1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Commit Graph

44 Commits

Author SHA1 Message Date
Joseph Sutton
13a04d6791 s4:rpc_server: Add missing newlines to debugging messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
5aafff0aab s4:rpc_server/dnsserver: Zero-initialise pointers
Ensuring pointers are always initialised simplifies the code and avoids
compilation errors with FORTIFY_SOURCE=2.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Stefan Metzmacher
965fe0e906 CVE-2021-3738 s4:rpc_server/dnsserver: make use of dcesrv_samdb_connect_as_user() helper
This is not strictly required, but it makes it easier to audit that
source4/rpc_server no longer calls samdb_connect() directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:34 +00:00
Douglas Bagnall
701c55841f rpc/dnsserver: check talloc_strndup return
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-29 02:19:35 +00:00
Matthew DeVore
232054c09b lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.

Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-28 02:18:40 +00:00
Douglas Bagnall
df98e7db04 s4/dns: do not crash when additional data not found
Found by Francis Brosnan Blázquez <francis@aspl.es>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
2020-08-24 00:21:41 +00:00
Douglas Bagnall
7afe449e72 s4: dns: Ensure variable initialization with NULL.
Ensure no use after free.

Based on patches from Francis Brosnan Blázquez <francis@aspl.es>
and Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-23 22:55:29 +00:00
Andrew Bartlett
defb237325 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords)
dns_name_compare() had logic to put @ and the top record in the tree being
enumerated first, but if a domain had both then this would break the
older qsort() implementation in ldb_qsort() and cause a read of memory
before the base pointer.

By removing this special case (not required as the base pointer
is already seperatly located, no matter were it is in the
returned records) the crash is avoided.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 09:18:46 +00:00
Douglas Bagnall
1cac79dd98 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
We still want to return DOES_NOT_EXIST when request_filter is not 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-19 07:01:12 +00:00
Douglas Bagnall
7ea74d55ad CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation
We still want to return DOES_NOT_EXIST when request_filter is not 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-19 07:01:12 +00:00
Noel Power
bcc6b8c249 s4/rpc_server/dnsserver: clang: fix Value stored to 'status' is never read
Fix the following warnings

source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1021: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1723:4: warning: Value stored to 'status' is never read <--[clang]
                        status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
                        ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1881:4: warning: Value stored to 'status' is never read <--[clang]
                        status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-04 22:13:07 +00:00
Noel Power
2bed937e7f s4/rpc_server/dnsserver: cppcheck: Fix Uninitialized variable error.
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:715: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]

This error is benign and somewhat false because the code pointed to does
not run (due to a different check) if answer_integer is not actually
initialsed. It is easy to squash it though by just initialising the var.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-04 22:13:07 +00:00
Stefan Metzmacher
e9eb8e6a44 s4:rpc_server: only pass context to op_bind() hooks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
70b00c7567 s4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_*() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:39 +01:00
Stefan Metzmacher
245a0ef73f s4:rpc_server/dnsserver: make use of dcesrv_iface_state_{create,find}_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:38 +01:00
Stefan Metzmacher
c989e35c63 s4:rpc_server/dnsserver: make use dcesrv_call_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-12 03:13:32 +01:00
Aaron Haslett
ebc42cb140 dns: treating fully qualified and unqualified zone as identical.
"zone.com." and "zone.com" should be treated as the same zone.  This patch
picks the unqualified representation as standard and enforces it, in order to
match BIND9 behaviour.
Note: This fixes the failing test added previously, but that test still fails
on the rodc test target so we modify the expected failure but don't remove it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13442
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-20 23:40:26 +01:00
Aaron Haslett
c3f6085991 dns: prevent self-referencing CNAME
Stops the user from adding a self-referencing CNAME over RPC, which is an easy
mistake to make with samba-tool.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-11-28 08:22:23 +01:00
Aaron Haslett
d6e111ff42 rpc dns: reset dword aging related zone properties
This allows a user to set zone properties relevant to DNS record aging over RPC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 04:31:53 +02:00
Gary Lockyer
b841da04e2 dns: Reformat DNS with clang-format
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 04:31:52 +02:00
Gary Lockyer
5c0345ea9b samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Andreas Schneider
1bd4a0cf27 s4:rpc_server: Fix size types in dcerpc dnsserver
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-20 23:16:15 +01:00
Andrew Bartlett
c174702107 s4-dnsserver: Always encode user-supplied names when looking up DNS records
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12994

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-09-20 08:15:21 +02:00
Stefan Metzmacher
e9a51ad590 CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
This matches windows and prevents man in the middle downgrade attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:27 +02:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Andrew Bartlett
4ef468eecd dnsserver: Remove incorrect and not required include of ldb_private.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-24 23:46:22 +02:00
Guenter Kukkukk
3ac4355f3e s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses
In the initial implementation only IPv4 addresses were supported.

Add IPv6 (and mixed IPv4/IPv6) support and all further needed conversion
routines to support w2k, dotnet, longhorn clients.

Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Nov 26 03:44:07 CET 2014 on sn-devel-104
2014-11-26 03:44:06 +01:00
Amitay Isaacs
6f2862e766 s4-rpc: dnsserver: Do not search for deleted DNS entries
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-04 12:07:13 +02:00
Amitay Isaacs
4b4e30b780 s4-rpc: dnsserver: Allow . to be specified for @ record
Windows allow both . and @ to be specified with modifying @ record.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-29 17:11:08 +02:00
Amitay Isaacs
bdb818d9b4 s4-rpc: dnsserver: Ignore duplicate dns zones from multiple locations
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat Nov 30 06:15:52 CET 2013 on sn-devel-104
2013-11-30 06:15:51 +01:00
Amitay Isaacs
44a85e3752 s4-rpc:dnsserver: DNS names are case insensitive 2012-01-12 05:10:08 +01:00
Amitay Isaacs
f8163195b0 s4-rpc:dnsserver: Do not replace @ with zone_name in update operation
This fixes the problem when updating DNS record for '@' or domain name.
2012-01-06 11:04:49 +11:00
Amitay Isaacs
95868605e2 s4:rpc-dnsserver: Make sure that zone information is filled in
This fixes the problem of NULL zone in zone operations when specific
zone is specified and no zone filter is specified.
2011-12-23 16:18:25 +11:00
Amitay Isaacs
10860d58d7 s4:rpc-dnsserver: Implement zone management RPC operations
- ZoneCreate operation to create zone.
- DeleteZoneFromDs operation to delete zone

When a zone is deleted, all the records in that zone are also deleted.
2011-12-23 16:18:25 +11:00
Amitay Isaacs
f14ddcc2e1 s4:rpc-dnsserver: Use handy macros for error checking 2011-12-23 16:18:25 +11:00
Amitay Isaacs
3d139b49cb s4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operation 2011-12-23 16:18:24 +11:00
Amitay Isaacs
fe0e08acfb s4:rpc-dnsserver: Use cached zone information to get rootservers
This removes the hardcoded search for DC=RootDNSServers, and uses
the cached zone information.
2011-12-23 16:17:10 +11:00
Amitay Isaacs
6a5352da59 s4:rpc-dnsserver: Implement EnumDirectoryPartition operation 2011-12-23 16:17:10 +11:00
Amitay Isaacs
5673e2cec9 s4:rpc-dnsserver: Cache DNS partition information
This information will be used for the RPC calls for partition
information.
2011-12-23 16:17:09 +11:00
Amitay Isaacs
9f76e076fa s4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flag
And use fReverse flag in the enumeration of zones.
2011-12-23 16:17:09 +11:00
Amitay Isaacs
8b33c48ba5 s4-dnsserver: Fix enumeration of zones in ComplexOperation RPC call
zone_request_flags are interpreted in different groups rather than
a single group. This correctly returns 0 zones when there are no
reverse zones and DNS_ZONE_REQUEST_REVERSE is set in zone_request_flags.
2011-11-08 09:50:26 +11:00
Amitay Isaacs
6e800bfba7 s4-dnsserver: Build a dns name tree for correct enumeration
The result of EnumRecords/EnumRecords2 RPC calls, is a list of
dns records that are one level below in the name hierarchy starting
from the search name. This patch builds a tree of names to get
the list of records one level below the search names and correctly
count the number of child records for each of those.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02 15:26:54 +11:00
Amitay Isaacs
0d3aff7324 s4-dnsserver: List dns zones matching the search filter
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-02 15:26:54 +11:00
Amitay Isaacs
8df2ed42cc s4-dns: Added DCERPC dns server for DNS management
dnsserver.h - typedefs and prototypes
dnsserver.c - RPC API and implementation methods
dnsdb.c     - samdb operations
dnsdata.c   - functions to manipulate dns structures
dnsutils.c  - function for serverinfo and zoneinfo structures

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-10-20 05:53:05 +02:00