The branch, master has been updated
via b4816861f20 s4-dns: Deprecate BIND9_FLATFILE and remove "rndc
command"
via 561e0986ac9 docs: Deprecate "rndc command" for Samba 4.11
from 6a8bc6b5490 s3: VFS: Complete the replacement of SMB_VFS_MKNOD() ->
SMB_VFS_MKNODAT().
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b4816861f200bb292e26f51b15c1ce93fa9e16c6
Author: Andrew Bartlett <[email protected]>
Date: Fri Jul 5 16:46:04 2019 +1200
s4-dns: Deprecate BIND9_FLATFILE and remove "rndc command"
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Andrew Bartlett <[email protected]>
Autobuild-Date(master): Thu Aug 22 21:24:00 UTC 2019 on sn-devel-184
commit 561e0986ac96c842239b4e8c6509e05c836707b7
Author: Andrew Bartlett <[email protected]>
Date: Sat Aug 17 06:59:33 2019 +1200
docs: Deprecate "rndc command" for Samba 4.11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14092
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 13 ++
docs-xml/smbdotconf/domain/rndccommand.xml | 16 --
lib/param/loadparm.c | 1 -
python/samba/provision/sambadns.py | 8 -
selftest/target/Samba4.pm | 1 -
source3/param/loadparm.c | 2 -
source4/dsdb/dns/dns_update.c | 259 -----------------------------
7 files changed, 13 insertions(+), 287 deletions(-)
delete mode 100644 docs-xml/smbdotconf/domain/rndccommand.xml
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8a15c4449af..9abc4538125 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -20,6 +20,18 @@ NEW FEATURES/CHANGES
REMOVED FEATURES
================
+BIND9_FLATFILE deprecated
+-------------------------
+
+The BIND9_FLATFILE DNS backend is deprecated in this release and will
+be removed in the future. This was only practically useful on a single
+domain controller or under expert care and supervision.
+
+This release removes the "rndc command" smb.conf parameter, which
+supported this configuration by writing out a list of DCs permitted to
+make changes to the DNS Zone and nudging the 'named' server if a new
+DC was added to the domain. Administrators using BIND9_FLATFILE will
+need to maintain this manually from now on.
smb.conf changes
================
@@ -28,6 +40,7 @@ smb.conf changes
-------------- ----------- -------
nfs4:acedup Changed default merge
+ rndc command Removed
KNOWN ISSUES
============
diff --git a/docs-xml/smbdotconf/domain/rndccommand.xml
b/docs-xml/smbdotconf/domain/rndccommand.xml
deleted file mode 100644
index d9ac4ea6737..00000000000
--- a/docs-xml/smbdotconf/domain/rndccommand.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<samba:parameter name="rndc command"
- context="G"
- type="cmdlist"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
-<description>
- <para>This option specifies the path to the name server control utility.
- </para>
-
- <para>The <filename>rndc</filename> utility should be a part of the
- bind installation.
- </para>
-</description>
-
-<value type="default">/usr/sbin/rndc</value>
-<value type="example">/usr/local/bind9/sbin/rndc</value>
-</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 13e8b677e30..97addf45470 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2790,7 +2790,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX
*mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
lpcfg_do_global_parameter(lp_ctx, "tls priority",
"NORMAL:-VERS-SSL3.0");
- lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
lpcfg_do_global_parameter(lp_ctx, "nsupdate command",
"/usr/bin/nsupdate -g");
lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
diff --git a/python/samba/provision/sambadns.py
b/python/samba/provision/sambadns.py
index 9b245608c63..e7273fc759e 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -749,11 +749,6 @@ def create_zone_file(lp, logger, paths, targetdir,
dnsdomain,
hostip_host_line = ""
gc_msdcs_ip_line = ""
- # we need to freeze the zone while we update the contents
- if targetdir is None:
- rndc = ' '.join(lp.get("rndc command"))
- os.system(rndc + " freeze " + lp.get("realm"))
-
setup_file(setup_path("provision.zone"), paths.dns, {
"HOSTNAME": hostname,
"DNSDOMAIN": dnsdomain,
@@ -780,9 +775,6 @@ def create_zone_file(lp, logger, paths, targetdir,
dnsdomain,
logger.error("Failed to chown %s to bind gid %u" % (
paths.dns, paths.bind_gid))
- if targetdir is None:
- os.system(rndc + " unfreeze " + lp.get("realm"))
-
def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
"""Create a copy of samdb and give write permissions to named for dns
partitions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 02cdfc18bad..8048eba8b54 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -795,7 +795,6 @@ sub provision_raw_step1($$)
log level = $ctx->{server_loglevel}
lanman auth = Yes
ntlm auth = Yes
- rndc command = true
client min protocol = CORE
server min protocol = LANMAN1
mangled names = yes
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index bcda6a1c600..b1a52055ade 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -934,8 +934,6 @@ static void init_globals(struct loadparm_context *lp_ctx,
bool reinit_globals)
Globals.nsupdate_command = str_list_make_v3_const(NULL,
"/usr/bin/nsupdate -g", NULL);
- Globals.rndc_command = str_list_make_v3_const(NULL, "/usr/sbin/rndc",
NULL);
-
Globals.cldap_port = 389;
Globals.dgram_port = NBT_DGRAM_SERVICE_PORT;
diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c
index 0a1f0ac2330..4a81d06b097 100644
--- a/source4/dsdb/dns/dns_update.c
+++ b/source4/dsdb/dns/dns_update.c
@@ -66,251 +66,6 @@ struct dnsupdate_service {
} nameupdate;
};
-/*
- called when rndc reload has finished
- */
-static void dnsupdate_rndc_done(struct tevent_req *subreq)
-{
- struct dnsupdate_service *service = tevent_req_callback_data(subreq,
- struct dnsupdate_service);
- int ret;
- int sys_errno;
-
- service->confupdate.subreq = NULL;
-
- ret = samba_runcmd_recv(subreq, &sys_errno);
- TALLOC_FREE(subreq);
- if (ret != 0) {
- service->confupdate.status =
map_nt_error_from_unix_common(sys_errno);
- } else {
- service->confupdate.status = NT_STATUS_OK;
- }
-
- if (!NT_STATUS_IS_OK(service->confupdate.status)) {
- DEBUG(0,(__location__ ": Failed rndc update - %s\n",
- nt_errstr(service->confupdate.status)));
- } else {
- DEBUG(3,("Completed rndc reload OK\n"));
- }
-}
-
-/*
- called every 'dnsupdate:conf interval' seconds
- */
-static void dnsupdate_rebuild(struct dnsupdate_service *service)
-{
- int ret;
- size_t size;
- struct ldb_result *res1, *res2;
- const char *tmp_path, *path, *path_static;
- char *static_policies;
- int fd;
- unsigned int i;
- const char *attrs1[] = { "msDS-HasDomainNCs", NULL };
- const char *attrs2[] = { "name", NULL };
- const char *realm = lpcfg_realm(service->task->lp_ctx);
- TALLOC_CTX *tmp_ctx = talloc_new(service);
- const char * const *rndc_command =
lpcfg_rndc_command(service->task->lp_ctx);
- const char **dc_list;
- int dc_count=0;
-
- /* abort any pending script run */
- TALLOC_FREE(service->confupdate.subreq);
-
- /* find the DNs for all the non-RODC DCs in the forest */
- ret = dsdb_search(service->samdb, tmp_ctx, &res1,
ldb_get_config_basedn(service->samdb),
- LDB_SCOPE_SUBTREE,
- attrs1,
- 0,
- "(&(objectclass=NTDSDSA)(!(msDS-isRODC=TRUE)))");
- if (ret != LDB_SUCCESS) {
- DBG_ERR("Unable to find DCs list - %s\n",
- ldb_errstring(service->samdb));
- talloc_free(tmp_ctx);
- return;
- }
-
- dc_list = talloc_array(tmp_ctx, const char *, 0);
- for (i=0; i<res1->count; i++) {
- struct ldb_dn *server_dn = res1->msgs[i]->dn;
- struct ldb_dn *domain_dn;
- const char *acct_name, *full_account, *dns_domain;
-
- /* this is a nasty hack to form the account name of
- * this DC. We do it this way as we don't necessarily
- * have access to the domain NC, so all we have to go
- * on is what is in the configuration partition
- */
-
- domain_dn = ldb_msg_find_attr_as_dn(service->samdb, tmp_ctx,
res1->msgs[i], "msDS-HasDomainNCs");
- if (domain_dn == NULL) continue;
-
- ldb_dn_remove_child_components(server_dn, 1);
- ret = dsdb_search_dn(service->samdb, tmp_ctx, &res2, server_dn,
attrs2, 0);
- if (ret != LDB_SUCCESS) {
- continue;
- }
-
- acct_name = ldb_msg_find_attr_as_string(res2->msgs[0], "name",
NULL);
- if (acct_name == NULL) continue;
-
- dns_domain = samdb_dn_to_dns_domain(tmp_ctx, domain_dn);
- if (dns_domain == NULL) {
- continue;
- }
-
- full_account = talloc_asprintf(tmp_ctx, "%s$@%s", acct_name,
dns_domain);
- if (full_account == NULL) continue;
-
- dc_list = talloc_realloc(tmp_ctx, dc_list, const char *,
dc_count+1);
- if (dc_list == NULL) {
- continue;
- }
- dc_list[dc_count++] = full_account;
- }
-
- path = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate",
"path");
- if (path == NULL) {
- path = lpcfg_private_path(tmp_ctx,
- service->task->lp_ctx,
- "named.conf.update");
- if (path == NULL) {
- DBG_ERR("Out of memory!");
- talloc_free(tmp_ctx);
- return;
- }
-
- /*
- * If the file doesn't exist, we provisioned in a the new
- * bind-dns directory
- */
- if (!file_exist(path)) {
- path = talloc_asprintf(tmp_ctx,
- "%s/named.conf.update",
-
lpcfg_binddns_dir(service->task->lp_ctx));
- if (path == NULL) {
- DBG_ERR("Out of memory!");
- talloc_free(tmp_ctx);
- return;
- }
- }
- }
-
- path_static = lpcfg_parm_string(service->task->lp_ctx, NULL,
"dnsupdate", "extra_static_grant_rules");
- if (path_static == NULL) {
- path_static = lpcfg_private_path(tmp_ctx,
- service->task->lp_ctx,
- "named.conf.update.static");
- if (path_static == NULL) {
- DBG_ERR("Out of memory!");
- talloc_free(tmp_ctx);
- return;
- }
-
- if (!file_exist(path_static)) {
- path_static = talloc_asprintf(tmp_ctx,
-
"%s/named.conf.update.static",
-
lpcfg_binddns_dir(service->task->lp_ctx));
- if (path_static == NULL) {
- DBG_ERR("Out of memory!");
- talloc_free(tmp_ctx);
- return;
- }
- }
- }
-
- tmp_path = talloc_asprintf(tmp_ctx, "%s.tmp", path);
- if (tmp_path == NULL) {
- DEBUG(0,(__location__ ": Unable to get paths\n"));
- talloc_free(tmp_ctx);
- return;
- }
-
- static_policies = file_load(path_static, &size, 0, tmp_ctx);
-
- unlink(tmp_path);
- fd = open(tmp_path, O_CREAT|O_TRUNC|O_WRONLY, 0444);
- if (fd == -1) {
- DEBUG(1,(__location__ ": Unable to open %s - %s\n", tmp_path,
strerror(errno)));
- talloc_free(tmp_ctx);
- return;
- }
-
- dprintf(fd, "/* this file is auto-generated - do not edit */\n");
- dprintf(fd, "update-policy {\n");
- if( static_policies != NULL ) {
- dprintf(fd, "/* Start of static entries */\n");
- dprintf(fd, "%s\n",static_policies);
- dprintf(fd, "/* End of static entries */\n");
- }
- dprintf(fd, "\tgrant %s ms-self * A AAAA;\n", realm);
- dprintf(fd, "\tgrant Administrator@%s wildcard * A AAAA SRV CNAME;\n",
realm);
-
- for (i=0; i<dc_count; i++) {
- dprintf(fd, "\tgrant %s wildcard * A AAAA SRV CNAME;\n",
dc_list[i]);
- }
- dprintf(fd, "};\n");
- close(fd);
-
-
- if (NT_STATUS_IS_OK(service->confupdate.status) &&
- file_compare(tmp_path, path) == true) {
- unlink(tmp_path);
- talloc_free(tmp_ctx);
- return;
- }
-
- if (rename(tmp_path, path) != 0) {
- DEBUG(0,(__location__ ": Failed to rename %s to %s - %s\n",
- tmp_path, path, strerror(errno)));
- talloc_free(tmp_ctx);
- return;
- }
-
- DEBUG(2,("Loading new DNS update grant rules\n"));
- service->confupdate.subreq = samba_runcmd_send(service,
- service->task->event_ctx,
- timeval_current_ofs(10,
0),
- 2, 0,
- rndc_command,
- "reload", NULL);
- if (service->confupdate.subreq == NULL) {
- DEBUG(0,(__location__ ": samba_runcmd_send() failed with no
memory\n"));
- talloc_free(tmp_ctx);
- return;
- }
- tevent_req_set_callback(service->confupdate.subreq,
- dnsupdate_rndc_done,
- service);
-
- talloc_free(tmp_ctx);
-}
-
-static NTSTATUS dnsupdate_confupdate_schedule(struct dnsupdate_service
*service);
-
-/*
- called every 'dnsupdate:conf interval' seconds
- */
-static void dnsupdate_confupdate_handler_te(struct tevent_context *ev, struct
tevent_timer *te,
- struct timeval t, void *ptr)
-{
- struct dnsupdate_service *service = talloc_get_type(ptr, struct
dnsupdate_service);
-
- dnsupdate_rebuild(service);
- dnsupdate_confupdate_schedule(service);
-}
-
-
-static NTSTATUS dnsupdate_confupdate_schedule(struct dnsupdate_service
*service)
-{
- service->confupdate.te = tevent_add_timer(service->task->event_ctx,
service,
-
timeval_current_ofs(service->confupdate.interval, 0),
-
dnsupdate_confupdate_handler_te, service);
- NT_STATUS_HAVE_NO_MEMORY(service->confupdate.te);
- return NT_STATUS_OK;
-}
-
-
/*
called when dns update script has finished
*/
@@ -673,21 +428,9 @@ static NTSTATUS dnsupdate_task_init(struct task_server
*task)
return NT_STATUS_UNSUCCESSFUL;
}
- service->confupdate.interval = lpcfg_parm_int(task->lp_ctx, NULL,
- "dnsupdate", "config
interval", 60); /* in seconds */
-
service->nameupdate.interval = lpcfg_parm_int(task->lp_ctx, NULL,
"dnsupdate", "name
interval", 600); /* in seconds */
- dnsupdate_rebuild(service);
- status = dnsupdate_confupdate_schedule(service);
- if (!NT_STATUS_IS_OK(status)) {
- task_server_terminate(task, talloc_asprintf(task,
- "dnsupdate: Failed to confupdate
schedule: %s\n",
- nt_errstr(status)),
true);
- return status;
- }
-
dnsupdate_check_names(service);
status = dnsupdate_nameupdate_schedule(service);
if (!NT_STATUS_IS_OK(status)) {
@@ -702,8 +445,6 @@ static NTSTATUS dnsupdate_task_init(struct task_server
*task)
IRPC_REGISTER(task->msg_ctx, irpc, DNSUPDATE_RODC,
dnsupdate_dnsupdate_RODC, service);
- /* create the intial file */
- dnsupdate_rebuild(service);
return NT_STATUS_OK;
}
--
Samba Shared Repository
