[SCM] Samba Shared Repository - branch v4-2-test updated
Stefan Metzmacher
metze at samba.org
Tue Mar 8 13:25:26 UTC 2016
The branch, v4-2-test has been updated
via 0108e51 VERSION: Bump version up to 4.2.10...
via a93f708 Merge tag 'samba-4.2.9' into v4-2-test
via c0aa427 VERSION: Disable git snapshots for the 4.2.9 release.
via c3eeba3 WHATSNEW: Add release notes for Samba 4.2.9.
via 981cbe1 CVE-2016-0771: tests/dns: Remove dependencies on env variables
via 4dfa41d CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
via 409ec58 CVE-2016-0771: tests: rename test getopt to get_opt
via 93662cf CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
via b9c595f CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
via 43de2c0 CVE-2016-0771: tests/dns: modify tests to check via RPC
via 18a1a7c CVE-2016-0771: tests/dns: Add some more test cases for TXT records
via 1cae991 CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
via ffe5757 CVE-2016-0771: tests/dns: restore formerly segfaulting test
via 9f1f669 CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
via 5462a4c CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
via 356cc26 CVE-2016-0771: tests/dns: prepare script for further testing
via d076289 CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
via 9c50144 CVE-2016-0771: dns.idl: make use of dnsp_hinfo
via 50972cc CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
via 69a4def CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
via 192a619 CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
via 8070e38 CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
via 6296447 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
via db00d27 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
via 6122a71 CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
via 10e5700 CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
via 5923745 CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
via e77fb42 CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
via ef5f235 CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
via 3898806 CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
via cb5b446 CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
via 478ed76 CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
via cc73ba9 CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
via e20deaf CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
via 0549f6e VERSION: Bump version up to 4.2.9...
from fe4a09d Real memeory leak(buildup) issue in loadparm.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test
- Log -----------------------------------------------------------------
commit 0108e51a29962a24ac5c12334408f37319619d72
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 8 14:23:04 2016 +0100
VERSION: Bump version up to 4.2.10...
and re-enable git snapshots.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit a93f7083b115b61fbd2aae14a9b9520dbb28e9a1
Merge: fe4a09d c0aa427
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 8 14:20:35 2016 +0100
Merge tag 'samba-4.2.9' into v4-2-test
samba: tag release samba-4.2.9
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 87 +++-
librpc/idl/dns.idl | 18 +-
librpc/idl/dnsp.idl | 4 +-
librpc/idl/dnsserver.idl | 2 +-
librpc/ndr/ndr_dns.c | 27 ++
librpc/ndr/ndr_dnsp.c | 24 ++
librpc/ndr/ndr_dnsp.h | 4 +
librpc/wscript_build | 20 +-
python/samba/tests/dns.py | 620 +++++++++++++++++++++------
python/samba/tests/{getopt.py => get_opt.py} | 0
selftest/knownfail | 2 +
selftest/tests.py | 2 +-
source3/client/client.c | 2 +-
source3/libsmb/clifile.c | 130 +++++-
source3/libsmb/proto.h | 17 +-
source3/selftest/tests.py | 2 +-
source3/smbd/nttrans.c | 13 +
source3/smbd/trans2.c | 68 ++-
source3/torture/torture.c | 377 ++++++++++++++++
source4/dns_server/dns_query.c | 15 +-
source4/dns_server/dns_update.c | 31 +-
source4/librpc/wscript_build | 4 +-
source4/selftest/tests.py | 3 +-
24 files changed, 1233 insertions(+), 241 deletions(-)
rename python/samba/tests/{getopt.py => get_opt.py} (100%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c575391..2492fbd 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=9
+SAMBA_VERSION_RELEASE=10
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ae15c36..f03be3a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,87 @@
=============================
+ Release Notes for Samba 4.2.9
+ March 8, 2016
+ =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
+o CVE-2016-0771 (Out-of-bounds read in internal DNS server)
+
+=======
+Details
+=======
+
+o CVE-2015-7560:
+ All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
+ a malicious client overwriting the ownership of ACLs using symlinks.
+
+ An authenticated malicious client can use SMB1 UNIX extensions to
+ create a symlink to a file or directory, and then use non-UNIX SMB1
+ calls to overwrite the contents of the ACL on the file or directory
+ linked to.
+
+o CVE-2016-0771:
+ All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
+ an AD DC and choose to run the internal DNS server, are vulnerable to an
+ out-of-bounds read issue during DNS TXT record handling caused by users
+ with permission to modify DNS records.
+
+ A malicious client can upload a specially constructed DNS TXT record,
+ resulting in a remote denial-of-service attack. As long as the affected
+ TXT record remains undisturbed in the Samba database, a targeted DNS
+ query may continue to trigger this exploit.
+
+ While unlikely, the out-of-bounds read may bypass safety checks and
+ allow leakage of memory from the server in the form of a DNS TXT reply.
+
+ By default only authenticated accounts can upload DNS records,
+ as "allow dns updates = secure only" is the default.
+ Any other value would allow anonymous clients to trigger this
+ bug, which is a much higher risk.
+
+
+Changes since 4.2.8:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
+ change permissions on link target.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+ handling.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+ handling.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.2.8
February 2, 2016
=============================
@@ -67,8 +150,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.2.7
diff --git a/librpc/idl/dns.idl b/librpc/idl/dns.idl
index d247e0e..5435fcf 100644
--- a/librpc/idl/dns.idl
+++ b/librpc/idl/dns.idl
@@ -8,7 +8,7 @@
encoding if it doesn't work out
*/
-import "misc.idl";
+import "misc.idl", "dnsp.idl";
[
helper("librpc/ndr/ndr_dns.h"),
helpstring("DNS records"),
@@ -152,20 +152,12 @@ interface dns
} dns_soa_record;
typedef [public] struct {
- [value(strlen(cpu))] uint8 cpu_length;
- [charset(DOS)] uint8 cpu[cpu_length];
- [value(strlen(os))] uint8 os_length;
- [charset(DOS)] uint8 os[os_length];
- } dns_hinfo_record;
-
- typedef [public] struct {
uint16 preference;
dns_string exchange;
} dns_mx_record;
- typedef [public] struct {
- [value(strlen(txt))] uint8 length;
- [charset(DOS)] uint8 txt[length];
+ typedef [public,nopull] struct {
+ dnsp_string_list txt;
} dns_txt_record;
typedef [public] struct {
@@ -232,7 +224,7 @@ interface dns
[case(DNS_QTYPE_CNAME)] dns_string cname_record;
[case(DNS_QTYPE_SOA)] dns_soa_record soa_record;
[case(DNS_QTYPE_PTR)] dns_string ptr_record;
- [case(DNS_QTYPE_HINFO)] dns_hinfo_record hinfo_record;
+ [case(DNS_QTYPE_HINFO)] dnsp_hinfo hinfo_record;
[case(DNS_QTYPE_MX)] dns_mx_record mx_record;
[case(DNS_QTYPE_TXT)] dns_txt_record txt_record;
[case(DNS_QTYPE_RP)] dns_rp_record rp_record;
@@ -270,7 +262,7 @@ interface dns
/*
this is a convenience hook for ndrdump
*/
- void decode_dns_name_packet(
+ [nopython] void decode_dns_name_packet(
[in] dns_name_packet packet
);
}
diff --git a/librpc/idl/dnsp.idl b/librpc/idl/dnsp.idl
index 4c49001..d705cfc 100644
--- a/librpc/idl/dnsp.idl
+++ b/librpc/idl/dnsp.idl
@@ -263,11 +263,11 @@ interface dnsp
/*
these are convenience hooks for ndrdump
*/
- void decode_DnssrvRpcRecord(
+ [nopython] void decode_DnssrvRpcRecord(
[in] dnsp_DnssrvRpcRecord blob
);
- void decode_DnsProperty(
+ [nopython] void decode_DnsProperty(
[in] dnsp_DnsProperty blob
);
}
diff --git a/librpc/idl/dnsserver.idl b/librpc/idl/dnsserver.idl
index ca9c371..c7742e7 100644
--- a/librpc/idl/dnsserver.idl
+++ b/librpc/idl/dnsserver.idl
@@ -73,7 +73,7 @@ import "misc.idl", "dnsp.idl";
typedef [public,gensize] struct {
[value(strlen(str))] uint8 len;
- [charset(UTF8)] uint8 str[len];
+ [charset(UNIX)] uint8 str[len];
}
DNS_RPC_NAME;
diff --git a/librpc/ndr/ndr_dns.c b/librpc/ndr/ndr_dns.c
index 0b9e3b0..065d992 100644
--- a/librpc/ndr/ndr_dns.c
+++ b/librpc/ndr/ndr_dns.c
@@ -30,6 +30,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_dns.h"
#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_dnsp.h"
#include "system/locale.h"
#include "lib/util/util_net.h"
@@ -230,6 +231,29 @@ _PUBLIC_ enum ndr_err_code ndr_push_dns_string(struct ndr_push *ndr,
return ndr_push_bytes(ndr, (const uint8_t *)"", 1);
}
+_PUBLIC_ enum ndr_err_code ndr_pull_dns_txt_record(struct ndr_pull *ndr, int ndr_flags, struct dns_txt_record *r)
+{
+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
+ enum ndr_err_code ndr_err;
+ uint32_t data_size = ndr->data_size;
+ uint32_t record_size = 0;
+ ndr_err = ndr_token_retrieve(&ndr->array_size_list, r,
+ &record_size);
+ if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NDR_PULL_NEED_BYTES(ndr, record_size);
+ ndr->data_size = ndr->offset + record_size;
+ }
+ NDR_CHECK(ndr_pull_align(ndr, 1));
+ NDR_CHECK(ndr_pull_dnsp_string_list(ndr, NDR_SCALARS, &r->txt));
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 1));
+ ndr->data_size = data_size;
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ }
+ return NDR_ERR_SUCCESS;
+}
+
_PUBLIC_ enum ndr_err_code ndr_push_dns_res_rec(struct ndr_push *ndr,
int ndr_flags,
const struct dns_res_rec *r)
@@ -302,6 +326,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dns_res_rec(struct ndr_pull *ndr,
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length));
_saved_offset1 = ndr->offset;
if (r->length > 0) {
+ NDR_CHECK(ndr_token_store(ndr, &ndr->array_size_list,
+ &r->rdata,
+ r->length));
NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->rdata,
r->rr_type));
NDR_CHECK(ndr_pull_dns_rdata(ndr, NDR_SCALARS,
diff --git a/librpc/ndr/ndr_dnsp.c b/librpc/ndr/ndr_dnsp.c
index fcb623a..82b5fb5 100644
--- a/librpc/ndr/ndr_dnsp.c
+++ b/librpc/ndr/ndr_dnsp.c
@@ -225,3 +225,27 @@ enum ndr_err_code ndr_push_dnsp_string_list(struct ndr_push *ndr, int ndr_flags,
}
return NDR_ERR_SUCCESS;
}
+
+enum ndr_err_code ndr_dnsp_string_list_copy(TALLOC_CTX *mem_ctx,
+ const struct dnsp_string_list *src,
+ struct dnsp_string_list *dst)
+{
+ size_t i;
+
+ dst->count = 0;
+ dst->str = talloc_zero_array(mem_ctx, const char *, src->count);
+ if (dst->str == NULL) {
+ return NDR_ERR_ALLOC;
+ }
+
+ for (i = 0; i < src->count; i++) {
+ dst->str[i] = talloc_strdup(dst->str, src->str[i]);
+ if (dst->str[i] == NULL) {
+ TALLOC_FREE(dst->str);
+ return NDR_ERR_ALLOC;
+ }
+ }
+
+ dst->count = src->count;
+ return NDR_ERR_SUCCESS;
+}
diff --git a/librpc/ndr/ndr_dnsp.h b/librpc/ndr/ndr_dnsp.h
index 67f952c..0d56633 100644
--- a/librpc/ndr/ndr_dnsp.h
+++ b/librpc/ndr/ndr_dnsp.h
@@ -27,3 +27,7 @@ void ndr_print_dnsp_string(struct ndr_print *ndr, const char *name,
const char *dns_string);
enum ndr_err_code ndr_pull_dnsp_string(struct ndr_pull *ndr, int ndr_flags, const char **string);
enum ndr_err_code ndr_push_dnsp_string(struct ndr_push *ndr, int ndr_flags, const char *string);
+
+enum ndr_err_code ndr_dnsp_string_list_copy(TALLOC_CTX *mem_ctx,
+ const struct dnsp_string_list *src,
+ struct dnsp_string_list *dst);
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 6f744eb..0b137db 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -27,12 +27,12 @@ bld.SAMBA_SUBSYSTEM('NDR_NAMED_PIPE_AUTH',
bld.SAMBA_SUBSYSTEM('NDR_DNSSERVER',
source='gen_ndr/ndr_dnsserver.c ndr/ndr_dnsserver.c',
- public_deps='ndr'
+ public_deps='ndr NDR_DNSP'
)
bld.SAMBA_SUBSYSTEM('NDR_DNS',
source='gen_ndr/ndr_dns.c ndr/ndr_dns.c',
- public_deps='ndr'
+ public_deps='ndr NDR_DNSP'
)
bld.SAMBA_SUBSYSTEM('NDR_DSBACKUP',
@@ -341,7 +341,7 @@ bld.SAMBA_LIBRARY('ndr-standard',
pc_files='ndr_standard.pc',
deps='''NDR_SECURITY NDR_LSA NDR_SAMR NDR_NETLOGON NDR_EVENTLOG NDR_DFS
NDR_NTSVCS NDR_SVCCTL NDR_INITSHUTDOWN NDR_WKSSVC NDR_SRVSVC NDR_WINREG
- NDR_ECHO security NDR_DNS NDR_ATSVC NDR_SPOOLSS NDR_DSSETUP
+ NDR_ECHO security NDR_DNS NDR_DNSP NDR_ATSVC NDR_SPOOLSS NDR_DSSETUP
NDR_SERVER_ID NDR_NOTIFY''',
public_deps='ndr',
public_headers='gen_ndr/samr.h gen_ndr/ndr_samr.h gen_ndr/lsa.h gen_ndr/netlogon.h gen_ndr/atsvc.h gen_ndr/ndr_atsvc.h gen_ndr/ndr_svcctl.h gen_ndr/svcctl.h',
@@ -418,11 +418,6 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_AUDIOSRV',
public_deps='NDR_AUDIOSRV dcerpc-binding'
)
-bld.SAMBA_SUBSYSTEM('RPC_NDR_DNS',
- source='gen_ndr/ndr_dns_c.c',
- public_deps='dcerpc-binding NDR_DNS'
- )
-
bld.SAMBA_SUBSYSTEM('RPC_NDR_ECHO',
source='gen_ndr/ndr_echo_c.c',
public_deps='dcerpc-binding NDR_ECHO'
@@ -605,11 +600,6 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_BACKUPKEY',
public_deps='dcerpc-binding NDR_BACKUPKEY'
)
-bld.SAMBA_SUBSYSTEM('RPC_NDR_DNSP',
- source='gen_ndr/ndr_dnsp_c.c',
- public_deps='dcerpc-binding NDR_DNSP'
- )
-
bld.SAMBA_SUBSYSTEM('RPC_NDR_DNSSERVER',
source='gen_ndr/ndr_dnsserver_c.c',
public_deps='dcerpc-binding ndr-standard'
@@ -634,7 +624,7 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_WITNESS',
bld.SAMBA_LIBRARY('ndr-samba',
source=[],
deps='''NDR_DRSBLOBS NDR_DRSUAPI NDR_IDMAP NDR_NTLMSSP NDR_SCHANNEL NDR_MGMT
- NDR_DNSP NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH NDR_DCOM
+ NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH NDR_DCOM
NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_OPEN_FILES NDR_SMBXSRV''',
private_library=True,
grouping_library=True
@@ -646,7 +636,7 @@ bld.SAMBA_LIBRARY('dcerpc-samba',
deps='''RPC_NDR_LSA RPC_NDR_SAMR RPC_NDR_NETLOGON RPC_NDR_EVENTLOG
RPC_NDR_DFS RPC_NDR_NTSVCS RPC_NDR_SVCCTL RPC_NDR_INITSHUTDOWN
RPC_NDR_WKSSVC RPC_NDR_SRVSVC RPC_NDR_WINREG RPC_NDR_ECHO RPC_NDR_EPMAPPER
- RPC_NDR_ATSVC RPC_NDR_SPOOLSS RPC_NDR_DNS''',
+ RPC_NDR_ATSVC RPC_NDR_SPOOLSS RPC_NDR_DNSSERVER''',
public_deps='ndr-standard',
private_library=True,
grouping_library=True
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index f93e13f..f7f56a3 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -16,18 +16,69 @@
#
import os
+import sys
import struct
import random
import socket
import samba.ndr as ndr
-import samba.dcerpc.dns as dns
+from samba import credentials, param
from samba.tests import TestCase
+from samba.dcerpc import dns, dnsp, dnsserver
+from samba.netcmd.dns import TXTRecord, dns_record_match, data_to_dns_record
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+import samba.getopt as options
+import optparse
+
+parser = optparse.OptionParser("dns.py <server name> <server ip> [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
FILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)])
+# This timeout only has relevance when testing against Windows
+# Format errors tend to return patchy responses, so a timeout is needed.
+parser.add_option("--timeout", type="int", dest="timeout",
+ help="Specify timeout for DNS requests")
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+timeout = opts.timeout
+
+if len(args) < 2:
+ parser.print_usage()
+ sys.exit(1)
+
+server_name = args[0]
+server_ip = args[1]
+creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE)
+
+def make_txt_record(records):
+ rdata_txt = dns.txt_record()
+ s_list = dnsp.string_list()
+ s_list.count = len(records)
+ s_list.str = records
+ rdata_txt.txt = s_list
+ return rdata_txt
class DNSTest(TestCase):
+ def setUp(self):
+ global server, server_ip, lp, creds
+ super(DNSTest, self).setUp()
+ self.server = server_name
+ self.server_ip = server_ip
+ self.lp = lp
+ self.creds = creds
+
def errstr(self, errcode):
"Return a readable error code"
string_codes = [
@@ -83,9 +134,10 @@ class DNSTest(TestCase):
def get_dns_domain(self):
"Helper to get dns domain"
- return os.getenv('REALM', 'example.com').lower()
+ return self.creds.get_realm().lower()
- def dns_transaction_udp(self, packet, host=os.getenv('SERVER_IP'), dump=False):
+ def dns_transaction_udp(self, packet, host=server_ip,
+ dump=False, timeout=timeout):
"send a DNS query and read the reply"
s = None
try:
@@ -93,6 +145,7 @@ class DNSTest(TestCase):
if dump:
print self.hexdump(send_packet)
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+ s.settimeout(timeout)
s.connect((host, 53))
s.send(send_packet, 0)
recv_packet = s.recv(2048, 0)
@@ -103,7 +156,8 @@ class DNSTest(TestCase):
if s is not None:
s.close()
- def dns_transaction_tcp(self, packet, host=os.getenv('SERVER_IP'), dump=False):
+ def dns_transaction_tcp(self, packet, host=server_ip,
+ dump=False, timeout=timeout):
"send a DNS query and read the reply"
s = None
try:
@@ -111,6 +165,7 @@ class DNSTest(TestCase):
if dump:
print self.hexdump(send_packet)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+ s.settimeout(timeout)
s.connect((host, 53))
tcp_packet = struct.pack('!H', len(send_packet))
tcp_packet += send_packet
@@ -133,6 +188,47 @@ class DNSTest(TestCase):
N+=length
return result
+ def make_txt_update(self, prefix, txt_array):
+ p = self.make_name_packet(dns.DNS_OPCODE_UPDATE)
+ updates = []
+
+ name = self.get_dns_domain()
+ u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN)
+ updates.append(u)
+ self.finish_name_packet(p, updates)
+
+ updates = []
+ r = dns.res_rec()
+ r.name = "%s.%s" % (prefix, self.get_dns_domain())
+ r.rr_type = dns.DNS_QTYPE_TXT
+ r.rr_class = dns.DNS_QCLASS_IN
+ r.ttl = 900
--
Samba Shared Repository
More information about the samba-cvs
mailing list