s4-dns Use match-by-key in GSSAPI server if principal is not specified

[mat/samba.git] / source4 / dns_server / dlz_bind9.c

diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 7943a90a0c342d7ee7270f4b3e13680ca9350e27..97eaac8564fa96d415dbd848cc6ed53695e4b2cb 100644 (file)
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -35,11 +35,13 @@
 #include "gen_ndr/ndr_dnsp.h"
 #include "gen_ndr/server_id.h"
 #include "messaging/messaging.h"
+#include "lib/cmdline/popt_common.h"
 #include "dlz_minimal.h"
 
 
 struct b9_options {
        const char *url;
+       const char *debug;
 };
 
 struct dlz_bind9_data {
@@ -437,12 +439,23 @@ static isc_result_t parse_options(struct dlz_bind9_data *state,
                                  unsigned int argc, char *argv[],
                                  struct b9_options *options)
 {
-       if (argc == 2) {
-               options->url = talloc_strdup(state, argv[1]);
-               if (options->url == NULL) {
-                       return ISC_R_NOMEMORY;
+       int opt;
+       poptContext pc;
+       struct poptOption long_options[] = {
+               { "url", 'H', POPT_ARG_STRING, &options->url, 0, "database URL", "URL" },
+               { "debug", 'd', POPT_ARG_STRING, &options->debug, 0, "debug level", "DEBUG" },
+               { NULL }
+       };
+
+       pc = poptGetContext("dlz_bind9", argc, (const char **)argv, long_options,
+                       POPT_CONTEXT_KEEP_FIRST);
+       while ((opt = poptGetNextOpt(pc)) != -1) {
+               switch (opt) {
+               default:
+                       state->log(ISC_LOG_ERROR, "dlz_bind9: Invalid option %s: %s",
+                                  poptBadOption(pc, 0), poptStrerror(opt));
+                       return ISC_R_FAILURE;
                }
-               state->log(ISC_LOG_INFO, "samba_dlz: Using samdb URL %s", options->url);
        }
 
        return ISC_R_SUCCESS;
@@ -478,6 +491,9 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
        }
        va_end(ap);
 
+       /* Do not install samba signal handlers */
+       fault_setup_disable();
+
        /* Start logging */
        setup_logging("samba_dlz", DEBUG_DEFAULT_STDERR);
 
@@ -498,6 +514,12 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
                goto failed;
        }
 
+       if (state->options.debug) {
+               lpcfg_do_global_parameter(state->lp, "log level", state->options.debug);
+       } else {
+               lpcfg_do_global_parameter(state->lp, "log level", "0");
+       }
+
        if (smb_krb5_init_context(state, state->ev_ctx, state->lp, &state->smb_krb5_ctx) != 0) {
                result = ISC_R_NOMEMORY;
                goto failed;
@@ -517,9 +539,6 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
                }
        }
 
-       /* Do not install samba signal handlers */
-       fault_setup_disable();
-
        state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp,
                                        system_session(state->lp), 0, state->options.url);
        if (state->samdb == NULL) {
@@ -1024,17 +1043,6 @@ _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata)
        return ISC_R_SUCCESS;
 }
 
-static char *strlower(char *str)
-{
-       int i;
-
-       for (i=0; i<strlen(str); i++) {
-               str[i] = (char) tolower(str[i]);
-       }
-
-       return str;
-}
-
 /*
   authorize a zone update
  */
@@ -1046,8 +1054,8 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
        TALLOC_CTX *tmp_ctx;
        DATA_BLOB ap_req;
        struct cli_credentials *server_credentials;
-       char *keytab_name, *username;
-       bool ret;
+       char *keytab_name;
+       int ret;
        int ldb_ret;
        NTSTATUS nt_status;
        struct gensec_security *gensec_ctx;
@@ -1085,22 +1093,17 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
        cli_credentials_set_krb5_context(server_credentials, state->smb_krb5_ctx);
        cli_credentials_set_conf(server_credentials, state->lp);
 
-       username = talloc_asprintf(tmp_ctx, "dns-%s", lpcfg_netbios_name(state->lp));
-       username = strlower(username);
-       cli_credentials_set_username(server_credentials, username, CRED_SPECIFIED);
-       talloc_free(username);
-
        keytab_name = talloc_asprintf(tmp_ctx, "file:%s/dns.keytab",
                                        lpcfg_private_dir(state->lp));
        ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name,
                                                CRED_SPECIFIED);
-       talloc_free(keytab_name);
        if (ret != 0) {
-               state->log(ISC_LOG_ERROR, "samba_dlz: failed to obtain server credentials for %s",
-                               username);
+               state->log(ISC_LOG_ERROR, "samba_dlz: failed to obtain server credentials from %s",
+                          keytab_name);
                talloc_free(tmp_ctx);
                return false;
        }
+       talloc_free(keytab_name);
 
        nt_status = gensec_server_start(tmp_ctx,
                                        lpcfg_gensec_settings(tmp_ctx, state->lp),
@@ -1112,7 +1115,6 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
        }
 
        gensec_set_credentials(gensec_ctx, server_credentials);
-       gensec_set_target_service(gensec_ctx, "dns");
 
        nt_status = gensec_start_mech_by_name(gensec_ctx, "spnego");
        if (!NT_STATUS_IS_OK(nt_status)) {