From 7cbba83186c76a2744224d108ebb45a511d3cc76 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Thu, 2 Dec 2010 00:42:21 +0100
Subject: [PATCH 1/3] s3:net: disable dynamic dns updates at the end of "net ads join" in a cluster (bug #7871)

In a clustered environment, registering the set of ip addresses that are
assigned to the interfaces of the node that performs the join does usually
not have the desired effect, since the local interfaces do not carry
complete set of the cluster's public IP addresses.  And it can also contain
internal addresses that should not be visible to the outside at all.
In order to do dns updates in a clustererd setup, use net ads dns register.

This fixes the net ads join part of bug #7871.
---
 source3/utils/net_ads.c |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 0b2165d..8f0d2fb 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1407,6 +1407,23 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
 	}
 
 #if defined(WITH_DNS_UPDATES)
+	/*
+	 * In a clustered environment, don't do dynamic dns updates:
+	 * Registering the set of ip addresses that are assigned to
+	 * the interfaces of the node that performs the join does usually
+	 * not have the desired effect, since the local interfaces do not
+	 * carry the complete set of the cluster's public IP addresses.
+	 * And it can also contain internal addresses that should not
+	 * be visible to the outside at all.
+	 * In order to do dns updates in a clustererd setup, use
+	 * net ads dns register.
+	 */
+	if (lp_clustering()) {
+		d_fprintf(stderr, _("Not doing automatic DNS update in a"
+				    "clustered setup.\n"));
+		goto done;
+	}
+
 	if (r->out.domain_is_ad) {
 		/* We enter this block with user creds */
 		ADS_STRUCT *ads_dns = NULL;
@@ -1433,6 +1450,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
 		ads_destroy(&ads_dns);
 	}
 #endif
+
+done:
 	TALLOC_FREE(r);
 	TALLOC_FREE( ctx );
 
-- 
1.6.3.3


From 11898d4643dd53839e769ef7122f3a6361779c9f Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Thu, 16 Dec 2010 00:52:41 +0100
Subject: [PATCH 2/3] s3:net: add net_update_dns_ext() that accepts a list of addresses as parameter (bug# 7871)

This generalized form of net_update_dns() will be used to
add support for specifying a list of addresses on the commandline
of "net ads dns register".

This prepares the "net ads dns register" part of the fix for bug #7871.
---
 source3/utils/net_ads.c |   39 +++++++++++++++++++++++++++------------
 1 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8f0d2fb..2d418c4 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1216,10 +1216,12 @@ done:
 	return status;
 }
 
-static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
+static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
+				   const char *hostname,
+				   struct sockaddr_storage *iplist,
+				   int num_addrs)
 {
-	int num_addrs;
-	struct sockaddr_storage *iplist = NULL;
+	struct sockaddr_storage *iplist_alloc = NULL;
 	fstring machine_name;
 	NTSTATUS status;
 
@@ -1230,19 +1232,32 @@ static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char
 	}
 	strlower_m( machine_name );
 
-	/* Get our ip address (not the 127.0.0.x address but a real ip
-	 * address) */
-
-	num_addrs = get_my_ip_address( &iplist );
-	if ( num_addrs <= 0 ) {
-		DEBUG(4,("net_update_dns: Failed to find my non-loopback IP "
-			 "addresses!\n"));
-		return NT_STATUS_INVALID_PARAMETER;
+	if (num_addrs == 0 || iplist == NULL) {
+		/*
+		 * Get our ip address
+		 * (not the 127.0.0.x address but a real ip address)
+		 */
+		num_addrs = get_my_ip_address(&iplist_alloc);
+		if ( num_addrs <= 0 ) {
+			DEBUG(4, ("net_update_dns_ext: Failed to find my "
+				  "non-loopback IP addresses!\n"));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		iplist = iplist_alloc;
 	}
 
 	status = net_update_dns_internal(mem_ctx, ads, machine_name,
 					 iplist, num_addrs);
-	SAFE_FREE( iplist );
+
+	SAFE_FREE(iplist_alloc);
+	return status;
+}
+
+static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
+{
+	NTSTATUS status;
+
+	status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0);
 	return status;
 }
 #endif
-- 
1.6.3.3


From 60a3c3c935bcb4a1af04241a8c9232e0ad296b5b Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Thu, 16 Dec 2010 01:49:14 +0100
Subject: [PATCH 3/3] s3:net ads dns register: add support for specifying addresse on the commandline (bug #7871)

In the clustering case, this is also made the only possiblity to do dns updates,
since the list addresses on the local interfaces is not suitable in that case.

This fixes the "net ads dns register" part of bug #7871.
It might be extended by a parsing of the "cluster addresses" setting.
---
 source3/utils/net_ads.c |   42 +++++++++++++++++++++++++++++++++++++++---
 1 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 2d418c4..da33931 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1490,15 +1490,27 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
 #if defined(WITH_DNS_UPDATES)
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
+	NTSTATUS ntstatus;
 	TALLOC_CTX *ctx;
+	const char *hostname = NULL;
+	struct sockaddr_storage *addrs = NULL;
+	int num_addrs = 0;
+	int count;
 
 #ifdef DEVELOPER
 	talloc_enable_leak_report();
 #endif
 
-	if (argc > 1 || c->display_usage) {
+	if (argc <= 1 && lp_clustering()) {
+		d_fprintf(stderr, _("Refusing DNS updates with automatic "
+				    "detection of addresses in a clustered "
+				    "setup.\n"));
+		c->display_usage = true;
+	}
+
+	if (c->display_usage) {
 		d_printf(  "%s\n"
-			   "net ads dns register [hostname]\n"
+			   "net ads dns register [hostname [IP [IP...]]]\n"
 			   "    %s\n",
 			 _("Usage:"),
 			 _("Register hostname with DNS\n"));
@@ -1510,6 +1522,29 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
 		return -1;
 	}
 
+	if (argc >= 1) {
+		hostname = argv[0];
+	}
+
+	if (argc > 1) {
+		num_addrs = argc - 1;
+		addrs = talloc_zero_array(ctx, struct sockaddr_storage, num_addrs);
+		if (addrs == NULL) {
+			d_fprintf(stderr, _("Error allocating memory!\n"));
+			return -1;
+		}
+	}
+
+	for (count = 0; count < num_addrs; count++) {
+		if (!interpret_string_addr(&addrs[count], argv[count+1], 0)) {
+			d_fprintf(stderr, "%s '%s'.\n",
+					  _("Cannot interpret address"),
+					  argv[count+1]);
+			talloc_free(ctx);
+			return -1;
+		}
+	}
+
 	status = ads_startup(c, true, &ads);
 	if ( !ADS_ERR_OK(status) ) {
 		DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
@@ -1517,7 +1552,8 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
 		return -1;
 	}
 
-	if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads, argc == 1 ? argv[0] : NULL)) ) {
+	ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs);
+	if (!NT_STATUS_IS_OK(ntstatus)) {
 		d_fprintf( stderr, _("DNS update failed!\n") );
 		ads_destroy( &ads );
 		TALLOC_FREE( ctx );
-- 
1.6.3.3