[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1413-g5a22c02
Andrew Tridgell
tridge at samba.org
Sun Sep 6 22:09:30 MDT 2009
The branch, master has been updated
via 5a22c0225abe2da11e844888475cbd9c40c6c47c (commit)
via becee4c164d6d2c3a65b9af0ac0457a1c5827319 (commit)
from 9cf2d053cd255ee8c96bb25338b229e63d2d5182 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5a22c0225abe2da11e844888475cbd9c40c6c47c
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 7 14:08:03 2009 +1000
s4:setup_dns.sh fixed the update of the GUID CNAME
commit becee4c164d6d2c3a65b9af0ac0457a1c5827319
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Sep 7 14:07:39 2009 +1000
s4:nsupdate-gss allow forcing of the realm
this is needed for the _msdcs zone
-----------------------------------------------------------------------
Summary of changes:
source4/scripting/bin/nsupdate-gss | 72 ++++++++++++++++++-----------------
source4/scripting/bin/setup_dns.sh | 22 +++++++----
2 files changed, 51 insertions(+), 43 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/bin/nsupdate-gss b/source4/scripting/bin/nsupdate-gss
index 640ec32..dec5916 100755
--- a/source4/scripting/bin/nsupdate-gss
+++ b/source4/scripting/bin/nsupdate-gss
@@ -22,12 +22,14 @@ my $opt_noverify = 0;
my $opt_verbose = 0;
my $opt_help = 0;
my $opt_nameserver;
+my $opt_realm;
my $opt_ntype = "A";
# main program
GetOptions (
'h|help|?' => \$opt_help,
'wipe' => \$opt_wipe,
+ 'realm=s' => \$opt_realm,
'nameserver=s' => \$opt_nameserver,
'ntype=s' => \$opt_ntype,
'add' => \$opt_add,
@@ -35,7 +37,6 @@ GetOptions (
'verbose' => \$opt_verbose
);
-
#########################################
# display help text
sub ShowHelp()
@@ -122,35 +123,30 @@ sub sig_verify($$)
#######################################################################
# find the nameserver for the domain
#
-sub find_nameservers($)
+sub find_nameserver($)
{
- my $domain = shift;
- my $res;
- if ($opt_nameserver) {
- $res = Net::DNS::Resolver->new(
- nameservers => [qw($opt_nameserver)],
- recurse => 0,
- debug => 1);
- } else {
- $res = Net::DNS::Resolver->new;
- }
- $res->nameservers($domain);
- return $res;
+ my $server_name = shift;
+ return Net::DNS::Resolver->new(
+ nameservers => [$server_name],
+ recurse => 0,
+ debug => 0);
}
#######################################################################
-# find a server name for a domain - currently uses the LDAP SRV record.
-# I wonder if there is a _dns record type?
+# find a server name for a domain - currently uses the NS record
sub find_server_name($)
{
my $domain = shift;
my $res = Net::DNS::Resolver->new;
- my $srv_query = $res->query("_ldap._tcp.$domain.", "SRV");
+ my $srv_query = $res->query("$domain.", "NS");
if (!defined($srv_query)) {
return undef;
}
- my $server_name = ($srv_query->answer)[0]->{"target"};
+ my $server_name;
+ foreach my $rr (grep { $_->type eq 'NS' } $srv_query->answer) {
+ $server_name = $rr->nsdname;
+ }
return $server_name;
}
@@ -170,8 +166,10 @@ sub negotiate_tkey($$$$)
my $context = GSSAPI::Context->new;
my $name = GSSAPI::Name->new;
- # use a principal name of dns/server at DOMAIN
- $status = $name->import($name, "dns/" . $server_name . "@" . uc($domain));
+ # use a principal name of dns/server at REALM
+ $opt_verbose &&
+ print "Using principal dns/" . $server_name . "@" . uc($opt_realm) . "\n";
+ $status = $name->import($name, "dns/" . $server_name . "@" . uc($opt_realm));
if (! $status) {
print "import name: $status\n";
return undef;
@@ -270,30 +268,33 @@ sub negotiate_tkey($$$$)
# MAIN
#######################################################################
+if (!$opt_realm) {
+ $opt_realm = $domain;
+}
-# find the nameservers
-my $nameserver = find_nameservers("$domain.");
-
-$opt_verbose && print "Found nameserver $nameserver\n";
+# find the name of the DNS server
+if (!$opt_nameserver) {
+ $opt_nameserver = find_server_name($domain);
+ if (!defined($opt_nameserver)) {
+ print "Failed to find a DNS server name for $domain\n";
+ exit 1;
+ }
+}
+$opt_verbose && print "Using DNS server name $opt_nameserver\n";
+# connect to the nameserver
+my $nameserver = find_nameserver($opt_nameserver);
if (!defined($nameserver) || $nameserver->{'errorstring'} ne 'NOERROR') {
- print "Failed to find a nameserver for domain $domain\n";
- exit 1;
+ print "Failed to connect to nameserver for domain $domain\n";
+ exit 1;
}
-# find the name of the DNS server
-my $server_name = find_server_name($domain);
-if (!defined($server_name)) {
- print "Failed to find a DNS server name for $domain\n";
- exit 1;
-}
-$opt_verbose && print "Using DNS server name $server_name\n";
# use a long random key name
my $key_name = int(rand 10000000000000);
# negotiate a TKEY key
-my $gss_context = negotiate_tkey($nameserver, $domain, $server_name, $key_name);
+my $gss_context = negotiate_tkey($nameserver, $domain, $opt_nameserver, $key_name);
if (!defined($gss_context)) {
print "Failed to negotiate a TKEY\n";
exit 1;
@@ -341,7 +342,8 @@ if (! defined($update_reply)) {
# make sure it worked
my $result = $update_reply->header->{"rcode"};
-$opt_verbose && print "Update gave rcode $result\n";
+
+($opt_verbose || $result ne 'NOERROR') && print "Update gave rcode $result\n";
if ($result ne 'NOERROR') {
exit 1;
diff --git a/source4/scripting/bin/setup_dns.sh b/source4/scripting/bin/setup_dns.sh
index 20051c3..e6a4281 100755
--- a/source4/scripting/bin/setup_dns.sh
+++ b/source4/scripting/bin/setup_dns.sh
@@ -6,8 +6,8 @@
exit 1
}
-HOSTNAME="$1"
-DOMAIN="$2"
+HOSTNAME="$(echo $1 | tr '[a-z]' '[A-Z]')"
+DOMAIN="$(echo $2 | tr '[a-z]' '[A-Z]')"
IP="$3"
RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g)
@@ -18,12 +18,18 @@ OBJECTGUID=$(bin/ldbsearch -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOS
echo "Found objectGUID $OBJECTGUID"
-echo "Running kinit for BLU\$@VSOFS8.COM"
-bin/samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" BLU\$@VSOFS8.COM || exit 1
+echo "Running kinit for $HOSTNAME\$@$DOMAIN"
+bin/samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" $HOSTNAME\$@$DOMAIN || exit 1
echo "Adding $HOSTNAME.$DOMAIN"
-scripting/bin/nsupdate-gss --noverify $HOSTNAME $DOMAIN $IP 300 || exit 1
-echo "Adding $OBJECTGUID.$DOMAIN => $HOSTNAME.$DOMAIN"
-scripting/bin/nsupdate-gss --noverify --ntype="CNAME" $OBJECTGUID $DOMAIN $HOSTNAME.$DOMAIN 300 || exit 1
+scripting/bin/nsupdate-gss --noverify $HOSTNAME $DOMAIN $IP 300 || {
+ echo "Failed to add A record"
+ exit 1
+}
+echo "Adding $OBJECTGUID._msdcs.$DOMAIN => $HOSTNAME.$DOMAIN"
+scripting/bin/nsupdate-gss --realm=$DOMAIN --noverify --ntype="CNAME" $OBJECTGUID _msdcs.$DOMAIN $HOSTNAME.$DOMAIN 300 || {
+ echo "Failed to add CNAME"
+ exit 1
+}
echo "Checking"
host $HOSTNAME.$DOMAIN
-host $OBJECTGUID.$DOMAIN
+host $OBJECTGUID._msdcs.$DOMAIN
--
Samba Shared Repository
More information about the samba-cvs
mailing list