From f9eaf4dc713bab48703a053c9446b6becabe18dc Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@samba.org>
Date: Tue, 8 Oct 2019 13:30:18 +0200
Subject: dns: Always return SOA record for records we should know

Regression introduced by commit 4b54e14b7cf456e327b176b365e8471e0899210b,
where the number of returned records is not set by talloc_array_length
when the record is not found.

Found by DELL EMC at SDC SMB3 plugfest trying to perform a secure DNS
update.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Fri Nov  8 12:31:30 UTC 2019 on sn-devel-184
---
 source4/dns_server/dns_query.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index b75fabe7e82..762bcca6fb6 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -645,20 +645,12 @@ static void handle_authoritative_done(struct tevent_req *subreq)
 
 static WERROR handle_authoritative_recv(struct tevent_req *req)
 {
-	struct handle_authoritative_state *state = tevent_req_data(
-		req, struct handle_authoritative_state);
 	WERROR werr;
 
 	if (tevent_req_is_werror(req, &werr)) {
 		return werr;
 	}
 
-	werr = add_zone_authority_record(state->dns, state, state->question,
-					 state->nsrecs);
-	if (!W_ERROR_IS_OK(werr)) {
-		return werr;
-	}
-
 	return WERR_OK;
 }
 
@@ -1091,6 +1083,7 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
 	struct dns_server_process_query_state *state = tevent_req_data(
 		req, struct dns_server_process_query_state);
 	WERROR werr;
+	WERROR werr2;
 
 	werr = handle_authoritative_recv(subreq);
 	TALLOC_FREE(subreq);
@@ -1103,6 +1096,20 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
 
 		/* If you have run out of forwarders, simply finish */
 		if (state->forwarders == NULL) {
+			werr2 = add_zone_authority_record(state->dns,
+							  state,
+							  state->question,
+							  &state->nsrecs);
+			if (tevent_req_werror(req, werr2)) {
+				DBG_WARNING("Failed to add SOA record: %s\n",
+					    win_errstr(werr2));
+				return;
+			}
+
+			state->ancount = talloc_array_length(state->answers);
+			state->nscount = talloc_array_length(state->nsrecs);
+			state->arcount = talloc_array_length(state->additional);
+
 			tevent_req_werror(req, werr);
 			return;
 		}
@@ -1125,6 +1132,16 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
 		return;
 	}
 
+	werr2 = add_zone_authority_record(state->dns,
+					  state,
+					  state->question,
+					  &state->nsrecs);
+	if (tevent_req_werror(req, werr2)) {
+		DBG_WARNING("Failed to add SOA record: %s\n",
+				win_errstr(werr2));
+		return;
+	}
+
 	state->ancount = talloc_array_length(state->answers);
 	state->nscount = talloc_array_length(state->nsrecs);
 	state->arcount = talloc_array_length(state->additional);
-- 
cgit v1.2.1