[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Mon Dec 3 12:44:32 MST 2012
The branch, v3-6-test has been updated
via ceb2c81 s3-net: Fix DEBUG() location.
via ac0f0e7 s3-net: give more control how to update/register DNS entries.
via 0d41b63 s3-net: pass down a flags field to DoDNSUpdate().
via a294a6d s3-net: move out some prototypes to net_dns.h.
via 2443f18 s3-net: pass down struct net_context to the dns update calls.
from 005d7c2 Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit ceb2c81481ea8a37bb281a4d4df604573b371a2d
Author: Günther Deschner <gd at samba.org>
Date: Mon Oct 1 16:19:28 2012 +0200
s3-net: Fix DEBUG() location.
Guenther
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104
Signed-off-by: Günther Deschner <gd at samba.org>
The last 5 patches address bug #9451 - Allow to force DNS updates using net.
commit ac0f0e7bc9126ee897d6eaac753c66853514326a
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 25 11:09:45 2012 +0200
s3-net: give more control how to update/register DNS entries.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
commit 0d41b631faf95714eafec4836f7424edb4dda4af
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 25 11:08:48 2012 +0200
s3-net: pass down a flags field to DoDNSUpdate().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
commit a294a6d2fdbbd9fe54882a365cb54c1f49b900bc
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 19 15:35:15 2012 +0200
s3-net: move out some prototypes to net_dns.h.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
commit 2443f18b0c90956ae7840ac13487b9595b4cff4b
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 19 15:31:57 2012 +0200
s3-net: pass down struct net_context to the dns update calls.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/utils/net_ads.c | 42 ++++++++++++--------
source3/utils/net_dns.c | 96 ++++++++++++++++++++++++++++------------------
source3/utils/net_dns.h | 43 +++++++++++++++++++++
3 files changed, 126 insertions(+), 55 deletions(-)
create mode 100644 source3/utils/net_dns.h
Changeset truncated at 500 lines:
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 6a7bc53..8f8b7b4 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -37,6 +37,7 @@
#include "krb5_env.h"
#include "../libcli/security/security.h"
#include "libsmb/libsmb.h"
+#include "utils/net_dns.h"
#ifdef HAVE_ADS
@@ -1123,12 +1124,9 @@ static WERROR check_ads_config( void )
#if defined(WITH_DNS_UPDATES)
#include "../lib/addns/dns.h"
-DNS_ERROR DoDNSUpdate(char *pszServerName,
- const char *pszDomainName, const char *pszHostName,
- const struct sockaddr_storage *sslist,
- size_t num_addrs );
-static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads,
+static NTSTATUS net_update_dns_internal(struct net_context *c,
+ TALLOC_CTX *ctx, ADS_STRUCT *ads,
const char *machine_name,
const struct sockaddr_storage *addrs,
int num_addrs)
@@ -1190,7 +1188,7 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads,
status = ads_dns_lookup_ns( ctx, root_domain, &nameservers, &ns_count );
if ( !NT_STATUS_IS_OK(status) || (ns_count == 0)) {
- DEBUG(3,("net_ads_join: Failed to find name server for the %s "
+ DEBUG(3,("net_update_dns_internal: Failed to find name server for the %s "
"realm\n", ads->config.realm));
goto done;
}
@@ -1201,12 +1199,25 @@ static NTSTATUS net_update_dns_internal(TALLOC_CTX *ctx, ADS_STRUCT *ads,
for (i=0; i < ns_count; i++) {
+ uint32_t flags = DNS_UPDATE_SIGNED |
+ DNS_UPDATE_UNSIGNED |
+ DNS_UPDATE_UNSIGNED_SUFFICIENT |
+ DNS_UPDATE_PROBE |
+ DNS_UPDATE_PROBE_SUFFICIENT;
+
+ if (c->opt_force) {
+ flags &= ~DNS_UPDATE_PROBE_SUFFICIENT;
+ flags &= ~DNS_UPDATE_UNSIGNED_SUFFICIENT;
+ }
+
+ status = NT_STATUS_UNSUCCESSFUL;
+
/* Now perform the dns update - we'll try non-secure and if we fail,
we'll follow it up with a secure update */
fstrcpy( dns_server, nameservers[i].hostname );
- dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs);
+ dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs, flags);
if (ERR_DNS_IS_OK(dns_err)) {
status = NT_STATUS_OK;
goto done;
@@ -1233,7 +1244,8 @@ done:
return status;
}
-static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
+static NTSTATUS net_update_dns_ext(struct net_context *c,
+ TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
const char *hostname,
struct sockaddr_storage *iplist,
int num_addrs)
@@ -1263,18 +1275,18 @@ static NTSTATUS net_update_dns_ext(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads,
iplist = iplist_alloc;
}
- status = net_update_dns_internal(mem_ctx, ads, machine_name,
+ status = net_update_dns_internal(c, mem_ctx, ads, machine_name,
iplist, num_addrs);
SAFE_FREE(iplist_alloc);
return status;
}
-static NTSTATUS net_update_dns(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
+static NTSTATUS net_update_dns(struct net_context *c, TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, const char *hostname)
{
NTSTATUS status;
- status = net_update_dns_ext(mem_ctx, ads, hostname, NULL, 0);
+ status = net_update_dns_ext(c, mem_ctx, ads, hostname, NULL, 0);
return status;
}
#endif
@@ -1479,7 +1491,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
ads_kinit_password( ads_dns );
}
- if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns, NULL)) ) {
+ if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns(c, ctx, ads_dns, NULL)) ) {
d_fprintf( stderr, _("DNS update failed!\n") );
}
@@ -1584,7 +1596,7 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
return -1;
}
- ntstatus = net_update_dns_ext(ctx, ads, hostname, addrs, num_addrs);
+ ntstatus = net_update_dns_ext(c, ctx, ads, hostname, addrs, num_addrs);
if (!NT_STATUS_IS_OK(ntstatus)) {
d_fprintf( stderr, _("DNS update failed!\n") );
ads_destroy( &ads );
@@ -1605,10 +1617,6 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar
#endif
}
-#if defined(WITH_DNS_UPDATES)
-DNS_ERROR do_gethostbyname(const char *server, const char *host);
-#endif
-
static int net_ads_dns_gethostbyname(struct net_context *c, int argc, const char **argv)
{
#if defined(WITH_DNS_UPDATES)
diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
index 5fbdc0a..eda0492 100644
--- a/source3/utils/net_dns.c
+++ b/source3/utils/net_dns.c
@@ -22,23 +22,17 @@
#include "includes.h"
#include "utils/net.h"
#include "../lib/addns/dns.h"
+#include "utils/net_dns.h"
#if defined(WITH_DNS_UPDATES)
-/*
- * Silly prototype to get rid of a warning
- */
-
-DNS_ERROR DoDNSUpdate(char *pszServerName,
- const char *pszDomainName, const char *pszHostName,
- const struct sockaddr_storage *sslist,
- size_t num_addrs );
/*********************************************************************
*********************************************************************/
DNS_ERROR DoDNSUpdate(char *pszServerName,
const char *pszDomainName, const char *pszHostName,
- const struct sockaddr_storage *sslist, size_t num_addrs )
+ const struct sockaddr_storage *sslist, size_t num_addrs,
+ uint32_t flags)
{
DNS_ERROR err;
struct dns_connection *conn;
@@ -46,6 +40,14 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
OM_uint32 minor;
struct dns_update_request *req, *resp;
+ DEBUG(10,("DoDNSUpdate called with flags: 0x%08x\n", flags));
+
+ if (!(flags & DNS_UPDATE_SIGNED) &&
+ !(flags & DNS_UPDATE_UNSIGNED) &&
+ !(flags & DNS_UPDATE_PROBE)) {
+ return ERROR_DNS_INVALID_PARAMETER;
+ }
+
if ( (num_addrs <= 0) || !sslist ) {
return ERROR_DNS_INVALID_PARAMETER;
}
@@ -59,45 +61,65 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
goto error;
}
- /*
- * Probe if everything's fine
- */
+ if (flags & DNS_UPDATE_PROBE) {
- err = dns_create_probe(mem_ctx, pszDomainName, pszHostName,
- num_addrs, sslist, &req);
- if (!ERR_DNS_IS_OK(err)) goto error;
+ /*
+ * Probe if everything's fine
+ */
- err = dns_update_transaction(mem_ctx, conn, req, &resp);
- if (!ERR_DNS_IS_OK(err)) goto error;
+ err = dns_create_probe(mem_ctx, pszDomainName, pszHostName,
+ num_addrs, sslist, &req);
+ if (!ERR_DNS_IS_OK(err)) goto error;
+
+ err = dns_update_transaction(mem_ctx, conn, req, &resp);
+ if (!ERR_DNS_IS_OK(err)) goto error;
- if (dns_response_code(resp->flags) == DNS_NO_ERROR) {
- TALLOC_FREE(mem_ctx);
- return ERROR_DNS_SUCCESS;
+ if (!ERR_DNS_IS_OK(err)) {
+ DEBUG(3,("DoDNSUpdate: failed to probe DNS\n"));
+ }
+
+ if ((dns_response_code(resp->flags) == DNS_NO_ERROR) &&
+ (flags & DNS_UPDATE_PROBE_SUFFICIENT)) {
+ TALLOC_FREE(mem_ctx);
+ return ERROR_DNS_SUCCESS;
+ }
}
- /*
- * First try without signing
- */
+ if (flags & DNS_UPDATE_UNSIGNED) {
- err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName,
- sslist, num_addrs, &req);
- if (!ERR_DNS_IS_OK(err)) goto error;
+ /*
+ * First try without signing
+ */
- err = dns_update_transaction(mem_ctx, conn, req, &resp);
- if (!ERR_DNS_IS_OK(err)) goto error;
+ err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName,
+ sslist, num_addrs, &req);
+ if (!ERR_DNS_IS_OK(err)) goto error;
- if (dns_response_code(resp->flags) == DNS_NO_ERROR) {
- TALLOC_FREE(mem_ctx);
- return ERROR_DNS_SUCCESS;
+ err = dns_update_transaction(mem_ctx, conn, req, &resp);
+ if (!ERR_DNS_IS_OK(err)) goto error;
+
+ if (!ERR_DNS_IS_OK(err)) {
+ DEBUG(3,("DoDNSUpdate: unsigned update failed\n"));
+ }
+
+ if ((dns_response_code(resp->flags) == DNS_NO_ERROR) &&
+ (flags & DNS_UPDATE_UNSIGNED_SUFFICIENT)) {
+ TALLOC_FREE(mem_ctx);
+ return ERROR_DNS_SUCCESS;
+ }
}
/*
* Okay, we have to try with signing
*/
- {
+ if (flags & DNS_UPDATE_SIGNED) {
gss_ctx_id_t gss_context;
char *keyname;
+ err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName,
+ sslist, num_addrs, &req);
+ if (!ERR_DNS_IS_OK(err)) goto error;
+
if (!(keyname = dns_generate_keyname( mem_ctx ))) {
err = ERROR_DNS_NO_MEMORY;
goto error;
@@ -128,6 +150,10 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
err = (dns_response_code(resp->flags) == DNS_NO_ERROR) ?
ERROR_DNS_SUCCESS : ERROR_DNS_UPDATE_FAILED;
+
+ if (!ERR_DNS_IS_OK(err)) {
+ DEBUG(3,("DoDNSUpdate: signed update failed\n"));
+ }
}
@@ -177,12 +203,6 @@ int get_my_ip_address( struct sockaddr_storage **pp_ss )
return count;
}
-/*
- * Silly prototype to get rid of a warning
- */
-
-DNS_ERROR do_gethostbyname(const char *server, const char *host);
-
DNS_ERROR do_gethostbyname(const char *server, const char *host)
{
struct dns_connection *conn;
diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h
new file mode 100644
index 0000000..31e541b
--- /dev/null
+++ b/source3/utils/net_dns.h
@@ -0,0 +1,43 @@
+/*
+ Samba Unix/Linux Dynamic DNS Update
+ net ads commands
+
+ Copyright (C) Krishna Ganugapati (krishnag at centeris.com) 2006
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* flags for DoDNSUpdate */
+
+#define DNS_UPDATE_SIGNED 0x01
+#define DNS_UPDATE_SIGNED_SUFFICIENT 0x02
+#define DNS_UPDATE_UNSIGNED 0x04
+#define DNS_UPDATE_UNSIGNED_SUFFICIENT 0x08
+#define DNS_UPDATE_PROBE 0x10
+#define DNS_UPDATE_PROBE_SUFFICIENT 0x20
+
+#if defined(WITH_DNS_UPDATES)
+
+#include "../lib/addns/dns.h"
+
+DNS_ERROR DoDNSUpdate(char *pszServerName,
+ const char *pszDomainName, const char *pszHostName,
+ const struct sockaddr_storage *sslist,
+ size_t num_addrs,
+ uint32_t flags);
+
+DNS_ERROR do_gethostbyname(const char *server, const char *host);
+
+#endif /* defined(WITH_DNS_UPDATES) */
--
Samba Shared Repository
More information about the samba-cvs
mailing list