 0; i < *num_values; i++) {
++ if (!pull_utf8_talloc(mem_ctx, &ret[i], values[i]->bv_val,
++ &converted_size)) {
++ ldap_value_free_len(values);
++ return NULL;
++ }
++ }
++ ret[i] = NULL;
++
++ ldap_value_free_len(values);
++ return ret;
++}
++
+ ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+@@ -3689,9 +3723,7 @@ ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
+- *hostnames_array = ads_pull_strings(ads, mem_ctx, res,
+- "msDS-AdditionalDnsHostName",
+- num_hostnames);
++ *hostnames_array = get_addl_hosts(ads, mem_ctx, res, num_hostnames);
+ if (*hostnames_array == NULL) {
+ DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n",
+ machine_name));
+--
+2.25.4
+
+
+From 05dc94412f1f9809a3c84f4335c157258ee31273 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Sat, 20 Jun 2020 17:17:33 +0200
+Subject: [PATCH 11/11] Fix usage of ldap_get_values_len for
+ msDS-AdditionalDnsHostName
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
+
+Signed-off-by: Isaac Boukris <iboukris@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Mon Jun 22 09:59:04 UTC 2020 on sn-devel-184
+---
+ source3/libads/ldap.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
+index 2684bba63ec..d1ce9cee2f0 100644
+--- a/source3/libads/ldap.c
++++ b/source3/libads/ldap.c
+@@ -3686,8 +3686,12 @@ static char **get_addl_hosts(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ }
+
+ for (i = 0; i < *num_values; i++) {
+- if (!pull_utf8_talloc(mem_ctx, &ret[i], values[i]->bv_val,
+- &converted_size)) {
++ ret[i] = NULL;
++ if (!convert_string_talloc(mem_ctx, CH_UTF8, CH_UNIX,
++ values[i]->bv_val,
++ strnlen(values[i]->bv_val,
++ values[i]->bv_len),
++ &ret[i], &converted_size)) {
+ ldap_value_free_len(values);
+ return NULL;
+ }
+--
+2.25.4
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index 65fd987..0218fed 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -6,7 +6,7 @@
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
-%define main_release 5
+%define main_release 7
%define samba_version 4.10.16
%define talloc_version 2.1.16
@@ -3299,6 +3299,12 @@ rm -rf %{buildroot}
%endif # with_clustering_support
%changelog
+* Tue Jul 21 2020 Isaac Boukris <iboukris@redhat.com> - 4.10.16-7
+- related: #1852812 - trigger a rebuild to get the right tag
+
+* Thu Jul 16 2020 Isaac Boukris <iboukris@redhat.com> - 4.10.16-6
+- resolves: #1852812 - Fix additioanl hostnames with win DC
+
* Wed Jun 03 2020 Andreas Schneider <asn@redhat.com> - 4.10-16-5
- related: #1785121 - Add missing RPM Requires