diff options
author | DJ Lucas | 2015-12-06 00:48:44 -0600 |
---|---|---|
committer | DJ Lucas | 2015-12-06 00:48:44 -0600 |
commit | 87860c3a9def38d1e918ba24875a77d004ab8b85 (patch) | |
tree | e0c482302a39f8cbe7580ba8a9784d507f4b2d72 | |
download | aur-87860c3a9def38d1e918ba24875a77d004ab8b85.tar.gz |
Initial commit
-rw-r--r-- | .SRCINFO | 21 | ||||
-rw-r--r-- | PKGBUILD | 25 | ||||
-rw-r--r-- | dhcpd-update-samba-dns.conf | 9 | ||||
-rw-r--r-- | dhcpd-update-samba-dns.sh | 14 | ||||
-rw-r--r-- | samba-dnsupdate.sh | 277 |
5 files changed, 346 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..f3c9c4defc25 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,21 @@ +# Generated by mksrcinfo v8 +# Sun Dec 6 06:45:03 UTC 2015 +pkgbase = samba-dhcpd-update + pkgdesc = Allow dhcpd to update Samba DNS + pkgver = 20151205 + pkgrel = 1 + url = n/a + arch = any + license = MPL + depends = samba>=4.0 + depends = dhcp + backup = etc/dhcpd/dhcpd-update-samba-dns.conf + source = samba-dnsupdate.sh + source = dhcpd-update-samba-dns.sh + source = dhcpd-update-samba-dns.conf + sha256sums = f08a0afe7440d317b722afe556098407482bd6c6dc81eca005d5b036187880e7 + sha256sums = 987b140911631809db70f9f7044700fec6c966e4da153da1c6d8a15d13632029 + sha256sums = c71d4c58ca59436fba35cb64d861e6cfc9c9ae7218f0e5387f1f68bd38260bbc + +pkgname = samba-dhcpd-update + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..4e020745a50e --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,25 @@ +# Maintainer: DJ Lucas <dj_AT_linuxfromscratch_DOT_org> + +pkgname=samba-dhcpd-update +pkgver=20151205 +pkgrel=1 +arch=('any') +pkgdesc="Allow dhcpd to update Samba DNS" +url="n/a" +depends=('samba>=4.0' 'dhcp') +license=('MPL') +source=('samba-dnsupdate.sh' + 'dhcpd-update-samba-dns.sh' + 'dhcpd-update-samba-dns.conf') +sha256sums=('f08a0afe7440d317b722afe556098407482bd6c6dc81eca005d5b036187880e7' + '987b140911631809db70f9f7044700fec6c966e4da153da1c6d8a15d13632029' + 'c71d4c58ca59436fba35cb64d861e6cfc9c9ae7218f0e5387f1f68bd38260bbc') +backup=('etc/dhcpd/dhcpd-update-samba-dns.conf') + +package() { + install -vdm755 ${pkgdir}/usr/bin + install -vdm755 ${pkgdir}/etc/dhcpd + install -vm755 ${srcdir}/samba-dnsupdate.sh ${pkgdir}/usr/bin + install -vm755 ${srcdir}/dhcpd-update-samba-dns.sh ${pkgdir}/usr/bin + install -vm644 ${srcdir}/dhcpd-update-samba-dns.conf ${pkgdir}/etc/dhcpd +} diff --git a/dhcpd-update-samba-dns.conf b/dhcpd-update-samba-dns.conf new file mode 100644 index 000000000000..565afcbee469 --- /dev/null +++ b/dhcpd-update-samba-dns.conf @@ -0,0 +1,9 @@ +# Variables +KRB5CC="/run/dhcpd4.krb5cc" +KEYTAB="/etc/dhcpd/dhcpd.keytab" +DOMAIN="internal.domain.tld" +REALM="INTERNAL.DOMAIN.TLD" +PRINCIPAL="dhcp@${REALM}" +NAMESERVER="server.${DOMAIN}" +ZONE="${DOMAIN}" + diff --git a/dhcpd-update-samba-dns.sh b/dhcpd-update-samba-dns.sh new file mode 100644 index 000000000000..f001e699c9ff --- /dev/null +++ b/dhcpd-update-samba-dns.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# Begin dhcpd-update-dns.sh + +. /etc/dhcpd/dhcpd-update-samba-dns.conf || exit 1 + +ACTION=$1 +IP=$2 +HNAME=$3 + +export KRB5CC KEYTAB DOMAIN REALM PRINCIPAL NAMESERVER ZONE ACTION IP HNAME + +/usr/bin/samba-dnsupdate.sh -m & + +# End dhcpd-update-samba-dns.sh diff --git a/samba-dnsupdate.sh b/samba-dnsupdate.sh new file mode 100644 index 000000000000..228c6c43d439 --- /dev/null +++ b/samba-dnsupdate.sh @@ -0,0 +1,277 @@ +#!/bin/bash +# Begin samba-dnsupdate.sh +# Author: DJ Lucas <dj_AT_linuxfromscratch_DOT_org> +# kerberos_creds() courtesy of Sergey Urushkin +# http://www.kuron-germany.de/michael/blog/wp-content/uploads/2012/03/dhcpdns-sergey2.txt + +# DHCP server should be authoritative for its own records, sleep for 5 seconds +# to allow unconfigured Windows hosts to create their own DNS records +# In order to use this script you should disable dynamic updates by hosts that +# will receive addresses from this DHCP server. Instructions are found here: +# https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP +sleep 5 + +checkvalues() +{ + [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && exit 1 + + case ${2} in + + -*) + echo "Error: Invalid parameter '${2}' passed to ${1}." + exit 1 + ;; + + *) + return 0 + ;; + esac +} + +showhelp() +{ +echo -e "\n"`basename ${0}` "uses samba-tool to update DNS records in Samba 4's DNS" +echo "server when using INTERNAL DNS or BIND9 DLZ plugin." +echo "" +echo " Command line options (and variables):" +echo "" +echo " -a | --action Action for this script to perform" +echo " ACTION={add|delete}" +echo " -c | --krb5cc Path of the krb5 credential cache (optional)" +echo " Default: KRB5CC=/run/dhcpd.krb5cc" +echo " -d | --domain The DNS domain/zone to be updated" +echo " DOMAIN={domain.tld}" +echo " -h | --help Show this help message and exit" +echo " -H | --hostname Hostname of the record to be updated" +echo " HNAME={hostname}" +echo " -i | --ip IP address of the host to be updated" +echo " IP={0.0.0.0}" +echo " -k | --keytab Krb5 keytab to be used for authorization (optional)" +echo " Default: KEYTAB=/etc/dhcp/dhcpd.keytab" +echo " -m | --mitkrb5 Use MIT krb5 client utilities" +echo " MITKRB5={YES|NO}" +echo " -n | --nameserver DNS server to be updated (must use FQDN, not IP)" +echo " NAMESERVER={server.internal.domain.tld}" +echo " -p | --principal Principal used for DNS updates" +echo " PRINCIPAL={user@domain.tld}" +echo " -r | --realm Authentication realm" +echo " REALM={DOMAIN.TLD}" +echo " -z | --zone Then name of the zone to be updated in AD. +echo " ZONE={zonename} +echo "" +echo "Example: $(basename $0) -d domain.tld -i 192.168.0.x -n 192.168.0.x \\" +echo " -r DOMAIN.TLD -p user@domain.tld -H HOSTNAME -m" +echo "" +} + +# Process arguments +[ -z "$1" ] && showhelp && exit 1 +while [ -n "$1" ]; do + case $1 in + + -a | --action) + checkvalues ${1} ${2} + ACTION=${2} + shift 2 + ;; + + -c | --krb5cc) + checkvalues ${1} ${2} + KRB5CC=${2} + shift 2 + ;; + + -d | --domain) + checkvalues ${1} ${2} + DOMAIN=${2} + shift 2 + ;; + + -h | --help) + showhelp + exit 0 + ;; + + -H | --hostname) + checkvalues ${1} ${2} + HNAME=${2%%.*} + shift 2 + ;; + + -i | --ip) + checkvalues ${1} ${2} + IP=${2} + shift 2 + ;; + + -k | --keytab) + checkvalues ${1} ${2} + KEYTAB=${2} + shift 2 + ;; + + -m | --mitkrb5) + KRB5MIT=YES + shift 1 + ;; + + -n | --nameserver) + checkvalues ${1} ${2} + NAMESERVER=${2} + shift 2 + ;; + + -p | --principal) + checkvalues ${1} ${2} + PRINCIPAL=${2} + shift 2 + ;; + + -r | --realm) + checkvalues ${1} ${2} + REALM=${2} + shift 2 + ;; + + -z | --zone) + checkvalues ${1} ${2} + ZONE=${2} + shift 2 + ;; + + *) + echo "Error!!! Unknown command line opion!" + echo "Try" `basename $0` "--help." + exit 1 + ;; + esac +done + +# Sanity checking +[ -z "$ACTION" ] && echo "Error: action not set." && exit 2 +case "$ACTION" in + add | Add | ADD) + ACTION=ADD + ;; + del | delete | Delete | DEL | DELETE) + ACTION=DEL + ;; + *) + echo "Error: invalid action \"$ACTION\"." && exit 3 + ;; +esac +[ -z "$KRB5CC" ] && KRB5CC=/run/dhcpd.krb5cc +[ -z "$DOMAIN" ] && echo "Error: invalid domain." && exit 4 +[ -z "$HNAME" ] && [ "$ACTION" == "ADD" ] && \ + echo "Error: hostname not set." && exit 5 +[ -z "$IP" ] && echo "Error: IP address not set." && exit 6 +[ -z "$KEYTAB" ] && KEYTAB=/etc/dhcp/dhcpd.keytab +[ -z "$NAMESERVER" ] && echo "Error: nameservers not set." && exit 7 +[ -z "$PRINCIPAL" ] && echo "Error: principal not set." && exit 8 +[ -z "$REALM" ] && echo "Error: realm not set." && exit 9 +[ -z "$ZONE" ] && echo "Error: zone not set." && exit 10 + +# Disassemble IP for reverse lookups +OCT1=$(echo $IP | cut -d . -f 1) +OCT2=$(echo $IP | cut -d . -f 2) +OCT3=$(echo $IP | cut -d . -f 3) +OCT4=$(echo $IP | cut -d . -f 4) +RZONE="$OCT3.$OCT2.$OCT1.in-addr.arpa" + +kerberos_creds() { +export KRB5_KTNAME="$KEYTAB" +export KRB5CCNAME="$KRB5CC" + +if [ "$KRB5MIT" = "YES" ]; then + KLISTARG="-s" +else + KLISTARG="-t" +fi + +klist $KLISTARG || kinit -k -t "$KEYTAB" -c "$KRB5CC" "$PRINCIPAL" || { logger -s -p daemon.error -t dhcpd kinit for dynamic DNS failed; exit 11; } +} + + +add_host(){ + logger -s -p daemon.info -t dhcpd Adding A record for host $HNAME with IP $IP to zone $ZONE on server $NAMESERVER + samba-tool dns add $NAMESERVER $ZONE $HNAME A $IP -k yes +} + + +delete_host(){ + logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $IP from zone $ZONE on server $NAMESERVER + samba-tool dns delete $NAMESERVER $ZONE $HNAME A $IP -k yes +} + + +update_host(){ + logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $CURIP from zone $ZONE on server $NAMESERVER + samba-tool dns delete $NAMESERVER $ZONE $HNAME A $CURIP -k yes + add_host +} + + +add_ptr(){ + logger -s -p daemon.info -t dhcpd Adding PTR record $OCT4 with hostname $HNAME to zone $RZONE on server $NAMESERVER + samba-tool dns add $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes +} + + +delete_ptr(){ + logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $HNAME from zone $RZONE on server $NAMESERVER + samba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes +} + + +update_ptr(){ + logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $CURHNAME from zone $RZONE on server $NAMESERVER + samba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $CURHNAME -k yes + add_ptr +} + + +case "$ACTION" in + ADD) + kerberos_creds + host -t A $HNAME.$DOMAIN > /dev/null + if [ "${?}" == 0 ]; then + CURIP=$(host -t A $HNAME.$DOMAIN | cut -d " " -f 4 ) + if [[ "$CURIP" != "$IP" ]]; then + update_host + fi + else + add_host + fi + + host -t PTR $IP > /dev/null + if [ "${?}" == 0 ]; then + CURHNAME=$(host -t PTR $IP | cut -d " " -f 5 | rev | cut -c 2- | rev) + if [[ "$CURHNAME" != "$HNAME.$DOMAIN" ]]; then + update_ptr + fi + else + add_ptr + fi + ;; + + DEL) + kerberos_creds + host -t A $HNAME.$DOMAIN > /dev/null + if [ "${?}" == 0 ]; then + delete_host + fi + + host -t PTR $IP > /dev/null + if [ "${?}" == 0 ]; then + delete_ptr + fi + ;; + + *) + echo "Error: Invalid action '$ACTION'!" && exit 12 + ;; + +esac + +# End samba-dnsupdate.sh + |