[SCM] Samba Shared Repository - branch v3-5-test updated

Karolin Seeger kseeger at samba.org
Sun Dec 26 14:10:54 MST 2010


The branch, v3-5-test has been updated
       via  53f163b s3:net ads dns register: use "cluster addresses" option if configured (bug #7871)
       via  5e70848 s3:net ads dns register: add support for specifying addresse on the commandline (bug #7871)
       via  ed91429 s3:net: add net_update_dns_ext() that accepts a list of addresses as parameter (bug# 7871)
       via  ae5ba41 s3:net: disable dynamic dns updates at the end of "net ads join" in a cluster (bug #7871)
       via  bce7e8c s3-net Allow 'net ads dns register' to take an optional hostname argument
      from  ab69b55 s3:ntlm_auth: support clients which offer a spnego mechs we don't support (bug #7855)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 53f163bbc2e5722a46eeb55d15cca2c23994e71b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 16 12:07:24 2010 +0100

    s3:net ads dns register: use "cluster addresses" option if configured (bug #7871)
    
    metze
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Fri Dec 17 16:49:14 CET 2010 on sn-devel-104
    (cherry picked from commit 1dc2fa7616207a2d3a9f1cbe69b2ec1fc61634fd)
    (cherry picked from commit 9a40e5f6a500571cc752383ca7fa27347e4efa45)

commit 5e708489d56bc7a2b0a033a38e62bed519249b33
Author: Michael Adam <obnox at samba.org>
Date:   Thu Dec 16 01:49:14 2010 +0100

    s3:net ads dns register: add support for specifying addresse on the commandline (bug #7871)
    
    In the clustering case, this is also made the only possiblity to do dns updates,
    since the list addresses on the local interfaces is not suitable in that case.
    
    This fixes the "net ads dns register" part of bug #7871.
    It might be extended by a parsing of the "cluster addresses" setting.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 5e83a05009787d8a2086db1adc1ed58d61b3725d)
    (cherry picked from commit 9ed3d33fb3d7365a127ea2752032840272697902)

commit ed914296df896a3805c8c6b74ad8bd9e1dcac35b
Author: Michael Adam <obnox at samba.org>
Date:   Thu Dec 16 00:52:41 2010 +0100

    s3:net: add net_update_dns_ext() that accepts a list of addresses as parameter (bug# 7871)
    
    This generalized form of net_update_dns() will be used to
    add support for specifying a list of addresses on the commandline
    of "net ads dns register".
    
    This prepares the "net ads dns register" part of the fix for bug #7871.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 4d91f98b433e07922373bf4e3ba9668b7af71a00)
    (cherry picked from commit 4b7775500b1055acf62decbc0fc8283b088da452)

commit ae5ba417d3599cf6ad81a9612e7998a30d8a4061
Author: Michael Adam <obnox at samba.org>
Date:   Thu Dec 2 00:42:21 2010 +0100

    s3:net: disable dynamic dns updates at the end of "net ads join" in a cluster (bug #7871)
    
    In a clustered environment, registering the set of ip addresses that are
    assigned to the interfaces of the node that performs the join does usually
    not have the desired effect, since the local interfaces do not carry
    complete set of the cluster's public IP addresses.  And it can also contain
    internal addresses that should not be visible to the outside at all.
    In order to do dns updates in a clustererd setup, use net ads dns register.
    
    This fixes the net ads join part of bug #7871.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit b8f19df53e66bf0260b4ae6c49acea87ac379deb)
    (cherry picked from commit 1c73d52ddddfcec25cf079da4a0d6bf81fb030da)

commit bce7e8c8e11321d98a30a8b6bb79a392a5e644ba
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Dec 10 15:08:53 2010 +1100

    s3-net Allow 'net ads dns register' to take an optional hostname argument
    
    This allows the administrator to more carefully chose what name to register.
    
    Andrew Bartlett
    (cherry picked from commit c2a1ad9047508cf2745a9019e6783c8b8f7ef475)
    (cherry picked from commit 10c5a59315ef69eeb4d8bc19237de9787284a63d)
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/utils/net_ads.c |  117 ++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 100 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index b618ab8..83aef18 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1197,29 +1197,48 @@ done:
 	return status;
 }
 
-static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads)
+static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
+				   const char *hostname,
+				   struct sockaddr_storage *iplist,
+				   int num_addrs)
 {
-	int num_addrs;
-	struct sockaddr_storage *iplist = NULL;
+	struct sockaddr_storage *iplist_alloc = NULL;
 	fstring machine_name;
 	NTSTATUS status;
 
-	name_to_fqdn( machine_name, global_myname() );
+	if (hostname) {
+		fstrcpy(machine_name, hostname);
+	} else {
+		name_to_fqdn( machine_name, global_myname() );
+	}
 	strlower_m( machine_name );
 
-	/* Get our ip address (not the 127.0.0.x address but a real ip
-	 * address) */
-
-	num_addrs = get_my_ip_address( &iplist );
-	if ( num_addrs <= 0 ) {
-		DEBUG(4,("net_update_dns: Failed to find my non-loopback IP "
-			 "addresses!\n"));
-		return NT_STATUS_INVALID_PARAMETER;
+	if (num_addrs == 0 || iplist == NULL) {
+		/*
+		 * Get our ip address
+		 * (not the 127.0.0.x address but a real ip address)
+		 */
+		num_addrs = get_my_ip_address(&iplist_alloc);
+		if ( num_addrs <= 0 ) {
+			DEBUG(4, ("net_update_dns_ext: Failed to find my "
+				  "non-loopback IP addresses!\n"));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		iplist = iplist_alloc;
 	}
 
 	status = net_update_dns_internal(mem_ctx, ads, machine_name,
 					 iplist, num_addrs);
-	SAFE_FREE( iplist );
+
+	SAFE_FREE(iplist_alloc);
+	return status;
+}
+
+static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
+{
+	NTSTATUS status;
+
+	status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0);
 	return status;
 }
 #endif
@@ -1376,6 +1395,23 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
 	}
 
 #if defined(WITH_DNS_UPDATES)
+	/*
+	 * In a clustered environment, don't do dynamic dns updates:
+	 * Registering the set of ip addresses that are assigned to
+	 * the interfaces of the node that performs the join does usually
+	 * not have the desired effect, since the local interfaces do not
+	 * carry the complete set of the cluster's public IP addresses.
+	 * And it can also contain internal addresses that should not
+	 * be visible to the outside at all.
+	 * In order to do dns updates in a clustererd setup, use
+	 * net ads dns register.
+	 */
+	if (lp_clustering()) {
+		d_fprintf(stderr, _("Not doing automatic DNS update in a"
+				    "clustered setup.\n"));
+		goto done;
+	}
+
 	if (r->out.domain_is_ad) {
 		/* We enter this block with user creds */
 		ADS_STRUCT *ads_dns = NULL;
@@ -1394,7 +1430,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
 			ads_kinit_password( ads_dns );
 		}
 
-		if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns )) ) {
+		if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns, NULL)) ) {
 			d_fprintf( stderr, _("DNS update failed!\n") );
 		}
 
@@ -1402,6 +1438,8 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
 		ads_destroy(&ads_dns);
 	}
 #endif
+
+done:
 	TALLOC_FREE(r);
 	TALLOC_FREE( ctx );
 
@@ -1425,15 +1463,28 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
 #if defined(WITH_DNS_UPDATES)
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
+	NTSTATUS ntstatus;
 	TALLOC_CTX *ctx;
+	const char *hostname = NULL;
+	const char **addrs_list = NULL;
+	struct sockaddr_storage *addrs = NULL;
+	int num_addrs = 0;
+	int count;
 
 #ifdef DEVELOPER
 	talloc_enable_leak_report();
 #endif
 
-	if (argc > 0 || c->display_usage) {
+	if (argc <= 1 && lp_clustering() && lp_cluster_addresses() == NULL) {
+		d_fprintf(stderr, _("Refusing DNS updates with automatic "
+				    "detection of addresses in a clustered "
+				    "setup.\n"));
+		c->display_usage = true;
+	}
+
+	if (c->display_usage) {
 		d_printf(  "%s\n"
-			   "net ads dns register\n"
+			   "net ads dns register [hostname [IP [IP...]]]\n"
 			   "    %s\n",
 			 _("Usage:"),
 			 _("Register hostname with DNS\n"));
@@ -1445,6 +1496,37 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
 		return -1;
 	}
 
+	if (argc >= 1) {
+		hostname = argv[0];
+	}
+
+	if (argc > 1) {
+		num_addrs = argc - 1;
+		addrs_list = &argv[1];
+	} else if (lp_clustering()) {
+		addrs_list = lp_cluster_addresses();
+		num_addrs = str_list_length(addrs_list);
+	}
+
+	if (num_addrs > 0) {
+		addrs = talloc_zero_array(ctx, struct sockaddr_storage, num_addrs);
+		if (addrs == NULL) {
+			d_fprintf(stderr, _("Error allocating memory!\n"));
+			talloc_free(ctx);
+			return -1;
+		}
+	}
+
+	for (count = 0; count < num_addrs; count++) {
+		if (!interpret_string_addr(&addrs[count], addrs_list[count], 0)) {
+			d_fprintf(stderr, "%s '%s'.\n",
+					  _("Cannot interpret address"),
+					  addrs_list[count]);
+			talloc_free(ctx);
+			return -1;
+		}
+	}
+
 	status = ads_startup(c, true, &ads);
 	if ( !ADS_ERR_OK(status) ) {
 		DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
@@ -1452,7 +1534,8 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
 		return -1;
 	}
 
-	if ( !NT_STATUS_IS_OK(net_update_dns(ctx, ads)) ) {
+	ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs);
+	if (!NT_STATUS_IS_OK(ntstatus)) {
 		d_fprintf( stderr, _("DNS update failed!\n") );
 		ads_destroy( &ads );
 		TALLOC_FREE( ctx );


-- 
Samba Shared Repository


More information about the samba-cvs mailing list