mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
s3-net: give more control how to update/register DNS entries.
Guenther
This commit is contained in:
Günther Deschner
parent
ec23d0a3ee
commit
0eded14f19
@ -1206,6 +1206,17 @@ static NTSTATUS net_update_dns_internal(struct net_context *c,
|
||||
|
||||
for (i=0; i < ns_count; i++) {
|
||||
|
||||
uint32_t flags = DNS_UPDATE_SIGNED |
|
||||
DNS_UPDATE_UNSIGNED |
|
||||
DNS_UPDATE_UNSIGNED_SUFFICIENT |
|
||||
DNS_UPDATE_PROBE |
|
||||
DNS_UPDATE_PROBE_SUFFICIENT;
|
||||
|
||||
if (c->opt_force) {
|
||||
flags &= ~DNS_UPDATE_PROBE_SUFFICIENT;
|
||||
flags &= ~DNS_UPDATE_UNSIGNED_SUFFICIENT;
|
||||
}
|
||||
|
||||
status = NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
/* Now perform the dns update - we'll try non-secure and if we fail,
|
||||
@ -1213,7 +1224,7 @@ static NTSTATUS net_update_dns_internal(struct net_context *c,
|
||||
|
||||
fstrcpy( dns_server, nameservers[i].hostname );
|
||||
|
||||
dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs);
|
||||
dns_err = DoDNSUpdate(dns_server, dnsdomain, machine_name, addrs, num_addrs, flags);
|
||||
if (ERR_DNS_IS_OK(dns_err)) {
|
||||
status = NT_STATUS_OK;
|
||||
goto done;
|
||||
|
||||
@ -40,6 +40,14 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
|
||||
OM_uint32 minor;
|
||||
struct dns_update_request *req, *resp;
|
||||
|
||||
DEBUG(10,("DoDNSUpdate called with flags: 0x%08x\n", flags));
|
||||
|
||||
if (!(flags & DNS_UPDATE_SIGNED) &&
|
||||
!(flags & DNS_UPDATE_UNSIGNED) &&
|
||||
!(flags & DNS_UPDATE_PROBE)) {
|
||||
return ERROR_DNS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if ( (num_addrs <= 0) || !sslist ) {
|
||||
return ERROR_DNS_INVALID_PARAMETER;
|
||||
}
|
||||
@ -53,45 +61,65 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
|
||||
goto error;
|
||||
}
|
||||
|
||||
/*
|
||||
* Probe if everything's fine
|
||||
*/
|
||||
if (flags & DNS_UPDATE_PROBE) {
|
||||
|
||||
err = dns_create_probe(mem_ctx, pszDomainName, pszHostName,
|
||||
num_addrs, sslist, &req);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
/*
|
||||
* Probe if everything's fine
|
||||
*/
|
||||
|
||||
err = dns_update_transaction(mem_ctx, conn, req, &resp);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
err = dns_create_probe(mem_ctx, pszDomainName, pszHostName,
|
||||
num_addrs, sslist, &req);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
|
||||
if (dns_response_code(resp->flags) == DNS_NO_ERROR) {
|
||||
TALLOC_FREE(mem_ctx);
|
||||
return ERROR_DNS_SUCCESS;
|
||||
err = dns_update_transaction(mem_ctx, conn, req, &resp);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
|
||||
if (!ERR_DNS_IS_OK(err)) {
|
||||
DEBUG(3,("DoDNSUpdate: failed to probe DNS\n"));
|
||||
}
|
||||
|
||||
if ((dns_response_code(resp->flags) == DNS_NO_ERROR) &&
|
||||
(flags & DNS_UPDATE_PROBE_SUFFICIENT)) {
|
||||
TALLOC_FREE(mem_ctx);
|
||||
return ERROR_DNS_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* First try without signing
|
||||
*/
|
||||
if (flags & DNS_UPDATE_UNSIGNED) {
|
||||
|
||||
err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName,
|
||||
sslist, num_addrs, &req);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
/*
|
||||
* First try without signing
|
||||
*/
|
||||
|
||||
err = dns_update_transaction(mem_ctx, conn, req, &resp);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName,
|
||||
sslist, num_addrs, &req);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
|
||||
if (dns_response_code(resp->flags) == DNS_NO_ERROR) {
|
||||
TALLOC_FREE(mem_ctx);
|
||||
return ERROR_DNS_SUCCESS;
|
||||
err = dns_update_transaction(mem_ctx, conn, req, &resp);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
|
||||
if (!ERR_DNS_IS_OK(err)) {
|
||||
DEBUG(3,("DoDNSUpdate: unsigned update failed\n"));
|
||||
}
|
||||
|
||||
if ((dns_response_code(resp->flags) == DNS_NO_ERROR) &&
|
||||
(flags & DNS_UPDATE_UNSIGNED_SUFFICIENT)) {
|
||||
TALLOC_FREE(mem_ctx);
|
||||
return ERROR_DNS_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Okay, we have to try with signing
|
||||
*/
|
||||
{
|
||||
if (flags & DNS_UPDATE_SIGNED) {
|
||||
gss_ctx_id_t gss_context;
|
||||
char *keyname;
|
||||
|
||||
err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName,
|
||||
sslist, num_addrs, &req);
|
||||
if (!ERR_DNS_IS_OK(err)) goto error;
|
||||
|
||||
if (!(keyname = dns_generate_keyname( mem_ctx ))) {
|
||||
err = ERROR_DNS_NO_MEMORY;
|
||||
goto error;
|
||||
@ -122,6 +150,10 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
|
||||
|
||||
err = (dns_response_code(resp->flags) == DNS_NO_ERROR) ?
|
||||
ERROR_DNS_SUCCESS : ERROR_DNS_UPDATE_FAILED;
|
||||
|
||||
if (!ERR_DNS_IS_OK(err)) {
|
||||
DEBUG(3,("DoDNSUpdate: signed update failed\n"));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -19,6 +19,15 @@
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/* flags for DoDNSUpdate */
|
||||
|
||||
#define DNS_UPDATE_SIGNED 0x01
|
||||
#define DNS_UPDATE_SIGNED_SUFFICIENT 0x02
|
||||
#define DNS_UPDATE_UNSIGNED 0x04
|
||||
#define DNS_UPDATE_UNSIGNED_SUFFICIENT 0x08
|
||||
#define DNS_UPDATE_PROBE 0x10
|
||||
#define DNS_UPDATE_PROBE_SUFFICIENT 0x20
|
||||
|
||||
#if defined(WITH_DNS_UPDATES)
|
||||
|
||||
#include "../lib/addns/dns.h"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user