From 756cf9ef8f56a65ef868bbaac48e6156d3e3d97e Mon Sep 17 00:00:00 2001 From: Guenter Kukkukk Date: Fri, 21 Nov 2014 03:40:17 +0100 Subject: [PATCH 1/3] samba-tool: Fix enum values in dns.py DNS_ZONE_UPDATE_SECURE was used twice, DNS_ZONE_UPDATE_UNSECURE was missing. Signed-off-by: Guenter Kukkukk Reviewed-by: Amitay Isaacs (cherry picked from commit 4bda589c8e68cd66ca3b0ea9496cb1b11febcae6) --- python/samba/netcmd/dns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py index 137cd98..7d498c9 100644 --- a/python/samba/netcmd/dns.py +++ b/python/samba/netcmd/dns.py @@ -89,7 +89,7 @@ def zone_type_string(zone_type): def zone_update_string(zone_update): - enum_defs = [ 'DNS_ZONE_UPDATE_OFF', 'DNS_ZONE_UPDATE_SECURE', + enum_defs = [ 'DNS_ZONE_UPDATE_OFF', 'DNS_ZONE_UPDATE_UNSECURE', 'DNS_ZONE_UPDATE_SECURE' ] return enum_string(dnsp, enum_defs, zone_update) -- 1.9.3 From 10336af7534dc258ec9c9cafc3831bceca2ff26a Mon Sep 17 00:00:00 2001 From: Guenter Kukkukk Date: Fri, 21 Nov 2014 03:55:25 +0100 Subject: [PATCH 2/3] samba-tool: Fix the IP output of "samba-tool dns serverinfo " Avoid hardcoded IP-strings, use standard python IP functions to format IPv4 and IPv6 addresses correctly. I have removed the display of the port number. MS-DNSP 2.2.3.2.2.1 DNS_ADDR: (from May 15, 2014) Port Number (2bytes): Senders MUST set this to zero, and receivers MUST ignore it. Signed-off-by: Guenter Kukkukk Reviewed-by: Amitay Isaacs (cherry picked from commit d5af53c5372866a33a0195cabbd64232ac53bad4) --- python/samba/netcmd/dns.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py index 7d498c9..6dde9ec 100644 --- a/python/samba/netcmd/dns.py +++ b/python/samba/netcmd/dns.py @@ -19,6 +19,9 @@ import samba.getopt as options from struct import pack from socket import inet_ntoa +from socket import inet_ntop +from socket import AF_INET +from socket import AF_INET6 import shlex from samba.netcmd import ( @@ -126,7 +129,7 @@ def ip4_array_string(array): if not array: return ret for i in xrange(array.AddrCount): - addr = '%s' % inet_ntoa(pack('i', array.AddrArray[i])) + addr = inet_ntop(AF_INET, pack('I', array.AddrArray[i])) ret.append(addr) return ret @@ -137,11 +140,11 @@ def dns_addr_array_string(array): return ret for i in xrange(array.AddrCount): if array.AddrArray[i].MaxSa[0] == 0x02: - addr = '%d.%d.%d.%d (%d)' % \ - tuple(array.AddrArray[i].MaxSa[4:8] + [array.AddrArray[i].MaxSa[3]]) + x = "".join([chr(b) for b in array.AddrArray[i].MaxSa])[4:8] + addr = inet_ntop(AF_INET, x) elif array.AddrArray[i].MaxSa[0] == 0x17: - addr = '%x%x:%x%x:%x%x:%x%x:%x%x:%x%x:%x%x:%x%x (%d)' % \ - tuple(array.AddrArray[i].MaxSa[4:20] + [array.AddrArray[i].MaxSa[3]]) + x = "".join([chr(b) for b in array.AddrArray[i].MaxSa])[8:24] + addr = inet_ntop(AF_INET6, x) else: addr = 'UNKNOWN' ret.append(addr) -- 1.9.3 From 720f7b1481799da3c0af8306175c1890d36a04ab Mon Sep 17 00:00:00 2001 From: Guenter Kukkukk Date: Fri, 21 Nov 2014 16:57:45 +0100 Subject: [PATCH 3/3] s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses In the initial implementation only IPv4 addresses were supported. Add IPv6 (and mixed IPv4/IPv6) support and all further needed conversion routines to support w2k, dotnet, longhorn clients. Signed-off-by: Guenter Kukkukk Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Wed Nov 26 03:44:07 CET 2014 on sn-devel-104 (cherry picked from commit 3ac4355f3e7f79bc0045c43bc818697dc6b08850) --- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 20 +++-- source4/rpc_server/dnsserver/dnsdata.c | 56 +++++++++++++ source4/rpc_server/dnsserver/dnsserver.h | 7 +- source4/rpc_server/dnsserver/dnsutils.c | 106 ++++++++++++++++++------ 4 files changed, 151 insertions(+), 38 deletions(-) diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c index dee69fe..ab027ab 100644 --- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c @@ -196,8 +196,10 @@ static WERROR dnsserver_query_server(struct dnsserver_state *dsstate, r->ServerInfoW2K->fDsAvailable = serverinfo->fDsAvailable; r->ServerInfoW2K->pszServerName = talloc_strdup(mem_ctx, serverinfo->pszServerName); r->ServerInfoW2K->pszDsContainer = talloc_strdup(mem_ctx, serverinfo->pszDsContainer); - r->ServerInfoW2K->aipServerAddrs = ip4_array_copy(mem_ctx, serverinfo->aipServerAddrs); - r->ServerInfoW2K->aipListenAddrs = ip4_array_copy(mem_ctx, serverinfo->aipListenAddrs); + r->ServerInfoW2K->aipServerAddrs = dns_addr_array_to_ip4_array(mem_ctx, + serverinfo->aipServerAddrs); + r->ServerInfoW2K->aipListenAddrs = dns_addr_array_to_ip4_array(mem_ctx, + serverinfo->aipListenAddrs); r->ServerInfoW2K->aipForwarders = ip4_array_copy(mem_ctx, serverinfo->aipForwarders); r->ServerInfoW2K->dwLogLevel = serverinfo->dwLogLevel; r->ServerInfoW2K->dwDebugLevel = serverinfo->dwDebugLevel; @@ -238,8 +240,10 @@ static WERROR dnsserver_query_server(struct dnsserver_state *dsstate, r->ServerInfoDotNet->fDsAvailable = serverinfo->fDsAvailable; r->ServerInfoDotNet->pszServerName = talloc_strdup(mem_ctx, serverinfo->pszServerName); r->ServerInfoDotNet->pszDsContainer = talloc_strdup(mem_ctx, serverinfo->pszDsContainer); - r->ServerInfoDotNet->aipServerAddrs = ip4_array_copy(mem_ctx, serverinfo->aipServerAddrs); - r->ServerInfoDotNet->aipListenAddrs = ip4_array_copy(mem_ctx, serverinfo->aipListenAddrs); + r->ServerInfoDotNet->aipServerAddrs = dns_addr_array_to_ip4_array(mem_ctx, + serverinfo->aipServerAddrs); + r->ServerInfoDotNet->aipListenAddrs = dns_addr_array_to_ip4_array(mem_ctx, + serverinfo->aipListenAddrs); r->ServerInfoDotNet->aipForwarders = ip4_array_copy(mem_ctx, serverinfo->aipForwarders); r->ServerInfoDotNet->aipLogFilter = ip4_array_copy(mem_ctx, serverinfo->aipLogFilter); r->ServerInfoDotNet->pwszLogFilePath = talloc_strdup(mem_ctx, serverinfo->pwszLogFilePath); @@ -293,8 +297,8 @@ static WERROR dnsserver_query_server(struct dnsserver_state *dsstate, r->ServerInfo->fDsAvailable = serverinfo->fDsAvailable; r->ServerInfo->pszServerName = talloc_strdup(mem_ctx, serverinfo->pszServerName); r->ServerInfo->pszDsContainer = talloc_strdup(mem_ctx, serverinfo->pszDsContainer); - r->ServerInfo->aipServerAddrs = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipServerAddrs); - r->ServerInfo->aipListenAddrs = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipListenAddrs); + r->ServerInfo->aipServerAddrs = serverinfo->aipServerAddrs; + r->ServerInfo->aipListenAddrs = serverinfo->aipListenAddrs; r->ServerInfo->aipForwarders = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipForwarders); r->ServerInfo->aipLogFilter = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipLogFilter); r->ServerInfo->pwszLogFilePath = talloc_strdup(mem_ctx, serverinfo->pwszLogFilePath); @@ -694,9 +698,9 @@ static WERROR dnsserver_query_server(struct dnsserver_state *dsstate, is_addresses = 1; } else if (strcasecmp(operation, "ListenAddresses") == 0) { if (client_version == DNS_CLIENT_VERSION_LONGHORN) { - answer_addrarray = ip4_array_to_dns_addr_array(mem_ctx, serverinfo->aipListenAddrs); + answer_addrarray = serverinfo->aipListenAddrs; } else { - answer_iparray = ip4_array_copy(mem_ctx, serverinfo->aipListenAddrs); + answer_iparray = dns_addr_array_to_ip4_array(mem_ctx, serverinfo->aipListenAddrs); } is_addresses = 1; } else if (strcasecmp(operation, "BreakOnReceiveFrom") == 0) { diff --git a/source4/rpc_server/dnsserver/dnsdata.c b/source4/rpc_server/dnsserver/dnsdata.c index f752490..63e35d9 100644 --- a/source4/rpc_server/dnsserver/dnsdata.c +++ b/source4/rpc_server/dnsserver/dnsdata.c @@ -91,6 +91,62 @@ struct DNS_ADDR_ARRAY *ip4_array_to_dns_addr_array(TALLOC_CTX *mem_ctx, return ret; } +struct IP4_ARRAY *dns_addr_array_to_ip4_array(TALLOC_CTX *mem_ctx, + struct DNS_ADDR_ARRAY *ip) +{ + struct IP4_ARRAY *ret; + int i, count, curr; + + if (ip == NULL) { + return NULL; + } + /* We must only return IPv4 addresses. + The passed DNS_ADDR_ARRAY may contain: + - only ipv4 addresses + - only ipv6 addresses + - a mixture of both + - an empty array + */ + ret = talloc_zero(mem_ctx, struct IP4_ARRAY); + if (!ret) { + return ret; + } + if (ip->AddrCount == 0 || ip->Family == AF_INET6) { + ret->AddrCount = 0; + return ret; + } + /* Now only ipv4 addresses or a mixture are left */ + count = 0; + for (i = 0; i < ip->AddrCount; i++) { + if (ip->AddrArray[i].MaxSa[0] == 0x02) { + /* Is ipv4 */ + count++; + } + } + if (count == 0) { + /* should not happen */ + ret->AddrCount = 0; + return ret; + } + ret->AddrArray = talloc_zero_array(mem_ctx, uint32_t, count); + if (ret->AddrArray) { + curr = 0; + for (i = 0; i < ip->AddrCount; i++) { + if (ip->AddrArray[i].MaxSa[0] == 0x02) { + /* Is ipv4 */ + memcpy(&ret->AddrArray[curr], + &ip->AddrArray[i].MaxSa[4], + sizeof(uint32_t)); + curr++; + } + } + } else { + talloc_free(ret); + return NULL; + } + ret->AddrCount = curr; + return ret; +} struct DNS_ADDR_ARRAY *dns_addr_array_copy(TALLOC_CTX *mem_ctx, struct DNS_ADDR_ARRAY *addr) diff --git a/source4/rpc_server/dnsserver/dnsserver.h b/source4/rpc_server/dnsserver/dnsserver.h index e3db0b2..cfe6d4e 100644 --- a/source4/rpc_server/dnsserver/dnsserver.h +++ b/source4/rpc_server/dnsserver/dnsserver.h @@ -46,8 +46,8 @@ struct dnsserver_serverinfo { char * pszDomainDirectoryPartition; char * pszForestDirectoryPartition; - struct IP4_ARRAY * aipServerAddrs; - struct IP4_ARRAY * aipListenAddrs; + struct DNS_ADDR_ARRAY * aipServerAddrs; + struct DNS_ADDR_ARRAY * aipListenAddrs; struct IP4_ARRAY * aipForwarders; struct IP4_ARRAY * aipLogFilter; @@ -179,6 +179,8 @@ struct dns_tree { struct IP4_ARRAY *ip4_array_copy(TALLOC_CTX *mem_ctx, struct IP4_ARRAY *ip4); struct DNS_ADDR_ARRAY *ip4_array_to_dns_addr_array(TALLOC_CTX *mem_ctx, struct IP4_ARRAY *ip4); +struct IP4_ARRAY *dns_addr_array_to_ip4_array(TALLOC_CTX *mem_ctx, + struct DNS_ADDR_ARRAY *ip); struct DNS_ADDR_ARRAY *dns_addr_array_copy(TALLOC_CTX *mem_ctx, struct DNS_ADDR_ARRAY *addr); int dns_split_name_components(TALLOC_CTX *mem_ctx, const char *name, char ***components); @@ -217,7 +219,6 @@ struct ldb_dn *dnsserver_name_to_dn(TALLOC_CTX *mem_ctx, struct dnsserver_zone * const char *name); uint32_t dnsserver_zone_to_request_filter(const char *zone); - /* Database functions from dnsdb.c */ struct dnsserver_partition *dnsserver_db_enumerate_partitions(TALLOC_CTX *mem_ctx, diff --git a/source4/rpc_server/dnsserver/dnsutils.c b/source4/rpc_server/dnsserver/dnsutils.c index 9f95646..72b47f7 100644 --- a/source4/rpc_server/dnsserver/dnsutils.c +++ b/source4/rpc_server/dnsserver/dnsutils.c @@ -24,7 +24,78 @@ #include "rpc_server/common/common.h" #include "dsdb/samdb/samdb.h" #include "lib/socket/netif.h" +#include "lib/util/util_net.h" +static struct DNS_ADDR_ARRAY *fill_dns_addr_array(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + bool listen_only) +{ + struct interface *ifaces; + int num_interfaces, i; + struct DNS_ADDR_ARRAY *dns_addr_array; + const char *ipstr; + bool have_ipv4, have_ipv6; + uint16_t family; + + have_ipv4 = have_ipv6 = false; + + if (!listen_only) { + /* + Return all interfaces from kernel + Not implemented! + */ + return NULL; + } + + /* Only the used interfaces */ + load_interface_list(mem_ctx, lp_ctx, &ifaces); + num_interfaces = iface_list_count(ifaces); + + dns_addr_array = talloc_zero(mem_ctx, struct DNS_ADDR_ARRAY); + if (dns_addr_array == NULL) { + goto nomem; + } + dns_addr_array->MaxCount = num_interfaces; + dns_addr_array->AddrCount = num_interfaces; + if (num_interfaces == 0) { + goto nomem; + } + + dns_addr_array->AddrArray = talloc_zero_array(mem_ctx, struct DNS_ADDR, + num_interfaces); + if (!dns_addr_array->AddrArray) { + TALLOC_FREE(dns_addr_array); + goto nomem; + } + + for (i = 0; i < num_interfaces; i++) { + ipstr = iface_list_n_ip(ifaces, i); + if (is_ipaddress_v4(ipstr)) { + have_ipv4 = true; + dns_addr_array->AddrArray[i].MaxSa[0] = 0x02; + inet_pton(AF_INET, ipstr, + &dns_addr_array->AddrArray[i].MaxSa[4]); + } else { + have_ipv6 = true; + dns_addr_array->AddrArray[i].MaxSa[0] = 0x17; + inet_pton(AF_INET6, ipstr, + &dns_addr_array->AddrArray[i].MaxSa[8]); + } + } + + if (have_ipv4 && have_ipv6) { + family = 0; /* mixed: MS-DNSP */ + } else if (have_ipv4 && !have_ipv6) { + family = AF_INET; + } else { + family = AF_INET6; + } + dns_addr_array->Family = family; + +nomem: + talloc_free(ifaces); + return dns_addr_array; +} struct dnsserver_serverinfo *dnsserver_init_serverinfo(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, @@ -33,8 +104,6 @@ struct dnsserver_serverinfo *dnsserver_init_serverinfo(TALLOC_CTX *mem_ctx, struct dnsserver_serverinfo *serverinfo; struct dcerpc_server_info *dinfo; struct ldb_dn *domain_dn, *forest_dn; - struct interface *ifaces; - int num_interfaces, i; serverinfo = talloc_zero(mem_ctx, struct dnsserver_serverinfo); if (serverinfo == NULL) { @@ -80,31 +149,14 @@ struct dnsserver_serverinfo *dnsserver_init_serverinfo(TALLOC_CTX *mem_ctx, serverinfo->pszForestDirectoryPartition = talloc_asprintf(mem_ctx, "DC=ForestDnsZones,%s", ldb_dn_get_linearized(forest_dn)); - - load_interface_list(mem_ctx, lp_ctx, &ifaces); - num_interfaces = iface_list_count(ifaces); - - serverinfo->aipServerAddrs = talloc_zero(mem_ctx, struct IP4_ARRAY); - - if (serverinfo->aipServerAddrs) { - serverinfo->aipServerAddrs->AddrCount = num_interfaces; - if (num_interfaces > 0) { - serverinfo->aipServerAddrs->AddrArray = talloc_zero_array(mem_ctx, - unsigned int, - num_interfaces); - if (serverinfo->aipServerAddrs->AddrArray) { - for (i=0; iaipServerAddrs->AddrArray[i] = inet_addr(iface_list_n_ip(ifaces, i)); - } - } else { - serverinfo->aipServerAddrs->AddrCount = 0; - } - } - } - talloc_free(ifaces); - - /* Assume listen addresses are same as server addresses */ - serverinfo->aipListenAddrs = serverinfo->aipServerAddrs; + /* IP addresses on which the DNS server listens for DNS requests */ + serverinfo->aipListenAddrs = fill_dns_addr_array(mem_ctx, lp_ctx, true); + + /* All IP addresses available on the server + * Not implemented! + * Use same as listen addresses + */ + serverinfo->aipServerAddrs = serverinfo->aipListenAddrs; serverinfo->aipForwarders = NULL; -- 1.9.3