From 0db4bf2de6ca5a2c98f4156a014ef8e578a64dad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 19 Sep 2012 15:31:57 +0200 Subject: [PATCH 1/5] s3-net: pass down struct net_context to the dns update calls. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c01ccf0..2ac216a 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1131,7 +1131,8 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, const struct sockaddr_storage *sslist, size_t num_addrs ); -static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads, +static NTSTATUS net_update_dns_internal(struct net_context *c, + TALLOC_CTX *ctx, ADS_STRUCT *ads, const char *machine_name, const struct sockaddr_storage *addrs, int num_addrs) @@ -1242,7 +1243,8 @@ done: return status; } -static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, +static NTSTATUS net_update_dns_ext(struct net_context *c, + TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname, struct sockaddr_storage *iplist, int num_addrs) @@ -1274,18 +1276,18 @@ static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, iplist = iplist_alloc; } - status = net_update_dns_internal(mem_ctx, ads, machine_name, + status = net_update_dns_internal(c, mem_ctx, ads, machine_name, iplist, num_addrs); SAFE_FREE(iplist_alloc); return status; } -static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname) +static NTSTATUS net_update_dns(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname) { NTSTATUS status; - status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0); + status = net_update_dns_ext(c, mem_ctx, ads, hostname, NULL, 0); return status; } #endif @@ -1315,7 +1317,7 @@ static int net_ads_join_usage(struct net_context *c, int argc, const char **argv } -static void _net_ads_join_dns_updates(TALLOC_CTX *ctx, struct libnet_JoinCtx *r) +static void _net_ads_join_dns_updates(struct net_context *c, TALLOC_CTX *ctx, struct libnet_JoinCtx *r) { #if defined(WITH_DNS_UPDATES) ADS_STRUCT *ads_dns = NULL; @@ -1389,7 +1391,7 @@ static void _net_ads_join_dns_updates(TALLOC_CTX *ctx, struct libnet_JoinCtx *r) goto done; } - status = net_update_dns(ctx, ads_dns, NULL); + status = net_update_dns(c, ctx, ads_dns, NULL); if (!NT_STATUS_IS_OK(status)) { d_fprintf( stderr, _("DNS update failed: %s\n"), nt_errstr(status)); @@ -1545,7 +1547,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) * If the dns update fails, we still consider the join * operation as succeeded if we came this far. */ - _net_ads_join_dns_updates(ctx, r); + _net_ads_join_dns_updates(c, ctx, r); TALLOC_FREE(r); TALLOC_FREE( ctx ); @@ -1641,7 +1643,7 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar return -1; } - ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs); + ntstatus = net_update_dns_ext(c, ctx, ads, hostname, addrs, num_addrs); if (!NT_STATUS_IS_OK(ntstatus)) { d_fprintf( stderr, _("DNS update failed!\n") ); ads_destroy( &ads ); -- 1.7.11.7 From 6f97a3712f39a491ae2db952d6cece583f655605 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 19 Sep 2012 15:35:15 +0200 Subject: [PATCH 2/5] s3-net: move out some prototypes to net_dns.h. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 9 +-------- source3/utils/net_dns.c | 15 +-------------- source3/utils/net_dns.h | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 source3/utils/net_dns.h diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2ac216a..5219586 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -38,6 +38,7 @@ #include "../libcli/security/security.h" #include "libsmb/libsmb.h" #include "lib/param/loadparm.h" +#include "utils/net_dns.h" #ifdef HAVE_ADS @@ -1126,10 +1127,6 @@ static WERROR check_ads_config( void ) #if defined(WITH_DNS_UPDATES) #include "../lib/addns/dns.h" -DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, - size_t num_addrs ); static NTSTATUS net_update_dns_internal(struct net_context *c, TALLOC_CTX *ctx, ADS_STRUCT *ads, @@ -1664,10 +1661,6 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar #endif } -#if defined(WITH_DNS_UPDATES) -DNS_ERROR do_gethostbyname(const char *server, const char *host); -#endif - static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char **argv) { #if defined(WITH_DNS_UPDATES) diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 559c14d..2948e7c 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -22,16 +22,9 @@ #include "includes.h" #include "utils/net.h" #include "../lib/addns/dns.h" +#include "utils/net_dns.h" #if defined(WITH_DNS_UPDATES) -/* - * Silly prototype to get rid of a warning - */ - -DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, - size_t num_addrs ); /********************************************************************* *********************************************************************/ @@ -182,12 +175,6 @@ int get_my_ip_address( struct sockaddr_storage **pp_ss ) return count; } -/* - * Silly prototype to get rid of a warning - */ - -DNS_ERROR do_gethostbyname(const char *server, const char *host); - DNS_ERROR do_gethostbyname(const char *server, const char *host) { struct dns_connection *conn; diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h new file mode 100644 index 0000000..83d2922 --- /dev/null +++ b/source3/utils/net_dns.h @@ -0,0 +1,32 @@ +/* + Samba Unix/Linux Dynamic DNS Update + net ads commands + + Copyright (C) Krishna Ganugapati (krishnag@centeris.com) 2006 + Copyright (C) Gerald Carter 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#if defined(WITH_DNS_UPDATES) + +#include "../lib/addns/dns.h" + +DNS_ERROR DoDNSUpdate(char *pszServerName, + const char *pszDomainName, const char *pszHostName, + const struct sockaddr_storage *sslist, + size_t num_addrs ); +DNS_ERROR do_gethostbyname(const char *server, const char *host); + +#endif /* defined(WITH_DNS_UPDATES) */ -- 1.7.11.7 From 815fd369c3dc0478a55c20f35d0aa99bf42ac3d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 25 Sep 2012 11:08:48 +0200 Subject: [PATCH 3/5] s3-net: pass down a flags field to DoDNSUpdate(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_dns.c | 3 ++- source3/utils/net_dns.h | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 2948e7c..437b4c1 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -31,7 +31,8 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, size_t num_addrs ) + const struct sockaddr_storage *sslist, size_t num_addrs, + uint32_t flags) { DNS_ERROR err; struct dns_connection *conn; diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h index 83d2922..19bf866 100644 --- a/source3/utils/net_dns.h +++ b/source3/utils/net_dns.h @@ -26,7 +26,9 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, const char *pszDomainName, const char *pszHostName, const struct sockaddr_storage *sslist, - size_t num_addrs ); + size_t num_addrs, + uint32_t flags); + DNS_ERROR do_gethostbyname(const char *server, const char *host); #endif /* defined(WITH_DNS_UPDATES) */ -- 1.7.11.7 From 7c7f1a53b7bc15f9ecfa310669c6824fac6ded2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 25 Sep 2012 11:09:45 +0200 Subject: [PATCH 4/5] s3-net: give more control how to update/register DNS entries. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 13 ++++++++- source3/utils/net_dns.c | 78 ++++++++++++++++++++++++++++++++++--------------- source3/utils/net_dns.h | 9 ++++++ 3 files changed, 76 insertions(+), 24 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 5219586..79662c4 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1206,6 +1206,17 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, for (i=0; i < ns_count; i++) { + uint32_t flags = DNS_UPDATE_SIGNED | + DNS_UPDATE_UNSIGNED | + DNS_UPDATE_UNSIGNED_SUFFICIENT | + DNS_UPDATE_PROBE | + DNS_UPDATE_PROBE_SUFFICIENT; + + if (c->opt_force) { + flags &= ~DNS_UPDATE_PROBE_SUFFICIENT; + flags &= ~DNS_UPDATE_UNSIGNED_SUFFICIENT; + } + status = NT_STATUS_UNSUCCESSFUL; /* Now perform the dns update - we'll try non-secure and if we fail, @@ -1213,7 +1224,7 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, fstrcpy( dns_server, nameservers[i].hostname ); - dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs); + dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs, flags); if (ERR_DNS_IS_OK(dns_err)) { status = NT_STATUS_OK; goto done; diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 437b4c1..9bbefdb 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -40,6 +40,14 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, OM_uint32 minor; struct dns_update_request *req, *resp; + DEBUG(10,("DoDNSUpdate called with flags: 0x%08x\n", flags)); + + if (!(flags & DNS_UPDATE_SIGNED) && + !(flags & DNS_UPDATE_UNSIGNED) && + !(flags & DNS_UPDATE_PROBE)) { + return ERROR_DNS_INVALID_PARAMETER; + } + if ( (num_addrs <= 0) || !sslist ) { return ERROR_DNS_INVALID_PARAMETER; } @@ -53,45 +61,65 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, goto error; } - /* - * Probe if everything's fine - */ + if (flags & DNS_UPDATE_PROBE) { - err = dns_create_probe(mem_ctx, pszDomainName, pszHostName, - num_addrs, sslist, &req); - if (!ERR_DNS_IS_OK(err)) goto error; + /* + * Probe if everything's fine + */ - err = dns_update_transaction(mem_ctx, conn, req, &resp); - if (!ERR_DNS_IS_OK(err)) goto error; + err = dns_create_probe(mem_ctx, pszDomainName, pszHostName, + num_addrs, sslist, &req); + if (!ERR_DNS_IS_OK(err)) goto error; - if (dns_response_code(resp->flags) == DNS_NO_ERROR) { - TALLOC_FREE(mem_ctx); - return ERROR_DNS_SUCCESS; + err = dns_update_transaction(mem_ctx, conn, req, &resp); + if (!ERR_DNS_IS_OK(err)) goto error; + + if (!ERR_DNS_IS_OK(err)) { + DEBUG(3,("DoDNSUpdate: failed to probe DNS\n")); + } + + if ((dns_response_code(resp->flags) == DNS_NO_ERROR) && + (flags & DNS_UPDATE_PROBE_SUFFICIENT)) { + TALLOC_FREE(mem_ctx); + return ERROR_DNS_SUCCESS; + } } - /* - * First try without signing - */ + if (flags & DNS_UPDATE_UNSIGNED) { - err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, - sslist, num_addrs, &req); - if (!ERR_DNS_IS_OK(err)) goto error; + /* + * First try without signing + */ - err = dns_update_transaction(mem_ctx, conn, req, &resp); - if (!ERR_DNS_IS_OK(err)) goto error; + err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, + sslist, num_addrs, &req); + if (!ERR_DNS_IS_OK(err)) goto error; + + err = dns_update_transaction(mem_ctx, conn, req, &resp); + if (!ERR_DNS_IS_OK(err)) goto error; + + if (!ERR_DNS_IS_OK(err)) { + DEBUG(3,("DoDNSUpdate: unsigned update failed\n")); + } - if (dns_response_code(resp->flags) == DNS_NO_ERROR) { - TALLOC_FREE(mem_ctx); - return ERROR_DNS_SUCCESS; + if ((dns_response_code(resp->flags) == DNS_NO_ERROR) && + (flags & DNS_UPDATE_UNSIGNED_SUFFICIENT)) { + TALLOC_FREE(mem_ctx); + return ERROR_DNS_SUCCESS; + } } /* * Okay, we have to try with signing */ - { + if (flags & DNS_UPDATE_SIGNED) { gss_ctx_id_t gss_context; char *keyname; + err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, + sslist, num_addrs, &req); + if (!ERR_DNS_IS_OK(err)) goto error; + if (!(keyname = dns_generate_keyname( mem_ctx ))) { err = ERROR_DNS_NO_MEMORY; goto error; @@ -122,6 +150,10 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, err = (dns_response_code(resp->flags) == DNS_NO_ERROR) ? ERROR_DNS_SUCCESS : ERROR_DNS_UPDATE_FAILED; + + if (!ERR_DNS_IS_OK(err)) { + DEBUG(3,("DoDNSUpdate: signed update failed\n")); + } } diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h index 19bf866..31e541b 100644 --- a/source3/utils/net_dns.h +++ b/source3/utils/net_dns.h @@ -19,6 +19,15 @@ along with this program. If not, see . */ +/* flags for DoDNSUpdate */ + +#define DNS_UPDATE_SIGNED 0x01 +#define DNS_UPDATE_SIGNED_SUFFICIENT 0x02 +#define DNS_UPDATE_UNSIGNED 0x04 +#define DNS_UPDATE_UNSIGNED_SUFFICIENT 0x08 +#define DNS_UPDATE_PROBE 0x10 +#define DNS_UPDATE_PROBE_SUFFICIENT 0x20 + #if defined(WITH_DNS_UPDATES) #include "../lib/addns/dns.h" -- 1.7.11.7 From 98874ee25a8117dae75558cec32032ab07a0399a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Mon, 1 Oct 2012 16:19:28 +0200 Subject: [PATCH 5/5] s3-net: Fix DEBUG() location. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104 Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 79662c4..03658d3 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1195,7 +1195,7 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, &nameservers, &ns_count); if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) { - DEBUG(3,("net_ads_join: Failed to find name server for the %s " + DEBUG(3,("net_update_dns_internal: Failed to find name server for the %s " "realm\n", ads->config.realm)); goto done; } -- 1.7.11.7