[SCM] Samba Shared Repository - branch master updated
Amitay Isaacs
amitay at samba.org
Fri Nov 29 22:16:04 MST 2013
The branch, master has been updated
via bdb818d s4-rpc: dnsserver: Ignore duplicate dns zones from multiple locations
via 97dd673 s4-dns: Ignore duplicate dns zones from multiple locations in dlz_bind9
via 8e7f8a2 netcmd/dns: Catch wildcard patterns when querying for name
from f626839 fail authentication for single group name which cannot be converted to sid
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bdb818d9b49f1a99e81f940acbe35d82571ae30c
Author: Amitay Isaacs <amitay at gmail.com>
Date: Fri Oct 4 16:10:31 2013 +1000
s4-rpc: dnsserver: Ignore duplicate dns zones from multiple locations
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Kai Blin <kai at samba.org>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Sat Nov 30 06:15:52 CET 2013 on sn-devel-104
commit 97dd67315784b5c7126372a1fea6f9ceb2e102d8
Author: Amitay Isaacs <amitay at gmail.com>
Date: Wed Oct 2 17:28:45 2013 +1000
s4-dns: Ignore duplicate dns zones from multiple locations in dlz_bind9
BIND DLZ module currently loads DNS zones from DNS partitions and domain
partitions using following prefixes:
CN=MicrosoftDNS,DC=DomainDnsZones
CN=MicrosoftDNS,DC=ForestDNSZones
CN=MicrosoftDNS,CN=System
Windows supports DNS zones duplicated in DNS partitions and domain
partition and updates both of them simultaneously.
BIND DLZ module can handle DNS zones stored either in DNS partitions
or domain partition, but not both. This patch ignores duplicate zones
from domain partition and allows BIND9 to work with AD with duplicate
DNS zones.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Kai Blin <kai at samba.org>
commit 8e7f8a2ab165ed0ab5c46e0131364fa91c309164
Author: Amitay Isaacs <amitay at gmail.com>
Date: Fri Aug 2 18:53:56 2013 +1000
netcmd/dns: Catch wildcard patterns when querying for name
DNS query should either be '@' to represent entire zone or a fixed string
and not wildcard search pattern.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Kai Blin <kai at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/netcmd/dns.py | 3 +
source4/dns_server/dlz_bind9.c | 55 +++++++++++++++++++++++
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 18 +++++---
3 files changed, 70 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py
index 137cd98..de0c94d 100644
--- a/python/samba/netcmd/dns.py
+++ b/python/samba/netcmd/dns.py
@@ -955,6 +955,9 @@ class cmd_query(Command):
versionopts=None):
record_type = dns_type_flag(rtype)
+ if name.find('*') != -1:
+ raise CommandError('Wildcard searches not supported. To dump entire zone use "@"')
+
select_flags = 0
if authority:
select_flags |= dnsserver.DNS_RPC_VIEW_AUTHORITY_DATA
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index ac41dd0..ea00cfd 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -36,6 +36,7 @@
#include "gen_ndr/server_id.h"
#include "messaging/messaging.h"
#include "lib/cmdline/popt_common.h"
+#include "lib/util/dlinklist.h"
#include "dlz_minimal.h"
@@ -44,6 +45,11 @@ struct b9_options {
const char *debug;
};
+struct b9_zone {
+ char *name;
+ struct b9_zone *prev, *next;
+};
+
struct dlz_bind9_data {
struct b9_options options;
struct ldb_context *samdb;
@@ -51,6 +57,7 @@ struct dlz_bind9_data {
struct loadparm_context *lp;
int *transaction_token;
uint32_t soa_serial;
+ struct b9_zone *zonelist;
/* Used for dynamic update */
struct smb_krb5_context *smb_krb5_ctx;
@@ -1099,6 +1106,42 @@ static bool b9_has_soa(struct dlz_bind9_data *state, struct ldb_dn *dn, const ch
return false;
}
+static bool b9_zone_add(struct dlz_bind9_data *state, const char *name)
+{
+ struct b9_zone *zone;
+
+ zone = talloc_zero(state, struct b9_zone);
+ if (zone == NULL) {
+ return false;
+ }
+
+ zone->name = talloc_strdup(zone, name);
+ if (zone->name == NULL) {
+ talloc_free(zone);
+ return false;
+ }
+
+ DLIST_ADD(state->zonelist, zone);
+ return true;
+}
+
+static bool b9_zone_exists(struct dlz_bind9_data *state, const char *name)
+{
+ struct b9_zone *zone = state->zonelist;
+ bool found = false;
+
+ while (zone != NULL) {
+ if (strcasecmp(name, zone->name) == 0) {
+ found = true;
+ break;
+ }
+ zone = zone->next;
+ }
+
+ return found;
+}
+
+
/*
configure a writeable zone
*/
@@ -1161,6 +1204,18 @@ _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata)
if (!b9_has_soa(state, zone_dn, zone)) {
continue;
}
+
+ if (b9_zone_exists(state, zone)) {
+ state->log(ISC_LOG_WARNING, "samba_dlz: Ignoring duplicate zone '%s' from '%s'",
+ zone, ldb_dn_get_linearized(zone_dn));
+ continue;
+ }
+
+ if (!b9_zone_add(state, zone)) {
+ talloc_free(tmp_ctx);
+ return ISC_R_NOMEMORY;
+ }
+
result = state->writeable_zone(view, zone);
if (result != ISC_R_SUCCESS) {
state->log(ISC_LOG_ERROR, "samba_dlz: Failed to configure zone '%s'",
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 5733a51..f3dd195 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -142,13 +142,19 @@ static struct dnsserver_state *dnsserver_connect(struct dcesrv_call_state *dce_c
}
for (z = zones; z; ) {
znext = z->next;
- z->zoneinfo = dnsserver_init_zoneinfo(z, dsstate->serverinfo);
- if (z->zoneinfo == NULL) {
- goto failed;
+ if (dnsserver_find_zone(dsstate->zones, z->name) == NULL) {
+ z->zoneinfo = dnsserver_init_zoneinfo(z, dsstate->serverinfo);
+ if (z->zoneinfo == NULL) {
+ goto failed;
+ }
+ DLIST_ADD_END(dsstate->zones, z, NULL);
+ p->zones_count++;
+ dsstate->zones_count++;
+ } else {
+ /* Ignore duplicate zone */
+ DEBUG(3,("dnsserver: Ignoring duplicate zone '%s' from '%s'",
+ z->name, ldb_dn_get_linearized(z->zone_dn)));
}
- DLIST_ADD_END(dsstate->zones, z, NULL);
- p->zones_count++;
- dsstate->zones_count++;
z = znext;
}
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list