[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1413-g5a22c02

Andrew Tridgell tridge at samba.org
Sun Sep 6 22:09:30 MDT 2009 

The branch, master has been updated
       via  5a22c0225abe2da11e844888475cbd9c40c6c47c (commit)
       via  becee4c164d6d2c3a65b9af0ac0457a1c5827319 (commit)
      from  9cf2d053cd255ee8c96bb25338b229e63d2d5182 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 5a22c0225abe2da11e844888475cbd9c40c6c47c
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 7 14:08:03 2009 +1000

    s4:setup_dns.sh fixed the update of the GUID CNAME

commit becee4c164d6d2c3a65b9af0ac0457a1c5827319
Author: Andrew Tridgell <tridge at samba.org>
Date:   Mon Sep 7 14:07:39 2009 +1000

    s4:nsupdate-gss allow forcing of the realm
    
    this is needed for the _msdcs zone

-----------------------------------------------------------------------

Summary of changes:
 source4/scripting/bin/nsupdate-gss |   72 ++++++++++++++++++-----------------
 source4/scripting/bin/setup_dns.sh |   22 +++++++----
 2 files changed, 51 insertions(+), 43 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/bin/nsupdate-gss b/source4/scripting/bin/nsupdate-gss
index 640ec32..dec5916 100755
--- a/source4/scripting/bin/nsupdate-gss
+++ b/source4/scripting/bin/nsupdate-gss
@@ -22,12 +22,14 @@ my $opt_noverify = 0;
 my $opt_verbose = 0;
 my $opt_help = 0;
 my $opt_nameserver;
+my $opt_realm;
 my $opt_ntype = "A";
 
 # main program
 GetOptions (
 	    'h|help|?' => \$opt_help,
 	    'wipe' => \$opt_wipe,
+	    'realm=s' => \$opt_realm,
 	    'nameserver=s' => \$opt_nameserver,
 	    'ntype=s' => \$opt_ntype,
 	    'add' => \$opt_add,
@@ -35,7 +37,6 @@ GetOptions (
 	    'verbose' => \$opt_verbose
 	    );
 
-
 #########################################
 # display help text
 sub ShowHelp()
@@ -122,35 +123,30 @@ sub sig_verify($$)
 #######################################################################
 # find the nameserver for the domain
 #
-sub find_nameservers($)
+sub find_nameserver($)
 {
-    my $domain = shift;
-    my $res;
-    if ($opt_nameserver) {
-	    $res = Net::DNS::Resolver->new(
-		    nameservers => [qw($opt_nameserver)],
-		    recurse     => 0,
-		    debug       => 1);
-    } else {
-	    $res = Net::DNS::Resolver->new;
-    }
-    $res->nameservers($domain);
-    return $res;
+    my $server_name = shift;
+    return Net::DNS::Resolver->new(
+	    nameservers => [$server_name],
+	    recurse     => 0,
+	    debug       => 0);
 }
 
 
 #######################################################################
-# find a server name for a domain - currently uses the LDAP SRV record.
-# I wonder if there is a _dns record type?
+# find a server name for a domain - currently uses the NS record
 sub find_server_name($)
 {
     my $domain = shift;
     my $res = Net::DNS::Resolver->new;
-    my $srv_query = $res->query("_ldap._tcp.$domain.", "SRV");
+    my $srv_query = $res->query("$domain.", "NS");
     if (!defined($srv_query)) {
 	return undef;
     }
-    my $server_name = ($srv_query->answer)[0]->{"target"};
+    my $server_name;
+    foreach my $rr (grep { $_->type eq 'NS' } $srv_query->answer) {
+	    $server_name = $rr->nsdname;
+    }
     return $server_name;
 }
 
@@ -170,8 +166,10 @@ sub negotiate_tkey($$$$)
     my $context = GSSAPI::Context->new;
     my $name = GSSAPI::Name->new;
 
-    # use a principal name of dns/server at DOMAIN
-    $status = $name->import($name, "dns/" . $server_name . "@" . uc($domain));
+    # use a principal name of dns/server at REALM
+    $opt_verbose &&
+	print "Using principal dns/" . $server_name . "@" . uc($opt_realm) . "\n";
+    $status = $name->import($name, "dns/" . $server_name . "@" . uc($opt_realm));
     if (! $status) {
 	    print "import name: $status\n";
 	    return undef;
@@ -270,30 +268,33 @@ sub negotiate_tkey($$$$)
 # MAIN
 #######################################################################
 
+if (!$opt_realm) {
+	$opt_realm = $domain;
+}
 
-# find the nameservers
-my $nameserver = find_nameservers("$domain.");
-
-$opt_verbose && print "Found nameserver $nameserver\n";
+# find the name of the DNS server
+if (!$opt_nameserver) {
+	$opt_nameserver = find_server_name($domain);
+	if (!defined($opt_nameserver)) {
+		print "Failed to find a DNS server name for $domain\n";
+		exit 1;
+	}
+}
+$opt_verbose && print "Using DNS server name $opt_nameserver\n";
 
+# connect to the nameserver
+my $nameserver = find_nameserver($opt_nameserver);
 if (!defined($nameserver) || $nameserver->{'errorstring'} ne 'NOERROR') {
-    print "Failed to find a nameserver for domain $domain\n";
-    exit 1;
+	print "Failed to connect to nameserver for domain $domain\n";
+	exit 1;
 }
 
-# find the name of the DNS server
-my $server_name = find_server_name($domain);
-if (!defined($server_name)) {
-    print "Failed to find a DNS server name for $domain\n";
-    exit 1;
-}
-$opt_verbose && print "Using DNS server name $server_name\n";
 
 # use a long random key name
 my $key_name = int(rand 10000000000000);
 
 # negotiate a TKEY key
-my $gss_context = negotiate_tkey($nameserver, $domain, $server_name, $key_name);
+my $gss_context = negotiate_tkey($nameserver, $domain, $opt_nameserver, $key_name);
 if (!defined($gss_context)) {
     print "Failed to negotiate a TKEY\n";
     exit 1;
@@ -341,7 +342,8 @@ if (! defined($update_reply)) {
 
 # make sure it worked
 my $result = $update_reply->header->{"rcode"};
-$opt_verbose && print "Update gave rcode $result\n";
+
+($opt_verbose || $result ne 'NOERROR') && print "Update gave rcode $result\n";
 
 if ($result ne 'NOERROR') {
     exit 1;
diff --git a/source4/scripting/bin/setup_dns.sh b/source4/scripting/bin/setup_dns.sh
index 20051c3..e6a4281 100755
--- a/source4/scripting/bin/setup_dns.sh
+++ b/source4/scripting/bin/setup_dns.sh
@@ -6,8 +6,8 @@
     exit 1
 }
 
-HOSTNAME="$1"
-DOMAIN="$2"
+HOSTNAME="$(echo $1 | tr '[a-z]' '[A-Z]')"
+DOMAIN="$(echo $2 | tr '[a-z]' '[A-Z]')"
 IP="$3"
 
 RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g)
@@ -18,12 +18,18 @@ OBJECTGUID=$(bin/ldbsearch -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOS
 
 echo "Found objectGUID $OBJECTGUID"
 
-echo "Running kinit for BLU\$@VSOFS8.COM"
-bin/samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" BLU\$@VSOFS8.COM || exit 1
+echo "Running kinit for $HOSTNAME\$@$DOMAIN"
+bin/samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" $HOSTNAME\$@$DOMAIN || exit 1
 echo "Adding $HOSTNAME.$DOMAIN"
-scripting/bin/nsupdate-gss --noverify $HOSTNAME $DOMAIN $IP 300 || exit 1
-echo "Adding $OBJECTGUID.$DOMAIN => $HOSTNAME.$DOMAIN"
-scripting/bin/nsupdate-gss --noverify --ntype="CNAME" $OBJECTGUID $DOMAIN $HOSTNAME.$DOMAIN 300 || exit 1
+scripting/bin/nsupdate-gss --noverify $HOSTNAME $DOMAIN $IP 300 || {
+    echo "Failed to add A record"
+    exit 1
+}
+echo "Adding $OBJECTGUID._msdcs.$DOMAIN => $HOSTNAME.$DOMAIN"
+scripting/bin/nsupdate-gss --realm=$DOMAIN --noverify --ntype="CNAME" $OBJECTGUID _msdcs.$DOMAIN $HOSTNAME.$DOMAIN 300 || {
+    echo "Failed to add CNAME"
+    exit 1
+}
 echo "Checking"
 host $HOSTNAME.$DOMAIN
-host $OBJECTGUID.$DOMAIN
+host $OBJECTGUID._msdcs.$DOMAIN


-- 
Samba Shared Repository

More information about the samba-cvs mailing list