Skip to content

Commit

Permalink
Inhibit DNS service
Browse files Browse the repository at this point in the history
If Samba DC is configured on the local node, inhibit our DNS service.
  • Loading branch information
DavidePrincipi committed Dec 11, 2024
1 parent 4989a99 commit d97f4bd
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 9 deletions.
2 changes: 1 addition & 1 deletion imageroot/actions/configure-module/10validate
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ if request["dhcp-server"]["enabled"]:
sys.exit(2)

if request["dns-server"]["enabled"]:
is_dns_bound = network.are_ports_53_bound()
is_dns_bound = network.are_ports_53_bound() or bool(network.get_local_samba_dcs())
# read config.json and determine if dns is used for this instance
config = json.load(open("config.json"))
is_dns_enabled = config["dns-server"]["enabled"]
Expand Down
18 changes: 12 additions & 6 deletions imageroot/actions/get-configuration/10get
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

import json
import sys

import agent
import network

config = json.load(open("config.json"))
Expand All @@ -18,10 +18,16 @@ if config["interface"] != "" and config["dhcp-server"]["start"] == "" and config
config["dhcp-server"]["start"] = str(interface["start"])
config["dhcp-server"]["end"] = str(interface["end"])

# we test if tcp/53 or udp/53 is bound to the interface
config["is_dns_bound"] = network.are_ports_53_bound()
# check if dnsmasq is enabled in the configuration, needed to determine in the UI if the DNS server was enabled and used by dnsmasq.
# the dnsmasq service is always running, we cannot state if it is enabled/active or not.
config['is_dns_enabled'] = config["dns-server"]["enabled"]
# we test if tcp/53 or udp/53 is bound to the interface, or local Samba DCs are present
local_samba_dcs = network.get_local_samba_dcs()
if len(local_samba_dcs) > 0:
config["is_dns_bound"] = True
config["is_dns_enabled"] = False
config["dns-server"]["enabled"] = False
else:
config["is_dns_bound"] = network.are_ports_53_bound()
# check if dnsmasq is enabled in the configuration, needed to determine in the UI if the DNS server was enabled and used by dnsmasq.
# the dnsmasq service is always running, we cannot state if it is enabled/active or not.
config['is_dns_enabled'] = config["dns-server"]["enabled"]

json.dump(config, sys.stdout)
11 changes: 9 additions & 2 deletions imageroot/bin/expand-config
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import json
import sys
import agent
import network

# Read configuration from a JSON file or initialize it.
try:
Expand All @@ -31,6 +32,9 @@ except FileNotFoundError:
json.dump(config, fp=open("config.json", "w"))


# Lookup local Samba DCs. They want to bind DNS port 53 like us.
local_samba_dcs = network.get_local_samba_dcs()

# convert json to configuration file
with open("dnsmasq.d/00config.conf", "w") as file:
file.write("# This file is automatically generated by NethServer, manual changes will be lost.\n")
Expand All @@ -42,8 +46,11 @@ with open("dnsmasq.d/00config.conf", "w") as file:
if config["dhcp-server"]["enabled"]:
file.write("dhcp-range=set:default," + config["dhcp-server"]["start"] + "," + config["dhcp-server"]["end"] + "," + str(config["dhcp-server"]["lease"]) + "h\n")

# write dns-server configuration
if config["dns-server"]["enabled"]:
# write dns-server configuration, if no local Samba DC is present
if len(local_samba_dcs) > 0:
print("Local Active Directory DC found, DNS feature is blocked.", local_samba_dcs, file=sys.stderr)
file.write("port=0\n")
elif config["dns-server"]["enabled"]:
file.write("server=" + config["dns-server"]["primary-server"] + "\n")
if config["dns-server"]["secondary-server"] != "":
file.write("server=" + config["dns-server"]["secondary-server"] + "\n")
Expand Down
18 changes: 18 additions & 0 deletions imageroot/pypkg/network.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
# SPDX-License-Identifier: GPL-3.0-or-later
#

import sys
import os
import agent
import ipaddress
import json
import subprocess
Expand Down Expand Up @@ -78,3 +81,18 @@ def are_ports_53_bound(ip='127.0.0.1'):
Check if both TCP and UDP ports 53 are bound on a specific IP address.
"""
return __is_port_bound(53, 'tcp', ip) or __is_port_bound(53, 'udp', ip)

def get_local_samba_dcs():
"""
Lookup Samba modules installed on the local node. Returns an array of
Samba module IDs that were installed on the local node. Typically the
array has 1 element at most.
"""
rdb = agent.redis_connect(use_replica=True)
local_samba_dcs = []
for module_id, node_id in rdb.hgetall("cluster/module_node").items():
if node_id != os.environ["NODE_ID"]:
continue
if module_id.startswith('samba'):
local_samba_dcs.append(module_id)
return local_samba_dcs

0 comments on commit d97f4bd

Please sign in to comment.