1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

89 Commits

Author SHA1 Message Date
Stefan Metzmacher
341e800dfe s4:dns_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 09:36:37 +00:00
Stefan Metzmacher
40fb810de3 s4:dns_server: Add some more debugging in order to find problems with level 10 logs
We had customer problems where level 10 logs were not good enough in
order to find the reason for failing dns updates.

With the new debug message there's at least a chance to
find out what the problem could be.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 09:58:37 +00:00
Stefan Metzmacher
76b0530e67 s4:dns_server: defer calling werr_to_dns_err() in a central place
The WERROR codes are much more verbose and it's better to
keep them until we really need the mapping to DNS error codes.

This will allow us to create much better debug messages in
the next commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 09:58:37 +00:00
Thomas Debesse
206909d52b s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
2022-03-25 20:25:28 +00:00
Douglas Bagnall
7a111c1f35 dns_server: free old zones when reloading
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-05 04:16:34 +00:00
Andreas Schneider
0ea4041432 s4:dns_server: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-29 02:19:35 +00:00
Ralph Boehme
4142bde7e5 s4: rename source4/smbd/ to source4/samba/
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
2020-11-27 10:07:18 +00:00
Gary Lockyer
99aea42520 source4 smdb: Add a post fork hook to the service API
Add a post fork hook to the service API this will be called:

 - standard process model
   immediately after the task_init.

- single process model
  immediately after the task_init

- prefork process model, inhibit_pre_fork = true
  immediately after the task_init

- prefork process model, inhibit_pre_fork = false
  after each service worker has forked. It is not run on the service
  master process.

The post fork hook is not called in the standard model if a new process
is forked on a new connection. It is instead called immediately after
the task_init.

The task_init hook has been changed to return an error code. This ensures
the post_fork code is only run if the task_init code completed successfully.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-01 23:49:24 +01:00
Gary Lockyer
d6777a66c0 source4 smbd: Make the service_details structure constant.
Make the service_details structure a static const.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-01 23:49:24 +01:00
Gary Lockyer
5c0345ea9b samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Andreas Schneider
19e621554f s4:dns_server: Fix size types
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-20 23:16:15 +01:00
Volker Lendecke
36ab213ae6 dns_server: Remove "max_payload" from dns_server
This would have to be retrieved from the interface type we have I guess.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan  4 05:08:02 CET 2018 on sn-devel-144
2018-01-04 05:08:02 +01:00
Gary Lockyer
0840252670 source4/smbd: Do not overstamp the process model with "single"
Instead, except in RPC which is a special SNOWFLAKE, we rely on the struct
service_details in the init function.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-10-19 05:33:10 +02:00
Gary Lockyer
b852ad044b source4/smbd: refactor the process model for prefork
Refactor the process model code to allow the addition of a prefork
    process model.

    - Add a process context to contain process model specific state
    - Add a service details structure to allow service to indicate which
      process model options they can support.

    In the new code the services advertise the features they support to the
    process model.  The process model context is plumbed through to allow the
    process model to keep track of the supported options, and any state
    the process model may require.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-10-19 05:33:09 +02:00
Andrew Bartlett
970fdfae6a pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookup
This allows lookups to be confined to one partition, which in turn avoids issues
when running this against MS Windows, which does not match Samba behaviour
for dns_common_zones()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-06-10 21:48:20 +02:00
Jeremy Allison
560c37524b s4: Add TALLOC_CTX * to register_server_service().
Use the passed in context from callers. Remove one
talloc_autofree_context().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Jeremy Allison
306783d6f5 lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-04-22 01:17:00 +02:00
Andrew Bartlett
59ed188ede dns: Provide local and remote socket address to GENSEC
This can be used for logging and for Kerberos channel bindings

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-29 02:37:27 +02:00
Günther Deschner
8416a97b30 werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/dns_server/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:23 +02:00
Günther Deschner
c1c079cf3d werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/dns_server/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:19 +02:00
Ralph Boehme
88700e7d89 s4/dns_server: enable sending of TSIG error records
This final patch enables sending TSIG error records by adding
DNS_RCODE_NOTAUTH to the set of error conditions that are allowed to
trigger sending a full generated response.

See RFC 2845 "4.5.1. KEY check and error handling" and "4.5.3. MAC check
and error handling".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:28 +02:00
Ralph Boehme
ba683d459e s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
Call dns_verify_tsig() after updating state.flags and assign and use
out_packet for dns_verify_tsig().

We will need the updated flags when sending TSIG error responses when
TSIG request MAC verification fails and dns_verify_tsig() uses the
passed in packet as response, so we have to make sure we copy in_packet
to out_packet before calling out and pass out_packet.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:28 +02:00
Garming Sam
5caebde11d dns: modify dns forwarder param to be multi-valued
This allows a secondary DNS forwarder for a trivial failover. Requests
which fail/timeout at the primary DNS forwarder will be restarted
entirely with the next forwarder in the list.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-03 08:10:09 +02:00
Jelmer Vernooij
773cfba9af Avoid including libds/common/roles.h in public loadparm.h header.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Andrew Bartlett
0504065948 dns_server: Put more code in common
This will allow a python module to be written to modify DNS entries in sam.ldb directly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Kai Blin
42f38fe8d9 dns: always add authority records
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Thu Aug  6 14:06:52 CEST 2015 on sn-devel-104
2015-08-06 14:06:52 +02:00
Samuel Cabrero
4fb29e9347 s4-dns: Reload DNS zones from dsdb when zones are modified through RPC or DRS
Setup a RPC management call on the internal DNS server triggered a new LDB
module which sniffs dnsZone object add, delete and modify operations. This
way the notification is triggered when zones are modified either from RPC or
replicated by inbound DRS.

Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
(shadowed variable error corrected by abartlet)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-12-22 05:57:08 +01:00
Stefan Metzmacher
0062a2f5fb s4:dns_server: allocate substructures of struct dns_request_state on the correct TALLOC_CTX
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-11-18 04:17:09 +01:00
Jeremy Allison
463311422c s3/s4: smbd, rpc, ldap, cldap, kdc services.
Allow us to start if we bind to *either* :: or 0.0.0.0.

Allows us to cope with systems configured as only IPv4
or only IPv6.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
Reviewed-By: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun  7 01:01:44 CEST 2014 on sn-devel-104
2014-06-07 01:01:43 +02:00
Kai Blin
392ec4d241 bug #10609: CVE-2014-0239 Don't reply to replies
Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.

This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
2014-05-20 04:15:44 +02:00
Stefan Metzmacher
f7883ae02a s4:lib/socket: simplify iface_list_wildcard() and its callers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  7 02:18:17 CET 2014 on sn-devel-104
2014-03-07 02:18:17 +01:00
Kai Blin
df43027bd8 dns: Support larger queries when asking forwarder
This should fix bug #9632

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-05-26 18:13:28 +02:00
Kai Blin
a3a3086a2a dns: Also print packet information for DBGC_DNS
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Sat May 18 12:48:15 CEST 2013 on sn-devel-104
2013-05-18 12:48:15 +02:00
Kai Blin
2e9cf99bce dns: Also add a print-out for the out_packet
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:19 +10:00
Kai Blin
f31bda6715 dns: Use new DNS debugclass in DNS server
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:15 +10:00
Stefan Metzmacher
a9a38415e5 s4:dns_server: fix formatting difference compared to v4-0-test
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 24 10:12:51 CEST 2012 on sn-devel-104
2012-10-24 10:12:51 +02:00
Andrew Bartlett
83d34bb2bb dns_server: Try and use the dns-SERVER account if we were configured with it 2012-10-17 11:09:17 +02:00
Matthieu Patou
2c3a8081ea s4-dns: Fix the comments about ignoring zones in internal server
Acked-By: Kai Blin <kai@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Sat Oct 13 12:37:53 CEST 2012 on sn-devel-104
2012-10-13 12:37:53 +02:00
Matthieu Patou
4b83c43ac2 s4-dns: fix a warning
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Mon Oct  8 10:45:41 CEST 2012 on sn-devel-104
2012-10-08 10:45:40 +02:00
Matthieu Patou
ffab1d7cb2 s4-dns: Ignore zones that shouldn't be returned currently
RootDNSServers should never be returned (Windows DNS server don't)
..TrustAnchors should never be returned as is, (Windows returns
TrustAnchors) and for the moment we don't support DNSSEC so we'd better
not return this zone.
2012-10-07 22:11:48 -07:00
Matthieu Patou
f4b9007faf s4-dns: fix a non handled memory out of memory
Signed-off-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue Oct  2 09:43:52 CEST 2012 on sn-devel-104
2012-10-02 09:43:52 +02:00
Matthias Dieter Wallnöfer
5f973631b6 s4:dns_server - introduce the wildcard binding feature
We need the wildcard binding feature otherwise we might get bound to a
private interface in case of multiple interfaces and no "interfaces"
parameter in smb.conf.

Code taken from source4/ldap_server/ldap_server.c

Signed-off-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Sun Sep 23 23:44:03 CEST 2012 on sn-devel-104
2012-09-23 23:44:03 +02:00
Andrew Bartlett
1627fcda3e dns_server: Remove parameter 'dns recursive queries' and base this on 'dns forwarder'
This simplifies a very common configuration.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-09-12 16:51:29 +02:00
Kai Blin
8ba8020586 s4 dns: Make debug output less noisy
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Sep  7 00:31:56 CEST 2012 on sn-devel-104
2012-09-07 00:31:56 +02:00
Kai Blin
53f602c374 s4 dns: Verify incoming TSIG signatures 2012-09-05 19:02:17 +02:00
Kai Blin
7fe5e2cdcb s4 dns: Handle GSS-TSIG signature creation 2012-09-05 19:02:17 +02:00
Kai Blin
558fa4c45a s4 dns: Revert erroneous push from wrong branch
I've pushed the wrong branch for this, sorry about that.

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep  5 14:10:54 CEST 2012 on sn-devel-104
2012-09-05 14:10:54 +02:00
Kai Blin
140a8d86ac more tsig_verify stuff 2012-09-05 08:41:24 +02:00
Kai Blin
17c91b5db0 drop me 2012-09-05 08:41:24 +02:00
Kai Blin
f3e44c390c s4 dns: Verify incoming TSIG signatures 2012-09-05 08:41:23 +02:00