summaryrefslogtreecommitdiff
path: root/source4/dns_server/dnsserver_common.c
Commit message (Collapse)AuthorAgeFilesLines
* dns: changing onelevel search for wildcard to subtreeAaron Haslett2019-01-111-1/+1
| | | | | | | | | | | | | | | | | | SCOPE_ONELEVEL is used on wildcard dns searches, but onelevel searches currently have a performance problem related to GUID indexing, so this patch changes the search scope to SCOPE_SUBTREE. In this case, as the onelevel and subtree sets of records are roughly the same, and the query is matching against the DN itself, we don't believe there's any benefit in using SCOPE_ONELEVEL over SCOPE_SUBTREE. The onelevel performance problem will be fixed separately later, but in the meantime this solves the DNS performance problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13738 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-16852 dcerpc dnsserver: refactor common properties handlingGary Lockyer2018-11-281-36/+93
| | | | | | | | | | | dnsserver_common.c and dnsutils.c both share similar code to process zone properties. This patch extracts the common code and moves it to dnsserver_common.c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns_server: Avoid ldb_dn_add_child_fmt() on untrusted inputAndrew Bartlett2018-08-151-10/+3
| | | | | | | | | | | | | | | | By using the new ldb_dn_add_child_val() we ensure that the user-controlled values are not parsed as DN seperators. Additionally, the casefold DN is obtained before the search to trigger a full parse of the DN before being handled to the LDB search. This is not normally required but is done here due to the nature of the untrusted input. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* dns_server: Be strict when constructing a LDB DN from an untrusted DNS nameAndrew Bartlett2018-08-151-3/+56
| | | | | | | | | | | | | | | | | This changes our DNS server to be much more careful when constructing DNS names into LDB DN values. This avoids a segfault deep in the LDB code if the ldb_dn_get_casefold() fails there. A seperate patch will address that part of the issue, and a later patch will re-work this code to use single API: ldb_dn_add_child_val(). This is not squahed with this work because this patch does not rely on a new LDB release, and so may be helpful for a backport. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* dns wildcards: fix BUG 13536Gary Lockyer2018-07-201-0/+1
| | | | | | | | | | | The current position in the dns name was not advanced past the '.' character Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144
* dns: static recordsAaron Haslett2018-07-121-0/+17
| | | | | | | | | | Modifies bind9 and internal dns to match windows static records behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: server side implementation of record agingAaron Haslett2018-07-121-0/+123
| | | | | | | | | | | Code for retrieving aging properties from a zone and using them for timestamp setting logic during processing of DNS requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: moving name_equal func into commonAaron Haslett2018-07-121-0/+20
| | | | | | | | | | This function is duplicated in the BIND9 and RPC DNS servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns_server: Do the exact match query first, then do the wildcard lookupAndrew Bartlett2017-12-191-0/+14
| | | | | | | | | | | | | | The wildcard lookup is SCOPE_ONELEVEL combined with an index on the name attribute. This is not as efficient as a base DN lookup, so we try for that first. A not-found and wildcard response will still fall back to the ONELEVEL index. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns_server: Do not look for a wildcard for @Andrew Bartlett2017-12-191-0/+10
| | | | | | | | | This query is made for every record returned via BIND9 DLZ. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns_server: Use the indexed "name" attribute in wildcard lookupAndrew Bartlett2017-12-191-7/+5
| | | | | | | | | | (the RDN, being 'dc' in this use case, does not have an index in the AD schema). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dnsserver: Add support for dns wildcardsGary Lockyer2017-08-151-0/+348
| | | | | | | | | | | | | | | | | Add support for dns wildcard records. i.e. if the following records exist exact.samba.example.com 3600 A 1.1.1.1 *.samba.example.com 3600 A 1.1.1.2 look up on exact.samba.example.com will return 1.1.1.1 look up on *.samba.example.com will return 1.1.1.2 look up on other.samba.example.com will return 1.1.1.2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* dnsserver: Tighten DNS name checkingGary Lockyer2017-08-151-6/+29
| | | | | | | | | | | Add checks for the maximum permitted length, maximum number of labels and the maximum label length. These extra checks will be used by the DNS wild card handling. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* dnsserver/common: Use cached dnsHostName to reduce database readsGarming Sam2017-06-221-20/+4
| | | | | | | | | | The code to clobber the host name appears to have caused DNS requests to use 3x as much resources Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 22 13:06:07 CEST 2017 on sn-devel-144
* dns_server: clobber MNAME in the SOAAndrew Bartlett2017-06-101-3/+50
| | | | | | | | Otherwise, we always report the first server we created/provisioned the AD domain on which does not match AD behaviour. AD is multi-master so all RW servers are a master. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookupAndrew Bartlett2017-06-101-3/+14
| | | | | | | | | This allows lookups to be confined to one partition, which in turn avoids issues when running this against MS Windows, which does not match Samba behaviour for dns_common_zones() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dnsserver_common: Add name check in name2dnBob Campbell2016-12-121-2/+7
| | | | | | | | | | | | Fills in the missing TODO. Note that this may also prevent deletion of existing corrupted records, but should be resolvable through RPC, or at worst LDAP. Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dnsserver: add dns name checkingBob Campbell2016-12-121-0/+91
| | | | | | | | | | | This may also prevent deletion of existing corrupted records through DNS, but should be resolvable through RPC, or at worst LDAP. Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/dns_server/Günther Deschner2016-09-281-2/+2
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dnsserver: Remove C++ style commentGarming Sam2016-05-031-1/+1
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam2016-02-061-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dns_server: Give WERR_DNS_ERROR_NAME_DOES_NOT_EXIST on empty recordsAndrew Bartlett2015-10-261-8/+14
| | | | | | | | When not looking for tombstones, a record without a dnsRecord value may as well not be present, so just return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns_server: Put more code in commonAndrew Bartlett2015-10-261-0/+170
| | | | | | | This will allow a python module to be written to modify DNS entries in sam.ldb directly Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:dns_server: add DNS_TYPE_TOMBSTONE support to dns_common_replace()Stefan Metzmacher2014-08-261-4/+77
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: make sure dns_common_lookup() doesn't return tombstonesStefan Metzmacher2014-08-261-4/+49
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: split out dns_common_replace()Stefan Metzmacher2014-08-261-0/+78
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: split out dns_common_extract() and dns_common_lookup()Stefan Metzmacher2014-08-261-0/+78
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: split out a private 'dnsserver_common' libraryStefan Metzmacher2014-08-261-0/+68
This will contain common code for the internal dns server, the dlz_bind9 module and the rpc dns management server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status