[PATCH] Bug 12449 - Avoid recursion in the windows dns admin gui

Stefan Metzmacher metze at samba.org
Wed Nov 30 06:18:37 UTC 2016


Hi,

here's a patch to fix https://bugzilla.samba.org/show_bug.cgi?id=12449

The problem is that w4edom-l4.base.w4edom-l4.base and w4edom-l4.base
are treated as the same when enumerating dns records.

Please review and push:-)

Thanks!
metze
-------------- next part --------------
From f14e0faf008138b81a21c069bc33bc1b331931f3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 25 Nov 2016 10:37:15 +0100
Subject: [PATCH] s4:rpc_server/dnsserver: let dns_split_node_name() return "@"
 for the zone itself

This is important to handle difference between node_name="w4edom-l4.base"
and node_name="w4edom-l4.base.w4edom-l4.base" with zone_name="w4edom-l4.base".

If someone accedentally added new name as
"somehost.w4edom-l4.base.w4edom-l4.base", we used to display a recursion
in the Windows dns admin GUI.

Before we got this:

w4edom-l4.base
-> base
  -> w4edom-l4
   -> base
     -> w4edom-l4
        -> base
          -> w4edom-l4
            -> base
              -> w4edom-l4
                -> base
                  -> w4edom-l4
                     -> base
                       -> w4edom-l4
                       ...

Now we get the same as with a Windows server and see a tree like this:

w4edom-l4.base
-> base
  -> w4edom-l4
     -> somehost: A 172.31.111.111

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12449

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 17 +++--------------
 source4/rpc_server/dnsserver/dnsdata.c          | 13 ++++++++-----
 2 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index d5dbaf0..3f674b9 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1739,7 +1739,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 	W_ERROR_HAVE_NO_MEMORY_AND_FREE(name, tmp_ctx);
 
 	/* search all records under parent tree */
-	if (strcasecmp(name, z->name) == 0) {
+	if (strcmp(name, "@") == 0) {
 		ret = ldb_search(dsstate->samdb, tmp_ctx, &res, z->zone_dn,
 				 LDB_SCOPE_ONELEVEL, attrs,
 				 "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
@@ -1766,11 +1766,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 			(ldb_qsort_cmp_fn_t)dns_name_compare);
 
 	/* Build a tree of name components from dns name */
-	if (strcasecmp(name, z->name) == 0) {
-		tree = dns_build_tree(tmp_ctx, "@", res);
-	} else {
-		tree = dns_build_tree(tmp_ctx, name, res);
-	}
+	tree = dns_build_tree(tmp_ctx, name, res);
 	W_ERROR_HAVE_NO_MEMORY_AND_FREE(tree, tmp_ctx);
 
 	/* Find the parent record in the tree */
@@ -1874,14 +1870,7 @@ static WERROR dnsserver_update_record(struct dnsserver_state *dsstate,
 	tmp_ctx = talloc_new(mem_ctx);
 	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
 
-	/* If node_name is @ or zone name, dns record is @ */
-	if (strcmp(node_name, "@") == 0 ||
-	    strcmp(node_name, ".") == 0 ||
-	    strcasecmp(node_name, z->name) == 0) {
-		name = talloc_strdup(tmp_ctx, "@");
-	} else {
-		name = dns_split_node_name(tmp_ctx, node_name, z->name);
-	}
+	name = dns_split_node_name(tmp_ctx, node_name, z->name);
 	W_ERROR_HAVE_NO_MEMORY_AND_FREE(name, tmp_ctx);
 
 	if (add_buf != NULL) {
diff --git a/source4/rpc_server/dnsserver/dnsdata.c b/source4/rpc_server/dnsserver/dnsdata.c
index ccea0d7..319d020 100644
--- a/source4/rpc_server/dnsserver/dnsdata.c
+++ b/source4/rpc_server/dnsserver/dnsdata.c
@@ -232,8 +232,9 @@ char *dns_split_node_name(TALLOC_CTX *tmp_ctx, const char *node_name, const char
 	int ncount, zcount, i, match;
 
 	/*
-	 * If node_name is "@", return the zone_name
-	 * If node_name is ".", return NULL
+	 * If node_name is "@", return @
+	 * If node_name is ".", return @
+	 * If node_name is zone_name, return @
 	 * If there is no '.' in node_name, return the node_name as is.
 	 *
 	 * If node_name does not have zone_name in it, return the node_name as is.
@@ -243,9 +244,11 @@ char *dns_split_node_name(TALLOC_CTX *tmp_ctx, const char *node_name, const char
 	 *
 	 */
 	if (strcmp(node_name, "@") == 0) {
-		prefix = talloc_strdup(tmp_ctx, zone_name);
+		prefix = talloc_strdup(tmp_ctx, "@");
 	} else if (strcmp(node_name, ".") == 0) {
-		prefix = NULL;
+		prefix = talloc_strdup(tmp_ctx, "@");
+	} else if (strcasecmp(node_name, zone_name) == 0) {
+		prefix = talloc_strdup(tmp_ctx, "@");
 	} else if (strchr(node_name, '.') == NULL) {
 		prefix = talloc_strdup(tmp_ctx, node_name);
 	} else {
@@ -267,7 +270,7 @@ char *dns_split_node_name(TALLOC_CTX *tmp_ctx, const char *node_name, const char
 			}
 
 			if (match == ncount) {
-				prefix = talloc_strdup(tmp_ctx, zone_name);
+				prefix = talloc_strdup(tmp_ctx, "@");
 			} else {
 				prefix = talloc_strdup(tmp_ctx, nlist[0]);
 				if (prefix != NULL) {
-- 
1.9.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161130/051936c2/signature.sig>


More information about the samba-technical mailing list