[SCM] Samba Shared Repository - branch master updated
Garming Sam
garming at samba.org
Tue Aug 15 10:01:02 UTC 2017
The branch, master has been updated
via 0dbcd6a py-librpc: Strictly check the type of the incoming sid pointer
via 5bb341f s4/lib/tls: Use SHA256 to sign the TLS certificates
via 29b3a2b samba-tool dns query: Allow '*' in names
via 3d2bd84 samba-tool dns: Test support of DNS wild card in names
via edcbc99 dnsserver: Add support for dns wildcards
via 34acf5a dnsserver: Tighten DNS name checking
via 1184770 dnsserver: Tests for dns wildcard entries
from f816de5 s4: com: Replace erroneous inclusion of internal talloc.h header with external.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0dbcd6a4eafb75e1d888e71ee0fa74f36cc6af62
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 9 13:57:13 2017 +1200
py-librpc: Strictly check the type of the incoming sid pointer
This avoids casting another type of object to a void* and then to a SID
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Tue Aug 15 12:00:58 CEST 2017 on sn-devel-144
commit 5bb341fb9ceb943b4a72108edee9046b60f070b0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 9 16:44:24 2017 +1200
s4/lib/tls: Use SHA256 to sign the TLS certificates
The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
commit 29b3a2b0d1e5abc1ca9f112f680251e34fa6e3af
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Jul 20 09:13:43 2017 +1200
samba-tool dns query: Allow '*' in names
As DNS wild cards are now supported we need to allow '*' characters in
the domain names.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
commit 3d2bd849f119480f0c1262c00e45179ceaa6e755
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Mon Aug 7 13:42:02 2017 +1200
samba-tool dns: Test support of DNS wild card in names
As DNS wild cards are now supported we need to allow '*' characters in
the domain names.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
commit edcbc991253f4d6f59ef9a43a691c66cbbdc2b6d
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Aug 3 15:12:02 2017 +1200
dnsserver: Add support for dns wildcards
Add support for dns wildcard records. i.e. if the following records
exist
exact.samba.example.com 3600 A 1.1.1.1
*.samba.example.com 3600 A 1.1.1.2
look up on exact.samba.example.com will return 1.1.1.1
look up on *.samba.example.com will return 1.1.1.2
look up on other.samba.example.com will return 1.1.1.2
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
commit 34acf5a99214639e5e7792a9e85d24c9fd7640ac
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Aug 3 15:12:51 2017 +1200
dnsserver: Tighten DNS name checking
Add checks for the maximum permitted length, maximum number of labels
and the maximum label length. These extra checks will be used by the
DNS wild card handling.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
commit 1184770a76800897d59f1c20adaee3b0240697de
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Jul 25 14:14:53 2017 +1200
dnsserver: Tests for dns wildcard entries
Add tests for dns wildcards.
Tests validated against Windows Server 2012 R2
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/dns.idl | 3 +
python/samba/netcmd/dns.py | 3 +-
python/samba/tests/dns_wildcard.py | 288 ++++++++++++++++++++++++
python/samba/tests/samba_tool/dnscmd.py | 67 ++++++
source4/dns_server/dlz_bind9.c | 4 +-
source4/dns_server/dns_query.c | 5 +-
source4/dns_server/dns_server.h | 5 +
source4/dns_server/dns_utils.c | 18 ++
source4/dns_server/dnsserver_common.c | 383 +++++++++++++++++++++++++++++++-
source4/dns_server/dnsserver_common.h | 5 +
source4/lib/tls/tlscert.c | 9 +-
source4/librpc/ndr/py_security.c | 7 +
source4/selftest/tests.py | 2 +-
13 files changed, 783 insertions(+), 16 deletions(-)
create mode 100644 python/samba/tests/dns_wildcard.py
Changeset truncated at 500 lines:
diff --git a/librpc/idl/dns.idl b/librpc/idl/dns.idl
index aebb106..8e8eed5 100644
--- a/librpc/idl/dns.idl
+++ b/librpc/idl/dns.idl
@@ -18,6 +18,9 @@ import "misc.idl", "dnsp.idl";
interface dns
{
const int DNS_SERVICE_PORT = 53;
+ const int DNS_MAX_LABELS = 127;
+ const int DNS_MAX_DOMAIN_LENGTH = 253;
+ const int DNS_MAX_LABEL_LENGTH = 63;
typedef [public,bitmap16bit] bitmap {
DNS_RCODE = 0x000F,
diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py
index 6f88817..fd8db93 100644
--- a/python/samba/netcmd/dns.py
+++ b/python/samba/netcmd/dns.py
@@ -819,7 +819,8 @@ class cmd_query(Command):
record_type = dns_type_flag(rtype)
if name.find('*') != -1:
- raise CommandError('Wildcard searches not supported. To dump entire zone use "@"')
+ self.outf.write('use "@" to dump entire domain, looking up %s\n' %
+ name)
select_flags = 0
if authority:
diff --git a/python/samba/tests/dns_wildcard.py b/python/samba/tests/dns_wildcard.py
new file mode 100644
index 0000000..ca8426a
--- /dev/null
+++ b/python/samba/tests/dns_wildcard.py
@@ -0,0 +1,288 @@
+# Unix SMB/CIFS implementation.
+# Copyright (C) Andrew Bartlett 2007
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys
+from samba import credentials
+from samba.dcerpc import dns, dnsserver
+from samba.netcmd.dns import data_to_dns_record
+from samba.tests.subunitrun import SubunitOptions, TestProgram
+from samba import werror, WERRORError
+from samba.tests.dns_base import DNSTest
+import samba.getopt as options
+import optparse
+
+parser = optparse.OptionParser(
+ "dns_wildcard.py <server name> <server ip> [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+
+# This timeout only has relevance when testing against Windows
+# Format errors tend to return patchy responses, so a timeout is needed.
+parser.add_option("--timeout", type="int", dest="timeout",
+ help="Specify timeout for DNS requests")
+
+# To run against Windows
+# python python/samba/tests/dns_wildcard.py computer_name ip
+# -U"Administrator%admin_password"
+# --realm=Domain_name
+# --timeout 10
+#
+
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+
+opts, args = parser.parse_args()
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+timeout = opts.timeout
+
+if len(args) < 2:
+ parser.print_usage()
+ sys.exit(1)
+
+server_name = args[0]
+server_ip = args[1]
+creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE)
+
+WILDCARD_IP = "1.1.1.1"
+WILDCARD = "*.wildcardtest"
+EXACT_IP = "1.1.1.2"
+EXACT = "exact.wildcardtest"
+LEVEL2_WILDCARD_IP = "1.1.1.3"
+LEVEL2_WILDCARD = "*.level2.wildcardtest"
+LEVEL2_EXACT_IP = "1.1.1.4"
+LEVEL2_EXACT = "exact.level2.wildcardtest"
+
+
+class TestWildCardQueries(DNSTest):
+
+ def setUp(self):
+ super(TestWildCardQueries, self).setUp()
+ global server, server_ip, lp, creds, timeout
+ self.server = server_name
+ self.server_ip = server_ip
+ self.lp = lp
+ self.creds = creds
+ self.timeout = timeout
+
+ # Create the dns records
+ self.dns_records = [(dns.DNS_QTYPE_A,
+ "%s.%s" % (WILDCARD, self.get_dns_domain()),
+ WILDCARD_IP),
+ (dns.DNS_QTYPE_A,
+ "%s.%s" % (EXACT, self.get_dns_domain()),
+ EXACT_IP),
+ (dns.DNS_QTYPE_A,
+ ("%s.%s" % (
+ LEVEL2_WILDCARD,
+ self.get_dns_domain())),
+ LEVEL2_WILDCARD_IP),
+ (dns.DNS_QTYPE_A,
+ ("%s.%s" % (
+ LEVEL2_EXACT,
+ self.get_dns_domain())),
+ LEVEL2_EXACT_IP)]
+
+ c = self.dns_connect()
+ for (typ, name, data) in self.dns_records:
+ self.add_record(c, typ, name, data)
+
+ def tearDown(self):
+ c = self.dns_connect()
+ for (typ, name, data) in self.dns_records:
+ self.delete_record(c, typ, name, data)
+
+ def dns_connect(self):
+ binding_str = "ncacn_ip_tcp:%s[sign]" % self.server_ip
+ return dnsserver.dnsserver(binding_str, self.lp, self.creds)
+
+ def delete_record(self, dns_conn, typ, name, data):
+
+ rec = data_to_dns_record(typ, data)
+ del_rec_buf = dnsserver.DNS_RPC_RECORD_BUF()
+ del_rec_buf.rec = rec
+
+ try:
+ dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
+ 0,
+ self.server,
+ self.get_dns_domain(),
+ name,
+ None,
+ del_rec_buf)
+ except WERRORError as e:
+ # Ignore record does not exist errors
+ if e.args[0] != werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST:
+ raise e
+
+ def add_record(self, dns_conn, typ, name, data):
+
+ rec = data_to_dns_record(typ, data)
+ add_rec_buf = dnsserver.DNS_RPC_RECORD_BUF()
+ add_rec_buf.rec = rec
+ try:
+ dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
+ 0,
+ self.server,
+ self.get_dns_domain(),
+ name,
+ add_rec_buf,
+ None)
+ except WERRORError as e:
+ raise e
+
+ def test_one_a_query_match_wildcard(self):
+ "Query an A record, should match the wildcard entry"
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "miss.wildcardtest.%s" % self.get_dns_domain()
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, WILDCARD_IP)
+
+ def test_one_a_query_wildcard_entry(self):
+ "Query the wildcard entry"
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "%s.%s" % (WILDCARD, self.get_dns_domain())
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, WILDCARD_IP)
+
+ def test_one_a_query_exact_match(self):
+ """Query an entry that matches the wild card but has an exact match as
+ well.
+ """
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "%s.%s" % (EXACT, self.get_dns_domain())
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, EXACT_IP)
+
+ def test_one_a_query_match_wildcard_l2(self):
+ "Query an A record, should match the level 2 wildcard entry"
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "miss.level2.wildcardtest.%s" % self.get_dns_domain()
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP)
+
+ def test_one_a_query_exact_match_l2(self):
+ """Query an entry that matches the wild card but has an exact match as
+ well.
+ """
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "%s.%s" % (LEVEL2_EXACT, self.get_dns_domain())
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, LEVEL2_EXACT_IP)
+
+ def test_one_a_query_wildcard_entry_l2(self):
+ "Query the level 2 wildcard entry"
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "%s.%s" % (LEVEL2_WILDCARD, self.get_dns_domain())
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP)
+
+
+TestProgram(module=__name__, opts=subunitopts)
diff --git a/python/samba/tests/samba_tool/dnscmd.py b/python/samba/tests/samba_tool/dnscmd.py
index 3a369d9..1712c0e 100644
--- a/python/samba/tests/samba_tool/dnscmd.py
+++ b/python/samba/tests/samba_tool/dnscmd.py
@@ -659,3 +659,70 @@ class DnsCmdTestCase(SambaToolCmdTest):
self.zone, "testrecord2",
"A", self.testip, self.creds_string)
self.assertCmdFail(result)
+
+ def test_dns_wildcards(self):
+ """
+ Ensure that DNS wild card entries can be added deleted and queried
+ """
+ num_failures = 0
+ failure_msgs = []
+ records = [("*.", "MISS", "A", "1.1.1.1"),
+ ("*.SAMDOM", "MISS.SAMDOM", "A", "1.1.1.2")]
+ for (name, miss, dnstype, record) in records:
+ try:
+ result, out, err = self.runsubcmd("dns", "add",
+ os.environ["SERVER"],
+ self.zone, name,
+ dnstype, record,
+ self.creds_string)
+ self.assertCmdSuccess(
+ result,
+ out,
+ err,
+ ("Failed to add record %s (%s) with type %s."
+ % (name, record, dnstype)))
+
+ result, out, err = self.runsubcmd("dns", "query",
+ os.environ["SERVER"],
+ self.zone, name,
+ dnstype,
+ self.creds_string)
+ self.assertCmdSuccess(
+ result,
+ out,
+ err,
+ ("Failed to query record %s with qualifier %s."
+ % (record, dnstype)))
+
+ # dns tool does not perform dns wildcard search if the name
+ # does not match
+ result, out, err = self.runsubcmd("dns", "query",
+ os.environ["SERVER"],
+ self.zone, miss,
+ dnstype,
+ self.creds_string)
+ self.assertCmdFail(
+ result,
+ ("Failed to query record %s with qualifier %s."
+ % (record, dnstype)))
+
+ result, out, err = self.runsubcmd("dns", "delete",
+ os.environ["SERVER"],
+ self.zone, name,
+ dnstype, record,
+ self.creds_string)
+ self.assertCmdSuccess(
+ result,
+ out,
+ err,
+ ("Failed to remove record %s with type %s."
+ % (record, dnstype)))
+ except AssertionError as e:
+ num_failures = num_failures + 1
+ failure_msgs.append(e)
+
+ if num_failures > 0:
+ for msg in failure_msgs:
+ print(msg)
+ self.fail("Failed to accept valid commands. %d total failures."
+ "Errors above." % num_failures)
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 7096f47..6ef378c 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -865,8 +865,8 @@ static isc_result_t dlz_lookup_types(struct dlz_bind9_data *state,
return ISC_R_NOMEMORY;
}
- werr = dns_common_lookup(state->samdb, tmp_ctx, dn,
- &records, &num_records, NULL);
+ werr = dns_common_wildcard_lookup(state->samdb, tmp_ctx, dn,
+ &records, &num_records);
if (W_ERROR_IS_OK(werr)) {
break;
}
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 4b5bb07..fa92721 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -625,9 +625,8 @@ static struct tevent_req *handle_authoritative_send(
if (tevent_req_werror(req, werr)) {
return tevent_req_post(req, ev);
}
-
- werr = dns_lookup_records(dns, state, dn, &state->recs,
- &state->rec_count);
+ werr = dns_lookup_records_wildcard(dns, state, dn, &state->recs,
+ &state->rec_count);
TALLOC_FREE(dn);
if (tevent_req_werror(req, werr)) {
return tevent_req_post(req, ev);
diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h
index 5395ff9..382b6bd 100644
--- a/source4/dns_server/dns_server.h
+++ b/source4/dns_server/dns_server.h
@@ -95,6 +95,11 @@ WERROR dns_lookup_records(struct dns_server *dns,
struct ldb_dn *dn,
struct dnsp_DnssrvRpcRecord **records,
uint16_t *rec_count);
+WERROR dns_lookup_records_wildcard(struct dns_server *dns,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_dn *dn,
+ struct dnsp_DnssrvRpcRecord **records,
+ uint16_t *rec_count);
WERROR dns_replace_records(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
diff --git a/source4/dns_server/dns_utils.c b/source4/dns_server/dns_utils.c
index c728eaa..ee35bd2 100644
--- a/source4/dns_server/dns_utils.c
+++ b/source4/dns_server/dns_utils.c
@@ -107,6 +107,10 @@ bool dns_records_match(struct dnsp_DnssrvRpcRecord *rec1,
return false;
}
+/*
+ * Lookup a DNS record, performing an exact match.
+ * i.e. DNS wild card records are not considered.
+ */
WERROR dns_lookup_records(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
@@ -117,6 +121,20 @@ WERROR dns_lookup_records(struct dns_server *dns,
records, rec_count, NULL);
}
+/*
+ * Lookup a DNS record, will match DNS wild card records if an exact match
+ * is not found.
+ */
+WERROR dns_lookup_records_wildcard(struct dns_server *dns,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_dn *dn,
+ struct dnsp_DnssrvRpcRecord **records,
+ uint16_t *rec_count)
+{
+ return dns_common_wildcard_lookup(dns->samdb, mem_ctx, dn,
+ records, rec_count);
+}
+
WERROR dns_replace_records(struct dns_server *dns,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c
index a56ff08..217e65b 100644
--- a/source4/dns_server/dnsserver_common.c
+++ b/source4/dns_server/dnsserver_common.c
@@ -133,6 +133,10 @@ WERROR dns_common_extract(struct ldb_context *samdb,
return WERR_OK;
}
+/*
+ * Lookup a DNS record, performing an exact match.
+ * i.e. DNS wild card records are not considered.
+ */
WERROR dns_common_lookup(struct ldb_context *samdb,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
@@ -229,6 +233,350 @@ WERROR dns_common_lookup(struct ldb_context *samdb,
return WERR_OK;
}
+/*
--
Samba Shared Repository
More information about the samba-cvs
mailing list