From 1ded98e91335ebb117b0a41303dadcb5bc2cc0a0 Mon Sep 17 00:00:00 2001 From: Davide Principi Date: Wed, 11 Dec 2024 16:26:45 +0100 Subject: [PATCH] Inhibit DNS service If Samba DC is configured on the local node, inhibit our DNS service. --- imageroot/actions/get-configuration/10get | 6 +++--- imageroot/bin/expand-config | 11 +++++++++-- imageroot/pypkg/network.py | 16 ++++++++++++++++ 3 files changed, 28 insertions(+), 5 deletions(-) diff --git a/imageroot/actions/get-configuration/10get b/imageroot/actions/get-configuration/10get index 1d14817..3c27ae7 100755 --- a/imageroot/actions/get-configuration/10get +++ b/imageroot/actions/get-configuration/10get @@ -7,7 +7,7 @@ import json import sys - +import agent import network config = json.load(open("config.json")) @@ -18,8 +18,8 @@ if config["interface"] != "" and config["dhcp-server"]["start"] == "" and config config["dhcp-server"]["start"] = str(interface["start"]) config["dhcp-server"]["end"] = str(interface["end"]) -# we test if tcp/53 or udp/53 is bound to the interface -config["is_dns_bound"] = network.are_ports_53_bound() +# we test if tcp/53 or udp/53 is bound to the interface, or local Samba DCs are present +config["is_dns_bound"] = network.are_ports_53_bound() or network.get_local_samba_dcs() # check if dnsmasq is enabled in the configuration, needed to determine in the UI if the DNS server was enabled and used by dnsmasq. # the dnsmasq service is always running, we cannot state if it is enabled/active or not. config['is_dns_enabled'] = config["dns-server"]["enabled"] diff --git a/imageroot/bin/expand-config b/imageroot/bin/expand-config index 271a68b..c12e1e0 100755 --- a/imageroot/bin/expand-config +++ b/imageroot/bin/expand-config @@ -8,6 +8,7 @@ import json import sys import agent +import network # Read configuration from a JSON file or initialize it. try: @@ -31,6 +32,9 @@ except FileNotFoundError: json.dump(config, fp=open("config.json", "w")) +# Lookup local Samba DCs. They want to bind DNS port 53 like us. +local_samba_dcs = network.get_local_samba_dcs() + # convert json to configuration file with open("dnsmasq.d/00config.conf", "w") as file: file.write("# This file is automatically generated by NethServer, manual changes will be lost.\n") @@ -42,8 +46,11 @@ with open("dnsmasq.d/00config.conf", "w") as file: if config["dhcp-server"]["enabled"]: file.write("dhcp-range=set:default," + config["dhcp-server"]["start"] + "," + config["dhcp-server"]["end"] + "," + str(config["dhcp-server"]["lease"]) + "h\n") - # write dns-server configuration - if config["dns-server"]["enabled"]: + # write dns-server configuration, if no local Samba DC is present + if local_samba_dcs: + agent.print("Local Active Directory DC found, DNS feature is blocked.", local_samba_dcs, file=sys.stderr) + file.write("port=0\n") + elif config["dns-server"]["enabled"]: file.write("server=" + config["dns-server"]["primary-server"] + "\n") if config["dns-server"]["secondary-server"] != "": file.write("server=" + config["dns-server"]["secondary-server"] + "\n") diff --git a/imageroot/pypkg/network.py b/imageroot/pypkg/network.py index d2c10d2..d4c1714 100644 --- a/imageroot/pypkg/network.py +++ b/imageroot/pypkg/network.py @@ -9,6 +9,7 @@ import json import subprocess import socket +import agent def __filter_interface(interface): @@ -78,3 +79,18 @@ def are_ports_53_bound(ip='127.0.0.1'): Check if both TCP and UDP ports 53 are bound on a specific IP address. """ return __is_port_bound(53, 'tcp', ip) or __is_port_bound(53, 'udp', ip) + +def get_local_samba_dcs(): + """ + Lookup Samba modules installed on the local node. Returns an array of + Samba module IDs that were installed on the local node. Typically the + array has 1 element at most. + """ + rdb = agent.redis_connect(use_replica=True) + local_samba_dcs = [] + for module_id, node_id in rdb.hgetall("cluster/module_node").items(): + if node_id != os.environ["NODE_ID"]: + continue + if module_id.startswith('samba'): + local_samba_dcs.append(module_id) + return local_samba_dcs