The branch, master has been updated
via f9eaf4dc713 dns: Always return SOA record for records we should know
via 8dbb8643499 dns: Extend DNS tests to check the SOA record is always
returned
from f5f89b1b990 ctdb: Use TALLOC_FREE() in a few places
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f9eaf4dc713bab48703a053c9446b6becabe18dc
Author: Samuel Cabrero <[email protected]>
Date: Tue Oct 8 13:30:18 2019 +0200
dns: Always return SOA record for records we should know
Regression introduced by commit 4b54e14b7cf456e327b176b365e8471e0899210b,
where the number of returned records is not set by talloc_array_length
when the record is not found.
Found by DELL EMC at SDC SMB3 plugfest trying to perform a secure DNS
update.
Signed-off-by: Samuel Cabrero <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Samuel Cabrero <[email protected]>
Autobuild-Date(master): Fri Nov 8 12:31:30 UTC 2019 on sn-devel-184
commit 8dbb8643499c495474f28071750cbfc2da5b60f0
Author: Samuel Cabrero <[email protected]>
Date: Tue Oct 8 13:29:28 2019 +0200
dns: Extend DNS tests to check the SOA record is always returned
Signed-off-by: Samuel Cabrero <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/dns.py | 19 +++++++++++++++++++
source4/dns_server/dns_query.c | 33 +++++++++++++++++++++++++--------
2 files changed, 44 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 275d4fcd692..1dd1f549a33 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -264,6 +264,25 @@ class TestSimpleQueries(DNSTest):
# But we do respond with an authority section
self.assertEqual(response.nscount, 1)
+ def test_soa_unknown_hostname_query(self):
+ "create a SOA query for an unknown hostname"
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ name = "foobar.%s" % (self.get_dns_domain())
+ q = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ # We don't get SOA records for single hosts
+ self.assertEquals(response.ancount, 0)
+ # But we do respond with an authority section
+ self.assertEqual(response.nscount, 1)
+
def test_soa_domain_query(self):
"create a SOA query for a domain"
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index b75fabe7e82..762bcca6fb6 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -645,20 +645,12 @@ static void handle_authoritative_done(struct tevent_req
*subreq)
static WERROR handle_authoritative_recv(struct tevent_req *req)
{
- struct handle_authoritative_state *state = tevent_req_data(
- req, struct handle_authoritative_state);
WERROR werr;
if (tevent_req_is_werror(req, &werr)) {
return werr;
}
- werr = add_zone_authority_record(state->dns, state, state->question,
- state->nsrecs);
- if (!W_ERROR_IS_OK(werr)) {
- return werr;
- }
-
return WERR_OK;
}
@@ -1091,6 +1083,7 @@ static void dns_server_process_query_got_auth(struct
tevent_req *subreq)
struct dns_server_process_query_state *state = tevent_req_data(
req, struct dns_server_process_query_state);
WERROR werr;
+ WERROR werr2;
werr = handle_authoritative_recv(subreq);
TALLOC_FREE(subreq);
@@ -1103,6 +1096,20 @@ static void dns_server_process_query_got_auth(struct
tevent_req *subreq)
/* If you have run out of forwarders, simply finish */
if (state->forwarders == NULL) {
+ werr2 = add_zone_authority_record(state->dns,
+ state,
+ state->question,
+ &state->nsrecs);
+ if (tevent_req_werror(req, werr2)) {
+ DBG_WARNING("Failed to add SOA record: %s\n",
+ win_errstr(werr2));
+ return;
+ }
+
+ state->ancount = talloc_array_length(state->answers);
+ state->nscount = talloc_array_length(state->nsrecs);
+ state->arcount = talloc_array_length(state->additional);
+
tevent_req_werror(req, werr);
return;
}
@@ -1125,6 +1132,16 @@ static void dns_server_process_query_got_auth(struct
tevent_req *subreq)
return;
}
+ werr2 = add_zone_authority_record(state->dns,
+ state,
+ state->question,
+ &state->nsrecs);
+ if (tevent_req_werror(req, werr2)) {
+ DBG_WARNING("Failed to add SOA record: %s\n",
+ win_errstr(werr2));
+ return;
+ }
+
state->ancount = talloc_array_length(state->answers);
state->nscount = talloc_array_length(state->nsrecs);
state->arcount = talloc_array_length(state->additional);
--
Samba Shared Repository
