summaryrefslogtreecommitdiff
path: root/source4/dns_server
Commit message (Collapse)AuthorAgeFilesLines
* source4 smdb: Add a post fork hook to the service APIGary Lockyer2018-11-011-16/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | Add a post fork hook to the service API this will be called: - standard process model immediately after the task_init. - single process model immediately after the task_init - prefork process model, inhibit_pre_fork = true immediately after the task_init - prefork process model, inhibit_pre_fork = false after each service worker has forked. It is not run on the service master process. The post fork hook is not called in the standard model if a new process is forked on a new connection. It is instead called immediately after the task_init. The task_init hook has been changed to return an error code. This ensures the post_fork code is only run if the task_init code completed successfully. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* source4 smbd: Make the service_details structure constant.Gary Lockyer2018-11-011-1/+1
| | | | | | Make the service_details structure a static const. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* dns: dlz_bind9 reference count loggingAaron Haslett2018-10-171-1/+12
| | | | | | | | | | | | | dlz_bind9 has to count the number of times the plugin is 'created' by bind's plugin manager so it doesn't repeat setup. Logging doesn't reflect this reference counting logic properly and so messages like "samba_dlz: shutdown" can, confusingly, come up when the database connection has not actually been severed. This patch adds the necessary logging. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13655 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns_server: Avoid ldb_dn_add_child_fmt() on untrusted inputAndrew Bartlett2018-08-152-18/+151
| | | | | | | | | | | | | | | | By using the new ldb_dn_add_child_val() we ensure that the user-controlled values are not parsed as DN seperators. Additionally, the casefold DN is obtained before the search to trigger a full parse of the DN before being handled to the LDB search. This is not normally required but is done here due to the nature of the untrusted input. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* dns_server: Be strict when constructing a LDB DN from an untrusted DNS nameAndrew Bartlett2018-08-151-3/+56
| | | | | | | | | | | | | | | | | This changes our DNS server to be much more careful when constructing DNS names into LDB DN values. This avoids a segfault deep in the LDB code if the ldb_dn_get_casefold() fails there. A seperate patch will address that part of the issue, and a later patch will re-work this code to use single API: ldb_dn_add_child_val(). This is not squahed with this work because this patch does not rely on a new LDB release, and so may be helpful for a backport. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* dlz-bind: Add support for BIND 9.12.xAmitay Isaacs2018-08-102-0/+13
| | | | | Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-dns_server: Only build dns server Python code for AD DCAlexander Bokovoy2018-07-231-3/+5
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13542 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* dns wildcards: fix BUG 13536Gary Lockyer2018-07-201-0/+1
| | | | | | | | | | | The current position in the dns name was not advanced past the '.' character Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144
* dns: static recordsAaron Haslett2018-07-124-23/+54
| | | | | | | | | | Modifies bind9 and internal dns to match windows static records behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: server side implementation of record agingAaron Haslett2018-07-123-1/+138
| | | | | | | | | | | Code for retrieving aging properties from a zone and using them for timestamp setting logic during processing of DNS requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: moving name_equal func into commonAaron Haslett2018-07-124-21/+22
| | | | | | | | | | This function is duplicated in the BIND9 and RPC DNS servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: Reformat DNS with clang-formatGary Lockyer2018-07-122-6/+14
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: add defines for sessionInfo and networkSessionInfoGary Lockyer2018-06-092-7/+20
| | | | | | | | | Replace uses of the string "sessionInfo" with the constant DSDB_SESSION_INFO, and "networkSessionInfo" with the constant DSDB_NETWORK_SESSION_INFO. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: Check for talloc_memdup failureVolker Lendecke2018-06-011-0/+3
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 1 14:05:56 CEST 2018 on sn-devel-144
* dns: TALLOC_FREE already checks for !=NULLVolker Lendecke2018-06-011-3/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dns: Simplify logic a bitVolker Lendecke2018-06-011-3/+2
| | | | | | | We don't need a separate boolean variable Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dns: Simplify logic a bitVolker Lendecke2018-06-011-1/+1
| | | | | | | We've done an early return if (!found_tsig) a few lines before. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* samdb: Add remote address to connectGary Lockyer2018-05-102-5/+14
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: pass the remote address to samdb connectGary Lockyer2018-05-101-1/+1
| | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: Fix size typesAndreas Schneider2018-03-201-2/+2
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: Port dsdb_dns module to Python 3 compatible form.Lumir Balhar2018-02-152-7/+20
| | | | | | Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: avoid debug noise on successful updatesStefan Metzmacher2018-01-102-2/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12423 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* dns_server: Remove "max_payload" from dns_serverVolker Lendecke2018-01-042-3/+0
| | | | | | | | | | This would have to be retrieved from the interface type we have I guess. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 4 05:08:02 CET 2018 on sn-devel-144
* dns_server: Remove unused "dns_generate_options"Volker Lendecke2018-01-042-23/+0
| | | | | | | | This was part of the previous bugfix for 9632, which has been replaced by TCP fallback code. We can dig this up from git if needed. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dns_server: Remove unused "dns" parameter from ask_forwarder_sendVolker Lendecke2018-01-041-4/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dns_server: Use dns_cli_request instead of direct udpVolker Lendecke2018-01-041-56/+6
| | | | | | | | This skips adding the DNS option for a larger UDP packet size than 512. This is a different fix for bug 9632. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dns_server: Do the exact match query first, then do the wildcard lookupAndrew Bartlett2017-12-191-0/+14
| | | | | | | | | | | | | | The wildcard lookup is SCOPE_ONELEVEL combined with an index on the name attribute. This is not as efficient as a base DN lookup, so we try for that first. A not-found and wildcard response will still fall back to the ONELEVEL index. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns_server: Do not look for a wildcard for @Andrew Bartlett2017-12-191-0/+10
| | | | | | | | | This query is made for every record returned via BIND9 DLZ. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns_server: Use the indexed "name" attribute in wildcard lookupAndrew Bartlett2017-12-191-7/+5
| | | | | | | | | | (the RDN, being 'dc' in this use case, does not have an index in the AD schema). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns server: fix warning about enum mismatchUri Simchoni2017-11-221-1/+1
| | | | | | | | Fix picky developer clang warning about assignment of an enum value to a variable of a different enum type. Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* source4/smbd: Do not overstamp the process model with "single"Gary Lockyer2017-10-191-12/+3
| | | | | | | | | Instead, except in RPC which is a special SNOWFLAKE, we rely on the struct service_details in the init function. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* source4/smbd: refactor the process model for preforkGary Lockyer2017-10-191-2/+7
| | | | | | | | | | | | | | | | | | Refactor the process model code to allow the addition of a prefork process model. - Add a process context to contain process model specific state - Add a service details structure to allow service to indicate which process model options they can support. In the new code the services advertise the features they support to the process model. The process model context is plumbed through to allow the process model to keep track of the supported options, and any state the process model may require. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samdb: Rework samdb_connect_url() to return LDB error code and an error stringAndrew Bartlett2017-09-201-5/+10
| | | | | | | This allows debugging of why the LDB failed to start up. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4:bind_dlz: Try the 'binddns dir' firstAndreas Schneider2017-09-161-6/+6
| | | | | | | | | | The directory is normally empty if you did not provision or call samba_upgradedns for the bind_dlz module. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:bind_dlz: Use the 'binddns dir' if possibleAndreas Schneider2017-09-051-3/+41
| | | | | | | | | | | The code makes sure we are backwards compatible. It will first check if we still have files in the private directory, if yes it will use those. If the the file is not in the private directory it will try the binddns dir. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* dnsserver: Add support for dns wildcardsGary Lockyer2017-08-156-5/+380
| | | | | | | | | | | | | | | | | Add support for dns wildcard records. i.e. if the following records exist exact.samba.example.com 3600 A 1.1.1.1 *.samba.example.com 3600 A 1.1.1.2 look up on exact.samba.example.com will return 1.1.1.1 look up on *.samba.example.com will return 1.1.1.2 look up on other.samba.example.com will return 1.1.1.2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* dnsserver: Tighten DNS name checkingGary Lockyer2017-08-151-6/+29
| | | | | | | | | | | Add checks for the maximum permitted length, maximum number of labels and the maximum label length. These extra checks will be used by the DNS wild card handling. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* Set log level for "Not authorative for" from 2 to 5Marc Muehlfeld2017-07-261-1/+1
| | | | | | | | Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Marc Muehlfeld <mmuehlfeld@samba.org> Autobuild-Date(master): Wed Jul 26 21:34:48 CEST 2017 on sn-devel-144
* dns_server: Only install common library if AD DC is enabled.Andrew Bartlett2017-07-041-1/+2
| | | | | | | | | | The library is used in selftest, so must still be built This reverts commit d32b66b40c931fe8214faa2e1d40b34b86667d4c and replaces the behaviour. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dnsserver/common: Use cached dnsHostName to reduce database readsGarming Sam2017-06-221-20/+4
| | | | | | | | | | The code to clobber the host name appears to have caused DNS requests to use 3x as much resources Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 22 13:06:07 CEST 2017 on sn-devel-144
* dns_server: clobber MNAME in the SOAAndrew Bartlett2017-06-104-7/+59
| | | | | | | | Otherwise, we always report the first server we created/provisioned the AD domain on which does not match AD behaviour. AD is multi-master so all RW servers are a master. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookupAndrew Bartlett2017-06-104-10/+42
| | | | | | | | | This allows lookups to be confined to one partition, which in turn avoids issues when running this against MS Windows, which does not match Samba behaviour for dns_common_zones() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydsdb_dns: Use TypeError not LdbError for mismatched typesAndrew Bartlett2017-06-101-12/+3
| | | | | | | This avoids the samba-tool command handling code blowing up when trying to parse an LdbError Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydns: Also return the DN of the LDB object when finding a DNS recordAndrew Bartlett2017-06-101-2/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydns: Fix leak of talloc_stackframe() in python bindingsAndrew Bartlett2017-06-101-3/+20
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:dlz_bind9: assert SPNEGO/KRB5 and use gensec_update()Stefan Metzmacher2017-05-211-4/+38
| | | | | | | This avoids using gensec_update_ev() with a nested event loop. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dns_server: use samba_server_gensec_krb5_start() and gensec_update() in ↵Stefan Metzmacher2017-05-211-9/+28
| | | | | | | | | dns_query.c This avoids using gensec_update_ev() with a nested event loop. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4: Add TALLOC_CTX * to register_server_service().Jeremy Allison2017-05-111-1/+1
| | | | | | | | Use the passed in context from callers. Remove one talloc_autofree_context(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2017-04-221-2/+2
| | | | | | | | | | | | | | | | | | | | XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
* dns: Provide local and remote socket address to GENSECAndrew Bartlett2017-03-293-2/+36
| | | | | | | | This can be used for logging and for Kerberos channel bindings Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
View Lorry Controller Status