2006-08-24 19:43:32 +04:00
/*
Samba Unix / Linux Dynamic DNS Update
net ads commands
Copyright ( C ) Krishna Ganugapati ( krishnag @ centeris . com ) 2006
Copyright ( C ) Gerald Carter 2006
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2006-08-24 19:43:32 +04:00
( at your option ) any later version .
2010-07-18 15:39:51 +04:00
2006-08-24 19:43:32 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2010-07-18 15:39:51 +04:00
2006-08-24 19:43:32 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2006-08-24 19:43:32 +04:00
*/
# include "includes.h"
# include "utils/net.h"
2011-03-04 15:16:40 +03:00
# include "../lib/addns/dns.h"
2012-09-19 17:35:15 +04:00
# include "utils/net_dns.h"
2024-03-07 14:03:05 +03:00
# include "auth/gensec/gensec.h"
# include "auth_generic.h"
2006-08-24 19:43:32 +04:00
2021-03-25 00:48:28 +03:00
# if defined(HAVE_KRB5)
2007-07-25 22:45:57 +04:00
2006-08-24 19:43:32 +04:00
/*********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2024-03-07 14:03:05 +03:00
static DNS_ERROR DoDNSUpdateNegotiateGensec ( const char * pszServerName ,
const char * pszDomainName ,
const char * keyname ,
enum dns_ServerType srv_type ,
struct cli_credentials * creds ,
TALLOC_CTX * mem_ctx ,
struct gensec_security * * _gensec )
{
TALLOC_CTX * frame = talloc_stackframe ( ) ;
struct auth_generic_state * ans = NULL ;
NTSTATUS status ;
DNS_ERROR err ;
status = auth_generic_client_prepare ( mem_ctx , & ans ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
err = ERROR_DNS_GSS_ERROR ;
goto error ;
}
talloc_steal ( frame , ans ) ;
status = auth_generic_set_creds ( ans , creds ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
err = ERROR_DNS_GSS_ERROR ;
goto error ;
}
status = gensec_set_target_service ( ans - > gensec_security ,
" dns " ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
err = ERROR_DNS_GSS_ERROR ;
goto error ;
}
status = gensec_set_target_hostname ( ans - > gensec_security ,
pszServerName ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
err = ERROR_DNS_GSS_ERROR ;
goto error ;
}
gensec_want_feature ( ans - > gensec_security , GENSEC_FEATURE_SIGN ) ;
status = auth_generic_client_start ( ans , GENSEC_OID_KERBEROS5 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
err = ERROR_DNS_GSS_ERROR ;
goto error ;
}
err = dns_negotiate_sec_ctx ( pszServerName ,
keyname ,
ans - > gensec_security ,
srv_type ) ;
if ( ! ERR_DNS_IS_OK ( err ) ) {
goto error ;
}
* _gensec = talloc_move ( mem_ctx , & ans - > gensec_security ) ;
error :
TALLOC_FREE ( frame ) ;
return err ;
}
2006-12-14 20:00:10 +03:00
DNS_ERROR DoDNSUpdate ( char * pszServerName ,
2023-02-16 20:36:37 +03:00
const char * pszDomainName ,
const char * pszHostName ,
2024-03-07 14:03:05 +03:00
struct cli_credentials * creds ,
2023-02-16 20:36:37 +03:00
const struct sockaddr_storage * sslist ,
size_t num_addrs ,
uint32_t flags ,
uint32_t ttl ,
bool remove_host )
2006-08-24 19:43:32 +04:00
{
2006-11-18 00:46:26 +03:00
DNS_ERROR err ;
struct dns_connection * conn ;
TALLOC_CTX * mem_ctx ;
struct dns_update_request * req , * resp ;
2006-08-24 19:43:32 +04:00
2012-09-25 13:09:45 +04:00
DEBUG ( 10 , ( " DoDNSUpdate called with flags: 0x%08x \n " , flags ) ) ;
if ( ! ( flags & DNS_UPDATE_SIGNED ) & &
! ( flags & DNS_UPDATE_UNSIGNED ) & &
! ( flags & DNS_UPDATE_PROBE ) ) {
return ERROR_DNS_INVALID_PARAMETER ;
}
2016-06-27 02:26:53 +03:00
if ( ! remove_host & & ( ( num_addrs < = 0 ) | | ! sslist ) ) {
2006-11-18 00:46:26 +03:00
return ERROR_DNS_INVALID_PARAMETER ;
}
if ( ! ( mem_ctx = talloc_init ( " DoDNSUpdate " ) ) ) {
return ERROR_DNS_NO_MEMORY ;
2006-08-24 19:43:32 +04:00
}
2010-07-18 15:39:51 +04:00
2006-12-31 09:50:44 +03:00
err = dns_open_connection ( pszServerName , DNS_TCP , mem_ctx , & conn ) ;
2006-11-18 00:46:26 +03:00
if ( ! ERR_DNS_IS_OK ( err ) ) {
goto error ;
}
2012-09-25 13:09:45 +04:00
if ( flags & DNS_UPDATE_PROBE ) {
2006-11-18 00:46:26 +03:00
2012-09-25 13:09:45 +04:00
/*
* Probe if everything ' s fine
*/
2006-11-18 00:46:26 +03:00
2012-09-25 13:09:45 +04:00
err = dns_create_probe ( mem_ctx , pszDomainName , pszHostName ,
num_addrs , sslist , & req ) ;
if ( ! ERR_DNS_IS_OK ( err ) ) goto error ;
2006-11-18 00:46:26 +03:00
2012-09-25 13:09:45 +04:00
err = dns_update_transaction ( mem_ctx , conn , req , & resp ) ;
if ( ! ERR_DNS_IS_OK ( err ) ) {
DEBUG ( 3 , ( " DoDNSUpdate: failed to probe DNS \n " ) ) ;
2018-05-17 12:53:18 +03:00
goto error ;
2012-09-25 13:09:45 +04:00
}
if ( ( dns_response_code ( resp - > flags ) = = DNS_NO_ERROR ) & &
( flags & DNS_UPDATE_PROBE_SUFFICIENT ) ) {
TALLOC_FREE ( mem_ctx ) ;
return ERROR_DNS_SUCCESS ;
}
2006-11-18 00:46:26 +03:00
}
2012-09-25 13:09:45 +04:00
if ( flags & DNS_UPDATE_UNSIGNED ) {
/*
* First try without signing
*/
2006-08-24 19:43:32 +04:00
2023-02-16 20:36:37 +03:00
err = dns_create_update_request ( mem_ctx ,
pszDomainName ,
pszHostName ,
sslist ,
num_addrs ,
ttl ,
& req ) ;
2012-09-25 13:09:45 +04:00
if ( ! ERR_DNS_IS_OK ( err ) ) goto error ;
2006-08-24 19:43:32 +04:00
2012-09-25 13:09:45 +04:00
err = dns_update_transaction ( mem_ctx , conn , req , & resp ) ;
if ( ! ERR_DNS_IS_OK ( err ) ) {
DEBUG ( 3 , ( " DoDNSUpdate: unsigned update failed \n " ) ) ;
2018-05-23 18:35:15 +03:00
goto error ;
2012-09-25 13:09:45 +04:00
}
2006-11-18 00:46:26 +03:00
2012-09-25 13:09:45 +04:00
if ( ( dns_response_code ( resp - > flags ) = = DNS_NO_ERROR ) & &
( flags & DNS_UPDATE_UNSIGNED_SUFFICIENT ) ) {
TALLOC_FREE ( mem_ctx ) ;
return ERROR_DNS_SUCCESS ;
}
2006-11-18 00:46:26 +03:00
}
/*
* Okay , we have to try with signing
*/
2012-09-25 13:09:45 +04:00
if ( flags & DNS_UPDATE_SIGNED ) {
2024-03-07 14:03:05 +03:00
struct gensec_security * gensec = NULL ;
char * keyname = NULL ;
2006-11-18 00:46:26 +03:00
2023-02-16 20:36:37 +03:00
err = dns_create_update_request ( mem_ctx ,
pszDomainName ,
pszHostName ,
sslist ,
num_addrs ,
ttl ,
& req ) ;
2012-09-25 13:09:45 +04:00
if ( ! ERR_DNS_IS_OK ( err ) ) goto error ;
2006-11-18 00:46:26 +03:00
if ( ! ( keyname = dns_generate_keyname ( mem_ctx ) ) ) {
err = ERROR_DNS_NO_MEMORY ;
goto error ;
}
2024-03-07 14:03:05 +03:00
err = DoDNSUpdateNegotiateGensec ( pszServerName ,
pszDomainName ,
keyname ,
DNS_SRV_ANY ,
creds ,
mem_ctx ,
& gensec ) ;
2006-12-14 19:27:45 +03:00
/* retry using the Windows 2000 DNS hack */
if ( ! ERR_DNS_IS_OK ( err ) ) {
2024-03-07 14:03:05 +03:00
err = DoDNSUpdateNegotiateGensec ( pszServerName ,
pszDomainName ,
keyname ,
DNS_SRV_WIN2000 ,
creds ,
mem_ctx ,
& gensec ) ;
2006-12-14 19:27:45 +03:00
}
2010-07-18 15:39:51 +04:00
2006-12-14 19:27:45 +03:00
if ( ! ERR_DNS_IS_OK ( err ) )
goto error ;
2006-11-18 00:46:26 +03:00
2024-03-07 14:03:05 +03:00
err = dns_sign_update ( req , gensec , keyname ,
2006-11-18 00:46:26 +03:00
" gss.microsoft.com " , time ( NULL ) , 3600 ) ;
if ( ! ERR_DNS_IS_OK ( err ) ) goto error ;
err = dns_update_transaction ( mem_ctx , conn , req , & resp ) ;
if ( ! ERR_DNS_IS_OK ( err ) ) goto error ;
err = ( dns_response_code ( resp - > flags ) = = DNS_NO_ERROR ) ?
ERROR_DNS_SUCCESS : ERROR_DNS_UPDATE_FAILED ;
2012-09-25 13:09:45 +04:00
if ( ! ERR_DNS_IS_OK ( err ) ) {
DEBUG ( 3 , ( " DoDNSUpdate: signed update failed \n " ) ) ;
}
2006-08-24 19:43:32 +04:00
}
error :
2006-11-18 00:46:26 +03:00
TALLOC_FREE ( mem_ctx ) ;
return err ;
2006-08-24 19:43:32 +04:00
}
/*********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-01-09 00:11:12 +03:00
int get_my_ip_address ( struct sockaddr_storage * * pp_ss )
2006-08-24 19:43:32 +04:00
{
int i , n ;
2008-01-09 00:11:12 +03:00
struct sockaddr_storage * list = NULL ;
2006-08-24 19:43:32 +04:00
int count = 0 ;
2008-10-03 19:51:54 +04:00
/* Honor the configured list of interfaces to register */
2006-08-24 19:43:32 +04:00
2008-10-03 19:51:54 +04:00
load_interfaces ( ) ;
n = iface_count ( ) ;
2008-01-09 00:11:12 +03:00
if ( n < = 0 ) {
return - 1 ;
}
if ( ( list = SMB_MALLOC_ARRAY ( struct sockaddr_storage , n ) ) = = NULL ) {
2006-08-24 19:43:32 +04:00
return - 1 ;
}
for ( i = 0 ; i < n ; i + + ) {
2008-10-03 19:51:54 +04:00
const struct sockaddr_storage * nic_sa_storage = NULL ;
if ( ( nic_sa_storage = iface_n_sockaddr_storage ( i ) ) = = NULL )
continue ;
/* Don't register loopback addresses */
2011-09-26 00:24:50 +04:00
if ( is_loopback_addr ( ( const struct sockaddr * ) nic_sa_storage ) ) {
2008-01-09 00:11:12 +03:00
continue ;
}
2008-10-03 19:51:54 +04:00
2011-09-25 05:18:14 +04:00
/* Don't register link-local addresses */
if ( is_linklocal_addr ( nic_sa_storage ) ) {
continue ;
}
2008-10-03 19:51:54 +04:00
memcpy ( & list [ count + + ] , nic_sa_storage , sizeof ( struct sockaddr_storage ) ) ;
2006-08-24 19:43:32 +04:00
}
2008-01-09 13:44:40 +03:00
* pp_ss = list ;
2006-08-24 19:43:32 +04:00
return count ;
}
2021-03-25 00:48:28 +03:00
# endif /* defined(HAVE_KRB5) */