Changeset 988 for vendor/current/source4/dsdb/dns

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/source4/dsdb/dns/dns_update.c (modified) (14 diffs)

vendor/current/source4/dsdb/dns/dns_update.c

@@ -36 +36 @@
 #include "param/param.h"
 #include "system/filesys.h"
+#include "dsdb/common/util.h"
 #include "libcli/composite/composite.h"
 #include "libcli/security/dom_sid.h"
 #include "librpc/gen_ndr/ndr_irpc.h"
+#include "libds/common/roles.h"
+
+NTSTATUS server_service_dnsupdate_init(void);
 
 struct dnsupdate_service {
@@ -78 +82 @@
         TALLOC_FREE(subreq);
         if (ret != 0) {
-                service->confupdate.status = map_nt_error_from_unix(sys_errno);
+                service->confupdate.status = map_nt_error_from_unix_common(sys_errno);
         } else {
                 service->confupdate.status = NT_STATUS_OK;
@@ -98 +102 @@
         int ret;
         size_t size;
-        struct ldb_result *res;
+        struct ldb_result *res1, *res2;
         const char *tmp_path, *path, *path_static;
         char *static_policies;
         int fd;
         unsigned int i;
-        const char *attrs[] = { "sAMAccountName", NULL };
+        const char *attrs1[] = { "msDS-HasDomainNCs", NULL };
+        const char *attrs2[] = { "name", NULL };
         const char *realm = lpcfg_realm(service->task->lp_ctx);
         TALLOC_CTX *tmp_ctx = talloc_new(service);
         const char * const *rndc_command = lpcfg_rndc_command(service->task->lp_ctx);
+        const char **dc_list;
+        int dc_count=0;
 
         /* abort any pending script run */
         TALLOC_FREE(service->confupdate.subreq);
 
-        ret = ldb_search(service->samdb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
-                         attrs, "(|(samaccountname=administrator)(&(primaryGroupID=%u)(objectClass=computer)))",
-                         DOMAIN_RID_DCS);
+        /* find the DNs for all the non-RODC DCs in the forest */
+        ret = dsdb_search(service->samdb, tmp_ctx, &res1, ldb_get_config_basedn(service->samdb),
+                          LDB_SCOPE_SUBTREE,
+                          attrs1,
+                          0,
+                          "(&(objectclass=NTDSDSA)(!(msDS-isRODC=TRUE)))");
         if (ret != LDB_SUCCESS) {
                 DEBUG(0,(__location__ ": Unable to find DCs list - %s", ldb_errstring(service->samdb)));
@@ -120 +130 @@
         }
 
+        dc_list = talloc_array(tmp_ctx, const char *, 0);
+        for (i=0; i<res1->count; i++) {
+                struct ldb_dn *server_dn = res1->msgs[i]->dn;
+                struct ldb_dn *domain_dn;
+                const char *acct_name, *full_account, *dns_domain;
+
+                /* this is a nasty hack to form the account name of
+                 * this DC. We do it this way as we don't necessarily
+                 * have access to the domain NC, so all we have to go
+                 * on is what is in the configuration partition
+                 */
+
+                domain_dn = ldb_msg_find_attr_as_dn(service->samdb, tmp_ctx, res1->msgs[i], "msDS-HasDomainNCs");
+                if (domain_dn == NULL) continue;
+
+                ldb_dn_remove_child_components(server_dn, 1);
+                ret = dsdb_search_dn(service->samdb, tmp_ctx, &res2, server_dn, attrs2, 0);
+                if (ret != LDB_SUCCESS) {
+                        continue;
+                }
+
+                acct_name = ldb_msg_find_attr_as_string(res2->msgs[0], "name", NULL);
+                if (acct_name == NULL) continue;
+
+                dns_domain = samdb_dn_to_dns_domain(tmp_ctx, domain_dn);
+                if (dns_domain == NULL) {
+                        continue;
+                }
+
+                full_account = talloc_asprintf(tmp_ctx, "%s$@%s", acct_name, dns_domain);
+                if (full_account == NULL) continue;
+
+                dc_list = talloc_realloc(tmp_ctx, dc_list, const char *, dc_count+1);
+                if (dc_list == NULL) {
+                        continue;
+                }
+                dc_list[dc_count++] = full_account;
+        }
+
         path = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "path");
         if (path == NULL) {
-                path = private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update");
+                path = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update");
         }
 
         path_static = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "extra_static_grant_rules");
         if (path_static == NULL) {
-                path_static = private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update.static");
+                path_static = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update.static");
         }
 
@@ -155 +204 @@
         }
         dprintf(fd, "\tgrant %s ms-self * A AAAA;\n", realm);
-
-        for (i=0; i<res->count; i++) {
-                const char *acctname;
-                acctname = ldb_msg_find_attr_as_string(res->msgs[i],
-                                                       "sAMAccountName", NULL);
-                if (!acctname) continue;
-                dprintf(fd, "\tgrant %s@%s wildcard * A AAAA SRV CNAME;\n",
-                        acctname, realm);
+        dprintf(fd, "\tgrant Administrator@%s wildcard * A AAAA SRV CNAME;\n", realm);
+
+        for (i=0; i<dc_count; i++) {
+                dprintf(fd, "\tgrant %s wildcard * A AAAA SRV CNAME;\n", dc_list[i]);
         }
         dprintf(fd, "};\n");
@@ -241 +286 @@
         TALLOC_FREE(subreq);
         if (ret != 0) {
-                service->nameupdate.status = map_nt_error_from_unix(sys_errno);
+                service->nameupdate.status = map_nt_error_from_unix_common(sys_errno);
         } else {
                 service->nameupdate.status = NT_STATUS_OK;
@@ -270 +315 @@
         TALLOC_FREE(subreq);
         if (ret != 0) {
-                service->nameupdate.status = map_nt_error_from_unix(sys_errno);
+                service->nameupdate.status = map_nt_error_from_unix_common(sys_errno);
         } else {
                 service->nameupdate.status = NT_STATUS_OK;
@@ -354 +399 @@
         struct dnsupdate_RODC *r;
         char *tmp_path;
+        char *tmp_path2;
         int fd;
 };
@@ -363 +409 @@
         }
         unlink(st->tmp_path);
+        if (st->tmp_path2 != NULL) {
+                unlink(st->tmp_path2);
+        }
         return 0;
 }
@@ -380 +429 @@
         talloc_free(req);
         if (ret != 0) {
-                st->r->out.result = map_nt_error_from_unix(sys_errno);
+                st->r->out.result = map_nt_error_from_unix_common(sys_errno);
                 DEBUG(2,(__location__ ": RODC DNS Update failed: %s\n", nt_errstr(st->r->out.result)));
         } else {
@@ -409 +458 @@
         int i, ret;
         struct GUID ntds_guid;
-        const char *site, *dnsdomain, *dnsforest, *ntdsguid, *hostname;
+        const char *site, *dnsdomain, *dnsforest, *ntdsguid;
+        const char *hostname = NULL;
         struct ldb_dn *sid_dn;
         const char *attrs[] = { "dNSHostName", NULL };
@@ -439 +489 @@
 
         talloc_set_destructor(st, dnsupdate_RODC_destructor);
+
+        st->tmp_path2 = talloc_asprintf(st, "%s.cache", st->tmp_path);
+        if (!st->tmp_path2) {
+                talloc_free(st);
+                r->out.result = NT_STATUS_NO_MEMORY;
+                return NT_STATUS_OK;
+        }
 
         sid_dn = ldb_dn_new_fmt(st, s->samdb, "<SID=%s>", dom_sid_string(st, r->in.dom_sid));
@@ -532 +589 @@
                                 "--update-list",
                                 st->tmp_path,
+                                "--update-cache",
+                                st->tmp_path2,
                                 NULL);
         NT_STATUS_HAVE_NO_MEMORY(req);
@@ -551 +610 @@
         struct dnsupdate_service *service;
 
-        if (lpcfg_server_role(task->lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
+        if (lpcfg_server_role(task->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
                 /* not useful for non-DC */
                 return;