sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s4 dns: Revert erroneous push from wrong branch

Browse Source 
I've pushed the wrong branch for this, sorry about that.

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep  5 14:10:54 CEST 2012 on sn-devel-104
This commit is contained in:
Kai Blin 2012-09-05 11:07:55 +02:00
parent 92bd7b0db8
commit 558fa4c45a
8 changed files with 60 additions and 475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
librpc/idl/dns.idl
View File

@ -192,20 +192,6 @@ interface dns
uint8 other_data[other_size];
} dns_tsig_record;
typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
dns_string name;
dns_qclass rr_class;
uint32 ttl;
dns_string algorithm_name;
uint16 time_prefix; /* 0 until February 2106*/
uint32 time;
uint16 fudge;
uint16 original_id;
uint16 error;
uint16 other_size;
uint8 other_data[other_size];
} dns_fake_tsig_rec;
typedef [nodiscriminant,public,flag(NDR_NOALIGN)] union {
[case(DNS_QTYPE_A)] ipv4address ipv4_record;
[case(DNS_QTYPE_NS)] dns_string ns_record;

359
source4/dns_server/dns_crypto.c
View File

@ -1,359 +0,0 @@
/*
Unix SMB/CIFS implementation.
DNS server handler for signed packets
Copyright (C) 2012 Kai Blin <kai@samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "lib/crypto/hmacmd5.h"
#include "system/network.h"
#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_dns.h"
#include "dns_server/dns_server.h"
#include "libcli/util/ntstatus.h"
#include "auth/auth.h"
#include "auth/gensec/gensec.h"
static WERROR dns_copy_tsig(TALLOC_CTX *mem_ctx,
struct dns_res_rec *old,
struct dns_res_rec *new_rec)
{
new_rec->name = talloc_strdup(mem_ctx, old->name);
W_ERROR_HAVE_NO_MEMORY(new_rec->name);
new_rec->rr_type = old->rr_type;
new_rec->rr_class = old->rr_class;
new_rec->ttl = old->ttl;
new_rec->length = old->length;
new_rec->rdata.tsig_record.algorithm_name = talloc_strdup(mem_ctx,
old->rdata.tsig_record.algorithm_name);
W_ERROR_HAVE_NO_MEMORY(new_rec->rdata.tsig_record.algorithm_name);
new_rec->rdata.tsig_record.time_prefix = old->rdata.tsig_record.time_prefix;
new_rec->rdata.tsig_record.time = old->rdata.tsig_record.time;
new_rec->rdata.tsig_record.fudge = old->rdata.tsig_record.fudge;
new_rec->rdata.tsig_record.mac_size = old->rdata.tsig_record.mac_size;
new_rec->rdata.tsig_record.mac = talloc_memdup(mem_ctx,
old->rdata.tsig_record.mac,
old->rdata.tsig_record.mac_size);
W_ERROR_HAVE_NO_MEMORY(new_rec->rdata.tsig_record.mac);
new_rec->rdata.tsig_record.original_id = old->rdata.tsig_record.original_id;
new_rec->rdata.tsig_record.error = old->rdata.tsig_record.error;
new_rec->rdata.tsig_record.other_size = old->rdata.tsig_record.other_size;
new_rec->rdata.tsig_record.other_data = talloc_memdup(mem_ctx,
old->rdata.tsig_record.other_data,
old->rdata.tsig_record.other_size);
W_ERROR_HAVE_NO_MEMORY(new_rec->rdata.tsig_record.other_data);
return WERR_OK;
}
struct dns_server_tkey *dns_find_tkey(struct dns_server_tkey_store *store,
const char *name)
{
struct dns_server_tkey *tkey = NULL;
uint16_t i = 0;
do {
struct dns_server_tkey *tmp_key = store->tkeys[i];
i++;
i %= TKEY_BUFFER_SIZE;
if (tmp_key == NULL) {
continue;
}
if (dns_name_equal(name, tmp_key->name)) {
tkey = tmp_key;
break;
}
} while (i != 0);
return tkey;
}
WERROR dns_verify_tsig(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
struct dns_request_state *state,
struct dns_name_packet *packet,
DATA_BLOB *in)
{
WERROR werror;
NTSTATUS status;
enum ndr_err_code ndr_err;
bool found_tsig = false;
uint16_t i, arcount = 0;
DATA_BLOB tsig_blob, fake_tsig_blob, sig;
uint8_t *buffer = NULL;
size_t buffer_len = 0, packet_len = 0;
struct dns_server_tkey *tkey = NULL;
struct dns_fake_tsig_rec *check_rec = talloc_zero(mem_ctx,
struct dns_fake_tsig_rec);
/* Find the first TSIG record in the additional records */
for (i=0; i < packet->arcount; i++) {
if (packet->additional[i].rr_type == DNS_QTYPE_TSIG) {
found_tsig = true;
break;
}
}
if (!found_tsig) {
return WERR_OK;
}
/* The TSIG record needs to be the last additional record */
if (found_tsig && i + 1 != packet->arcount) {
DEBUG(0, ("TSIG record not the last additional record!\n"));
return DNS_ERR(FORMAT_ERROR);
}
/* We got a TSIG, so we need to sign our reply */
state->sign = true;
state->tsig = talloc_zero(mem_ctx, struct dns_res_rec);
if (state->tsig == NULL) {
return WERR_NOMEM;
}
werror = dns_copy_tsig(state->tsig, &packet->additional[i],
state->tsig);
if (!W_ERROR_IS_OK(werror)) {
return werror;
}
packet->arcount--;
tkey = dns_find_tkey(dns->tkeys, state->tsig->name);
if (tkey == NULL) {
state->tsig_error = DNS_RCODE_BADKEY;
return DNS_ERR(NOTAUTH);
}
/* FIXME: check TSIG here */
if (check_rec == NULL) {
return WERR_NOMEM;
}
/* first build and verify check packet */
check_rec->name = talloc_strdup(check_rec, tkey->name);
if (check_rec->name == NULL) {
return WERR_NOMEM;
}
check_rec->rr_class = DNS_QCLASS_ANY;
check_rec->ttl = 0;
check_rec->algorithm_name = talloc_strdup(check_rec, tkey->algorithm);
if (check_rec->algorithm_name == NULL) {
return WERR_NOMEM;
}
check_rec->time_prefix = 0;
check_rec->time = state->tsig->rdata.tsig_record.time;
check_rec->fudge = state->tsig->rdata.tsig_record.fudge;
check_rec->error = 0;
check_rec->other_size = 0;
check_rec->other_data = NULL;
ndr_err = ndr_push_struct_blob(&tsig_blob, mem_ctx, state->tsig,
(ndr_push_flags_fn_t)ndr_push_dns_res_rec);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(1, ("Failed to push packet: %s!\n",
ndr_errstr(ndr_err)));
return DNS_ERR(SERVER_FAILURE);
}
ndr_err = ndr_push_struct_blob(&fake_tsig_blob, mem_ctx, check_rec,
(ndr_push_flags_fn_t)ndr_push_dns_fake_tsig_rec);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(1, ("Failed to push packet: %s!\n",
ndr_errstr(ndr_err)));
return DNS_ERR(SERVER_FAILURE);
}
/* we need to work some magic here. we need to keep the input packet
* exactly like we got it, but we need to cut off the tsig record */
packet_len = in->length - tsig_blob.length;
buffer_len = packet_len + fake_tsig_blob.length;
buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_len);
if (buffer == NULL) {
return WERR_NOMEM;
}
memcpy(buffer, in->data, packet_len);
memcpy(buffer + packet_len, fake_tsig_blob.data, fake_tsig_blob.length);
sig.length = state->tsig->rdata.tsig_record.mac_size;
sig.data = talloc_memdup(mem_ctx, state->tsig->rdata.tsig_record.mac, sig.length);
if (sig.data == NULL) {
return WERR_NOMEM;
}
/*FIXME: Why is there too much padding? */
buffer_len -= 2;
/* Now we also need to count down the additional record counter */
arcount = RSVAL(buffer, 10);
RSSVAL(buffer, 10, arcount-1);
status = gensec_check_packet(tkey->gensec, buffer, buffer_len,
buffer, buffer_len, &sig);
if (NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) {
return DNS_ERR(BADKEY);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Verifying tsig failed: %s\n", nt_errstr(status)));
return ntstatus_to_werror(status);
}
state->authenticated = true;
state->key_name = talloc_strdup(mem_ctx, tkey->name);
if (state->key_name == NULL) {
return WERR_NOMEM;
}
return WERR_OK;
}
WERROR dns_sign_tsig(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
struct dns_request_state *state,
struct dns_name_packet *packet,
uint16_t error)
{
WERROR werror;
NTSTATUS status;
enum ndr_err_code ndr_err;
time_t current_time = time(NULL);
DATA_BLOB packet_blob, tsig_blob, sig;
uint8_t *buffer = NULL;
size_t buffer_len = 0;
struct dns_server_tkey * tkey = NULL;
struct dns_res_rec *tsig = talloc_zero(mem_ctx, struct dns_res_rec);
struct dns_fake_tsig_rec *check_rec = talloc_zero(mem_ctx,
struct dns_fake_tsig_rec);
if (tsig == NULL) {
return WERR_NOMEM;
}
if (check_rec == NULL) {
return WERR_NOMEM;
}
tkey = dns_find_tkey(dns->tkeys, state->key_name);
if (tkey == NULL) {
/* FIXME: read up on what to do when we can't find a key */
return WERR_OK;
}
/* first build and verify check packet */
check_rec->name = talloc_strdup(check_rec, tkey->name);
if (check_rec->name == NULL) {
return WERR_NOMEM;
}
check_rec->rr_class = DNS_QCLASS_ANY;
check_rec->ttl = 0;
check_rec->algorithm_name = talloc_strdup(check_rec, tkey->algorithm);
if (check_rec->algorithm_name == NULL) {
return WERR_NOMEM;
}
check_rec->time_prefix = 0;
check_rec->time = current_time;
check_rec->fudge = 300;
check_rec->error = state->tsig_error;
check_rec->other_size = 0;
check_rec->other_data = NULL;
ndr_err = ndr_push_struct_blob(&packet_blob, mem_ctx, packet,
(ndr_push_flags_fn_t)ndr_push_dns_name_packet);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(1, ("Failed to push packet: %s!\n",
ndr_errstr(ndr_err)));
return DNS_ERR(SERVER_FAILURE);
}
ndr_err = ndr_push_struct_blob(&tsig_blob, mem_ctx, check_rec,
(ndr_push_flags_fn_t)ndr_push_dns_fake_tsig_rec);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(1, ("Failed to push packet: %s!\n",
ndr_errstr(ndr_err)));
return DNS_ERR(SERVER_FAILURE);
}
buffer_len = packet_blob.length + tsig_blob.length;
buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_len);
if (buffer == NULL) {
return WERR_NOMEM;
}
memcpy(buffer, packet_blob.data, packet_blob.length);
memcpy(buffer+packet_blob.length, tsig_blob.data, tsig_blob.length);
status = gensec_sign_packet(tkey->gensec, mem_ctx, buffer, buffer_len,
buffer, buffer_len, &sig);
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
}
tsig->name = talloc_strdup(tsig, check_rec->name);
if (tsig->name == NULL) {
return WERR_NOMEM;
}
tsig->rr_class = check_rec->rr_class;
tsig->rr_type = DNS_QTYPE_TSIG;
tsig->ttl = 0;
tsig->length = UINT16_MAX;
tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig,
check_rec->algorithm_name);
tsig->rdata.tsig_record.time_prefix = check_rec->time_prefix;
tsig->rdata.tsig_record.time = check_rec->time;
tsig->rdata.tsig_record.fudge = check_rec->fudge;
tsig->rdata.tsig_record.error = state->tsig_error;
tsig->rdata.tsig_record.original_id = packet->id;
tsig->rdata.tsig_record.other_size = 0;
tsig->rdata.tsig_record.other_data = NULL;
tsig->rdata.tsig_record.mac_size = sig.length;
tsig->rdata.tsig_record.mac = talloc_memdup(tsig, sig.data, sig.length);
if (packet->arcount == 0) {
packet->additional = talloc_zero(mem_ctx, struct dns_res_rec);
if (packet->additional == NULL) {
return WERR_NOMEM;
}
}
packet->additional = talloc_realloc(mem_ctx, packet->additional,
struct dns_res_rec,
packet->arcount + 1);
if (packet->additional == NULL) {
return WERR_NOMEM;
}
werror = dns_copy_tsig(mem_ctx, tsig,
&packet->additional[packet->arcount]);
if (!W_ERROR_IS_OK(werror)) {
return werror;
}
packet->arcount++;
return WERR_OK;
}

110
source4/dns_server/dns_query.c
View File

@ -320,9 +320,62 @@ static WERROR handle_question(struct dns_server *dns,
return WERR_OK;
}
static NTSTATUS accept_gss_ticket(TALLOC_CTX *mem_ctx,
struct dns_server *dns,
struct dns_server_tkey *tkey,
const DATA_BLOB *key,
DATA_BLOB *reply,
uint16_t *dns_auth_error)
{
NTSTATUS status;
status = gensec_update(tkey->gensec, mem_ctx, dns->task->event_ctx,
*key, reply);
if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
*dns_auth_error = DNS_RCODE_OK;
return status;
}
if (NT_STATUS_IS_OK(status)) {
status = gensec_session_info(tkey->gensec, tkey, &tkey->session_info);
if (!NT_STATUS_IS_OK(status)) {
*dns_auth_error = DNS_RCODE_BADKEY;
return status;
}
*dns_auth_error = DNS_RCODE_OK;
}
return status;
}
static struct dns_server_tkey *find_tkey(struct dns_server_tkey_store *store,
const char *name)
{
struct dns_server_tkey *tkey = NULL;
uint16_t i = 0;
do {
struct dns_server_tkey *tmp_key = store->tkeys[i];
i++;
i %= TKEY_BUFFER_SIZE;
if (tmp_key == NULL) {
continue;
}
if (dns_name_equal(name, tmp_key->name)) {
tkey = tmp_key;
break;
}
} while (i != 0);
return tkey;
}
static NTSTATUS create_tkey(struct dns_server *dns,
const char* name,
const char* algorithm,
struct dns_server_tkey **tkey)
{
NTSTATUS status;
@ -339,11 +392,6 @@ static NTSTATUS create_tkey(struct dns_server *dns,
return NT_STATUS_NO_MEMORY;
}
k->algorithm = talloc_strdup(k, algorithm);
if (k->algorithm == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = samba_server_gensec_start(k,
dns->task->event_ctx,
dns->task->msg_ctx,
@ -380,40 +428,9 @@ static NTSTATUS create_tkey(struct dns_server *dns,
return NT_STATUS_OK;
}
static NTSTATUS accept_gss_ticket(TALLOC_CTX *mem_ctx,
struct dns_server *dns,
struct dns_server_tkey *tkey,
const DATA_BLOB *key,
DATA_BLOB *reply,
uint16_t *dns_auth_error)
{
NTSTATUS status;
status = gensec_update(tkey->gensec, mem_ctx, dns->task->event_ctx,
*key, reply);
if (NT_STATUS_EQUAL(NT_STATUS_MORE_PROCESSING_REQUIRED, status)) {
*dns_auth_error = DNS_RCODE_OK;
return status;
}
if (NT_STATUS_IS_OK(status)) {
status = gensec_session_info(tkey->gensec, tkey, &tkey->session_info);
if (!NT_STATUS_IS_OK(status)) {
*dns_auth_error = DNS_RCODE_BADKEY;
return status;
}
*dns_auth_error = DNS_RCODE_OK;
}
return status;
}
static WERROR handle_tkey(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
const struct dns_name_packet *in,
struct dns_request_state *state,
struct dns_res_rec **answers,
uint16_t *ancount)
{
@ -449,8 +466,7 @@ static WERROR handle_tkey(struct dns_server *dns,
ret_tkey->rr_class = DNS_QCLASS_ANY;
ret_tkey->length = UINT16_MAX;
ret_tkey->rdata.tkey_record.algorithm = talloc_strdup(ret_tkey,
in_tkey->rdata.tkey_record.algorithm);
ret_tkey->rdata.tkey_record.algorithm = talloc_strdup(ret_tkey, ret_tkey->name);
if (ret_tkey->rdata.tkey_record.algorithm == NULL) {
return WERR_NOMEM;
}
@ -471,7 +487,7 @@ static WERROR handle_tkey(struct dns_server *dns,
DATA_BLOB key;
DATA_BLOB reply;
tkey = dns_find_tkey(dns->tkeys, in->questions[0].name);
tkey = find_tkey(dns->tkeys, in->questions[0].name);
if (tkey != NULL && tkey->complete) {
/* TODO: check if the key is still valid */
DEBUG(1, ("Rejecting tkey negotiation for already established key\n"));
@ -481,7 +497,6 @@ static WERROR handle_tkey(struct dns_server *dns,
if (tkey == NULL) {
status = create_tkey(dns, in->questions[0].name,
in_tkey->rdata.tkey_record.algorithm,
&tkey);
if (!NT_STATUS_IS_OK(status)) {
ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
@ -499,15 +514,6 @@ static WERROR handle_tkey(struct dns_server *dns,
ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
} else if (NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Tkey handshake completed\n"));
ret_tkey->rdata.tkey_record.key_size = reply.length;
ret_tkey->rdata.tkey_record.key_data = talloc_memdup(ret_tkey,
reply.data,
reply.length);
state->sign = true;
state->key_name = talloc_strdup(mem_ctx, tkey->name);
if (state->key_name == NULL) {
return WERR_NOMEM;
}
} else {
DEBUG(0, ("GSS key negotiation returned %s\n", nt_errstr(status)));
ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
@ -576,8 +582,8 @@ struct tevent_req *dns_server_process_query_send(
if (in->questions[0].question_type == DNS_QTYPE_TKEY) {
WERROR err;
err = handle_tkey(dns, state, in, req_state,
&state->answers, &state->ancount);
err = handle_tkey(dns, state, in, &state->answers,
&state->ancount);
if (tevent_req_werror(req, err)) {
return tevent_req_post(req, ev);
}

23
source4/dns_server/dns_server.c
View File

@ -98,7 +98,6 @@ static void dns_tcp_send(struct stream_connection *conn, uint16_t flags)
struct dns_process_state {
DATA_BLOB *in;
struct dns_server *dns;
struct dns_name_packet in_packet;
struct dns_request_state state;
uint16_t dns_err;
@ -124,8 +123,6 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
}
state->in = in;
state->dns = dns;
if (in->length < 12) {
tevent_req_werror(req, WERR_INVALID_PARAM);
return tevent_req_post(req, ev);
@ -145,14 +142,6 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
NDR_PRINT_DEBUG(dns_name_packet, &state->in_packet);
}
ret = dns_verify_tsig(dns, state, &state->state, &state->in_packet, in);
if (!W_ERROR_IS_OK(ret)) {
DEBUG(0, ("Bailing out early!\n"));
state->dns_err = werr_to_dns_err(ret);
tevent_req_done(req);
return tevent_req_post(req, ev);
}
state->state.flags = state->in_packet.operation;
state->state.flags |= DNS_FLAG_REPLY;
@ -226,18 +215,6 @@ static WERROR dns_process_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
}
state->out_packet.operation |= state->state.flags;
if (state->state.sign) {
DEBUG(0, ("Signing\n"));
ret = dns_sign_tsig(state->dns, mem_ctx, &state->state,
&state->out_packet, 0);
if (!W_ERROR_IS_OK(ret)) {
state->dns_err = DNS_RCODE_SERVFAIL;
goto drop;
}
}
//NDR_PRINT_DEBUG(dns_name_packet, &state->out_packet);
ndr_err = ndr_push_struct_blob(
out, mem_ctx, &state->out_packet,
(ndr_push_flags_fn_t)ndr_push_dns_name_packet);

18
source4/dns_server/dns_server.h
View File

@ -36,7 +36,6 @@ struct dns_server_zone {
struct dns_server_tkey {
const char *name;
enum dns_tkey_mode mode;
const char *algorithm;
struct auth_session_info *session_info;
struct gensec_security *gensec;
bool complete;
@ -60,11 +59,6 @@ struct dns_server {
struct dns_request_state {
uint16_t flags;
bool authenticated;
bool sign;
char *key_name;
struct dns_res_rec *tsig;
uint16_t tsig_error;
};
struct tevent_req *dns_server_process_query_send(
@ -107,18 +101,6 @@ WERROR dns_name2dn(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
const char *name,
struct ldb_dn **_dn);
struct dns_server_tkey *dns_find_tkey(struct dns_server_tkey_store *store,
const char *name);
WERROR dns_verify_tsig(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
struct dns_request_state *state,
struct dns_name_packet *packet,
DATA_BLOB *in);
WERROR dns_sign_tsig(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
struct dns_request_state *state,
struct dns_name_packet *packet,
uint16_t error);
#define DNS_ERR(err_str) WERR_DNS_ERROR_RCODE_##err_str
#endif /* __DNS_SERVER_H__ */

7
source4/dns_server/dns_update.c
View File

@ -734,15 +734,10 @@ WERROR dns_server_process_update(struct dns_server *dns,
/* TODO: Check if update is allowed, we probably want "always",
* key-based GSSAPI, key-based bind-style TSIG and "never" as
* smb.conf options. */
if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) {
if (lpcfg_allow_dns_updates(dns->task->lp_ctx) != DNS_UPDATE_ON) {
DEBUG(0, ("Update not allowed.\n"));
return DNS_ERR(REFUSED);
}
if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_SIGNED &&
state->authenticated == false ) {
DEBUG(0, ("Update not allowed for unsigned packet.\n"));
return DNS_ERR(REFUSED);
}
*update_count = in->nscount;
*updates = in->nsrecs;

2
source4/dns_server/dns_utils.c
View File

@ -54,8 +54,6 @@ uint8_t werr_to_dns_err(WERROR werr)
return DNS_RCODE_NOTAUTH;
} else if (W_ERROR_EQUAL(DNS_ERR(NOTZONE), werr)) {
return DNS_RCODE_NOTZONE;
} else if (W_ERROR_EQUAL(DNS_ERR(BADKEY), werr)) {
return DNS_RCODE_BADKEY;
}
DEBUG(5, ("No mapping exists for %s\n", win_errstr(werr)));
return DNS_RCODE_SERVFAIL;

2
source4/dns_server/wscript_build
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python
bld.SAMBA_MODULE('service_dns',
source='dns_server.c dns_query.c dns_update.c dns_utils.c dns_crypto.c',
source='dns_server.c dns_query.c dns_update.c dns_utils.c',
subsystem='service',
init_function='server_service_dns_init',
deps='samba-hostconfig LIBTSOCKET LIBSAMBA_TSOCKET ldbsamba clidns gensec auth',