[SCM] Samba Shared Repository - branch master updated

Samuel Cabrero scabrero at samba.org
Fri Nov 8 12:32:03 UTC 2019 

The branch, master has been updated
       via  f9eaf4dc713 dns: Always return SOA record for records we should know
       via  8dbb8643499 dns: Extend DNS tests to check the SOA record is always returned
      from  f5f89b1b990 ctdb: Use TALLOC_FREE() in a few places

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f9eaf4dc713bab48703a053c9446b6becabe18dc
Author: Samuel Cabrero <scabrero at samba.org>
Date:   Tue Oct 8 13:30:18 2019 +0200

    dns: Always return SOA record for records we should know
    
    Regression introduced by commit 4b54e14b7cf456e327b176b365e8471e0899210b,
    where the number of returned records is not set by talloc_array_length
    when the record is not found.
    
    Found by DELL EMC at SDC SMB3 plugfest trying to perform a secure DNS
    update.
    
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
    Autobuild-Date(master): Fri Nov  8 12:31:30 UTC 2019 on sn-devel-184

commit 8dbb8643499c495474f28071750cbfc2da5b60f0
Author: Samuel Cabrero <scabrero at samba.org>
Date:   Tue Oct 8 13:29:28 2019 +0200

    dns: Extend DNS tests to check the SOA record is always returned
    
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/tests/dns.py      | 19 +++++++++++++++++++
 source4/dns_server/dns_query.c | 33 +++++++++++++++++++++++++--------
 2 files changed, 44 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 275d4fcd692..1dd1f549a33 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -264,6 +264,25 @@ class TestSimpleQueries(DNSTest):
         # But we do respond with an authority section
         self.assertEqual(response.nscount, 1)
 
+    def test_soa_unknown_hostname_query(self):
+        "create a SOA query for an unknown hostname"
+        p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+        questions = []
+
+        name = "foobar.%s" % (self.get_dns_domain())
+        q = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN)
+        questions.append(q)
+
+        self.finish_name_packet(p, questions)
+        (response, response_packet) =\
+            self.dns_transaction_udp(p, host=server_ip)
+        self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN)
+        self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+        # We don't get SOA records for single hosts
+        self.assertEquals(response.ancount, 0)
+        # But we do respond with an authority section
+        self.assertEqual(response.nscount, 1)
+
     def test_soa_domain_query(self):
         "create a SOA query for a domain"
         p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index b75fabe7e82..762bcca6fb6 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -645,20 +645,12 @@ static void handle_authoritative_done(struct tevent_req *subreq)
 
 static WERROR handle_authoritative_recv(struct tevent_req *req)
 {
-	struct handle_authoritative_state *state = tevent_req_data(
-		req, struct handle_authoritative_state);
 	WERROR werr;
 
 	if (tevent_req_is_werror(req, &werr)) {
 		return werr;
 	}
 
-	werr = add_zone_authority_record(state->dns, state, state->question,
-					 state->nsrecs);
-	if (!W_ERROR_IS_OK(werr)) {
-		return werr;
-	}
-
 	return WERR_OK;
 }
 
@@ -1091,6 +1083,7 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
 	struct dns_server_process_query_state *state = tevent_req_data(
 		req, struct dns_server_process_query_state);
 	WERROR werr;
+	WERROR werr2;
 
 	werr = handle_authoritative_recv(subreq);
 	TALLOC_FREE(subreq);
@@ -1103,6 +1096,20 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
 
 		/* If you have run out of forwarders, simply finish */
 		if (state->forwarders == NULL) {
+			werr2 = add_zone_authority_record(state->dns,
+							  state,
+							  state->question,
+							  &state->nsrecs);
+			if (tevent_req_werror(req, werr2)) {
+				DBG_WARNING("Failed to add SOA record: %s\n",
+					    win_errstr(werr2));
+				return;
+			}
+
+			state->ancount = talloc_array_length(state->answers);
+			state->nscount = talloc_array_length(state->nsrecs);
+			state->arcount = talloc_array_length(state->additional);
+
 			tevent_req_werror(req, werr);
 			return;
 		}
@@ -1125,6 +1132,16 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
 		return;
 	}
 
+	werr2 = add_zone_authority_record(state->dns,
+					  state,
+					  state->question,
+					  &state->nsrecs);
+	if (tevent_req_werror(req, werr2)) {
+		DBG_WARNING("Failed to add SOA record: %s\n",
+				win_errstr(werr2));
+		return;
+	}
+
 	state->ancount = talloc_array_length(state->answers);
 	state->nscount = talloc_array_length(state->nsrecs);
 	state->arcount = talloc_array_length(state->additional);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list