sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

bug #10471: Don't respond with NXDOMAIN to records that exist with another type

Browse Source 
DNS queries for records with the wrong type need to trigger an empty
response with RCODE_OK instead of returning NXDOMAIN.

This adds a test and fixes bug #10471

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Kai Blin 2014-02-27 23:49:24 +01:00
parent 6f092cfd87
commit d9829df133
2 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
python/samba/tests/dns.py
View File

@ -171,6 +171,22 @@ class TestSimpleQueries(DNSTest):
self.assertEquals(response.answers[0].rdata, self.assertEquals(response.answers[0].rdata,
os.getenv('SERVER_IP')) os.getenv('SERVER_IP'))
def test_one_mx_query(self):
"create a query packet causing an empty RCODE_OK answer"
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
questions = []
name = "%s.%s" % (os.getenv('SERVER'), self.get_dns_domain())
q = self.make_name_question(name, dns.DNS_QTYPE_MX, dns.DNS_QCLASS_IN)
print "asking for ", q.name
questions.append(q)
self.finish_name_packet(p, questions)
response = self.dns_transaction_udp(p)
self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
self.assertEquals(response.ancount, 0)
def test_two_queries(self): def test_two_queries(self):
"create a query packet containing two query records" "create a query packet containing two query records"
p = self.make_name_packet(dns.DNS_OPCODE_QUERY) p = self.make_name_packet(dns.DNS_OPCODE_QUERY)

14
source4/dns_server/dns_query.c
View File

@ -258,7 +258,7 @@ static WERROR handle_question(struct dns_server *dns,
struct dns_res_rec **answers, uint16_t *ancount) struct dns_res_rec **answers, uint16_t *ancount)
{ {
struct dns_res_rec *ans = *answers; struct dns_res_rec *ans = *answers;
WERROR werror; WERROR werror, werror_return;
unsigned int ri; unsigned int ri;
struct dnsp_DnssrvRpcRecord *recs; struct dnsp_DnssrvRpcRecord *recs;
uint16_t rec_count, ai = *ancount; uint16_t rec_count, ai = *ancount;
@ -275,6 +275,9 @@ static WERROR handle_question(struct dns_server *dns,
return WERR_NOMEM; return WERR_NOMEM;
} }
/* Set up for an NXDOMAIN reply if no match is found */
werror_return = DNS_ERR(NAME_ERROR);
for (ri = 0; ri < rec_count; ri++) { for (ri = 0; ri < rec_count; ri++) {
if ((recs[ri].wType == DNS_TYPE_CNAME) && if ((recs[ri].wType == DNS_TYPE_CNAME) &&
((question->question_type == DNS_QTYPE_A) || ((question->question_type == DNS_QTYPE_A) ||
@ -319,28 +322,27 @@ static WERROR handle_question(struct dns_server *dns,
if (!W_ERROR_IS_OK(werror)) { if (!W_ERROR_IS_OK(werror)) {
return werror; return werror;
} }
werror_return = WERR_OK;
continue; continue;
} }
if ((question->question_type != DNS_QTYPE_ALL) && if ((question->question_type != DNS_QTYPE_ALL) &&
(recs[ri].wType != question->question_type)) { (recs[ri].wType != question->question_type)) {
werror_return = WERR_OK;
continue; continue;
} }
werror = create_response_rr(question, &recs[ri], &ans, &ai); werror = create_response_rr(question, &recs[ri], &ans, &ai);
if (!W_ERROR_IS_OK(werror)) { if (!W_ERROR_IS_OK(werror)) {
return werror; return werror;
} }
} werror_return = WERR_OK;
if (ai == 0) {
return DNS_ERR(NAME_ERROR);
} }
*ancount = ai; *ancount = ai;
*answers = ans; *answers = ans;
return WERR_OK; return werror_return;
} }
static NTSTATUS create_tkey(struct dns_server *dns, static NTSTATUS create_tkey(struct dns_server *dns,