2010-12-06 14:12:07 +11:00
/*
Unix SMB / CIFS implementation .
bind9 dlz driver for Samba
Copyright ( C ) 2010 Andrew Tridgell
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
# include "talloc.h"
# include "param/param.h"
2010-12-08 09:04:49 +11:00
# include "lib/events/events.h"
2010-12-06 14:12:07 +11:00
# include "dsdb/samdb/samdb.h"
# include "dsdb/common/util.h"
2011-11-02 14:32:37 +11:00
# include "auth/auth.h"
2010-12-06 14:12:07 +11:00
# include "auth/session.h"
2010-12-08 09:04:49 +11:00
# include "auth/gensec/gensec.h"
2011-11-02 14:32:37 +11:00
# include "librpc/gen_ndr/security.h"
# include "auth/credentials/credentials.h"
# include "system/kerberos.h"
# include "auth/kerberos/kerberos.h"
2010-12-06 14:12:07 +11:00
# include "gen_ndr/ndr_dnsp.h"
2011-11-02 14:32:37 +11:00
# include "gen_ndr/server_id.h"
# include "messaging/messaging.h"
2015-03-16 11:26:16 +13:00
# include <popt.h>
2013-10-02 17:28:45 +10:00
# include "lib/util/dlinklist.h"
2010-12-15 15:02:09 +11:00
# include "dlz_minimal.h"
2018-06-05 17:12:44 +12:00
# include "dnsserver_common.h"
2020-07-03 08:11:20 +02:00
# include "lib/util/smb_strtox.h"
2018-11-23 15:56:59 +01:00
# include "lib/util/access.h"
2011-11-02 14:32:37 +11:00
2020-08-07 13:27:39 -07:00
# undef strcasecmp
2011-11-02 14:32:37 +11:00
struct b9_options {
const char * url ;
2011-12-06 12:01:42 +11:00
const char * debug ;
2011-11-02 14:32:37 +11:00
} ;
2013-10-02 17:28:45 +10:00
struct b9_zone {
char * name ;
struct b9_zone * prev , * next ;
} ;
2010-12-06 14:12:07 +11:00
struct dlz_bind9_data {
2011-11-02 14:32:37 +11:00
struct b9_options options ;
2010-12-06 14:12:07 +11:00
struct ldb_context * samdb ;
struct tevent_context * ev_ctx ;
struct loadparm_context * lp ;
2010-12-15 21:46:05 +11:00
int * transaction_token ;
2010-12-21 20:53:58 +11:00
uint32_t soa_serial ;
2013-10-02 17:28:45 +10:00
struct b9_zone * zonelist ;
2010-12-06 14:12:07 +11:00
2011-11-02 14:32:37 +11:00
/* Used for dynamic update */
struct smb_krb5_context * smb_krb5_ctx ;
2012-01-03 15:39:20 +11:00
struct auth4_context * auth_context ;
2011-11-30 16:06:08 +11:00
struct auth_session_info * session_info ;
char * update_name ;
2011-11-02 14:32:37 +11:00
2010-12-06 14:12:07 +11:00
/* helper functions from the dlz_dlopen driver */
2012-03-08 18:34:04 +11:00
log_t * log ;
dns_sdlz_putrr_t * putrr ;
dns_sdlz_putnamedrr_t * putnamedrr ;
dns_dlz_writeablezone_t * writeable_zone ;
2010-12-15 15:02:09 +11:00
} ;
2012-05-23 11:52:16 +10:00
static struct dlz_bind9_data * dlz_bind9_state = NULL ;
static int dlz_bind9_state_ref_count = 0 ;
2010-12-15 15:02:09 +11:00
static const char * zone_prefixes [ ] = {
" CN=MicrosoftDNS,DC=DomainDnsZones " ,
" CN=MicrosoftDNS,DC=ForestDnsZones " ,
2011-09-16 15:36:08 +02:00
" CN=MicrosoftDNS,CN=System " ,
2010-12-15 15:02:09 +11:00
NULL
2010-12-06 14:12:07 +11:00
} ;
2019-04-05 11:13:15 +13:00
/*
* Get a printable string representation of an isc_result_t
*/
static const char * isc_result_str ( const isc_result_t result ) {
switch ( result ) {
case ISC_R_SUCCESS :
return " ISC_R_SUCCESS " ;
case ISC_R_NOMEMORY :
return " ISC_R_NOMEMORY " ;
case ISC_R_NOPERM :
return " ISC_R_NOPERM " ;
case ISC_R_NOSPACE :
return " ISC_R_NOSPACE " ;
case ISC_R_NOTFOUND :
return " ISC_R_NOTFOUND " ;
case ISC_R_FAILURE :
return " ISC_R_FAILURE " ;
case ISC_R_NOTIMPLEMENTED :
return " ISC_R_NOTIMPLEMENTED " ;
case ISC_R_NOMORE :
return " ISC_R_NOMORE " ;
case ISC_R_INVALIDFILE :
return " ISC_R_INVALIDFILE " ;
case ISC_R_UNEXPECTED :
return " ISC_R_UNEXPECTED " ;
case ISC_R_FILENOTFOUND :
return " ISC_R_FILENOTFOUND " ;
default :
return " UNKNOWN " ;
}
}
2010-12-06 14:12:07 +11:00
/*
return the version of the API
*/
2010-12-06 16:56:18 +11:00
_PUBLIC_ int dlz_version ( unsigned int * flags )
2010-12-06 14:12:07 +11:00
{
return DLZ_DLOPEN_VERSION ;
}
/*
remember a helper function from the bind9 dlz_dlopen driver
*/
static void b9_add_helper ( struct dlz_bind9_data * state , const char * helper_name , void * ptr )
{
if ( strcmp ( helper_name , " log " ) = = 0 ) {
state - > log = ptr ;
}
if ( strcmp ( helper_name , " putrr " ) = = 0 ) {
state - > putrr = ptr ;
}
if ( strcmp ( helper_name , " putnamedrr " ) = = 0 ) {
state - > putnamedrr = ptr ;
}
2010-12-15 15:02:09 +11:00
if ( strcmp ( helper_name , " writeable_zone " ) = = 0 ) {
state - > writeable_zone = ptr ;
}
2010-12-06 14:12:07 +11:00
}
2014-11-03 11:57:50 +11:00
/*
* Add a trailing ' . ' if it ' s missing
*/
static const char * b9_format_fqdn ( TALLOC_CTX * mem_ctx , const char * str )
{
size_t len ;
const char * tmp ;
if ( str = = NULL | | str [ 0 ] = = ' \0 ' ) {
return str ;
}
len = strlen ( str ) ;
if ( str [ len - 1 ] ! = ' . ' ) {
tmp = talloc_asprintf ( mem_ctx , " %s. " , str ) ;
} else {
tmp = str ;
}
return tmp ;
}
2010-12-06 14:12:07 +11:00
/*
2022-04-13 12:09:08 +12:00
* Format a record for bind9 .
*
* On failure / error returns false , OR sets * data to NULL .
* Callers should check for both !
2010-12-06 14:12:07 +11:00
*/
static bool b9_format ( struct dlz_bind9_data * state ,
TALLOC_CTX * mem_ctx ,
struct dnsp_DnssrvRpcRecord * rec ,
const char * * type , const char * * data )
{
2012-02-28 14:14:07 +11:00
uint32_t i ;
char * tmp ;
2014-11-03 11:57:50 +11:00
const char * fqdn ;
2012-02-28 14:14:07 +11:00
2010-12-06 14:12:07 +11:00
switch ( rec - > wType ) {
case DNS_TYPE_A :
* type = " a " ;
* data = rec - > data . ipv4 ;
break ;
case DNS_TYPE_AAAA :
* type = " aaaa " ;
* data = rec - > data . ipv6 ;
break ;
case DNS_TYPE_CNAME :
* type = " cname " ;
2014-11-03 11:57:50 +11:00
* data = b9_format_fqdn ( mem_ctx , rec - > data . cname ) ;
2010-12-06 14:12:07 +11:00
break ;
case DNS_TYPE_TXT :
* type = " txt " ;
2012-02-28 14:14:07 +11:00
tmp = talloc_asprintf ( mem_ctx , " \" %s \" " , rec - > data . txt . str [ 0 ] ) ;
for ( i = 1 ; i < rec - > data . txt . count ; i + + ) {
2022-11-29 10:37:03 +01:00
talloc_asprintf_addbuf ( & tmp , " \" %s \" " , rec - > data . txt . str [ i ] ) ;
2012-02-28 14:14:07 +11:00
}
* data = tmp ;
2010-12-06 14:12:07 +11:00
break ;
case DNS_TYPE_PTR :
* type = " ptr " ;
2014-11-03 11:57:50 +11:00
* data = b9_format_fqdn ( mem_ctx , rec - > data . ptr ) ;
2010-12-06 14:12:07 +11:00
break ;
case DNS_TYPE_SRV :
* type = " srv " ;
2014-11-03 11:57:50 +11:00
fqdn = b9_format_fqdn ( mem_ctx , rec - > data . srv . nameTarget ) ;
if ( fqdn = = NULL ) {
return false ;
}
2010-12-06 14:12:07 +11:00
* data = talloc_asprintf ( mem_ctx , " %u %u %u %s " ,
rec - > data . srv . wPriority ,
rec - > data . srv . wWeight ,
rec - > data . srv . wPort ,
2014-11-03 11:57:50 +11:00
fqdn ) ;
2010-12-06 14:12:07 +11:00
break ;
case DNS_TYPE_MX :
* type = " mx " ;
2014-11-03 11:57:50 +11:00
fqdn = b9_format_fqdn ( mem_ctx , rec - > data . mx . nameTarget ) ;
if ( fqdn = = NULL ) {
return false ;
}
2010-12-06 14:12:07 +11:00
* data = talloc_asprintf ( mem_ctx , " %u %s " ,
2014-11-03 11:57:50 +11:00
rec - > data . mx . wPriority , fqdn ) ;
2010-12-06 14:12:07 +11:00
break ;
case DNS_TYPE_NS :
* type = " ns " ;
2014-11-03 11:57:50 +11:00
* data = b9_format_fqdn ( mem_ctx , rec - > data . ns ) ;
2010-12-06 14:12:07 +11:00
break ;
2010-12-21 13:26:15 +11:00
case DNS_TYPE_SOA : {
2024-04-04 11:28:39 +02:00
const char * dns_hostname = NULL ;
2010-12-21 13:26:15 +11:00
const char * mname ;
2010-12-06 14:12:07 +11:00
* type = " soa " ;
2010-12-21 13:26:15 +11:00
/* we need to fake the authoritative nameserver to
2010-12-22 12:13:44 +11:00
* point at ourselves . This is how AD DNS servers
2010-12-21 13:26:15 +11:00
* force clients to send updates to the right local DC
*/
2024-04-04 11:28:39 +02:00
dns_hostname = lpcfg_dns_hostname ( state - > lp ) ;
if ( dns_hostname = = NULL ) {
2010-12-21 13:26:15 +11:00
return false ;
}
2024-04-04 11:28:39 +02:00
mname = talloc_asprintf ( mem_ctx , " %s. " , dns_hostname ) ;
2010-12-21 13:26:15 +11:00
if ( mname = = NULL ) {
return false ;
}
2014-11-03 11:57:50 +11:00
fqdn = b9_format_fqdn ( mem_ctx , rec - > data . soa . rname ) ;
if ( fqdn = = NULL ) {
return false ;
}
2010-12-21 20:53:58 +11:00
state - > soa_serial = rec - > data . soa . serial ;
2010-12-06 14:12:07 +11:00
* data = talloc_asprintf ( mem_ctx , " %s %s %u %u %u %u %u " ,
2014-11-03 11:57:50 +11:00
mname , fqdn ,
2010-12-06 14:12:07 +11:00
rec - > data . soa . serial ,
rec - > data . soa . refresh ,
rec - > data . soa . retry ,
rec - > data . soa . expire ,
rec - > data . soa . minimum ) ;
break ;
2010-12-21 13:26:15 +11:00
}
2010-12-06 14:12:07 +11:00
default :
2014-05-18 19:16:06 +02:00
state - > log ( ISC_LOG_ERROR , " samba_dlz b9_format: unhandled record type %u " ,
2010-12-06 14:12:07 +11:00
rec - > wType ) ;
return false ;
}
return true ;
}
2010-12-15 21:46:05 +11:00
static const struct {
enum dns_record_type dns_type ;
const char * typestr ;
bool single_valued ;
} dns_typemap [ ] = {
{ DNS_TYPE_A , " A " , false } ,
{ DNS_TYPE_AAAA , " AAAA " , false } ,
{ DNS_TYPE_CNAME , " CNAME " , true } ,
{ DNS_TYPE_TXT , " TXT " , false } ,
{ DNS_TYPE_PTR , " PTR " , false } ,
{ DNS_TYPE_SRV , " SRV " , false } ,
{ DNS_TYPE_MX , " MX " , false } ,
{ DNS_TYPE_NS , " NS " , false } ,
{ DNS_TYPE_SOA , " SOA " , true } ,
} ;
/*
see if a DNS type is single valued
*/
static bool b9_single_valued ( enum dns_record_type dns_type )
{
int i ;
for ( i = 0 ; i < ARRAY_SIZE ( dns_typemap ) ; i + + ) {
if ( dns_typemap [ i ] . dns_type = = dns_type ) {
return dns_typemap [ i ] . single_valued ;
}
}
return false ;
}
/*
2021-04-13 06:34:23 +12:00
get a DNS_TYPE_ * value from the corresponding string
2010-12-15 21:46:05 +11:00
*/
2011-01-13 11:10:27 +11:00
static bool b9_dns_type ( const char * type , enum dns_record_type * dtype )
2010-12-15 21:46:05 +11:00
{
int i ;
for ( i = 0 ; i < ARRAY_SIZE ( dns_typemap ) ; i + + ) {
if ( strcasecmp ( dns_typemap [ i ] . typestr , type ) = = 0 ) {
2011-01-13 11:10:27 +11:00
* dtype = dns_typemap [ i ] . dns_type ;
return true ;
2010-12-15 21:46:05 +11:00
}
}
2011-01-13 11:10:27 +11:00
return false ;
2010-12-15 21:46:05 +11:00
}
# define DNS_PARSE_STR(ret, str, sep, saveptr) do { \
( ret ) = strtok_r ( str , sep , & saveptr ) ; \
if ( ( ret ) = = NULL ) return false ; \
} while ( 0 )
# define DNS_PARSE_UINT(ret, str, sep, saveptr) do { \
char * istr = strtok_r ( str , sep , & saveptr ) ; \
2019-01-30 09:31:34 +01:00
int error = 0 ; \
2010-12-15 21:46:05 +11:00
if ( ( istr ) = = NULL ) return false ; \
2019-06-04 09:06:37 +02:00
( ret ) = smb_strtoul ( istr , NULL , 10 , & error , SMB_STR_STANDARD ) ; \
2019-01-30 09:31:34 +01:00
if ( error ! = 0 ) { \
return false ; \
} \
2010-12-15 21:46:05 +11:00
} while ( 0 )
2010-12-15 15:02:09 +11:00
/*
parse a record from bind9
*/
static bool b9_parse ( struct dlz_bind9_data * state ,
2010-12-15 21:46:05 +11:00
const char * rdatastr ,
struct dnsp_DnssrvRpcRecord * rec )
2010-12-15 15:02:09 +11:00
{
2010-12-15 21:46:05 +11:00
char * full_name , * dclass , * type ;
2012-02-28 14:14:07 +11:00
char * str , * tmp , * saveptr = NULL ;
2010-12-15 21:46:05 +11:00
int i ;
str = talloc_strdup ( rec , rdatastr ) ;
if ( str = = NULL ) {
return false ;
}
/* parse the SDLZ string form */
DNS_PARSE_STR ( full_name , str , " \t " , saveptr ) ;
DNS_PARSE_UINT ( rec - > dwTtlSeconds , NULL , " \t " , saveptr ) ;
DNS_PARSE_STR ( dclass , NULL , " \t " , saveptr ) ;
DNS_PARSE_STR ( type , NULL , " \t " , saveptr ) ;
/* construct the record */
for ( i = 0 ; i < ARRAY_SIZE ( dns_typemap ) ; i + + ) {
if ( strcasecmp ( type , dns_typemap [ i ] . typestr ) = = 0 ) {
rec - > wType = dns_typemap [ i ] . dns_type ;
break ;
}
}
if ( i = = ARRAY_SIZE ( dns_typemap ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: unsupported record type '%s' for '%s' " ,
type , full_name ) ;
return false ;
}
switch ( rec - > wType ) {
case DNS_TYPE_A :
DNS_PARSE_STR ( rec - > data . ipv4 , NULL , " " , saveptr ) ;
break ;
case DNS_TYPE_AAAA :
DNS_PARSE_STR ( rec - > data . ipv6 , NULL , " " , saveptr ) ;
break ;
case DNS_TYPE_CNAME :
DNS_PARSE_STR ( rec - > data . cname , NULL , " " , saveptr ) ;
break ;
case DNS_TYPE_TXT :
2012-02-28 14:14:07 +11:00
rec - > data . txt . count = 0 ;
rec - > data . txt . str = talloc_array ( rec , const char * , rec - > data . txt . count ) ;
tmp = strtok_r ( NULL , " \t " , & saveptr ) ;
while ( tmp ) {
rec - > data . txt . str = talloc_realloc ( rec , rec - > data . txt . str , const char * ,
rec - > data . txt . count + 1 ) ;
if ( tmp [ 0 ] = = ' " ' ) {
/* Strip quotes */
rec - > data . txt . str [ rec - > data . txt . count ] = talloc_strndup ( rec , & tmp [ 1 ] , strlen ( tmp ) - 2 ) ;
} else {
rec - > data . txt . str [ rec - > data . txt . count ] = talloc_strdup ( rec , tmp ) ;
}
rec - > data . txt . count + + ;
tmp = strtok_r ( NULL , " " , & saveptr ) ;
}
2010-12-15 21:46:05 +11:00
break ;
case DNS_TYPE_PTR :
DNS_PARSE_STR ( rec - > data . ptr , NULL , " " , saveptr ) ;
break ;
case DNS_TYPE_SRV :
DNS_PARSE_UINT ( rec - > data . srv . wPriority , NULL , " " , saveptr ) ;
DNS_PARSE_UINT ( rec - > data . srv . wWeight , NULL , " " , saveptr ) ;
DNS_PARSE_UINT ( rec - > data . srv . wPort , NULL , " " , saveptr ) ;
DNS_PARSE_STR ( rec - > data . srv . nameTarget , NULL , " " , saveptr ) ;
break ;
case DNS_TYPE_MX :
DNS_PARSE_UINT ( rec - > data . mx . wPriority , NULL , " " , saveptr ) ;
DNS_PARSE_STR ( rec - > data . mx . nameTarget , NULL , " " , saveptr ) ;
break ;
case DNS_TYPE_NS :
DNS_PARSE_STR ( rec - > data . ns , NULL , " " , saveptr ) ;
break ;
case DNS_TYPE_SOA :
DNS_PARSE_STR ( rec - > data . soa . mname , NULL , " " , saveptr ) ;
DNS_PARSE_STR ( rec - > data . soa . rname , NULL , " " , saveptr ) ;
DNS_PARSE_UINT ( rec - > data . soa . serial , NULL , " " , saveptr ) ;
DNS_PARSE_UINT ( rec - > data . soa . refresh , NULL , " " , saveptr ) ;
DNS_PARSE_UINT ( rec - > data . soa . retry , NULL , " " , saveptr ) ;
DNS_PARSE_UINT ( rec - > data . soa . expire , NULL , " " , saveptr ) ;
DNS_PARSE_UINT ( rec - > data . soa . minimum , NULL , " " , saveptr ) ;
break ;
default :
2014-05-18 19:16:06 +02:00
state - > log ( ISC_LOG_ERROR , " samba_dlz b9_parse: unhandled record type %u " ,
2010-12-15 21:46:05 +11:00
rec - > wType ) ;
return false ;
}
/* we should be at the end of the buffer now */
if ( strtok_r ( NULL , " \t " , & saveptr ) ! = NULL ) {
2014-05-18 19:16:06 +02:00
state - > log ( ISC_LOG_ERROR , " samba_dlz b9_parse: unexpected data at end of string for '%s' " ,
2012-11-05 01:09:28 +11:00
rdatastr ) ;
2010-12-15 21:46:05 +11:00
return false ;
}
return true ;
2010-12-15 15:02:09 +11:00
}
2010-12-06 14:12:07 +11:00
/*
2012-11-05 01:09:28 +11:00
send a resource record to bind9
2010-12-06 14:12:07 +11:00
*/
static isc_result_t b9_putrr ( struct dlz_bind9_data * state ,
void * handle , struct dnsp_DnssrvRpcRecord * rec ,
const char * * types )
{
isc_result_t result ;
const char * type , * data ;
TALLOC_CTX * tmp_ctx = talloc_new ( state ) ;
if ( ! b9_format ( state , tmp_ctx , rec , & type , & data ) ) {
return ISC_R_FAILURE ;
}
if ( data = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
if ( types ) {
int i ;
for ( i = 0 ; types [ i ] ; i + + ) {
if ( strcmp ( types [ i ] , type ) = = 0 ) break ;
}
if ( types [ i ] = = NULL ) {
/* skip it */
return ISC_R_SUCCESS ;
}
}
2010-12-06 17:18:30 +11:00
result = state - > putrr ( handle , type , rec - > dwTtlSeconds , data ) ;
2010-12-06 14:12:07 +11:00
if ( result ! = ISC_R_SUCCESS ) {
state - > log ( ISC_LOG_ERROR , " Failed to put rr " ) ;
}
talloc_free ( tmp_ctx ) ;
return result ;
}
/*
2012-11-05 01:09:28 +11:00
send a named resource record to bind9
2010-12-06 14:12:07 +11:00
*/
static isc_result_t b9_putnamedrr ( struct dlz_bind9_data * state ,
void * handle , const char * name ,
struct dnsp_DnssrvRpcRecord * rec )
{
isc_result_t result ;
const char * type , * data ;
TALLOC_CTX * tmp_ctx = talloc_new ( state ) ;
if ( ! b9_format ( state , tmp_ctx , rec , & type , & data ) ) {
return ISC_R_FAILURE ;
}
if ( data = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
2010-12-06 17:18:30 +11:00
result = state - > putnamedrr ( handle , name , type , rec - > dwTtlSeconds , data ) ;
2010-12-06 14:12:07 +11:00
if ( result ! = ISC_R_SUCCESS ) {
state - > log ( ISC_LOG_ERROR , " Failed to put named rr '%s' " , name ) ;
}
talloc_free ( tmp_ctx ) ;
return result ;
}
2010-12-06 16:57:12 +11:00
/*
parse options
*/
static isc_result_t parse_options ( struct dlz_bind9_data * state ,
2014-02-27 09:59:51 +01:00
unsigned int argc , const char * * argv ,
2010-12-08 09:04:49 +11:00
struct b9_options * options )
2010-12-06 16:57:12 +11:00
{
2011-12-06 12:01:42 +11:00
int opt ;
poptContext pc ;
struct poptOption long_options [ ] = {
{ " url " , ' H ' , POPT_ARG_STRING , & options - > url , 0 , " database URL " , " URL " } ,
{ " debug " , ' d ' , POPT_ARG_STRING , & options - > debug , 0 , " debug level " , " DEBUG " } ,
2020-05-05 13:47:39 +12:00
{ 0 }
2011-12-06 12:01:42 +11:00
} ;
2014-02-27 09:59:51 +01:00
pc = poptGetContext ( " dlz_bind9 " , argc , argv , long_options ,
2011-12-06 12:01:42 +11:00
POPT_CONTEXT_KEEP_FIRST ) ;
while ( ( opt = poptGetNextOpt ( pc ) ) ! = - 1 ) {
switch ( opt ) {
default :
state - > log ( ISC_LOG_ERROR , " dlz_bind9: Invalid option %s: %s " ,
poptBadOption ( pc , 0 ) , poptStrerror ( opt ) ) ;
2019-08-19 14:33:33 +02:00
poptFreeContext ( pc ) ;
2011-12-06 12:01:42 +11:00
return ISC_R_FAILURE ;
2010-12-06 16:57:12 +11:00
}
2010-12-08 09:04:49 +11:00
}
2019-08-19 14:33:33 +02:00
poptFreeContext ( pc ) ;
2010-12-08 09:04:49 +11:00
return ISC_R_SUCCESS ;
}
2012-01-03 15:39:20 +11:00
/*
* Create session info from PAC
* This is called as auth_context - > generate_session_info_pac ( )
*/
static NTSTATUS b9_generate_session_info_pac ( struct auth4_context * auth_context ,
TALLOC_CTX * mem_ctx ,
struct smb_krb5_context * smb_krb5_context ,
DATA_BLOB * pac_blob ,
const char * principal_name ,
const struct tsocket_address * remote_addr ,
uint32_t session_info_flags ,
struct auth_session_info * * session_info )
{
NTSTATUS status ;
struct auth_user_info_dc * user_info_dc ;
TALLOC_CTX * tmp_ctx ;
tmp_ctx = talloc_new ( mem_ctx ) ;
NT_STATUS_HAVE_NO_MEMORY ( tmp_ctx ) ;
status = kerberos_pac_blob_to_user_info_dc ( tmp_ctx ,
* pac_blob ,
smb_krb5_context - > krb5_context ,
& user_info_dc ,
NULL ,
NULL ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
talloc_free ( tmp_ctx ) ;
return status ;
}
2022-12-12 10:50:01 +13:00
if ( ! ( user_info_dc - > info - > user_flags & NETLOGON_GUEST ) ) {
2012-01-25 10:00:31 +11:00
session_info_flags | = AUTH_SESSION_INFO_AUTHENTICATED ;
}
2012-01-03 15:39:20 +11:00
session_info_flags | = AUTH_SESSION_INFO_SIMPLE_PRIVILEGES ;
2012-01-25 10:00:31 +11:00
2023-09-15 10:28:34 +12:00
status = auth_generate_session_info ( mem_ctx , auth_context - > lp_ctx , NULL , user_info_dc ,
2012-01-03 15:39:20 +11:00
session_info_flags , session_info ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
talloc_free ( tmp_ctx ) ;
return status ;
}
talloc_free ( tmp_ctx ) ;
return status ;
}
2012-03-08 12:21:56 +11:00
/* Callback for the DEBUG() system, to catch the remaining messages */
static void b9_debug ( void * private_ptr , int msg_level , const char * msg )
{
static const int isc_log_map [ ] = {
ISC_LOG_CRITICAL , /* 0 */
ISC_LOG_ERROR , /* 1 */
ISC_LOG_WARNING , /* 2 */
ISC_LOG_NOTICE /* 3 */
} ;
struct dlz_bind9_data * state = private_ptr ;
int isc_log_level ;
2023-08-02 10:37:18 +02:00
2012-03-08 12:21:56 +11:00
if ( msg_level > = ARRAY_SIZE ( isc_log_map ) | | msg_level < 0 ) {
isc_log_level = ISC_LOG_INFO ;
} else {
isc_log_level = isc_log_map [ msg_level ] ;
}
state - > log ( isc_log_level , " samba_dlz: %s " , msg ) ;
}
2012-05-23 11:53:59 +10:00
static int dlz_state_debug_unregister ( struct dlz_bind9_data * state )
2012-03-08 12:21:56 +11:00
{
/* Stop logging (to the bind9 logs) */
debug_set_callback ( NULL , NULL ) ;
2012-05-23 11:53:59 +10:00
return 0 ;
2012-03-08 12:21:56 +11:00
}
2012-01-03 15:39:20 +11:00
2010-12-06 14:12:07 +11:00
/*
called to initialise the driver
*/
_PUBLIC_ isc_result_t dlz_create ( const char * dlzname ,
2014-02-27 09:59:51 +01:00
unsigned int argc , const char * * argv ,
2010-12-15 15:02:09 +11:00
void * * dbdata , . . . )
2010-12-06 14:12:07 +11:00
{
struct dlz_bind9_data * state ;
const char * helper_name ;
va_list ap ;
isc_result_t result ;
struct ldb_dn * dn ;
2011-11-02 14:32:37 +11:00
NTSTATUS nt_status ;
2017-09-14 15:02:36 +12:00
int ret ;
char * errstring = NULL ;
2010-12-06 14:12:07 +11:00
2012-05-23 11:52:16 +10:00
if ( dlz_bind9_state ! = NULL ) {
2018-10-15 16:52:40 +13:00
dlz_bind9_state - > log ( ISC_LOG_ERROR ,
" samba_dlz: dlz_create ignored, #refs=%d " ,
dlz_bind9_state_ref_count ) ;
2012-05-23 11:52:16 +10:00
* dbdata = dlz_bind9_state ;
dlz_bind9_state_ref_count + + ;
return ISC_R_SUCCESS ;
}
2010-12-06 14:12:07 +11:00
state = talloc_zero ( NULL , struct dlz_bind9_data ) ;
if ( state = = NULL ) {
return ISC_R_NOMEMORY ;
}
2012-03-08 12:21:56 +11:00
talloc_set_destructor ( state , dlz_state_debug_unregister ) ;
2010-12-06 14:12:07 +11:00
/* fill in the helper functions */
va_start ( ap , dbdata ) ;
while ( ( helper_name = va_arg ( ap , const char * ) ) ! = NULL ) {
b9_add_helper ( state , helper_name , va_arg ( ap , void * ) ) ;
}
va_end ( ap ) ;
2011-12-06 12:01:42 +11:00
/* Do not install samba signal handlers */
fault_setup_disable ( ) ;
2012-03-08 12:21:56 +11:00
/* Start logging (to the bind9 logs) */
debug_set_callback ( state , b9_debug ) ;
2011-12-06 10:51:01 +11:00
2010-12-08 09:04:49 +11:00
state - > ev_ctx = s4_event_context_init ( state ) ;
2010-12-06 14:12:07 +11:00
if ( state - > ev_ctx = = NULL ) {
result = ISC_R_NOMEMORY ;
goto failed ;
}
2011-11-02 14:32:37 +11:00
result = parse_options ( state , argc , argv , & state - > options ) ;
2010-12-08 09:58:52 +11:00
if ( result ! = ISC_R_SUCCESS ) {
goto failed ;
}
state - > lp = loadparm_init_global ( true ) ;
if ( state - > lp = = NULL ) {
result = ISC_R_NOMEMORY ;
goto failed ;
}
2011-12-06 12:01:42 +11:00
if ( state - > options . debug ) {
lpcfg_do_global_parameter ( state - > lp , " log level " , state - > options . debug ) ;
} else {
lpcfg_do_global_parameter ( state - > lp , " log level " , " 0 " ) ;
}
2014-04-17 22:35:33 +12:00
if ( smb_krb5_init_context ( state , state - > lp , & state - > smb_krb5_ctx ) ! = 0 ) {
2011-11-02 14:32:37 +11:00
result = ISC_R_NOMEMORY ;
goto failed ;
}
nt_status = gensec_init ( ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
2012-01-03 15:39:20 +11:00
result = ISC_R_NOMEMORY ;
goto failed ;
}
state - > auth_context = talloc_zero ( state , struct auth4_context ) ;
if ( state - > auth_context = = NULL ) {
result = ISC_R_NOMEMORY ;
goto failed ;
2011-11-02 14:32:37 +11:00
}
if ( state - > options . url = = NULL ) {
2017-08-22 17:10:01 +02:00
state - > options . url = talloc_asprintf ( state ,
" %s/dns/sam.ldb " ,
lpcfg_binddns_dir ( state - > lp ) ) ;
2011-11-02 14:32:37 +11:00
if ( state - > options . url = = NULL ) {
2010-12-08 09:04:49 +11:00
result = ISC_R_NOMEMORY ;
goto failed ;
}
2017-08-22 17:10:01 +02:00
if ( ! file_exist ( state - > options . url ) ) {
state - > options . url = talloc_asprintf ( state ,
" %s/dns/sam.ldb " ,
2017-08-22 17:10:01 +02:00
lpcfg_private_dir ( state - > lp ) ) ;
2017-08-22 17:10:01 +02:00
if ( state - > options . url = = NULL ) {
result = ISC_R_NOMEMORY ;
goto failed ;
}
}
2010-12-08 09:04:49 +11:00
}
2018-04-12 06:41:30 +12:00
ret = samdb_connect_url ( state ,
state - > ev_ctx ,
state - > lp ,
system_session ( state - > lp ) ,
0 ,
2017-09-14 15:02:36 +12:00
state - > options . url ,
2018-04-12 06:41:30 +12:00
NULL ,
& state - > samdb ,
& errstring ) ;
2017-09-14 15:02:36 +12:00
if ( ret ! = LDB_SUCCESS ) {
state - > log ( ISC_LOG_ERROR ,
" samba_dlz: Failed to connect to %s: %s " ,
errstring , ldb_strerror ( ret ) ) ;
2010-12-06 14:12:07 +11:00
result = ISC_R_FAILURE ;
goto failed ;
}
dn = ldb_get_default_basedn ( state - > samdb ) ;
if ( dn = = NULL ) {
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: Unable to get basedn for %s - %s " ,
2011-11-02 14:32:37 +11:00
state - > options . url , ldb_errstring ( state - > samdb ) ) ;
2010-12-06 14:12:07 +11:00
result = ISC_R_FAILURE ;
goto failed ;
}
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_INFO , " samba_dlz: started for DN %s " ,
2010-12-06 14:12:07 +11:00
ldb_dn_get_linearized ( dn ) ) ;
2012-01-03 15:39:20 +11:00
state - > auth_context - > event_ctx = state - > ev_ctx ;
state - > auth_context - > lp_ctx = state - > lp ;
state - > auth_context - > sam_ctx = state - > samdb ;
state - > auth_context - > generate_session_info_pac = b9_generate_session_info_pac ;
2010-12-06 14:12:07 +11:00
* dbdata = state ;
2012-05-23 11:52:16 +10:00
dlz_bind9_state = state ;
dlz_bind9_state_ref_count + + ;
2010-12-06 14:12:07 +11:00
return ISC_R_SUCCESS ;
failed :
2018-10-15 16:52:40 +13:00
state - > log ( ISC_LOG_INFO ,
" samba_dlz: FAILED dlz_create call result=%d #refs=%d " ,
result ,
dlz_bind9_state_ref_count ) ;
2010-12-06 14:12:07 +11:00
talloc_free ( state ) ;
return result ;
}
/*
shutdown the backend
*/
2010-12-15 15:02:09 +11:00
_PUBLIC_ void dlz_destroy ( void * dbdata )
2010-12-06 14:12:07 +11:00
{
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2012-05-23 11:52:16 +10:00
dlz_bind9_state_ref_count - - ;
if ( dlz_bind9_state_ref_count = = 0 ) {
2018-10-15 16:52:40 +13:00
state - > log ( ISC_LOG_INFO , " samba_dlz: shutting down " ) ;
2012-05-23 11:52:16 +10:00
talloc_unlink ( state , state - > samdb ) ;
talloc_free ( state ) ;
dlz_bind9_state = NULL ;
2018-10-15 16:52:40 +13:00
} else {
state - > log ( ISC_LOG_INFO ,
" samba_dlz: dlz_destroy called. %d refs remaining. " ,
dlz_bind9_state_ref_count ) ;
2012-05-23 11:52:16 +10:00
}
2010-12-06 14:12:07 +11:00
}
/*
2010-12-15 21:46:05 +11:00
return the base DN for a zone
2010-12-06 14:12:07 +11:00
*/
2010-12-15 21:46:05 +11:00
static isc_result_t b9_find_zone_dn ( struct dlz_bind9_data * state , const char * zone_name ,
TALLOC_CTX * mem_ctx , struct ldb_dn * * zone_dn )
2010-12-06 14:12:07 +11:00
{
2010-12-15 15:02:09 +11:00
int ret ;
TALLOC_CTX * tmp_ctx = talloc_new ( state ) ;
const char * attrs [ ] = { NULL } ;
int i ;
for ( i = 0 ; zone_prefixes [ i ] ; i + + ) {
2018-08-15 10:44:03 +12:00
const char * casefold ;
2010-12-15 15:02:09 +11:00
struct ldb_dn * dn ;
struct ldb_result * res ;
2018-08-15 10:44:03 +12:00
struct ldb_val zone_name_val
= data_blob_string_const ( zone_name ) ;
2010-12-15 15:02:09 +11:00
dn = ldb_dn_copy ( tmp_ctx , ldb_get_default_basedn ( state - > samdb ) ) ;
if ( dn = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
2018-08-15 10:44:03 +12:00
/*
* This dance ensures that it is not possible to put
* ( eg ) an extra DC = x , into the DNS name being
* queried
*/
if ( ! ldb_dn_add_child_fmt ( dn ,
" DC=X,%s " ,
zone_prefixes [ i ] ) ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
ret = ldb_dn_set_component ( dn ,
0 ,
" DC " ,
zone_name_val ) ;
if ( ret ! = LDB_SUCCESS ) {
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
2018-08-15 10:44:03 +12:00
/*
* Check if this is a plausibly valid DN early
* ( time spent here will be saved during the
* search due to an internal cache )
*/
casefold = ldb_dn_get_casefold ( dn ) ;
if ( casefold = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOTFOUND ;
}
2010-12-15 15:02:09 +11:00
ret = ldb_search ( state - > samdb , tmp_ctx , & res , dn , LDB_SCOPE_BASE , attrs , " objectClass=dnsZone " ) ;
if ( ret = = LDB_SUCCESS ) {
2010-12-15 21:46:05 +11:00
if ( zone_dn ! = NULL ) {
* zone_dn = talloc_steal ( mem_ctx , dn ) ;
}
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
return ISC_R_SUCCESS ;
}
talloc_free ( dn ) ;
2010-12-06 14:12:07 +11:00
}
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
2010-12-06 14:12:07 +11:00
return ISC_R_NOTFOUND ;
}
2010-12-15 21:46:05 +11:00
/*
return the DN for a name . The record does not need to exist , but the
zone must exist
*/
static isc_result_t b9_find_name_dn ( struct dlz_bind9_data * state , const char * name ,
TALLOC_CTX * mem_ctx , struct ldb_dn * * dn )
{
const char * p ;
/* work through the name piece by piece, until we find a zone */
for ( p = name ; p ; ) {
isc_result_t result ;
result = b9_find_zone_dn ( state , p , mem_ctx , dn ) ;
if ( result = = ISC_R_SUCCESS ) {
2018-08-15 10:44:03 +12:00
const char * casefold ;
2010-12-15 21:46:05 +11:00
/* we found a zone, now extend the DN to get
* the full DN
*/
bool ret ;
if ( p = = name ) {
ret = ldb_dn_add_child_fmt ( * dn , " DC=@ " ) ;
2018-08-15 10:44:03 +12:00
if ( ret = = false ) {
talloc_free ( * dn ) ;
return ISC_R_NOMEMORY ;
}
2010-12-15 21:46:05 +11:00
} else {
2018-08-15 10:44:03 +12:00
struct ldb_val name_val
= data_blob_const ( name ,
( int ) ( p - name ) - 1 ) ;
if ( ! ldb_dn_add_child_val ( * dn ,
" DC " ,
name_val ) ) {
talloc_free ( * dn ) ;
return ISC_R_NOMEMORY ;
}
2010-12-15 21:46:05 +11:00
}
2018-08-15 10:44:03 +12:00
/*
* Check if this is a plausibly valid DN early
* ( time spent here will be saved during the
* search due to an internal cache )
*/
casefold = ldb_dn_get_casefold ( * dn ) ;
if ( casefold = = NULL ) {
return ISC_R_NOTFOUND ;
2010-12-15 21:46:05 +11:00
}
2018-08-15 10:44:03 +12:00
2010-12-15 21:46:05 +11:00
return ISC_R_SUCCESS ;
}
p = strchr ( p , ' . ' ) ;
if ( p = = NULL ) {
break ;
}
p + + ;
}
return ISC_R_NOTFOUND ;
}
/*
see if we handle a given zone
*/
2014-10-20 16:32:42 +11:00
_PUBLIC_ isc_result_t dlz_findzonedb ( void * dbdata , const char * name ,
dns_clientinfomethods_t * methods ,
dns_clientinfo_t * clientinfo )
2010-12-15 21:46:05 +11:00
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-15 21:46:05 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2019-04-05 11:13:15 +13:00
isc_result_t result = ISC_R_SUCCESS ;
result = b9_find_zone_dn ( state , name , NULL , NULL ) ;
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
NULL ,
name ,
NULL ) ;
return result ;
2010-12-15 21:46:05 +11:00
}
2010-12-06 14:12:07 +11:00
/*
lookup one record
*/
2010-12-08 09:04:49 +11:00
static isc_result_t dlz_lookup_types ( struct dlz_bind9_data * state ,
const char * zone , const char * name ,
2010-12-15 15:02:09 +11:00
dns_sdlzlookup_t * lookup ,
2010-12-08 09:04:49 +11:00
const char * * types )
2010-12-06 14:12:07 +11:00
{
TALLOC_CTX * tmp_ctx = talloc_new ( state ) ;
2010-12-15 15:02:09 +11:00
struct ldb_dn * dn ;
2014-07-30 08:40:32 +02:00
WERROR werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST ;
struct dnsp_DnssrvRpcRecord * records = NULL ;
uint16_t num_records = 0 , i ;
2018-08-15 10:44:03 +12:00
struct ldb_val zone_name_val
= data_blob_string_const ( zone ) ;
struct ldb_val name_val
= data_blob_string_const ( name ) ;
2010-12-06 14:12:07 +11:00
2010-12-15 15:02:09 +11:00
for ( i = 0 ; zone_prefixes [ i ] ; i + + ) {
2018-08-15 10:44:03 +12:00
int ret ;
const char * casefold ;
2010-12-15 15:02:09 +11:00
dn = ldb_dn_copy ( tmp_ctx , ldb_get_default_basedn ( state - > samdb ) ) ;
if ( dn = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
2010-12-06 14:12:07 +11:00
2018-08-15 10:44:03 +12:00
/*
* This dance ensures that it is not possible to put
* ( eg ) an extra DC = x , into the DNS name being
* queried
*/
if ( ! ldb_dn_add_child_fmt ( dn ,
" DC=X,DC=X,%s " ,
zone_prefixes [ i ] ) ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
ret = ldb_dn_set_component ( dn ,
1 ,
" DC " ,
zone_name_val ) ;
if ( ret ! = LDB_SUCCESS ) {
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
2010-12-06 14:12:07 +11:00
2018-08-15 10:44:03 +12:00
ret = ldb_dn_set_component ( dn ,
0 ,
" DC " ,
name_val ) ;
if ( ret ! = LDB_SUCCESS ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
/*
* Check if this is a plausibly valid DN early
* ( time spent here will be saved during the
* search due to an internal cache )
*/
casefold = ldb_dn_get_casefold ( dn ) ;
if ( casefold = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOTFOUND ;
}
2017-08-03 15:12:02 +12:00
werr = dns_common_wildcard_lookup ( state - > samdb , tmp_ctx , dn ,
& records , & num_records ) ;
2014-07-30 08:40:32 +02:00
if ( W_ERROR_IS_OK ( werr ) ) {
2010-12-15 15:02:09 +11:00
break ;
}
}
2014-07-30 08:40:32 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
2010-12-06 14:12:07 +11:00
talloc_free ( tmp_ctx ) ;
return ISC_R_NOTFOUND ;
}
2014-07-30 08:40:32 +02:00
for ( i = 0 ; i < num_records ; i + + ) {
2010-12-06 14:12:07 +11:00
isc_result_t result ;
2014-07-30 08:40:32 +02:00
result = b9_putrr ( state , lookup , & records [ i ] , types ) ;
2010-12-06 14:12:07 +11:00
if ( result ! = ISC_R_SUCCESS ) {
talloc_free ( tmp_ctx ) ;
return result ;
}
}
talloc_free ( tmp_ctx ) ;
return ISC_R_SUCCESS ;
}
/*
lookup one record
*/
2010-12-15 15:02:09 +11:00
_PUBLIC_ isc_result_t dlz_lookup ( const char * zone , const char * name ,
2012-03-08 18:34:04 +11:00
void * dbdata , dns_sdlzlookup_t * lookup ,
dns_clientinfomethods_t * methods ,
dns_clientinfo_t * clientinfo )
2010-12-06 14:12:07 +11:00
{
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2019-04-05 11:13:15 +13:00
isc_result_t result = ISC_R_SUCCESS ;
struct timeval start = timeval_current ( ) ;
result = dlz_lookup_types ( state , zone , name , lookup , NULL ) ;
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
zone ,
name ,
NULL ) ;
return result ;
2010-12-06 14:12:07 +11:00
}
/*
see if a zone transfer is allowed
*/
2010-12-15 15:02:09 +11:00
_PUBLIC_ isc_result_t dlz_allowzonexfr ( void * dbdata , const char * name , const char * client )
2010-12-06 14:12:07 +11:00
{
2014-10-20 16:32:42 +11:00
struct dlz_bind9_data * state = talloc_get_type (
dbdata , struct dlz_bind9_data ) ;
2018-11-23 15:56:59 +01:00
isc_result_t ret ;
const char * * authorized_clients , * * denied_clients ;
const char * cname = " " ;
/* check that the zone is known */
ret = b9_find_zone_dn ( state , name , NULL , NULL ) ;
if ( ret ! = ISC_R_SUCCESS ) {
return ret ;
}
/* default is to deny all transfers */
authorized_clients = lpcfg_dns_zone_transfer_clients_allow ( state - > lp ) ;
denied_clients = lpcfg_dns_zone_transfer_clients_deny ( state - > lp ) ;
/* The logic of allow_access() when both allow and deny lists are given
2023-08-02 10:37:18 +02:00
* does not match our expectation here : it would allow clients that are
2018-11-23 15:56:59 +01:00
* neither allowed nor denied .
* Here , we want to deny clients by default .
* Using the allow_access ( ) function is still useful as it takes care of
2023-08-02 10:37:18 +02:00
* parsing IP addresses and subnets in a consistent way with other options
2018-11-23 15:56:59 +01:00
* from smb . conf .
*
* We will then check the deny list first , then the allow list , so that
2023-08-02 10:37:18 +02:00
* we accept only clients that are explicitly allowed AND not explicitly
2018-11-23 15:56:59 +01:00
* denied .
*/
if ( ( authorized_clients = = NULL ) & & ( denied_clients = = NULL ) ) {
/* No "allow" or "deny" lists given. Deny by default. */
return ISC_R_NOPERM ;
}
if ( denied_clients ! = NULL ) {
bool ok = allow_access ( denied_clients , NULL , cname , client ) ;
if ( ! ok ) {
/* client on deny list. Deny. */
return ISC_R_NOPERM ;
}
}
if ( authorized_clients ! = NULL ) {
bool ok = allow_access ( NULL , authorized_clients , cname , client ) ;
if ( ok ) {
/*
* client is not on deny list and is on allow list .
* This is the only place we should return " allow " .
*/
return ISC_R_SUCCESS ;
}
}
/* We shouldn't get here, but deny by default. */
return ISC_R_NOPERM ;
2010-12-06 14:12:07 +11:00
}
/*
perform a zone transfer
*/
2010-12-15 15:02:09 +11:00
_PUBLIC_ isc_result_t dlz_allnodes ( const char * zone , void * dbdata ,
2010-12-06 14:12:07 +11:00
dns_sdlzallnodes_t * allnodes )
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-06 14:12:07 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
const char * attrs [ ] = { " dnsRecord " , NULL } ;
2018-11-16 16:07:42 +01:00
int ret = LDB_ERR_NO_SUCH_OBJECT ;
size_t i , j ;
struct ldb_dn * dn = NULL ;
2010-12-06 14:12:07 +11:00
struct ldb_result * res ;
TALLOC_CTX * tmp_ctx = talloc_new ( state ) ;
2018-08-15 10:44:03 +12:00
struct ldb_val zone_name_val = data_blob_string_const ( zone ) ;
2019-04-05 11:13:15 +13:00
isc_result_t result = ISC_R_SUCCESS ;
2010-12-06 14:12:07 +11:00
2010-12-15 15:02:09 +11:00
for ( i = 0 ; zone_prefixes [ i ] ; i + + ) {
2018-08-15 10:44:03 +12:00
const char * casefold ;
2010-12-15 15:02:09 +11:00
dn = ldb_dn_copy ( tmp_ctx , ldb_get_default_basedn ( state - > samdb ) ) ;
if ( dn = = NULL ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-15 15:02:09 +11:00
}
2010-12-06 14:12:07 +11:00
2018-08-15 10:44:03 +12:00
/*
* This dance ensures that it is not possible to put
* ( eg ) an extra DC = x , into the DNS name being
* queried
*/
if ( ! ldb_dn_add_child_fmt ( dn ,
" DC=X,%s " ,
zone_prefixes [ i ] ) ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2018-08-15 10:44:03 +12:00
}
ret = ldb_dn_set_component ( dn ,
0 ,
" DC " ,
zone_name_val ) ;
if ( ret ! = LDB_SUCCESS ) {
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-15 15:02:09 +11:00
}
2010-12-06 14:12:07 +11:00
2018-08-15 10:44:03 +12:00
/*
* Check if this is a plausibly valid DN early
* ( time spent here will be saved during the
* search due to an internal cache )
*/
casefold = ldb_dn_get_casefold ( dn ) ;
if ( casefold = = NULL ) {
2019-04-05 11:13:15 +13:00
result = ISC_R_NOTFOUND ;
goto exit ;
2018-08-15 10:44:03 +12:00
}
2010-12-15 15:02:09 +11:00
ret = ldb_search ( state - > samdb , tmp_ctx , & res , dn , LDB_SCOPE_SUBTREE ,
attrs , " objectClass=dnsNode " ) ;
if ( ret = = LDB_SUCCESS ) {
break ;
}
2010-12-06 14:12:07 +11:00
}
2018-11-16 16:07:42 +01:00
if ( ret ! = LDB_SUCCESS | | dn = = NULL ) {
2010-12-06 14:12:07 +11:00
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOTFOUND ;
goto exit ;
2010-12-06 14:12:07 +11:00
}
for ( i = 0 ; i < res - > count ; i + + ) {
struct ldb_message_element * el ;
TALLOC_CTX * el_ctx = talloc_new ( tmp_ctx ) ;
const char * rdn , * name ;
const struct ldb_val * v ;
2014-07-30 17:59:08 +02:00
WERROR werr ;
struct dnsp_DnssrvRpcRecord * recs = NULL ;
uint16_t num_recs = 0 ;
2010-12-06 14:12:07 +11:00
el = ldb_msg_find_element ( res - > msgs [ i ] , " dnsRecord " ) ;
if ( el = = NULL | | el - > num_values = = 0 ) {
state - > log ( ISC_LOG_INFO , " failed to find dnsRecord for %s " ,
ldb_dn_get_linearized ( dn ) ) ;
talloc_free ( el_ctx ) ;
continue ;
}
v = ldb_dn_get_rdn_val ( res - > msgs [ i ] - > dn ) ;
if ( v = = NULL ) {
state - > log ( ISC_LOG_INFO , " failed to find RDN for %s " ,
ldb_dn_get_linearized ( dn ) ) ;
talloc_free ( el_ctx ) ;
continue ;
}
rdn = talloc_strndup ( el_ctx , ( char * ) v - > data , v - > length ) ;
if ( rdn = = NULL ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-06 14:12:07 +11:00
}
if ( strcmp ( rdn , " @ " ) = = 0 ) {
name = zone ;
} else {
name = talloc_asprintf ( el_ctx , " %s.%s " , rdn , zone ) ;
}
2014-11-03 11:57:50 +11:00
name = b9_format_fqdn ( el_ctx , name ) ;
2010-12-06 14:12:07 +11:00
if ( name = = NULL ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-06 14:12:07 +11:00
}
2017-04-11 12:43:22 +12:00
werr = dns_common_extract ( state - > samdb , el , el_ctx , & recs , & num_recs ) ;
2014-07-30 17:59:08 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to parse dnsRecord for %s, %s " ,
ldb_dn_get_linearized ( dn ) , win_errstr ( werr ) ) ;
talloc_free ( el_ctx ) ;
continue ;
}
2010-12-06 14:12:07 +11:00
2014-07-30 17:59:08 +02:00
for ( j = 0 ; j < num_recs ; j + + ) {
2019-04-05 11:13:15 +13:00
isc_result_t rc ;
2010-12-06 14:12:07 +11:00
2019-04-05 11:13:15 +13:00
rc = b9_putnamedrr ( state , allnodes , name , & recs [ j ] ) ;
if ( rc ! = ISC_R_SUCCESS ) {
2010-12-06 14:12:07 +11:00
continue ;
}
}
2014-07-30 17:57:13 +02:00
talloc_free ( el_ctx ) ;
2010-12-06 14:12:07 +11:00
}
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
exit :
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
zone ,
NULL ,
NULL ) ;
return result ;
2010-12-06 14:12:07 +11:00
}
2010-12-15 15:02:09 +11:00
/*
start a transaction
*/
_PUBLIC_ isc_result_t dlz_newversion ( const char * zone , void * dbdata , void * * versionp )
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-15 15:02:09 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2019-04-05 11:13:15 +13:00
isc_result_t result = ISC_R_SUCCESS ;
2010-12-15 15:02:09 +11:00
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_INFO , " samba_dlz: starting transaction on zone %s " , zone ) ;
2010-12-15 15:02:09 +11:00
2010-12-15 21:46:05 +11:00
if ( state - > transaction_token ! = NULL ) {
state - > log ( ISC_LOG_INFO , " samba_dlz: transaction already started for zone %s " , zone ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 15:02:09 +11:00
}
2010-12-15 21:46:05 +11:00
state - > transaction_token = talloc_zero ( state , int ) ;
if ( state - > transaction_token = = NULL ) {
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
if ( ldb_transaction_start ( state - > samdb ) ! = LDB_SUCCESS ) {
state - > log ( ISC_LOG_INFO , " samba_dlz: failed to start a transaction for zone %s " , zone ) ;
talloc_free ( state - > transaction_token ) ;
state - > transaction_token = NULL ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2010-12-15 15:02:09 +11:00
2010-12-15 21:46:05 +11:00
* versionp = ( void * ) state - > transaction_token ;
2019-04-05 11:13:15 +13:00
exit :
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
zone ,
NULL ,
NULL ) ;
return result ;
2010-12-15 15:02:09 +11:00
}
/*
end a transaction
*/
_PUBLIC_ void dlz_closeversion ( const char * zone , isc_boolean_t commit ,
void * dbdata , void * * versionp )
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-15 15:02:09 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2019-04-05 11:13:15 +13:00
const char * data = NULL ;
data = commit ? " commit " : " cancel " ;
2010-12-15 15:02:09 +11:00
2010-12-15 21:46:05 +11:00
if ( state - > transaction_token ! = ( int * ) * versionp ) {
state - > log ( ISC_LOG_INFO , " samba_dlz: transaction not started for zone %s " , zone ) ;
2019-04-05 11:13:15 +13:00
goto exit ;
2010-12-15 15:02:09 +11:00
}
if ( commit ) {
2010-12-15 21:46:05 +11:00
if ( ldb_transaction_commit ( state - > samdb ) ! = LDB_SUCCESS ) {
state - > log ( ISC_LOG_INFO , " samba_dlz: failed to commit a transaction for zone %s " , zone ) ;
2019-04-05 11:13:15 +13:00
goto exit ;
2010-12-15 21:46:05 +11:00
}
state - > log ( ISC_LOG_INFO , " samba_dlz: committed transaction on zone %s " , zone ) ;
2010-12-15 15:02:09 +11:00
} else {
2010-12-15 21:46:05 +11:00
if ( ldb_transaction_cancel ( state - > samdb ) ! = LDB_SUCCESS ) {
state - > log ( ISC_LOG_INFO , " samba_dlz: failed to cancel a transaction for zone %s " , zone ) ;
2019-04-05 11:13:15 +13:00
goto exit ;
2010-12-15 21:46:05 +11:00
}
state - > log ( ISC_LOG_INFO , " samba_dlz: cancelling transaction on zone %s " , zone ) ;
2010-12-15 15:02:09 +11:00
}
2010-12-15 21:46:05 +11:00
talloc_free ( state - > transaction_token ) ;
state - > transaction_token = NULL ;
* versionp = NULL ;
2019-04-05 11:13:15 +13:00
exit :
DNS_COMMON_LOG_OPERATION (
isc_result_str ( ISC_R_SUCCESS ) ,
& start ,
zone ,
NULL ,
data ) ;
2010-12-15 15:02:09 +11:00
}
/*
see if there is a SOA record for a zone
*/
static bool b9_has_soa ( struct dlz_bind9_data * state , struct ldb_dn * dn , const char * zone )
{
TALLOC_CTX * tmp_ctx = talloc_new ( state ) ;
2014-07-30 08:40:32 +02:00
WERROR werr ;
struct dnsp_DnssrvRpcRecord * records = NULL ;
uint16_t num_records = 0 , i ;
2018-08-15 10:44:03 +12:00
struct ldb_val zone_name_val
= data_blob_string_const ( zone ) ;
/*
* This dance ensures that it is not possible to put
* ( eg ) an extra DC = x , into the DNS name being
* queried
*/
if ( ! ldb_dn_add_child_val ( dn ,
" DC " ,
zone_name_val ) ) {
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
return false ;
}
2019-03-21 18:22:38 +01:00
/*
2023-08-02 10:37:18 +02:00
* The SOA record is always stored under DC = @ , DC = zonename
2019-03-21 18:22:38 +01:00
* This can probably be removed when dns_common_lookup makes a fallback
* lookup on @ pseudo record
*/
if ( ! ldb_dn_add_child_fmt ( dn , " DC=@ " ) ) {
talloc_free ( tmp_ctx ) ;
return false ;
}
2014-07-30 08:40:32 +02:00
werr = dns_common_lookup ( state - > samdb , tmp_ctx , dn ,
& records , & num_records , NULL ) ;
if ( ! W_ERROR_IS_OK ( werr ) ) {
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
return false ;
}
2014-07-30 08:40:32 +02:00
for ( i = 0 ; i < num_records ; i + + ) {
if ( records [ i ] . wType = = DNS_TYPE_SOA ) {
2010-12-15 15:02:09 +11:00
talloc_free ( tmp_ctx ) ;
return true ;
}
}
talloc_free ( tmp_ctx ) ;
return false ;
}
2013-10-02 17:28:45 +10:00
static bool b9_zone_add ( struct dlz_bind9_data * state , const char * name )
{
struct b9_zone * zone ;
zone = talloc_zero ( state , struct b9_zone ) ;
if ( zone = = NULL ) {
return false ;
}
zone - > name = talloc_strdup ( zone , name ) ;
if ( zone - > name = = NULL ) {
talloc_free ( zone ) ;
return false ;
}
DLIST_ADD ( state - > zonelist , zone ) ;
return true ;
}
static bool b9_zone_exists ( struct dlz_bind9_data * state , const char * name )
{
struct b9_zone * zone = state - > zonelist ;
bool found = false ;
while ( zone ! = NULL ) {
if ( strcasecmp ( name , zone - > name ) = = 0 ) {
found = true ;
break ;
}
zone = zone - > next ;
}
return found ;
}
2010-12-15 15:02:09 +11:00
/*
configure a writeable zone
*/
2014-10-20 16:32:42 +11:00
_PUBLIC_ isc_result_t dlz_configure ( dns_view_t * view , dns_dlzdb_t * dlzdb ,
void * dbdata )
2010-12-15 15:02:09 +11:00
{
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
TALLOC_CTX * tmp_ctx ;
struct ldb_dn * dn ;
int i ;
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_INFO , " samba_dlz: starting configure " ) ;
2010-12-15 15:02:09 +11:00
if ( state - > writeable_zone = = NULL ) {
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_INFO , " samba_dlz: no writeable_zone method available " ) ;
2010-12-15 15:02:09 +11:00
return ISC_R_FAILURE ;
}
tmp_ctx = talloc_new ( state ) ;
for ( i = 0 ; zone_prefixes [ i ] ; i + + ) {
const char * attrs [ ] = { " name " , NULL } ;
int j , ret ;
struct ldb_result * res ;
dn = ldb_dn_copy ( tmp_ctx , ldb_get_default_basedn ( state - > samdb ) ) ;
if ( dn = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
if ( ! ldb_dn_add_child_fmt ( dn , " %s " , zone_prefixes [ i ] ) ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
ret = ldb_search ( state - > samdb , tmp_ctx , & res , dn , LDB_SCOPE_SUBTREE ,
attrs , " objectClass=dnsZone " ) ;
if ( ret ! = LDB_SUCCESS ) {
continue ;
}
for ( j = 0 ; j < res - > count ; j + + ) {
isc_result_t result ;
const char * zone = ldb_msg_find_attr_as_string ( res - > msgs [ j ] , " name " , NULL ) ;
2011-10-13 15:23:58 +02:00
struct ldb_dn * zone_dn ;
2010-12-15 15:02:09 +11:00
if ( zone = = NULL ) {
continue ;
}
2012-10-02 13:00:50 +10:00
/* Ignore zones that are not handled in BIND */
if ( ( strcmp ( zone , " RootDNSServers " ) = = 0 ) | |
( strcmp ( zone , " ..TrustAnchors " ) = = 0 ) ) {
continue ;
}
2011-10-13 15:23:58 +02:00
zone_dn = ldb_dn_copy ( tmp_ctx , dn ) ;
2011-10-17 12:10:10 +02:00
if ( zone_dn = = NULL ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
2011-10-13 15:23:58 +02:00
if ( ! b9_has_soa ( state , zone_dn , zone ) ) {
2010-12-15 15:02:09 +11:00
continue ;
}
2013-10-02 17:28:45 +10:00
if ( b9_zone_exists ( state , zone ) ) {
state - > log ( ISC_LOG_WARNING , " samba_dlz: Ignoring duplicate zone '%s' from '%s' " ,
zone , ldb_dn_get_linearized ( zone_dn ) ) ;
continue ;
}
if ( ! b9_zone_add ( state , zone ) ) {
talloc_free ( tmp_ctx ) ;
return ISC_R_NOMEMORY ;
}
2014-10-20 16:32:42 +11:00
result = state - > writeable_zone ( view , dlzdb , zone ) ;
2010-12-15 15:02:09 +11:00
if ( result ! = ISC_R_SUCCESS ) {
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: Failed to configure zone '%s' " ,
2010-12-15 15:02:09 +11:00
zone ) ;
talloc_free ( tmp_ctx ) ;
return result ;
}
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_INFO , " samba_dlz: configured writeable zone '%s' " , zone ) ;
2010-12-15 15:02:09 +11:00
}
}
talloc_free ( tmp_ctx ) ;
return ISC_R_SUCCESS ;
}
/*
authorize a zone update
*/
_PUBLIC_ isc_boolean_t dlz_ssumatch ( const char * signer , const char * name , const char * tcpaddr ,
const char * type , const char * key , uint32_t keydatalen , uint8_t * keydata ,
void * dbdata )
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-15 15:02:09 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2011-11-02 14:32:37 +11:00
TALLOC_CTX * tmp_ctx ;
DATA_BLOB ap_req ;
struct cli_credentials * server_credentials ;
2011-12-06 14:18:41 +11:00
char * keytab_name ;
2017-08-22 17:10:01 +02:00
char * keytab_file = NULL ;
2011-12-06 14:18:41 +11:00
int ret ;
2011-11-02 14:32:37 +11:00
int ldb_ret ;
NTSTATUS nt_status ;
struct gensec_security * gensec_ctx ;
struct auth_session_info * session_info ;
struct ldb_dn * dn ;
2019-04-05 11:13:15 +13:00
isc_result_t rc ;
2011-11-02 14:32:37 +11:00
struct ldb_result * res ;
const char * attrs [ ] = { NULL } ;
uint32_t access_mask ;
2017-05-15 07:45:47 +02:00
struct gensec_settings * settings = NULL ;
const struct gensec_security_ops * * backends = NULL ;
size_t idx = 0 ;
2019-04-05 11:13:15 +13:00
isc_boolean_t result = ISC_FALSE ;
2021-06-22 09:44:44 +02:00
NTSTATUS status ;
bool ok ;
2011-11-02 14:32:37 +11:00
2011-11-30 16:06:08 +11:00
/* Remove cached credentials, if any */
if ( state - > session_info ) {
talloc_free ( state - > session_info ) ;
state - > session_info = NULL ;
}
if ( state - > update_name ) {
talloc_free ( state - > update_name ) ;
state - > update_name = NULL ;
}
2020-03-27 16:10:44 +13:00
tmp_ctx = talloc_new ( state ) ;
2011-11-02 14:32:37 +11:00
if ( tmp_ctx = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: no memory " ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
ap_req = data_blob_const ( keydata , keydatalen ) ;
server_credentials = cli_credentials_init ( tmp_ctx ) ;
if ( ! server_credentials ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to init server credentials " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
2021-06-22 09:44:44 +02:00
status = cli_credentials_set_krb5_context ( server_credentials ,
state - > smb_krb5_ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
state - > log ( ISC_LOG_ERROR ,
" samba_dlz: failed to set krb5 context " ) ;
talloc_free ( tmp_ctx ) ;
result = ISC_FALSE ;
goto exit ;
}
ok = cli_credentials_set_conf ( server_credentials , state - > lp ) ;
if ( ! ok ) {
state - > log ( ISC_LOG_ERROR ,
" samba_dlz: failed to load smb.conf " ) ;
talloc_free ( tmp_ctx ) ;
result = ISC_FALSE ;
goto exit ;
}
2011-11-02 14:32:37 +11:00
2017-08-22 17:10:01 +02:00
keytab_file = talloc_asprintf ( tmp_ctx ,
" %s/dns.keytab " ,
2017-08-22 17:10:01 +02:00
lpcfg_binddns_dir ( state - > lp ) ) ;
2017-08-22 17:10:01 +02:00
if ( keytab_file = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: Out of memory! " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2017-08-22 17:10:01 +02:00
}
if ( ! file_exist ( keytab_file ) ) {
keytab_file = talloc_asprintf ( tmp_ctx ,
" %s/dns.keytab " ,
2017-08-22 17:10:01 +02:00
lpcfg_private_dir ( state - > lp ) ) ;
2017-08-22 17:10:01 +02:00
if ( keytab_file = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: Out of memory! " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2017-08-22 17:10:01 +02:00
}
}
keytab_name = talloc_asprintf ( tmp_ctx , " FILE:%s " , keytab_file ) ;
if ( keytab_name = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: Out of memory! " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2017-08-22 17:10:01 +02:00
}
2011-11-02 14:32:37 +11:00
ret = cli_credentials_set_keytab_name ( server_credentials , state - > lp , keytab_name ,
CRED_SPECIFIED ) ;
if ( ret ! = 0 ) {
2011-12-06 14:18:41 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to obtain server credentials from %s " ,
keytab_name ) ;
2011-11-02 14:32:37 +11:00
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
2011-12-06 14:18:41 +11:00
talloc_free ( keytab_name ) ;
2011-11-02 14:32:37 +11:00
2017-05-15 07:45:47 +02:00
settings = lpcfg_gensec_settings ( tmp_ctx , state - > lp ) ;
if ( settings = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: lpcfg_gensec_settings failed " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2017-05-15 07:45:47 +02:00
}
backends = talloc_zero_array ( settings ,
const struct gensec_security_ops * , 3 ) ;
if ( backends = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: talloc_zero_array gensec_security_ops failed " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2017-05-15 07:45:47 +02:00
}
settings - > backends = backends ;
gensec_init ( ) ;
backends [ idx + + ] = gensec_security_by_oid ( NULL , GENSEC_OID_KERBEROS5 ) ;
backends [ idx + + ] = gensec_security_by_oid ( NULL , GENSEC_OID_SPNEGO ) ;
nt_status = gensec_server_start ( tmp_ctx , settings ,
2012-01-03 15:39:20 +11:00
state - > auth_context , & gensec_ctx ) ;
2011-11-02 14:32:37 +11:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to start gensec server " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
gensec_set_credentials ( gensec_ctx , server_credentials ) ;
2017-05-15 07:45:47 +02:00
nt_status = gensec_start_mech_by_oid ( gensec_ctx , GENSEC_OID_SPNEGO ) ;
2011-11-02 14:32:37 +11:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to start spnego " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
2017-05-15 07:45:47 +02:00
/*
* We only allow SPNEGO / KRB5 and make sure the backend
* to is RPC / IPC free .
*
* See gensec_gssapi_update_internal ( ) as
* GENSEC_SERVER .
*
* It allows gensec_update ( ) not to block .
*
* If that changes in future we need to use
* gensec_update_send / recv here !
*/
nt_status = gensec_update ( gensec_ctx , tmp_ctx , ap_req , & ap_req ) ;
2011-11-02 14:32:37 +11:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: spnego update failed " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
nt_status = gensec_session_info ( gensec_ctx , tmp_ctx , & session_info ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to create session info " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
/* Get the DN from name */
2019-04-05 11:13:15 +13:00
rc = b9_find_name_dn ( state , name , tmp_ctx , & dn ) ;
if ( rc ! = ISC_R_SUCCESS ) {
2011-11-02 14:32:37 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to find name %s " , name ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
2010-12-15 15:02:09 +11:00
2011-11-02 14:32:37 +11:00
/* make sure the dn exists, or find parent dn in case new object is being added */
ldb_ret = ldb_search ( state - > samdb , tmp_ctx , & res , dn , LDB_SCOPE_BASE ,
attrs , " objectClass=dnsNode " ) ;
if ( ldb_ret = = LDB_ERR_NO_SUCH_OBJECT ) {
ldb_dn_remove_child_components ( dn , 1 ) ;
2011-11-30 10:37:14 +11:00
access_mask = SEC_ADS_CREATE_CHILD ;
2011-11-02 14:32:37 +11:00
talloc_free ( res ) ;
} else if ( ldb_ret = = LDB_SUCCESS ) {
access_mask = SEC_STD_REQUIRED | SEC_ADS_SELF_WRITE ;
talloc_free ( res ) ;
} else {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
/* Do ACL check */
ldb_ret = dsdb_check_access_on_dn ( state - > samdb , tmp_ctx , dn ,
session_info - > security_token ,
access_mask , NULL ) ;
if ( ldb_ret ! = LDB_SUCCESS ) {
state - > log ( ISC_LOG_INFO ,
" samba_dlz: disallowing update of signer=%s name=%s type=%s error=%s " ,
signer , name , type , ldb_strerror ( ldb_ret ) ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-02 14:32:37 +11:00
}
2011-11-30 16:06:08 +11:00
/* Cache session_info, so it can be used in the actual add/delete operation */
state - > update_name = talloc_strdup ( state , name ) ;
if ( state - > update_name = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: memory allocation error " ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_FALSE ;
goto exit ;
2011-11-30 16:06:08 +11:00
}
state - > session_info = talloc_steal ( state , session_info ) ;
2011-11-02 14:32:37 +11:00
state - > log ( ISC_LOG_INFO , " samba_dlz: allowing update of signer=%s name=%s tcpaddr=%s type=%s key=%s " ,
signer , name , tcpaddr , type , key ) ;
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_TRUE ;
exit :
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
NULL ,
name ,
NULL ) ;
return result ;
2010-12-15 15:02:09 +11:00
}
2021-04-13 06:36:03 +12:00
2010-12-15 21:46:05 +11:00
/*
see if two dns records match
*/
2021-04-13 06:36:03 +12:00
static bool b9_record_match ( struct dnsp_DnssrvRpcRecord * rec1 ,
struct dnsp_DnssrvRpcRecord * rec2 )
2010-12-15 21:46:05 +11:00
{
if ( rec1 - > wType ! = rec2 - > wType ) {
return false ;
}
/* see if this type is single valued */
if ( b9_single_valued ( rec1 - > wType ) ) {
return true ;
}
2021-05-29 21:25:29 +12:00
return dns_record_match ( rec1 , rec2 ) ;
2010-12-15 21:46:05 +11:00
}
2011-11-30 16:06:08 +11:00
/*
* Update session_info on samdb using the cached credentials
*/
static bool b9_set_session_info ( struct dlz_bind9_data * state , const char * name )
{
int ret ;
if ( state - > update_name = = NULL | | state - > session_info = = NULL ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: invalid credentials " ) ;
return false ;
}
2012-11-05 01:09:28 +11:00
/* Do not use client credentials, if we're not updating the client specified name */
2011-11-30 16:06:08 +11:00
if ( strcmp ( state - > update_name , name ) ! = 0 ) {
return true ;
}
2018-05-31 15:12:46 +12:00
ret = ldb_set_opaque (
state - > samdb ,
DSDB_SESSION_INFO ,
state - > session_info ) ;
2011-11-30 16:06:08 +11:00
if ( ret ! = LDB_SUCCESS ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: unable to set session info " ) ;
return false ;
}
return true ;
}
/*
* Reset session_info on samdb as system session
*/
static void b9_reset_session_info ( struct dlz_bind9_data * state )
{
2018-05-31 15:12:46 +12:00
ldb_set_opaque (
state - > samdb ,
DSDB_SESSION_INFO ,
system_session ( state - > lp ) ) ;
2011-11-30 16:06:08 +11:00
}
2010-12-15 21:46:05 +11:00
/*
add or modify a rdataset
*/
2010-12-15 15:02:09 +11:00
_PUBLIC_ isc_result_t dlz_addrdataset ( const char * name , const char * rdatastr , void * dbdata , void * version )
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-15 15:02:09 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2010-12-15 21:46:05 +11:00
struct dnsp_DnssrvRpcRecord * rec ;
struct ldb_dn * dn ;
2019-04-05 11:13:15 +13:00
isc_result_t result = ISC_R_SUCCESS ;
2014-07-31 09:30:16 +02:00
bool tombstoned = false ;
bool needs_add = false ;
2014-07-30 17:59:08 +02:00
struct dnsp_DnssrvRpcRecord * recs = NULL ;
uint16_t num_recs = 0 ;
2014-07-31 09:30:16 +02:00
uint16_t first = 0 ;
uint16_t i ;
2014-07-30 17:59:08 +02:00
WERROR werr ;
2010-12-15 21:46:05 +11:00
if ( state - > transaction_token ! = ( void * ) version ) {
state - > log ( ISC_LOG_INFO , " samba_dlz: bad transaction version " ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
rec = talloc_zero ( state , struct dnsp_DnssrvRpcRecord ) ;
if ( rec = = NULL ) {
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2010-12-22 12:13:44 +11:00
rec - > rank = DNS_RANK_ZONE ;
2010-12-21 20:53:58 +11:00
2010-12-15 21:46:05 +11:00
if ( ! b9_parse ( state , rdatastr , rec ) ) {
state - > log ( ISC_LOG_INFO , " samba_dlz: failed to parse rdataset '%s' " , rdatastr ) ;
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2010-12-15 15:02:09 +11:00
2010-12-15 21:46:05 +11:00
/* find the DN of the record */
result = b9_find_name_dn ( state , name , rec , & dn ) ;
if ( result ! = ISC_R_SUCCESS ) {
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
goto exit ;
2010-12-15 21:46:05 +11:00
}
/* get any existing records */
2014-07-31 09:30:16 +02:00
werr = dns_common_lookup ( state - > samdb , rec , dn ,
& recs , & num_recs , & tombstoned ) ;
if ( W_ERROR_EQUAL ( werr , WERR_DNS_ERROR_NAME_DOES_NOT_EXIST ) ) {
needs_add = true ;
werr = WERR_OK ;
2010-12-15 15:02:09 +11:00
}
2014-07-30 17:59:08 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to parse dnsRecord for %s, %s " ,
ldb_dn_get_linearized ( dn ) , win_errstr ( werr ) ) ;
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2014-07-30 17:59:08 +02:00
}
2014-07-31 09:30:16 +02:00
if ( tombstoned ) {
/*
* we need to keep the existing tombstone record
* and ignore it
*/
first = num_recs ;
}
2021-04-13 06:36:03 +12:00
/* there may be existing records. We need to see if this will
2012-02-27 17:09:10 +11:00
* replace a record or add to it
*/
2014-07-31 09:30:16 +02:00
for ( i = first ; i < num_recs ; i + + ) {
2021-04-13 06:36:03 +12:00
if ( b9_record_match ( rec , & recs [ i ] ) ) {
2010-12-15 21:46:05 +11:00
break ;
}
}
2014-07-30 18:51:39 +02:00
if ( i = = UINT16_MAX ) {
2021-03-31 14:21:43 +13:00
state - > log ( ISC_LOG_ERROR ,
" samba_dlz: failed to find record to modify, and "
" there are already %u dnsRecord values for %s " ,
2014-07-30 18:51:39 +02:00
i , ldb_dn_get_linearized ( dn ) ) ;
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2014-07-30 18:51:39 +02:00
}
if ( i = = num_recs ) {
2022-04-04 15:33:45 +02:00
/* set dwTimeStamp before increasing num_recs */
if ( dns_name_is_static ( recs , num_recs ) ) {
rec - > dwTimeStamp = 0 ;
} else {
rec - > dwTimeStamp = unix_to_dns_timestamp ( time ( NULL ) ) ;
}
/* adding space for a new value */
2014-07-30 18:51:39 +02:00
recs = talloc_realloc ( rec , recs ,
struct dnsp_DnssrvRpcRecord ,
num_recs + 1 ) ;
if ( recs = = NULL ) {
2010-12-15 21:46:05 +11:00
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2014-07-30 18:51:39 +02:00
num_recs + + ;
2022-04-13 15:20:50 +12:00
} else {
/*
* We are updating a record . Depending on whether aging is
* enabled , and how old the old timestamp is ,
* dns_common_replace ( ) will work out whether to bump the
* timestamp or not . But to do that , we need to tell it the
* old timestamp .
2023-08-02 10:37:18 +02:00
*/
2022-04-13 15:20:50 +12:00
if ( ! dns_name_is_static ( recs , num_recs ) ) {
rec - > dwTimeStamp = recs [ i ] . dwTimeStamp ;
}
2010-12-15 21:46:05 +11:00
}
2014-07-30 18:51:39 +02:00
recs [ i ] = * rec ;
2011-11-30 16:06:08 +11:00
if ( ! b9_set_session_info ( state , name ) ) {
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2011-11-30 16:06:08 +11:00
}
2010-12-15 21:46:05 +11:00
/* modify the record */
2014-07-30 18:51:39 +02:00
werr = dns_common_replace ( state - > samdb , rec , dn ,
2014-07-31 09:30:16 +02:00
needs_add ,
2014-07-30 18:51:39 +02:00
state - > soa_serial ,
recs , num_recs ) ;
2011-11-30 16:06:08 +11:00
b9_reset_session_info ( state ) ;
2014-07-30 18:51:39 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
2014-07-31 09:30:16 +02:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to %s %s - %s " ,
needs_add ? " add " : " modify " ,
2014-07-30 18:51:39 +02:00
ldb_dn_get_linearized ( dn ) , win_errstr ( werr ) ) ;
2010-12-15 21:46:05 +11:00
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
state - > log ( ISC_LOG_INFO , " samba_dlz: added rdataset %s '%s' " , name , rdatastr ) ;
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
exit :
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
NULL ,
name ,
rdatastr ) ;
return result ;
2010-12-15 15:02:09 +11:00
}
2010-12-15 21:46:05 +11:00
/*
remove a rdataset
*/
2010-12-15 15:02:09 +11:00
_PUBLIC_ isc_result_t dlz_subrdataset ( const char * name , const char * rdatastr , void * dbdata , void * version )
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-15 15:02:09 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2010-12-15 21:46:05 +11:00
struct dnsp_DnssrvRpcRecord * rec ;
struct ldb_dn * dn ;
2019-04-05 11:13:15 +13:00
isc_result_t result = ISC_R_SUCCESS ;
2014-07-30 17:59:08 +02:00
struct dnsp_DnssrvRpcRecord * recs = NULL ;
uint16_t num_recs = 0 ;
2014-07-30 20:12:08 +02:00
uint16_t i ;
2014-07-30 17:59:08 +02:00
WERROR werr ;
2010-12-15 21:46:05 +11:00
if ( state - > transaction_token ! = ( void * ) version ) {
2012-02-02 09:27:28 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: bad transaction version " ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2010-12-15 15:02:09 +11:00
2010-12-15 21:46:05 +11:00
rec = talloc_zero ( state , struct dnsp_DnssrvRpcRecord ) ;
if ( rec = = NULL ) {
2019-04-05 11:13:15 +13:00
result = ISC_R_NOMEMORY ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
if ( ! b9_parse ( state , rdatastr , rec ) ) {
2012-02-02 09:27:28 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to parse rdataset '%s' " , rdatastr ) ;
2010-12-15 21:46:05 +11:00
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 15:02:09 +11:00
}
2010-12-15 21:46:05 +11:00
/* find the DN of the record */
result = b9_find_name_dn ( state , name , rec , & dn ) ;
if ( result ! = ISC_R_SUCCESS ) {
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
goto exit ;
2010-12-15 21:46:05 +11:00
}
/* get the existing records */
2014-07-30 20:12:08 +02:00
werr = dns_common_lookup ( state - > samdb , rec , dn ,
& recs , & num_recs , NULL ) ;
2014-07-30 17:59:08 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOTFOUND ;
goto exit ;
2014-07-30 17:59:08 +02:00
}
2010-12-15 21:46:05 +11:00
2014-07-30 17:59:08 +02:00
for ( i = 0 ; i < num_recs ; i + + ) {
2021-04-13 06:36:03 +12:00
if ( b9_record_match ( rec , & recs [ i ] ) ) {
2014-07-30 18:51:39 +02:00
recs [ i ] = ( struct dnsp_DnssrvRpcRecord ) {
. wType = DNS_TYPE_TOMBSTONE ,
} ;
2010-12-15 21:46:05 +11:00
break ;
}
}
2014-07-30 18:51:39 +02:00
if ( i = = num_recs ) {
2010-12-15 21:46:05 +11:00
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOTFOUND ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2011-11-30 16:06:08 +11:00
if ( ! b9_set_session_info ( state , name ) ) {
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2011-11-30 16:06:08 +11:00
}
2014-07-30 18:51:39 +02:00
/* modify the record */
werr = dns_common_replace ( state - > samdb , rec , dn ,
false , /* needs_add */
state - > soa_serial ,
recs , num_recs ) ;
2011-11-30 16:06:08 +11:00
b9_reset_session_info ( state ) ;
2014-07-30 18:51:39 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to modify %s - %s " ,
2014-07-30 18:51:39 +02:00
ldb_dn_get_linearized ( dn ) , win_errstr ( werr ) ) ;
2010-12-15 21:46:05 +11:00
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
state - > log ( ISC_LOG_INFO , " samba_dlz: subtracted rdataset %s '%s' " , name , rdatastr ) ;
talloc_free ( rec ) ;
2019-04-05 11:13:15 +13:00
exit :
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
NULL ,
name ,
rdatastr ) ;
return result ;
2010-12-15 15:02:09 +11:00
}
2010-12-15 21:46:05 +11:00
/*
delete all records of the given type
*/
_PUBLIC_ isc_result_t dlz_delrdataset ( const char * name , const char * type , void * dbdata , void * version )
2010-12-15 15:02:09 +11:00
{
2019-04-05 11:13:15 +13:00
struct timeval start = timeval_current ( ) ;
2010-12-15 15:02:09 +11:00
struct dlz_bind9_data * state = talloc_get_type_abort ( dbdata , struct dlz_bind9_data ) ;
2010-12-15 21:46:05 +11:00
TALLOC_CTX * tmp_ctx ;
struct ldb_dn * dn ;
2019-04-05 11:13:15 +13:00
isc_result_t result = ISC_R_SUCCESS ;
2010-12-15 21:46:05 +11:00
enum dns_record_type dns_type ;
bool found = false ;
2014-07-30 17:59:08 +02:00
struct dnsp_DnssrvRpcRecord * recs = NULL ;
uint16_t num_recs = 0 ;
uint16_t ri = 0 ;
WERROR werr ;
2010-12-15 21:46:05 +11:00
if ( state - > transaction_token ! = ( void * ) version ) {
2012-02-02 09:27:28 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: bad transaction version " ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2011-01-13 11:10:27 +11:00
if ( ! b9_dns_type ( type , & dns_type ) ) {
2012-02-02 09:27:28 +11:00
state - > log ( ISC_LOG_ERROR , " samba_dlz: bad dns type %s in delete " , type ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
tmp_ctx = talloc_new ( state ) ;
/* find the DN of the record */
result = b9_find_name_dn ( state , name , tmp_ctx , & dn ) ;
if ( result ! = ISC_R_SUCCESS ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
goto exit ;
2010-12-15 21:46:05 +11:00
}
/* get the existing records */
2014-07-30 20:12:08 +02:00
werr = dns_common_lookup ( state - > samdb , tmp_ctx , dn ,
& recs , & num_recs , NULL ) ;
2014-07-30 17:59:08 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_NOTFOUND ;
goto exit ;
2014-07-30 17:59:08 +02:00
}
2010-12-15 15:02:09 +11:00
2014-07-30 17:59:08 +02:00
for ( ri = 0 ; ri < num_recs ; ri + + ) {
if ( dns_type ! = recs [ ri ] . wType ) {
continue ;
2010-12-15 21:46:05 +11:00
}
2014-07-30 17:59:08 +02:00
found = true ;
2014-07-30 18:51:39 +02:00
recs [ ri ] = ( struct dnsp_DnssrvRpcRecord ) {
. wType = DNS_TYPE_TOMBSTONE ,
} ;
2010-12-15 21:46:05 +11:00
}
if ( ! found ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 21:46:05 +11:00
}
2011-11-30 16:06:08 +11:00
if ( ! b9_set_session_info ( state , name ) ) {
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2011-11-30 16:06:08 +11:00
}
2014-07-30 18:51:39 +02:00
/* modify the record */
werr = dns_common_replace ( state - > samdb , tmp_ctx , dn ,
false , /* needs_add */
state - > soa_serial ,
recs , num_recs ) ;
2011-11-30 16:06:08 +11:00
b9_reset_session_info ( state ) ;
2014-07-30 18:51:39 +02:00
if ( ! W_ERROR_IS_OK ( werr ) ) {
state - > log ( ISC_LOG_ERROR , " samba_dlz: failed to modify %s - %s " ,
ldb_dn_get_linearized ( dn ) , win_errstr ( werr ) ) ;
2010-12-15 21:46:05 +11:00
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
result = ISC_R_FAILURE ;
goto exit ;
2010-12-15 15:02:09 +11:00
}
2010-12-15 21:46:05 +11:00
state - > log ( ISC_LOG_INFO , " samba_dlz: deleted rdataset %s of type %s " , name , type ) ;
2010-12-15 15:02:09 +11:00
2010-12-15 21:46:05 +11:00
talloc_free ( tmp_ctx ) ;
2019-04-05 11:13:15 +13:00
exit :
DNS_COMMON_LOG_OPERATION (
isc_result_str ( result ) ,
& start ,
NULL ,
name ,
type ) ;
return result ;
2010-12-15 15:02:09 +11:00
}