2 Unix SMB/CIFS implementation.
6 Copyright (C) 2010 Kai Blin <kai@samba.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/service_task.h"
24 #include "smbd/service.h"
25 #include "smbd/service_stream.h"
26 #include "smbd/process_model.h"
27 #include "lib/events/events.h"
28 #include "lib/socket/socket.h"
29 #include "lib/tsocket/tsocket.h"
30 #include "libcli/util/tstream.h"
31 #include "libcli/util/ntstatus.h"
32 #include "system/network.h"
33 #include "lib/stream/packet.h"
34 #include "lib/socket/netif.h"
35 #include "dns_server/dns_server.h"
36 #include "param/param.h"
37 #include "librpc/ndr/libndr.h"
38 #include "librpc/gen_ndr/ndr_dns.h"
39 #include "librpc/gen_ndr/ndr_dnsp.h"
41 #include "dsdb/samdb/samdb.h"
42 #include "dsdb/common/util.h"
43 #include "auth/session.h"
44 #include "lib/util/dlinklist.h"
46 /* hold information about one dns socket */
48 struct dns_server *dns;
49 struct tsocket_address *local_address;
52 struct dns_udp_socket {
53 struct dns_socket *dns_socket;
54 struct tdgram_context *dgram;
55 struct tevent_queue *send_queue;
59 state of an open tcp connection
61 struct dns_tcp_connection {
62 /* stream connection we belong to */
63 struct stream_connection *conn;
65 /* the dns_server the connection belongs to */
66 struct dns_socket *dns_socket;
68 struct tstream_context *tstream;
70 struct tevent_queue *send_queue;
73 static void dns_tcp_terminate_connection(struct dns_tcp_connection *dnsconn, const char *reason)
75 stream_terminate_connection(dnsconn->conn, reason);
78 static void dns_tcp_recv(struct stream_connection *conn, uint16_t flags)
80 struct dns_tcp_connection *dnsconn = talloc_get_type(conn->private_data,
81 struct dns_tcp_connection);
82 /* this should never be triggered! */
83 dns_tcp_terminate_connection(dnsconn, "dns_tcp_recv: called");
86 static void dns_tcp_send(struct stream_connection *conn, uint16_t flags)
88 struct dns_tcp_connection *dnsconn = talloc_get_type(conn->private_data,
89 struct dns_tcp_connection);
90 /* this should never be triggered! */
91 dns_tcp_terminate_connection(dnsconn, "dns_tcp_send: called");
94 static NTSTATUS dns_err_to_ntstatus(enum dns_rcode rcode)
97 case DNS_RCODE_OK: return NT_STATUS_OK;
98 case DNS_RCODE_FORMERR: return NT_STATUS_INVALID_PARAMETER;
99 case DNS_RCODE_SERVFAIL: return NT_STATUS_INTERNAL_ERROR;
100 case DNS_RCODE_NXDOMAIN: return NT_STATUS_OBJECT_NAME_NOT_FOUND;
101 case DNS_RCODE_NOTIMP: return NT_STATUS_NOT_IMPLEMENTED;
102 case DNS_RCODE_REFUSED: return NT_STATUS_ACCESS_DENIED;
103 case DNS_RCODE_NOTAUTH: return NT_STATUS_FOOBAR;
104 default: return NT_STATUS_NONE_MAPPED;
108 static uint8_t ntstatus_to_dns_err(NTSTATUS status)
110 if (NT_STATUS_EQUAL(NT_STATUS_OK, status)) {
112 } else if (NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
113 return DNS_RCODE_FORMERR;
114 } else if (NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status)) {
115 return DNS_RCODE_SERVFAIL;
116 } else if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
117 return DNS_RCODE_NXDOMAIN;
118 } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
119 return DNS_RCODE_NOTIMP;
120 } else if (NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) {
121 return DNS_RCODE_REFUSED;
122 } else if (NT_STATUS_EQUAL(NT_STATUS_FOOBAR, status)) {
123 return DNS_RCODE_NOTAUTH;
125 DEBUG(0, ("No mapping exists for %s\n", nt_errstr(status)));
128 static bool dns_name_match(const char *zone, const char *name, size_t *host_part_len)
130 size_t zl = strlen(zone);
131 size_t nl = strlen(name);
133 static const size_t fixup = 'a' - 'A';
139 for (zi = zl, ni = nl; zi >= 0; zi--, ni--) {
143 /* convert to lower case */
144 if (zc >= 'A' && zc <= 'Z') {
147 if (nc >= 'A' && nc <= 'Z') {
157 if (name[ni] != '.') {
164 *host_part_len = ni+1;
169 static NTSTATUS dns_name2dn(struct dns_server *dns,
176 const struct dns_server_zone *z;
177 size_t host_part_len = 0;
180 return NT_STATUS_INVALID_PARAMETER;
183 /*TODO: Check if 'name' is a valid DNS name */
185 if (strcmp(name, "") == 0) {
186 base = ldb_get_default_basedn(dns->samdb);
187 dn = ldb_dn_copy(mem_ctx, base);
188 ldb_dn_add_child_fmt(dn, "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System");
193 for (z = dns->zones; z != NULL; z = z->next) {
196 match = dns_name_match(z->name, name, &host_part_len);
203 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
206 if (host_part_len == 0) {
207 dn = ldb_dn_copy(mem_ctx, z->dn);
208 ldb_dn_add_child_fmt(dn, "DC=@");
213 dn = ldb_dn_copy(mem_ctx, z->dn);
214 ldb_dn_add_child_fmt(dn, "DC=%*.*s", (int)host_part_len, (int)host_part_len, name);
219 static NTSTATUS handle_question(struct dns_server *dns,
221 const struct dns_name_question *question,
222 struct dns_res_rec **answers, uint16_t *ancount)
224 struct dns_res_rec *ans;
225 struct ldb_dn *dn = NULL;
227 static const char * const attrs[] = { "dnsRecord", NULL};
229 uint16_t ai = *ancount;
231 struct ldb_message *msg = NULL;
232 struct dnsp_DnssrvRpcRecord *recs;
233 struct ldb_message_element *el;
235 status = dns_name2dn(dns, mem_ctx, question->name, &dn);
236 NT_STATUS_NOT_OK_RETURN(status);
238 ret = dsdb_search_one(dns->samdb, mem_ctx, &msg, dn,
239 LDB_SCOPE_BASE, attrs, 0, "%s", "(objectClass=dnsNode)");
240 if (ret != LDB_SUCCESS) {
241 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
244 el = ldb_msg_find_element(msg, attrs[0]);
246 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
249 recs = talloc_array(mem_ctx, struct dnsp_DnssrvRpcRecord, el->num_values);
250 for (ri = 0; ri < el->num_values; ri++) {
251 struct ldb_val *v = &el->values[ri];
252 enum ndr_err_code ndr_err;
254 ndr_err = ndr_pull_struct_blob(v, recs, &recs[ri],
255 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
256 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
257 DEBUG(0, ("Failed to grab dnsp_DnssrvRpcRecord\n"));
258 return NT_STATUS_INTERNAL_DB_CORRUPTION;
262 ans = talloc_realloc(mem_ctx, *answers, struct dns_res_rec,
263 ai + el->num_values);
264 NT_STATUS_HAVE_NO_MEMORY(ans);
266 switch (question->question_type) {
267 case DNS_QTYPE_CNAME:
268 for (ri = 0; ri < el->num_values; ri++) {
269 if (recs[ri].wType != question->question_type) {
273 ZERO_STRUCT(ans[ai]);
274 ans[ai].name = talloc_strdup(ans, question->name);
275 ans[ai].rr_type = DNS_QTYPE_CNAME;
276 ans[ai].rr_class = DNS_QCLASS_IP;
277 ans[ai].ttl = recs[ri].dwTtlSeconds;
278 ans[ai].length = UINT16_MAX;
279 ans[ai].rdata.cname_record = talloc_strdup(ans, recs[ri].data.cname);
284 for (ri = 0; ri < el->num_values; ri++) {
285 if (recs[ri].wType != question->question_type) {
289 /* TODO: if the record actually is a DNS_QTYPE_A */
291 ZERO_STRUCT(ans[ai]);
292 ans[ai].name = talloc_strdup(ans, question->name);
293 ans[ai].rr_type = DNS_QTYPE_A;
294 ans[ai].rr_class = DNS_QCLASS_IP;
295 ans[ai].ttl = recs[ri].dwTtlSeconds;
296 ans[ai].length = UINT16_MAX;
297 ans[ai].rdata.ipv4_record = talloc_strdup(ans, recs[ri].data.ipv4);
302 for (ri = 0; ri < el->num_values; ri++) {
303 if (recs[ri].wType != question->question_type) {
307 ZERO_STRUCT(ans[ai]);
308 ans[ai].name = talloc_strdup(ans, question->name);
309 ans[ai].rr_type = DNS_QTYPE_AAAA;
310 ans[ai].rr_class = DNS_QCLASS_IP;
311 ans[ai].ttl = recs[ri].dwTtlSeconds;
312 ans[ai].length = UINT16_MAX;
313 ans[ai].rdata.ipv6_record = recs[ri].data.ipv6;
318 for (ri = 0; ri < el->num_values; ri++) {
319 if (recs[ri].wType != question->question_type) {
323 ZERO_STRUCT(ans[ai]);
324 ans[ai].name = question->name;
325 ans[ai].rr_type = DNS_QTYPE_NS;
326 ans[ai].rr_class = DNS_QCLASS_IP;
327 ans[ai].ttl = recs[ri].dwTtlSeconds;
328 ans[ai].length = UINT16_MAX;
329 ans[ai].rdata.ns_record = recs[ri].data.ns;
334 for (ri = 0; ri < el->num_values; ri++) {
335 if (recs[ri].wType != question->question_type) {
339 ZERO_STRUCT(ans[ai]);
340 ans[ai].name = question->name;
341 ans[ai].rr_type = DNS_QTYPE_SRV;
342 ans[ai].rr_class = DNS_QCLASS_IP;
343 ans[ai].ttl = recs[ri].dwTtlSeconds;
344 ans[ai].length = UINT16_MAX;
345 ans[ai].rdata.srv_record.priority = recs[ri].data.srv.wPriority;
346 ans[ai].rdata.srv_record.weight = recs[ri].data.srv.wWeight;
347 ans[ai].rdata.srv_record.port = recs[ri].data.srv.wPort;
348 ans[ai].rdata.srv_record.target = recs[ri].data.srv.nameTarget;
353 for (ri = 0; ri < el->num_values; ri++) {
354 if (recs[ri].wType != question->question_type) {
358 ZERO_STRUCT(ans[ai]);
359 ans[ai].name = question->name;
360 ans[ai].rr_type = DNS_QTYPE_SOA;
361 ans[ai].rr_class = DNS_QCLASS_IP;
362 ans[ai].ttl = recs[ri].dwTtlSeconds;
363 ans[ai].length = UINT16_MAX;
364 ans[ai].rdata.soa_record.mname = recs[ri].data.soa.mname;
365 ans[ai].rdata.soa_record.rname = recs[ri].data.soa.rname;
366 ans[ai].rdata.soa_record.serial = recs[ri].data.soa.serial;
367 ans[ai].rdata.soa_record.refresh= recs[ri].data.soa.refresh;
368 ans[ai].rdata.soa_record.retry = recs[ri].data.soa.retry;
369 ans[ai].rdata.soa_record.expire = recs[ri].data.soa.expire;
370 ans[ai].rdata.soa_record.minimum= recs[ri].data.soa.minimum;
375 return NT_STATUS_NOT_IMPLEMENTED;
378 if (*ancount == ai) {
379 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
389 static NTSTATUS dns_server_process_query(struct dns_server *dns,
391 struct dns_name_packet *in,
392 struct dns_res_rec **answers, uint16_t *ancount,
393 struct dns_res_rec **nsrecs, uint16_t *nscount,
394 struct dns_res_rec **additional, uint16_t *arcount)
396 uint16_t num_answers=0;
397 struct dns_res_rec *ans=NULL;
401 ans = talloc_array(mem_ctx, struct dns_res_rec, 0);
402 if (answers == NULL) return NT_STATUS_NO_MEMORY;
404 for (i = 0; i < in->qdcount; ++i) {
405 status = handle_question(dns, mem_ctx, &in->questions[i], &ans, &num_answers);
406 NT_STATUS_NOT_OK_RETURN(status);
410 *ancount = num_answers;
412 /*FIXME: Do something for these */
422 static NTSTATUS dns_server_process_update(struct dns_server *dns,
424 struct dns_name_packet *in,
425 struct dns_res_rec **prereqs, uint16_t *prereq_count,
426 struct dns_res_rec **updates, uint16_t *update_count,
427 struct dns_res_rec **additional, uint16_t *arcount)
429 struct dns_name_question *zone;
430 const struct dns_server_zone *z;
431 size_t host_part_len = 0;
433 if (in->qdcount != 1) {
434 return NT_STATUS_INVALID_PARAMETER;
437 zone = in->questions;
439 if (zone->question_type != DNS_QTYPE_SOA) {
440 return NT_STATUS_INVALID_PARAMETER;
443 DEBUG(0, ("Got a dns update request.\n"));
445 for (z = dns->zones; z != NULL; z = z->next) {
448 match = dns_name_match(z->name, zone->name, &host_part_len);
455 return NT_STATUS_FOOBAR;
458 if (host_part_len != 0) {
459 return NT_STATUS_NOT_IMPLEMENTED;
462 return NT_STATUS_NOT_IMPLEMENTED;
465 static NTSTATUS dns_process(struct dns_server *dns,
470 enum ndr_err_code ndr_err;
472 struct dns_name_packet *in_packet;
473 struct dns_name_packet *out_packet;
474 struct dns_res_rec *answers = NULL, *nsrecs = NULL, *additional = NULL;
475 uint16_t num_answers = 0 , num_nsrecs = 0, num_additional = 0;
478 if (in->length < 12) {
479 return NT_STATUS_INVALID_PARAMETER;
482 in_packet = talloc_zero(mem_ctx, struct dns_name_packet);
483 /* TODO: We don't really need an out_packet. */
484 out_packet = talloc_zero(mem_ctx, struct dns_name_packet);
486 if (in_packet == NULL) return NT_STATUS_NO_MEMORY;
487 if (out_packet == NULL) return NT_STATUS_NO_MEMORY;
489 dump_data(2, in->data, in->length);
491 ndr_err = ndr_pull_struct_blob(in, in_packet, in_packet,
492 (ndr_pull_flags_fn_t)ndr_pull_dns_name_packet);
493 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
494 TALLOC_FREE(in_packet);
495 DEBUG(0, ("Failed to parse packet %d!\n", ndr_err));
498 out->data[2] |= 0x80; /* Toggle DNS_FLAG_REPLY */
499 out->data[3] |= DNS_RCODE_FORMERR;
504 NDR_PRINT_DEBUG(dns_name_packet, in_packet);
505 *out_packet = *in_packet;
506 out_packet->operation |= DNS_FLAG_REPLY;
508 switch (in_packet->operation & DNS_OPCODE) {
509 case DNS_OPCODE_QUERY:
511 ret = dns_server_process_query(dns, out_packet, in_packet,
512 &answers, &num_answers,
513 &nsrecs, &num_nsrecs,
514 &additional, &num_additional);
515 reply_code = DNS_RCODE_NXDOMAIN;
518 case DNS_OPCODE_REGISTER:
519 ret = dns_server_process_update(dns, out_packet, in_packet,
520 &answers, &num_answers,
521 &nsrecs, &num_nsrecs,
522 &additional, &num_additional);
523 reply_code = ntstatus_to_dns_err(ret);
526 ret = NT_STATUS_NOT_IMPLEMENTED;
527 reply_code = DNS_RCODE_NOTIMP;
531 if (NT_STATUS_IS_OK(ret)) {
532 out_packet->ancount = num_answers;
533 out_packet->answers = answers;
535 out_packet->nscount = num_nsrecs;
536 out_packet->nsrecs = nsrecs;
538 out_packet->arcount = num_additional;
539 out_packet->additional = additional;
541 out_packet->operation |= reply_code;
544 NDR_PRINT_DEBUG(dns_name_packet, out_packet);
545 ndr_err = ndr_push_struct_blob(out, out_packet, out_packet,
546 (ndr_push_flags_fn_t)ndr_push_dns_name_packet);
547 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
548 TALLOC_FREE(in_packet);
549 TALLOC_FREE(out_packet);
550 DEBUG(0, ("Failed to push packet %d!\n", ndr_err));
553 out->data[2] |= 0x80; /* Toggle DNS_FLAG_REPLY */
554 out->data[3] |= DNS_RCODE_SERVFAIL;
559 dump_data(2, out->data, out->length);
563 struct dns_tcp_call {
564 struct dns_tcp_connection *dns_conn;
568 struct iovec out_iov[2];
571 static void dns_tcp_call_writev_done(struct tevent_req *subreq);
573 static void dns_tcp_call_loop(struct tevent_req *subreq)
575 struct dns_tcp_connection *dns_conn = tevent_req_callback_data(subreq,
576 struct dns_tcp_connection);
577 struct dns_tcp_call *call;
580 call = talloc(dns_conn, struct dns_tcp_call);
582 dns_tcp_terminate_connection(dns_conn, "dns_tcp_call_loop: "
583 "no memory for dns_tcp_call");
586 call->dns_conn = dns_conn;
588 status = tstream_read_pdu_blob_recv(subreq,
592 if (!NT_STATUS_IS_OK(status)) {
595 reason = talloc_asprintf(call, "dns_tcp_call_loop: "
596 "tstream_read_pdu_blob_recv() - %s",
599 reason = nt_errstr(status);
602 dns_tcp_terminate_connection(dns_conn, reason);
606 DEBUG(10,("Received krb5 TCP packet of length %lu from %s\n",
607 (long) call->in.length,
608 tsocket_address_string(dns_conn->conn->remote_address, call)));
610 /* skip length header */
612 call->in.length -= 4;
615 status = dns_process(dns_conn->dns_socket->dns, call, &call->in, &call->out);
616 if (!NT_STATUS_IS_OK(status)) {
617 DEBUG(0, ("dns_process returned %s\n", nt_errstr(status)));
618 dns_tcp_terminate_connection(dns_conn,
619 "dns_tcp_call_loop: process function failed");
623 /* First add the length of the out buffer */
624 RSIVAL(call->out_hdr, 0, call->out.length);
625 call->out_iov[0].iov_base = (char *) call->out_hdr;
626 call->out_iov[0].iov_len = 4;
628 call->out_iov[1].iov_base = (char *) call->out.data;
629 call->out_iov[1].iov_len = call->out.length;
631 subreq = tstream_writev_queue_send(call,
632 dns_conn->conn->event.ctx,
634 dns_conn->send_queue,
636 if (subreq == NULL) {
637 dns_tcp_terminate_connection(dns_conn, "dns_tcp_call_loop: "
638 "no memory for tstream_writev_queue_send");
641 tevent_req_set_callback(subreq, dns_tcp_call_writev_done, call);
644 * The krb5 tcp pdu's has the length as 4 byte (initial_read_size),
645 * packet_full_request_u32 provides the pdu length then.
647 subreq = tstream_read_pdu_blob_send(dns_conn,
648 dns_conn->conn->event.ctx,
650 4, /* initial_read_size */
651 packet_full_request_u32,
653 if (subreq == NULL) {
654 dns_tcp_terminate_connection(dns_conn, "dns_tcp_call_loop: "
655 "no memory for tstream_read_pdu_blob_send");
658 tevent_req_set_callback(subreq, dns_tcp_call_loop, dns_conn);
661 static void dns_tcp_call_writev_done(struct tevent_req *subreq)
663 struct dns_tcp_call *call = tevent_req_callback_data(subreq,
664 struct dns_tcp_call);
668 rc = tstream_writev_queue_recv(subreq, &sys_errno);
673 reason = talloc_asprintf(call, "dns_tcp_call_writev_done: "
674 "tstream_writev_queue_recv() - %d:%s",
675 sys_errno, strerror(sys_errno));
677 reason = "dns_tcp_call_writev_done: tstream_writev_queue_recv() failed";
680 dns_tcp_terminate_connection(call->dns_conn, reason);
684 /* We don't care about errors */
690 called when we get a new connection
692 static void dns_tcp_accept(struct stream_connection *conn)
694 struct dns_socket *dns_socket;
695 struct dns_tcp_connection *dns_conn;
696 struct tevent_req *subreq;
699 dns_conn = talloc_zero(conn, struct dns_tcp_connection);
700 if (dns_conn == NULL) {
701 stream_terminate_connection(conn,
702 "dns_tcp_accept: out of memory");
706 dns_conn->send_queue = tevent_queue_create(conn, "dns_tcp_accept");
707 if (dns_conn->send_queue == NULL) {
708 stream_terminate_connection(conn,
709 "dns_tcp_accept: out of memory");
713 dns_socket = talloc_get_type(conn->private_data, struct dns_socket);
715 TALLOC_FREE(conn->event.fde);
717 rc = tstream_bsd_existing_socket(dns_conn,
718 socket_get_fd(conn->socket),
721 stream_terminate_connection(conn,
722 "dns_tcp_accept: out of memory");
726 dns_conn->conn = conn;
727 dns_conn->dns_socket = dns_socket;
728 conn->private_data = dns_conn;
731 * The krb5 tcp pdu's has the length as 4 byte (initial_read_size),
732 * packet_full_request_u32 provides the pdu length then.
734 subreq = tstream_read_pdu_blob_send(dns_conn,
735 dns_conn->conn->event.ctx,
737 4, /* initial_read_size */
738 packet_full_request_u32,
740 if (subreq == NULL) {
741 dns_tcp_terminate_connection(dns_conn, "dns_tcp_accept: "
742 "no memory for tstream_read_pdu_blob_send");
745 tevent_req_set_callback(subreq, dns_tcp_call_loop, dns_conn);
748 static const struct stream_server_ops dns_tcp_stream_ops = {
750 .accept_connection = dns_tcp_accept,
751 .recv_handler = dns_tcp_recv,
752 .send_handler = dns_tcp_send
755 struct dns_udp_call {
756 struct tsocket_address *src;
761 static void dns_udp_call_sendto_done(struct tevent_req *subreq);
763 static void dns_udp_call_loop(struct tevent_req *subreq)
765 struct dns_udp_socket *sock = tevent_req_callback_data(subreq,
766 struct dns_udp_socket);
767 struct dns_udp_call *call;
773 call = talloc(sock, struct dns_udp_call);
779 len = tdgram_recvfrom_recv(subreq, &sys_errno,
780 call, &buf, &call->src);
788 call->in.length = len;
790 DEBUG(10,("Received krb5 UDP packet of length %lu from %s\n",
791 (long)call->in.length,
792 tsocket_address_string(call->src, call)));
795 status = dns_process(sock->dns_socket->dns, call, &call->in, &call->out);
796 if (!NT_STATUS_IS_OK(status)) {
798 DEBUG(0, ("dns_process returned %s\n", nt_errstr(status)));
802 subreq = tdgram_sendto_queue_send(call,
803 sock->dns_socket->dns->task->event_ctx,
809 if (subreq == NULL) {
813 tevent_req_set_callback(subreq, dns_udp_call_sendto_done, call);
816 subreq = tdgram_recvfrom_send(sock,
817 sock->dns_socket->dns->task->event_ctx,
819 if (subreq == NULL) {
820 task_server_terminate(sock->dns_socket->dns->task,
821 "no memory for tdgram_recvfrom_send",
825 tevent_req_set_callback(subreq, dns_udp_call_loop, sock);
828 static void dns_udp_call_sendto_done(struct tevent_req *subreq)
830 struct dns_udp_call *call = tevent_req_callback_data(subreq,
831 struct dns_udp_call);
835 ret = tdgram_sendto_queue_recv(subreq, &sys_errno);
837 /* We don't care about errors */
843 start listening on the given address
845 static NTSTATUS dns_add_socket(struct dns_server *dns,
846 const struct model_ops *model_ops,
851 struct dns_socket *dns_socket;
852 struct dns_udp_socket *dns_udp_socket;
853 struct tevent_req *udpsubreq;
857 dns_socket = talloc(dns, struct dns_socket);
858 NT_STATUS_HAVE_NO_MEMORY(dns_socket);
860 dns_socket->dns = dns;
862 ret = tsocket_address_inet_from_strings(dns_socket, "ip",
864 &dns_socket->local_address);
866 status = map_nt_error_from_unix(errno);
870 status = stream_setup_socket(dns->task->event_ctx,
874 "ip", address, &port,
875 lpcfg_socket_options(dns->task->lp_ctx),
877 if (!NT_STATUS_IS_OK(status)) {
878 DEBUG(0,("Failed to bind to %s:%u TCP - %s\n",
879 address, port, nt_errstr(status)));
880 talloc_free(dns_socket);
884 dns_udp_socket = talloc(dns_socket, struct dns_udp_socket);
885 NT_STATUS_HAVE_NO_MEMORY(dns_udp_socket);
887 dns_udp_socket->dns_socket = dns_socket;
889 ret = tdgram_inet_udp_socket(dns_socket->local_address,
892 &dns_udp_socket->dgram);
894 status = map_nt_error_from_unix(errno);
895 DEBUG(0,("Failed to bind to %s:%u UDP - %s\n",
896 address, port, nt_errstr(status)));
900 dns_udp_socket->send_queue = tevent_queue_create(dns_udp_socket,
901 "dns_udp_send_queue");
902 NT_STATUS_HAVE_NO_MEMORY(dns_udp_socket->send_queue);
904 udpsubreq = tdgram_recvfrom_send(dns_udp_socket,
905 dns->task->event_ctx,
906 dns_udp_socket->dgram);
907 NT_STATUS_HAVE_NO_MEMORY(udpsubreq);
908 tevent_req_set_callback(udpsubreq, dns_udp_call_loop, dns_udp_socket);
914 setup our listening sockets on the configured network interfaces
916 static NTSTATUS dns_startup_interfaces(struct dns_server *dns, struct loadparm_context *lp_ctx,
917 struct interface *ifaces)
919 const struct model_ops *model_ops;
921 TALLOC_CTX *tmp_ctx = talloc_new(dns);
925 /* within the dns task we want to be a single process, so
926 ask for the single process model ops and pass these to the
927 stream_setup_socket() call. */
928 model_ops = process_model_startup(dns->task->event_ctx, "single");
930 DEBUG(0,("Can't find 'single' process model_ops\n"));
931 return NT_STATUS_INTERNAL_ERROR;
934 num_interfaces = iface_count(ifaces);
936 for (i=0; i<num_interfaces; i++) {
937 const char *address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
939 status = dns_add_socket(dns, model_ops, "dns", address, DNS_SERVICE_PORT);
940 NT_STATUS_NOT_OK_RETURN(status);
943 talloc_free(tmp_ctx);
948 static int dns_server_sort_zones(struct ldb_message **m1, struct ldb_message **m2)
953 n1 = ldb_msg_find_attr_as_string(*m1, "name", NULL);
954 n2 = ldb_msg_find_attr_as_string(*m2, "name", NULL);
959 /* If the string lengths are not equal just sort by length */
961 /* If m1 is the larger zone name, return it first */
965 /*TODO: We need to compare DNs here, we want the DomainDNSZones first */
969 static void dns_task_init(struct task_server *task)
971 struct dns_server *dns;
973 struct interface *ifaces;
975 struct ldb_result *res;
976 struct ldb_dn *rootdn;
977 static const char * const attrs[] = { "name", NULL};
981 switch (lpcfg_server_role(task->lp_ctx)) {
982 case ROLE_STANDALONE:
983 task_server_terminate(task, "dns: no DNS required in standalone configuration", false);
985 case ROLE_DOMAIN_MEMBER:
986 task_server_terminate(task, "dns: no DNS required in member server configuration", false);
988 case ROLE_DOMAIN_CONTROLLER:
989 /* Yes, we want a DNS */
993 load_interfaces(task, lpcfg_interfaces(task->lp_ctx), &ifaces);
995 if (iface_count(ifaces) == 0) {
996 task_server_terminate(task, "dns: no network interfaces configured", false);
1000 task_server_set_title(task, "task[dns]");
1002 dns = talloc_zero(task, struct dns_server);
1004 task_server_terminate(task, "dns: out of memory", true);
1010 dns->samdb = samdb_connect(dns, dns->task->event_ctx, dns->task->lp_ctx,
1011 system_session(dns->task->lp_ctx), 0);
1013 task_server_terminate(task, "dns: samdb_connect failed", true);
1017 rootdn = ldb_dn_new(dns, dns->samdb, "");
1018 if (rootdn == NULL) {
1019 task_server_terminate(task, "dns: out of memory", true);
1023 // TODO: this search does not work against windows
1024 ret = dsdb_search(dns->samdb, dns, &res, rootdn, LDB_SCOPE_SUBTREE,
1025 attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS, "(objectClass=dnsZone)");
1026 if (ret != LDB_SUCCESS) {
1027 task_server_terminate(task,
1028 "dns: failed to look up root DNS zones",
1033 TYPESAFE_QSORT(res->msgs, res->count, dns_server_sort_zones);
1035 for (i=0; i < res->count; i++) {
1036 struct dns_server_zone *z;
1038 z = talloc_zero(dns, struct dns_server_zone);
1042 z->name = ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL);
1043 z->dn = talloc_move(z, &res->msgs[i]->dn);
1045 DLIST_ADD_END(dns->zones, z, NULL);
1048 status = dns_startup_interfaces(dns, task->lp_ctx, ifaces);
1049 if (!NT_STATUS_IS_OK(status)) {
1050 task_server_terminate(task, "dns failed to setup interfaces", true);
1055 NTSTATUS server_service_dns_init(void)
1057 return register_server_service("dns", dns_task_init);