From e224b0cce6f0e707b29d1cacf88b0cb3a8593621 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 10 Dec 2010 15:08:53 +1100 Subject: [PATCH 1/5] s3-net Allow 'net ads dns register' to take an optional hostname argument This allows the administrator to more carefully chose what name to register. Andrew Bartlett (cherry picked from commit c2a1ad9047508cf2745a9019e6783c8b8f7ef475) (cherry picked from commit 10c5a59315ef69eeb4d8bc19237de9787284a63d) Signed-off-by: Stefan Metzmacher --- source3/utils/net_ads.c | 16 ++++++++++------ 1 files changed, 10 insertions(+), 6 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b618ab8..6b354ed 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1197,14 +1197,18 @@ done: return status; } -static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads) +static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname) { int num_addrs; struct sockaddr_storage *iplist = NULL; fstring machine_name; NTSTATUS status; - name_to_fqdn( machine_name, global_myname() ); + if (hostname) { + fstrcpy(machine_name, hostname); + } else { + name_to_fqdn( machine_name, global_myname() ); + } strlower_m( machine_name ); /* Get our ip address (not the 127.0.0.x address but a real ip @@ -1394,7 +1398,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) ads_kinit_password( ads_dns ); } - if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns )) ) { + if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns, NULL)) ) { d_fprintf( stderr, _("DNS update failed!\n") ); } @@ -1431,9 +1435,9 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar talloc_enable_leak_report(); #endif - if (argc > 0 || c->display_usage) { + if (argc > 1 || c->display_usage) { d_printf( "%s\n" - "net ads dns register\n" + "net ads dns register [hostname]\n" " %s\n", _("Usage:"), _("Register hostname with DNS\n")); @@ -1452,7 +1456,7 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar return -1; } - if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads)) ) { + if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads, argc == 1 ? argv[0] : NULL)) ) { d_fprintf( stderr, _("DNS update failed!\n") ); ads_destroy( &ads ); TALLOC_FREE( ctx ); -- 1.7.0.4 From d9adbf36673287c2b4de573e36e7cd9e7e0f1851 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 2 Dec 2010 00:42:21 +0100 Subject: [PATCH 2/5] s3:net: disable dynamic dns updates at the end of "net ads join" in a cluster (bug #7871) In a clustered environment, registering the set of ip addresses that are assigned to the interfaces of the node that performs the join does usually not have the desired effect, since the local interfaces do not carry complete set of the cluster's public IP addresses. And it can also contain internal addresses that should not be visible to the outside at all. In order to do dns updates in a clustererd setup, use net ads dns register. This fixes the net ads join part of bug #7871. Signed-off-by: Stefan Metzmacher (cherry picked from commit b8f19df53e66bf0260b4ae6c49acea87ac379deb) (cherry picked from commit 1c73d52ddddfcec25cf079da4a0d6bf81fb030da) --- source3/utils/net_ads.c | 19 +++++++++++++++++++ 1 files changed, 19 insertions(+), 0 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 6b354ed..8c04eda 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1380,6 +1380,23 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) } #if defined(WITH_DNS_UPDATES) + /* + * In a clustered environment, don't do dynamic dns updates: + * Registering the set of ip addresses that are assigned to + * the interfaces of the node that performs the join does usually + * not have the desired effect, since the local interfaces do not + * carry the complete set of the cluster's public IP addresses. + * And it can also contain internal addresses that should not + * be visible to the outside at all. + * In order to do dns updates in a clustererd setup, use + * net ads dns register. + */ + if (lp_clustering()) { + d_fprintf(stderr, _("Not doing automatic DNS update in a" + "clustered setup.\n")); + goto done; + } + if (r->out.domain_is_ad) { /* We enter this block with user creds */ ADS_STRUCT *ads_dns = NULL; @@ -1406,6 +1423,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) ads_destroy(&ads_dns); } #endif + +done: TALLOC_FREE(r); TALLOC_FREE( ctx ); -- 1.7.0.4 From 63e5b2da3f1f289fca28ddf01f678e839d993efa Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 16 Dec 2010 00:52:41 +0100 Subject: [PATCH 3/5] s3:net: add net_update_dns_ext() that accepts a list of addresses as parameter (bug# 7871) This generalized form of net_update_dns() will be used to add support for specifying a list of addresses on the commandline of "net ads dns register". This prepares the "net ads dns register" part of the fix for bug #7871. Signed-off-by: Stefan Metzmacher (cherry picked from commit 4d91f98b433e07922373bf4e3ba9668b7af71a00) (cherry picked from commit 4b7775500b1055acf62decbc0fc8283b088da452) --- source3/utils/net_ads.c | 39 +++++++++++++++++++++++++++------------ 1 files changed, 27 insertions(+), 12 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 8c04eda..75b115e 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1197,10 +1197,12 @@ done: return status; } -static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname) +static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, + const char *hostname, + struct sockaddr_storage *iplist, + int num_addrs) { - int num_addrs; - struct sockaddr_storage *iplist = NULL; + struct sockaddr_storage *iplist_alloc = NULL; fstring machine_name; NTSTATUS status; @@ -1211,19 +1213,32 @@ static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char } strlower_m( machine_name ); - /* Get our ip address (not the 127.0.0.x address but a real ip - * address) */ - - num_addrs = get_my_ip_address( &iplist ); - if ( num_addrs <= 0 ) { - DEBUG(4,("net_update_dns: Failed to find my non-loopback IP " - "addresses!\n")); - return NT_STATUS_INVALID_PARAMETER; + if (num_addrs == 0 || iplist == NULL) { + /* + * Get our ip address + * (not the 127.0.0.x address but a real ip address) + */ + num_addrs = get_my_ip_address(&iplist_alloc); + if ( num_addrs <= 0 ) { + DEBUG(4, ("net_update_dns_ext: Failed to find my " + "non-loopback IP addresses!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + iplist = iplist_alloc; } status = net_update_dns_internal(mem_ctx, ads, machine_name, iplist, num_addrs); - SAFE_FREE( iplist ); + + SAFE_FREE(iplist_alloc); + return status; +} + +static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname) +{ + NTSTATUS status; + + status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0); return status; } #endif -- 1.7.0.4 From 9d178a309915d83f25b8d772318dd13d5e383f23 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 16 Dec 2010 01:49:14 +0100 Subject: [PATCH 4/5] s3:net ads dns register: add support for specifying addresse on the commandline (bug #7871) In the clustering case, this is also made the only possiblity to do dns updates, since the list addresses on the local interfaces is not suitable in that case. This fixes the "net ads dns register" part of bug #7871. It might be extended by a parsing of the "cluster addresses" setting. Signed-off-by: Stefan Metzmacher (cherry picked from commit 5e83a05009787d8a2086db1adc1ed58d61b3725d) (cherry picked from commit 9ed3d33fb3d7365a127ea2752032840272697902) --- source3/utils/net_ads.c | 43 ++++++++++++++++++++++++++++++++++++++++--- 1 files changed, 40 insertions(+), 3 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 75b115e..a432570 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1463,15 +1463,27 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar #if defined(WITH_DNS_UPDATES) ADS_STRUCT *ads; ADS_STATUS status; + NTSTATUS ntstatus; TALLOC_CTX *ctx; + const char *hostname = NULL; + struct sockaddr_storage *addrs = NULL; + int num_addrs = 0; + int count; #ifdef DEVELOPER talloc_enable_leak_report(); #endif - if (argc > 1 || c->display_usage) { + if (argc <= 1 && lp_clustering()) { + d_fprintf(stderr, _("Refusing DNS updates with automatic " + "detection of addresses in a clustered " + "setup.\n")); + c->display_usage = true; + } + + if (c->display_usage) { d_printf( "%s\n" - "net ads dns register [hostname]\n" + "net ads dns register [hostname [IP [IP...]]]\n" " %s\n", _("Usage:"), _("Register hostname with DNS\n")); @@ -1483,6 +1495,30 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar return -1; } + if (argc >= 1) { + hostname = argv[0]; + } + + if (argc > 1) { + num_addrs = argc - 1; + addrs = talloc_zero_array(ctx, struct sockaddr_storage, num_addrs); + if (addrs == NULL) { + d_fprintf(stderr, _("Error allocating memory!\n")); + talloc_free(ctx); + return -1; + } + } + + for (count = 0; count < num_addrs; count++) { + if (!interpret_string_addr(&addrs[count], argv[count+1], 0)) { + d_fprintf(stderr, "%s '%s'.\n", + _("Cannot interpret address"), + argv[count+1]); + talloc_free(ctx); + return -1; + } + } + status = ads_startup(c, true, &ads); if ( !ADS_ERR_OK(status) ) { DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status))); @@ -1490,7 +1526,8 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar return -1; } - if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads, argc == 1 ? argv[0] : NULL)) ) { + ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs); + if (!NT_STATUS_IS_OK(ntstatus)) { d_fprintf( stderr, _("DNS update failed!\n") ); ads_destroy( &ads ); TALLOC_FREE( ctx ); -- 1.7.0.4 From 5f43fd1af200cb508520a41050f354f8ff02d7e6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 16 Dec 2010 12:07:24 +0100 Subject: [PATCH 5/5] s3:net ads dns register: use "cluster addresses" option if configured (bug #7871) metze Signed-off-by: Stefan Metzmacher Autobuild-User: Stefan Metzmacher Autobuild-Date: Fri Dec 17 16:49:14 CET 2010 on sn-devel-104 (cherry picked from commit 1dc2fa7616207a2d3a9f1cbe69b2ec1fc61634fd) (cherry picked from commit 9a40e5f6a500571cc752383ca7fa27347e4efa45) --- source3/utils/net_ads.c | 14 +++++++++++--- 1 files changed, 11 insertions(+), 3 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index a432570..83aef18 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1466,6 +1466,7 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar NTSTATUS ntstatus; TALLOC_CTX *ctx; const char *hostname = NULL; + const char **addrs_list = NULL; struct sockaddr_storage *addrs = NULL; int num_addrs = 0; int count; @@ -1474,7 +1475,7 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar talloc_enable_leak_report(); #endif - if (argc <= 1 && lp_clustering()) { + if (argc <= 1 && lp_clustering() && lp_cluster_addresses() == NULL) { d_fprintf(stderr, _("Refusing DNS updates with automatic " "detection of addresses in a clustered " "setup.\n")); @@ -1501,6 +1502,13 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar if (argc > 1) { num_addrs = argc - 1; + addrs_list = &argv[1]; + } else if (lp_clustering()) { + addrs_list = lp_cluster_addresses(); + num_addrs = str_list_length(addrs_list); + } + + if (num_addrs > 0) { addrs = talloc_zero_array(ctx, struct sockaddr_storage, num_addrs); if (addrs == NULL) { d_fprintf(stderr, _("Error allocating memory!\n")); @@ -1510,10 +1518,10 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar } for (count = 0; count < num_addrs; count++) { - if (!interpret_string_addr(&addrs[count], argv[count+1], 0)) { + if (!interpret_string_addr(&addrs[count], addrs_list[count], 0)) { d_fprintf(stderr, "%s '%s'.\n", _("Cannot interpret address"), - argv[count+1]); + addrs_list[count]); talloc_free(ctx); return -1; } -- 1.7.0.4