From 32e271db200a86e703304aea85a4d29ce5e95b7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 19 Sep 2012 15:31:57 +0200 Subject: [PATCH 1/5] s3-net: pass down struct net_context to the dns update calls. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 6a7bc53..2f80ab1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1128,7 +1128,8 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, const struct sockaddr_storage *sslist, size_t num_addrs ); -static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, +static NTSTATUS net_update_dns_internal(struct net_context *c, + TALLOC_CTX *ctx, ADS_STRUCT *ads, const char *machine_name, const struct sockaddr_storage *addrs, int num_addrs) @@ -1233,7 +1234,8 @@ done: return status; } -static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, +static NTSTATUS net_update_dns_ext(struct net_context *c, + TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname, struct sockaddr_storage *iplist, int num_addrs) @@ -1263,18 +1265,18 @@ static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, iplist = iplist_alloc; } - status = net_update_dns_internal(mem_ctx, ads, machine_name, + status = net_update_dns_internal(c, mem_ctx, ads, machine_name, iplist, num_addrs); SAFE_FREE(iplist_alloc); return status; } -static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname) +static NTSTATUS net_update_dns(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname) { NTSTATUS status; - status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0); + status = net_update_dns_ext(c, mem_ctx, ads, hostname, NULL, 0); return status; } #endif @@ -1479,7 +1481,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) ads_kinit_password( ads_dns ); } - if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns, NULL)) ) { + if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns(c, ctx, ads_dns, NULL)) ) { d_fprintf( stderr, _("DNS update failed!\n") ); } @@ -1584,7 +1586,7 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar return -1; } - ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs); + ntstatus = net_update_dns_ext(c, ctx, ads, hostname, addrs, num_addrs); if (!NT_STATUS_IS_OK(ntstatus)) { d_fprintf( stderr, _("DNS update failed!\n") ); ads_destroy( &ads ); -- 1.7.11.7 From 286f71dbd5e9a2e40b4d252c3ba959af62e12c4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 19 Sep 2012 15:35:15 +0200 Subject: [PATCH 2/5] s3-net: move out some prototypes to net_dns.h. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 9 +-------- source3/utils/net_dns.c | 15 +-------------- source3/utils/net_dns.h | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 source3/utils/net_dns.h diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2f80ab1..b18f9cc 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -37,6 +37,7 @@ #include "krb5_env.h" #include "../libcli/security/security.h" #include "libsmb/libsmb.h" +#include "utils/net_dns.h" #ifdef HAVE_ADS @@ -1123,10 +1124,6 @@ static WERROR check_ads_config( void ) #if defined(WITH_DNS_UPDATES) #include "../lib/addns/dns.h" -DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, - size_t num_addrs ); static NTSTATUS net_update_dns_internal(struct net_context *c, TALLOC_CTX *ctx, ADS_STRUCT *ads, @@ -1607,10 +1604,6 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar #endif } -#if defined(WITH_DNS_UPDATES) -DNS_ERROR do_gethostbyname(const char *server, const char *host); -#endif - static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 5fbdc0a..b4425d1 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -22,16 +22,9 @@ #include "includes.h" #include "utils/net.h" #include "../lib/addns/dns.h" +#include "utils/net_dns.h" #if defined(WITH_DNS_UPDATES) -/* - * Silly prototype to get rid of a warning - */ - -DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, - size_t num_addrs ); /********************************************************************* *********************************************************************/ @@ -177,12 +170,6 @@ int get_my_ip_address( struct sockaddr_storage **pp_ss ) return count; } -/* - * Silly prototype to get rid of a warning - */ - -DNS_ERROR do_gethostbyname(const char *server, const char *host); - DNS_ERROR do_gethostbyname(const char *server, const char *host) { struct dns_connection *conn; diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h new file mode 100644 index 0000000..83d2922 --- /dev/null +++ b/source3/utils/net_dns.h @@ -0,0 +1,32 @@ +/* + Samba Unix/Linux Dynamic DNS Update + net ads commands + + Copyright (C) Krishna Ganugapati (krishnag@centeris.com) 2006 + Copyright (C) Gerald Carter 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#if defined(WITH_DNS_UPDATES) + +#include "../lib/addns/dns.h" + +DNS_ERROR DoDNSUpdate(char *pszServerName, + const char *pszDomainName, const char *pszHostName, + const struct sockaddr_storage *sslist, + size_t num_addrs ); +DNS_ERROR do_gethostbyname(const char *server, const char *host); + +#endif /* defined(WITH_DNS_UPDATES) */ -- 1.7.11.7 From 0399f3ffb605f1014ff76e7880012b7b3cac67b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 25 Sep 2012 11:08:48 +0200 Subject: [PATCH 3/5] s3-net: pass down a flags field to DoDNSUpdate(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_dns.c | 3 ++- source3/utils/net_dns.h | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index b4425d1..5e383da 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -31,7 +31,8 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, size_t num_addrs ) + const struct sockaddr_storage *sslist, size_t num_addrs, + uint32_t flags) { DNS_ERROR err; struct dns_connection *conn; diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h index 83d2922..19bf866 100644 --- a/source3/utils/net_dns.h +++ b/source3/utils/net_dns.h @@ -26,7 +26,9 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, const char *pszDomainName, const char *pszHostName, const struct sockaddr_storage *sslist, - size_t num_addrs ); + size_t num_addrs, + uint32_t flags); + DNS_ERROR do_gethostbyname(const char *server, const char *host); #endif /* defined(WITH_DNS_UPDATES) */ -- 1.7.11.7 From 580cd226c1581431059e63a6d7d9a5eec049dddb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 25 Sep 2012 11:09:45 +0200 Subject: [PATCH 4/5] s3-net: give more control how to update/register DNS entries. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 15 +++++++++- source3/utils/net_dns.c | 78 ++++++++++++++++++++++++++++++++++--------------- source3/utils/net_dns.h | 9 ++++++ 3 files changed, 78 insertions(+), 24 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b18f9cc..23491b5 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1199,12 +1199,25 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, for (i=0; i < ns_count; i++) { + uint32_t flags = DNS_UPDATE_SIGNED | + DNS_UPDATE_UNSIGNED | + DNS_UPDATE_UNSIGNED_SUFFICIENT | + DNS_UPDATE_PROBE | + DNS_UPDATE_PROBE_SUFFICIENT; + + if (c->opt_force) { + flags &= ~DNS_UPDATE_PROBE_SUFFICIENT; + flags &= ~DNS_UPDATE_UNSIGNED_SUFFICIENT; + } + + status = NT_STATUS_UNSUCCESSFUL; + /* Now perform the dns update - we'll try non-secure and if we fail, we'll follow it up with a secure update */ fstrcpy( dns_server, nameservers[i].hostname ); - dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs); + dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs, flags); if (ERR_DNS_IS_OK(dns_err)) { status = NT_STATUS_OK; goto done; diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 5e383da..eda0492 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -40,6 +40,14 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, OM_uint32 minor; struct dns_update_request *req, *resp; + DEBUG(10,("DoDNSUpdate called with flags: 0x%08x\n", flags)); + + if (!(flags & DNS_UPDATE_SIGNED) && + !(flags & DNS_UPDATE_UNSIGNED) && + !(flags & DNS_UPDATE_PROBE)) { + return ERROR_DNS_INVALID_PARAMETER; + } + if ( (num_addrs <= 0) || !sslist ) { return ERROR_DNS_INVALID_PARAMETER; } @@ -53,45 +61,65 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, goto error; } - /* - * Probe if everything's fine - */ + if (flags & DNS_UPDATE_PROBE) { - err = dns_create_probe(mem_ctx, pszDomainName, pszHostName, - num_addrs, sslist, &req); - if (!ERR_DNS_IS_OK(err)) goto error; + /* + * Probe if everything's fine + */ - err = dns_update_transaction(mem_ctx, conn, req, &resp); - if (!ERR_DNS_IS_OK(err)) goto error; + err = dns_create_probe(mem_ctx, pszDomainName, pszHostName, + num_addrs, sslist, &req); + if (!ERR_DNS_IS_OK(err)) goto error; - if (dns_response_code(resp->flags) == DNS_NO_ERROR) { - TALLOC_FREE(mem_ctx); - return ERROR_DNS_SUCCESS; + err = dns_update_transaction(mem_ctx, conn, req, &resp); + if (!ERR_DNS_IS_OK(err)) goto error; + + if (!ERR_DNS_IS_OK(err)) { + DEBUG(3,("DoDNSUpdate: failed to probe DNS\n")); + } + + if ((dns_response_code(resp->flags) == DNS_NO_ERROR) && + (flags & DNS_UPDATE_PROBE_SUFFICIENT)) { + TALLOC_FREE(mem_ctx); + return ERROR_DNS_SUCCESS; + } } - /* - * First try without signing - */ + if (flags & DNS_UPDATE_UNSIGNED) { - err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, - sslist, num_addrs, &req); - if (!ERR_DNS_IS_OK(err)) goto error; + /* + * First try without signing + */ - err = dns_update_transaction(mem_ctx, conn, req, &resp); - if (!ERR_DNS_IS_OK(err)) goto error; + err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, + sslist, num_addrs, &req); + if (!ERR_DNS_IS_OK(err)) goto error; + + err = dns_update_transaction(mem_ctx, conn, req, &resp); + if (!ERR_DNS_IS_OK(err)) goto error; + + if (!ERR_DNS_IS_OK(err)) { + DEBUG(3,("DoDNSUpdate: unsigned update failed\n")); + } - if (dns_response_code(resp->flags) == DNS_NO_ERROR) { - TALLOC_FREE(mem_ctx); - return ERROR_DNS_SUCCESS; + if ((dns_response_code(resp->flags) == DNS_NO_ERROR) && + (flags & DNS_UPDATE_UNSIGNED_SUFFICIENT)) { + TALLOC_FREE(mem_ctx); + return ERROR_DNS_SUCCESS; + } } /* * Okay, we have to try with signing */ - { + if (flags & DNS_UPDATE_SIGNED) { gss_ctx_id_t gss_context; char *keyname; + err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, + sslist, num_addrs, &req); + if (!ERR_DNS_IS_OK(err)) goto error; + if (!(keyname = dns_generate_keyname( mem_ctx ))) { err = ERROR_DNS_NO_MEMORY; goto error; @@ -122,6 +150,10 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, err = (dns_response_code(resp->flags) == DNS_NO_ERROR) ? ERROR_DNS_SUCCESS : ERROR_DNS_UPDATE_FAILED; + + if (!ERR_DNS_IS_OK(err)) { + DEBUG(3,("DoDNSUpdate: signed update failed\n")); + } } diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h index 19bf866..31e541b 100644 --- a/source3/utils/net_dns.h +++ b/source3/utils/net_dns.h @@ -19,6 +19,15 @@ along with this program. If not, see . */ +/* flags for DoDNSUpdate */ + +#define DNS_UPDATE_SIGNED 0x01 +#define DNS_UPDATE_SIGNED_SUFFICIENT 0x02 +#define DNS_UPDATE_UNSIGNED 0x04 +#define DNS_UPDATE_UNSIGNED_SUFFICIENT 0x08 +#define DNS_UPDATE_PROBE 0x10 +#define DNS_UPDATE_PROBE_SUFFICIENT 0x20 + #if defined(WITH_DNS_UPDATES) #include "../lib/addns/dns.h" -- 1.7.11.7 From 3fbf9af4291ef00e813fdc953c10240da4c058b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Mon, 1 Oct 2012 16:19:28 +0200 Subject: [PATCH 5/5] s3-net: Fix DEBUG() location. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104 Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 23491b5..8f8b7b4 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1188,7 +1188,7 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, status = ads_dns_lookup_ns( ctx, root_domain, &nameservers, &ns_count ); if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { - DEBUG(3,("net_ads_join: Failed to find name server for the %s " + DEBUG(3,("net_update_dns_internal: Failed to find name server for the %s " "realm\n", ads->config.realm)); goto done; } -- 1.7.11.7