2 Unix SMB/CIFS implementation.
4 bind9 dlz driver for Samba
6 Copyright (C) 2010 Andrew Tridgell
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "param/param.h"
25 #include "lib/events/events.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "dsdb/common/util.h"
28 #include "auth/auth.h"
29 #include "auth/session.h"
30 #include "auth/gensec/gensec.h"
31 #include "librpc/gen_ndr/security.h"
32 #include "auth/credentials/credentials.h"
33 #include "system/kerberos.h"
34 #include "auth/kerberos/kerberos.h"
35 #include "gen_ndr/ndr_dnsp.h"
36 #include "gen_ndr/server_id.h"
37 #include "messaging/messaging.h"
38 #include "lib/cmdline/popt_common.h"
39 #include "dlz_minimal.h"
47 struct dlz_bind9_data {
48 struct b9_options options;
49 struct ldb_context *samdb;
50 struct tevent_context *ev_ctx;
51 struct loadparm_context *lp;
52 int *transaction_token;
55 /* Used for dynamic update */
56 struct smb_krb5_context *smb_krb5_ctx;
57 struct auth4_context *auth_context;
58 struct auth_session_info *session_info;
61 /* helper functions from the dlz_dlopen driver */
62 void (*log)(int level, const char *fmt, ...);
63 isc_result_t (*putrr)(dns_sdlzlookup_t *handle, const char *type,
64 dns_ttl_t ttl, const char *data);
65 isc_result_t (*putnamedrr)(dns_sdlzlookup_t *handle, const char *name,
66 const char *type, dns_ttl_t ttl, const char *data);
67 isc_result_t (*writeable_zone)(dns_view_t *view, const char *zone_name);
71 static const char *zone_prefixes[] = {
72 "CN=MicrosoftDNS,DC=DomainDnsZones",
73 "CN=MicrosoftDNS,DC=ForestDnsZones",
74 "CN=MicrosoftDNS,CN=System",
79 return the version of the API
81 _PUBLIC_ int dlz_version(unsigned int *flags)
83 return DLZ_DLOPEN_VERSION;
87 remember a helper function from the bind9 dlz_dlopen driver
89 static void b9_add_helper(struct dlz_bind9_data *state, const char *helper_name, void *ptr)
91 if (strcmp(helper_name, "log") == 0) {
94 if (strcmp(helper_name, "putrr") == 0) {
97 if (strcmp(helper_name, "putnamedrr") == 0) {
98 state->putnamedrr = ptr;
100 if (strcmp(helper_name, "writeable_zone") == 0) {
101 state->writeable_zone = ptr;
106 format a record for bind9
108 static bool b9_format(struct dlz_bind9_data *state,
110 struct dnsp_DnssrvRpcRecord *rec,
111 const char **type, const char **data)
113 switch (rec->wType) {
116 *data = rec->data.ipv4;
121 *data = rec->data.ipv6;
126 *data = rec->data.cname;
131 *data = rec->data.txt;
136 *data = rec->data.ptr;
141 *data = talloc_asprintf(mem_ctx, "%u %u %u %s",
142 rec->data.srv.wPriority,
143 rec->data.srv.wWeight,
145 rec->data.srv.nameTarget);
150 *data = talloc_asprintf(mem_ctx, "%u %s",
151 rec->data.mx.wPriority,
152 rec->data.mx.nameTarget);
157 *data = talloc_asprintf(mem_ctx, "%s %s",
164 *data = rec->data.ns;
171 /* we need to fake the authoritative nameserver to
172 * point at ourselves. This is how AD DNS servers
173 * force clients to send updates to the right local DC
175 mname = talloc_asprintf(mem_ctx, "%s.%s",
176 lpcfg_netbios_name(state->lp), lpcfg_dnsdomain(state->lp));
180 mname = strlower_talloc(mem_ctx, mname);
185 state->soa_serial = rec->data.soa.serial;
187 *data = talloc_asprintf(mem_ctx, "%s %s %u %u %u %u %u",
190 rec->data.soa.serial,
191 rec->data.soa.refresh,
193 rec->data.soa.expire,
194 rec->data.soa.minimum);
199 state->log(ISC_LOG_ERROR, "samba b9_putrr: unhandled record type %u",
207 static const struct {
208 enum dns_record_type dns_type;
212 { DNS_TYPE_A, "A" , false},
213 { DNS_TYPE_AAAA, "AAAA" , false},
214 { DNS_TYPE_CNAME, "CNAME" , true},
215 { DNS_TYPE_TXT, "TXT" , false},
216 { DNS_TYPE_PTR, "PTR" , false},
217 { DNS_TYPE_SRV, "SRV" , false},
218 { DNS_TYPE_MX, "MX" , false},
219 { DNS_TYPE_HINFO, "HINFO" , false},
220 { DNS_TYPE_NS, "NS" , false},
221 { DNS_TYPE_SOA, "SOA" , true},
226 see if a DNS type is single valued
228 static bool b9_single_valued(enum dns_record_type dns_type)
231 for (i=0; i<ARRAY_SIZE(dns_typemap); i++) {
232 if (dns_typemap[i].dns_type == dns_type) {
233 return dns_typemap[i].single_valued;
240 see if a DNS type is single valued
242 static bool b9_dns_type(const char *type, enum dns_record_type *dtype)
245 for (i=0; i<ARRAY_SIZE(dns_typemap); i++) {
246 if (strcasecmp(dns_typemap[i].typestr, type) == 0) {
247 *dtype = dns_typemap[i].dns_type;
255 #define DNS_PARSE_STR(ret, str, sep, saveptr) do { \
256 (ret) = strtok_r(str, sep, &saveptr); \
257 if ((ret) == NULL) return false; \
260 #define DNS_PARSE_UINT(ret, str, sep, saveptr) do { \
261 char *istr = strtok_r(str, sep, &saveptr); \
262 if ((istr) == NULL) return false; \
263 (ret) = strtoul(istr, NULL, 10); \
267 parse a record from bind9
269 static bool b9_parse(struct dlz_bind9_data *state,
270 const char *rdatastr,
271 struct dnsp_DnssrvRpcRecord *rec)
273 char *full_name, *dclass, *type;
274 char *str, *saveptr=NULL;
277 str = talloc_strdup(rec, rdatastr);
282 /* parse the SDLZ string form */
283 DNS_PARSE_STR(full_name, str, "\t", saveptr);
284 DNS_PARSE_UINT(rec->dwTtlSeconds, NULL, "\t", saveptr);
285 DNS_PARSE_STR(dclass, NULL, "\t", saveptr);
286 DNS_PARSE_STR(type, NULL, "\t", saveptr);
288 /* construct the record */
289 for (i=0; i<ARRAY_SIZE(dns_typemap); i++) {
290 if (strcasecmp(type, dns_typemap[i].typestr) == 0) {
291 rec->wType = dns_typemap[i].dns_type;
295 if (i == ARRAY_SIZE(dns_typemap)) {
296 state->log(ISC_LOG_ERROR, "samba_dlz: unsupported record type '%s' for '%s'",
301 switch (rec->wType) {
303 DNS_PARSE_STR(rec->data.ipv4, NULL, " ", saveptr);
307 DNS_PARSE_STR(rec->data.ipv6, NULL, " ", saveptr);
311 DNS_PARSE_STR(rec->data.cname, NULL, " ", saveptr);
315 DNS_PARSE_STR(rec->data.txt, NULL, "\t", saveptr);
319 DNS_PARSE_STR(rec->data.ptr, NULL, " ", saveptr);
323 DNS_PARSE_UINT(rec->data.srv.wPriority, NULL, " ", saveptr);
324 DNS_PARSE_UINT(rec->data.srv.wWeight, NULL, " ", saveptr);
325 DNS_PARSE_UINT(rec->data.srv.wPort, NULL, " ", saveptr);
326 DNS_PARSE_STR(rec->data.srv.nameTarget, NULL, " ", saveptr);
330 DNS_PARSE_UINT(rec->data.mx.wPriority, NULL, " ", saveptr);
331 DNS_PARSE_STR(rec->data.mx.nameTarget, NULL, " ", saveptr);
335 DNS_PARSE_STR(rec->data.hinfo.cpu, NULL, " ", saveptr);
336 DNS_PARSE_STR(rec->data.hinfo.os, NULL, " ", saveptr);
340 DNS_PARSE_STR(rec->data.ns, NULL, " ", saveptr);
344 DNS_PARSE_STR(rec->data.soa.mname, NULL, " ", saveptr);
345 DNS_PARSE_STR(rec->data.soa.rname, NULL, " ", saveptr);
346 DNS_PARSE_UINT(rec->data.soa.serial, NULL, " ", saveptr);
347 DNS_PARSE_UINT(rec->data.soa.refresh, NULL, " ", saveptr);
348 DNS_PARSE_UINT(rec->data.soa.retry, NULL, " ", saveptr);
349 DNS_PARSE_UINT(rec->data.soa.expire, NULL, " ", saveptr);
350 DNS_PARSE_UINT(rec->data.soa.minimum, NULL, " ", saveptr);
354 state->log(ISC_LOG_ERROR, "samba b9_parse: unhandled record type %u",
359 /* we should be at the end of the buffer now */
360 if (strtok_r(NULL, "\t ", &saveptr) != NULL) {
361 state->log(ISC_LOG_ERROR, "samba b9_parse: expected data at end of string for '%s'");
369 send a resource recond to bind9
371 static isc_result_t b9_putrr(struct dlz_bind9_data *state,
372 void *handle, struct dnsp_DnssrvRpcRecord *rec,
376 const char *type, *data;
377 TALLOC_CTX *tmp_ctx = talloc_new(state);
379 if (!b9_format(state, tmp_ctx, rec, &type, &data)) {
380 return ISC_R_FAILURE;
384 talloc_free(tmp_ctx);
385 return ISC_R_NOMEMORY;
390 for (i=0; types[i]; i++) {
391 if (strcmp(types[i], type) == 0) break;
393 if (types[i] == NULL) {
395 return ISC_R_SUCCESS;
399 result = state->putrr(handle, type, rec->dwTtlSeconds, data);
400 if (result != ISC_R_SUCCESS) {
401 state->log(ISC_LOG_ERROR, "Failed to put rr");
403 talloc_free(tmp_ctx);
409 send a named resource recond to bind9
411 static isc_result_t b9_putnamedrr(struct dlz_bind9_data *state,
412 void *handle, const char *name,
413 struct dnsp_DnssrvRpcRecord *rec)
416 const char *type, *data;
417 TALLOC_CTX *tmp_ctx = talloc_new(state);
419 if (!b9_format(state, tmp_ctx, rec, &type, &data)) {
420 return ISC_R_FAILURE;
424 talloc_free(tmp_ctx);
425 return ISC_R_NOMEMORY;
428 result = state->putnamedrr(handle, name, type, rec->dwTtlSeconds, data);
429 if (result != ISC_R_SUCCESS) {
430 state->log(ISC_LOG_ERROR, "Failed to put named rr '%s'", name);
432 talloc_free(tmp_ctx);
439 static isc_result_t parse_options(struct dlz_bind9_data *state,
440 unsigned int argc, char *argv[],
441 struct b9_options *options)
445 struct poptOption long_options[] = {
446 { "url", 'H', POPT_ARG_STRING, &options->url, 0, "database URL", "URL" },
447 { "debug", 'd', POPT_ARG_STRING, &options->debug, 0, "debug level", "DEBUG" },
451 pc = poptGetContext("dlz_bind9", argc, (const char **)argv, long_options,
452 POPT_CONTEXT_KEEP_FIRST);
453 while ((opt = poptGetNextOpt(pc)) != -1) {
456 state->log(ISC_LOG_ERROR, "dlz_bind9: Invalid option %s: %s",
457 poptBadOption(pc, 0), poptStrerror(opt));
458 return ISC_R_FAILURE;
462 return ISC_R_SUCCESS;
467 * Create session info from PAC
468 * This is called as auth_context->generate_session_info_pac()
470 static NTSTATUS b9_generate_session_info_pac(struct auth4_context *auth_context,
472 struct smb_krb5_context *smb_krb5_context,
474 const char *principal_name,
475 const struct tsocket_address *remote_addr,
476 uint32_t session_info_flags,
477 struct auth_session_info **session_info)
480 struct auth_user_info_dc *user_info_dc;
483 tmp_ctx = talloc_new(mem_ctx);
484 NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
486 status = kerberos_pac_blob_to_user_info_dc(tmp_ctx,
488 smb_krb5_context->krb5_context,
492 if (!NT_STATUS_IS_OK(status)) {
493 talloc_free(tmp_ctx);
497 session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
498 status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
499 session_info_flags, session_info);
500 if (!NT_STATUS_IS_OK(status)) {
501 talloc_free(tmp_ctx);
505 talloc_free(tmp_ctx);
511 called to initialise the driver
513 _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
514 unsigned int argc, char *argv[],
517 struct dlz_bind9_data *state;
518 const char *helper_name;
524 state = talloc_zero(NULL, struct dlz_bind9_data);
526 return ISC_R_NOMEMORY;
529 /* fill in the helper functions */
530 va_start(ap, dbdata);
531 while ((helper_name = va_arg(ap, const char *)) != NULL) {
532 b9_add_helper(state, helper_name, va_arg(ap, void*));
536 /* Do not install samba signal handlers */
537 fault_setup_disable();
540 setup_logging("samba_dlz", DEBUG_DEFAULT_STDERR);
542 state->ev_ctx = s4_event_context_init(state);
543 if (state->ev_ctx == NULL) {
544 result = ISC_R_NOMEMORY;
548 result = parse_options(state, argc, argv, &state->options);
549 if (result != ISC_R_SUCCESS) {
553 state->lp = loadparm_init_global(true);
554 if (state->lp == NULL) {
555 result = ISC_R_NOMEMORY;
559 if (state->options.debug) {
560 lpcfg_do_global_parameter(state->lp, "log level", state->options.debug);
562 lpcfg_do_global_parameter(state->lp, "log level", "0");
565 if (smb_krb5_init_context(state, state->ev_ctx, state->lp, &state->smb_krb5_ctx) != 0) {
566 result = ISC_R_NOMEMORY;
570 nt_status = gensec_init();
571 if (!NT_STATUS_IS_OK(nt_status)) {
572 result = ISC_R_NOMEMORY;
576 state->auth_context = talloc_zero(state, struct auth4_context);
577 if (state->auth_context == NULL) {
578 result = ISC_R_NOMEMORY;
582 if (state->options.url == NULL) {
583 state->options.url = lpcfg_private_path(state, state->lp, "dns/sam.ldb");
584 if (state->options.url == NULL) {
585 result = ISC_R_NOMEMORY;
590 state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp,
591 system_session(state->lp), 0, state->options.url);
592 if (state->samdb == NULL) {
593 state->log(ISC_LOG_ERROR, "samba_dlz: Failed to connect to %s",
595 result = ISC_R_FAILURE;
599 dn = ldb_get_default_basedn(state->samdb);
601 state->log(ISC_LOG_ERROR, "samba_dlz: Unable to get basedn for %s - %s",
602 state->options.url, ldb_errstring(state->samdb));
603 result = ISC_R_FAILURE;
607 state->log(ISC_LOG_INFO, "samba_dlz: started for DN %s",
608 ldb_dn_get_linearized(dn));
610 state->auth_context->event_ctx = state->ev_ctx;
611 state->auth_context->lp_ctx = state->lp;
612 state->auth_context->sam_ctx = state->samdb;
613 state->auth_context->generate_session_info_pac = b9_generate_session_info_pac;
617 return ISC_R_SUCCESS;
627 _PUBLIC_ void dlz_destroy(void *dbdata)
629 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
630 state->log(ISC_LOG_INFO, "samba_dlz: shutting down");
636 return the base DN for a zone
638 static isc_result_t b9_find_zone_dn(struct dlz_bind9_data *state, const char *zone_name,
639 TALLOC_CTX *mem_ctx, struct ldb_dn **zone_dn)
642 TALLOC_CTX *tmp_ctx = talloc_new(state);
643 const char *attrs[] = { NULL };
646 for (i=0; zone_prefixes[i]; i++) {
648 struct ldb_result *res;
650 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
652 talloc_free(tmp_ctx);
653 return ISC_R_NOMEMORY;
656 if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone_name, zone_prefixes[i])) {
657 talloc_free(tmp_ctx);
658 return ISC_R_NOMEMORY;
661 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsZone");
662 if (ret == LDB_SUCCESS) {
663 if (zone_dn != NULL) {
664 *zone_dn = talloc_steal(mem_ctx, dn);
666 talloc_free(tmp_ctx);
667 return ISC_R_SUCCESS;
672 talloc_free(tmp_ctx);
673 return ISC_R_NOTFOUND;
678 return the DN for a name. The record does not need to exist, but the
681 static isc_result_t b9_find_name_dn(struct dlz_bind9_data *state, const char *name,
682 TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
686 /* work through the name piece by piece, until we find a zone */
689 result = b9_find_zone_dn(state, p, mem_ctx, dn);
690 if (result == ISC_R_SUCCESS) {
691 /* we found a zone, now extend the DN to get
696 ret = ldb_dn_add_child_fmt(*dn, "DC=@");
698 ret = ldb_dn_add_child_fmt(*dn, "DC=%.*s", (int)(p-name)-1, name);
702 return ISC_R_NOMEMORY;
704 return ISC_R_SUCCESS;
712 return ISC_R_NOTFOUND;
717 see if we handle a given zone
719 _PUBLIC_ isc_result_t dlz_findzonedb(void *dbdata, const char *name)
721 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
722 return b9_find_zone_dn(state, name, NULL, NULL);
729 static isc_result_t dlz_lookup_types(struct dlz_bind9_data *state,
730 const char *zone, const char *name,
731 dns_sdlzlookup_t *lookup,
734 TALLOC_CTX *tmp_ctx = talloc_new(state);
735 const char *attrs[] = { "dnsRecord", NULL };
736 int ret = LDB_SUCCESS, i;
737 struct ldb_result *res;
738 struct ldb_message_element *el;
741 for (i=0; zone_prefixes[i]; i++) {
742 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
744 talloc_free(tmp_ctx);
745 return ISC_R_NOMEMORY;
748 if (!ldb_dn_add_child_fmt(dn, "DC=%s,DC=%s,%s", name, zone, zone_prefixes[i])) {
749 talloc_free(tmp_ctx);
750 return ISC_R_NOMEMORY;
753 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
754 attrs, "objectClass=dnsNode");
755 if (ret == LDB_SUCCESS) {
759 if (ret != LDB_SUCCESS) {
760 talloc_free(tmp_ctx);
761 return ISC_R_NOTFOUND;
764 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
765 if (el == NULL || el->num_values == 0) {
766 talloc_free(tmp_ctx);
767 return ISC_R_NOTFOUND;
770 for (i=0; i<el->num_values; i++) {
771 struct dnsp_DnssrvRpcRecord rec;
772 enum ndr_err_code ndr_err;
775 ndr_err = ndr_pull_struct_blob(&el->values[i], tmp_ctx, &rec,
776 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
777 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
778 state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s",
779 ldb_dn_get_linearized(dn));
780 talloc_free(tmp_ctx);
781 return ISC_R_FAILURE;
784 result = b9_putrr(state, lookup, &rec, types);
785 if (result != ISC_R_SUCCESS) {
786 talloc_free(tmp_ctx);
791 talloc_free(tmp_ctx);
792 return ISC_R_SUCCESS;
798 _PUBLIC_ isc_result_t dlz_lookup(const char *zone, const char *name,
799 void *dbdata, dns_sdlzlookup_t *lookup)
801 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
802 return dlz_lookup_types(state, zone, name, lookup, NULL);
807 see if a zone transfer is allowed
809 _PUBLIC_ isc_result_t dlz_allowzonexfr(void *dbdata, const char *name, const char *client)
811 /* just say yes for all our zones for now */
812 return dlz_findzonedb(dbdata, name);
816 perform a zone transfer
818 _PUBLIC_ isc_result_t dlz_allnodes(const char *zone, void *dbdata,
819 dns_sdlzallnodes_t *allnodes)
821 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
822 const char *attrs[] = { "dnsRecord", NULL };
823 int ret = LDB_SUCCESS, i, j;
825 struct ldb_result *res;
826 TALLOC_CTX *tmp_ctx = talloc_new(state);
828 for (i=0; zone_prefixes[i]; i++) {
829 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
831 talloc_free(tmp_ctx);
832 return ISC_R_NOMEMORY;
835 if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone, zone_prefixes[i])) {
836 talloc_free(tmp_ctx);
837 return ISC_R_NOMEMORY;
840 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
841 attrs, "objectClass=dnsNode");
842 if (ret == LDB_SUCCESS) {
846 if (ret != LDB_SUCCESS) {
847 talloc_free(tmp_ctx);
848 return ISC_R_NOTFOUND;
851 for (i=0; i<res->count; i++) {
852 struct ldb_message_element *el;
853 TALLOC_CTX *el_ctx = talloc_new(tmp_ctx);
854 const char *rdn, *name;
855 const struct ldb_val *v;
857 el = ldb_msg_find_element(res->msgs[i], "dnsRecord");
858 if (el == NULL || el->num_values == 0) {
859 state->log(ISC_LOG_INFO, "failed to find dnsRecord for %s",
860 ldb_dn_get_linearized(dn));
865 v = ldb_dn_get_rdn_val(res->msgs[i]->dn);
867 state->log(ISC_LOG_INFO, "failed to find RDN for %s",
868 ldb_dn_get_linearized(dn));
873 rdn = talloc_strndup(el_ctx, (char *)v->data, v->length);
875 talloc_free(tmp_ctx);
876 return ISC_R_NOMEMORY;
879 if (strcmp(rdn, "@") == 0) {
882 name = talloc_asprintf(el_ctx, "%s.%s", rdn, zone);
885 talloc_free(tmp_ctx);
886 return ISC_R_NOMEMORY;
889 for (j=0; j<el->num_values; j++) {
890 struct dnsp_DnssrvRpcRecord rec;
891 enum ndr_err_code ndr_err;
894 ndr_err = ndr_pull_struct_blob(&el->values[j], el_ctx, &rec,
895 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
896 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
897 state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s",
898 ldb_dn_get_linearized(dn));
902 result = b9_putnamedrr(state, allnodes, name, &rec);
903 if (result != ISC_R_SUCCESS) {
909 talloc_free(tmp_ctx);
911 return ISC_R_SUCCESS;
918 _PUBLIC_ isc_result_t dlz_newversion(const char *zone, void *dbdata, void **versionp)
920 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
922 state->log(ISC_LOG_INFO, "samba_dlz: starting transaction on zone %s", zone);
924 if (state->transaction_token != NULL) {
925 state->log(ISC_LOG_INFO, "samba_dlz: transaction already started for zone %s", zone);
926 return ISC_R_FAILURE;
929 state->transaction_token = talloc_zero(state, int);
930 if (state->transaction_token == NULL) {
931 return ISC_R_NOMEMORY;
934 if (ldb_transaction_start(state->samdb) != LDB_SUCCESS) {
935 state->log(ISC_LOG_INFO, "samba_dlz: failed to start a transaction for zone %s", zone);
936 talloc_free(state->transaction_token);
937 state->transaction_token = NULL;
938 return ISC_R_FAILURE;
941 *versionp = (void *)state->transaction_token;
943 return ISC_R_SUCCESS;
949 _PUBLIC_ void dlz_closeversion(const char *zone, isc_boolean_t commit,
950 void *dbdata, void **versionp)
952 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
954 if (state->transaction_token != (int *)*versionp) {
955 state->log(ISC_LOG_INFO, "samba_dlz: transaction not started for zone %s", zone);
960 if (ldb_transaction_commit(state->samdb) != LDB_SUCCESS) {
961 state->log(ISC_LOG_INFO, "samba_dlz: failed to commit a transaction for zone %s", zone);
964 state->log(ISC_LOG_INFO, "samba_dlz: committed transaction on zone %s", zone);
966 if (ldb_transaction_cancel(state->samdb) != LDB_SUCCESS) {
967 state->log(ISC_LOG_INFO, "samba_dlz: failed to cancel a transaction for zone %s", zone);
970 state->log(ISC_LOG_INFO, "samba_dlz: cancelling transaction on zone %s", zone);
973 talloc_free(state->transaction_token);
974 state->transaction_token = NULL;
980 see if there is a SOA record for a zone
982 static bool b9_has_soa(struct dlz_bind9_data *state, struct ldb_dn *dn, const char *zone)
984 const char *attrs[] = { "dnsRecord", NULL };
985 struct ldb_result *res;
986 struct ldb_message_element *el;
987 TALLOC_CTX *tmp_ctx = talloc_new(state);
990 if (!ldb_dn_add_child_fmt(dn, "DC=@,DC=%s", zone)) {
991 talloc_free(tmp_ctx);
995 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
996 attrs, "objectClass=dnsNode");
997 if (ret != LDB_SUCCESS) {
998 talloc_free(tmp_ctx);
1002 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
1004 talloc_free(tmp_ctx);
1007 for (i=0; i<el->num_values; i++) {
1008 struct dnsp_DnssrvRpcRecord rec;
1009 enum ndr_err_code ndr_err;
1011 ndr_err = ndr_pull_struct_blob(&el->values[i], tmp_ctx, &rec,
1012 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
1013 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1016 if (rec.wType == DNS_TYPE_SOA) {
1017 talloc_free(tmp_ctx);
1022 talloc_free(tmp_ctx);
1027 configure a writeable zone
1029 _PUBLIC_ isc_result_t dlz_configure(dns_view_t *view, void *dbdata)
1031 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
1032 TALLOC_CTX *tmp_ctx;
1036 state->log(ISC_LOG_INFO, "samba_dlz: starting configure");
1037 if (state->writeable_zone == NULL) {
1038 state->log(ISC_LOG_INFO, "samba_dlz: no writeable_zone method available");
1039 return ISC_R_FAILURE;
1042 tmp_ctx = talloc_new(state);
1044 for (i=0; zone_prefixes[i]; i++) {
1045 const char *attrs[] = { "name", NULL };
1047 struct ldb_result *res;
1049 dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
1051 talloc_free(tmp_ctx);
1052 return ISC_R_NOMEMORY;
1055 if (!ldb_dn_add_child_fmt(dn, "%s", zone_prefixes[i])) {
1056 talloc_free(tmp_ctx);
1057 return ISC_R_NOMEMORY;
1060 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
1061 attrs, "objectClass=dnsZone");
1062 if (ret != LDB_SUCCESS) {
1066 for (j=0; j<res->count; j++) {
1067 isc_result_t result;
1068 const char *zone = ldb_msg_find_attr_as_string(res->msgs[j], "name", NULL);
1069 struct ldb_dn *zone_dn;
1074 zone_dn = ldb_dn_copy(tmp_ctx, dn);
1075 if (zone_dn == NULL) {
1076 talloc_free(tmp_ctx);
1077 return ISC_R_NOMEMORY;
1080 if (!b9_has_soa(state, zone_dn, zone)) {
1083 result = state->writeable_zone(view, zone);
1084 if (result != ISC_R_SUCCESS) {
1085 state->log(ISC_LOG_ERROR, "samba_dlz: Failed to configure zone '%s'",
1087 talloc_free(tmp_ctx);
1090 state->log(ISC_LOG_INFO, "samba_dlz: configured writeable zone '%s'", zone);
1094 talloc_free(tmp_ctx);
1095 return ISC_R_SUCCESS;
1099 authorize a zone update
1101 _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
1102 const char *type, const char *key, uint32_t keydatalen, uint8_t *keydata,
1105 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
1106 TALLOC_CTX *tmp_ctx;
1108 struct cli_credentials *server_credentials;
1113 struct gensec_security *gensec_ctx;
1114 struct auth_session_info *session_info;
1116 isc_result_t result;
1117 struct ldb_result *res;
1118 const char * attrs[] = { NULL };
1119 uint32_t access_mask;
1121 /* Remove cached credentials, if any */
1122 if (state->session_info) {
1123 talloc_free(state->session_info);
1124 state->session_info = NULL;
1126 if (state->update_name) {
1127 talloc_free(state->update_name);
1128 state->update_name = NULL;
1131 tmp_ctx = talloc_new(NULL);
1132 if (tmp_ctx == NULL) {
1133 state->log(ISC_LOG_ERROR, "samba_dlz: no memory");
1137 ap_req = data_blob_const(keydata, keydatalen);
1138 server_credentials = cli_credentials_init(tmp_ctx);
1139 if (!server_credentials) {
1140 state->log(ISC_LOG_ERROR, "samba_dlz: failed to init server credentials");
1141 talloc_free(tmp_ctx);
1145 cli_credentials_set_krb5_context(server_credentials, state->smb_krb5_ctx);
1146 cli_credentials_set_conf(server_credentials, state->lp);
1148 keytab_name = talloc_asprintf(tmp_ctx, "file:%s/dns.keytab",
1149 lpcfg_private_dir(state->lp));
1150 ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name,
1153 state->log(ISC_LOG_ERROR, "samba_dlz: failed to obtain server credentials from %s",
1155 talloc_free(tmp_ctx);
1158 talloc_free(keytab_name);
1160 nt_status = gensec_server_start(tmp_ctx,
1161 lpcfg_gensec_settings(tmp_ctx, state->lp),
1162 state->auth_context, &gensec_ctx);
1163 if (!NT_STATUS_IS_OK(nt_status)) {
1164 state->log(ISC_LOG_ERROR, "samba_dlz: failed to start gensec server");
1165 talloc_free(tmp_ctx);
1169 gensec_set_credentials(gensec_ctx, server_credentials);
1171 nt_status = gensec_start_mech_by_name(gensec_ctx, "spnego");
1172 if (!NT_STATUS_IS_OK(nt_status)) {
1173 state->log(ISC_LOG_ERROR, "samba_dlz: failed to start spnego");
1174 talloc_free(tmp_ctx);
1178 nt_status = gensec_update(gensec_ctx, tmp_ctx, state->ev_ctx, ap_req, &ap_req);
1179 if (!NT_STATUS_IS_OK(nt_status)) {
1180 state->log(ISC_LOG_ERROR, "samba_dlz: spnego update failed");
1181 talloc_free(tmp_ctx);
1185 nt_status = gensec_session_info(gensec_ctx, tmp_ctx, &session_info);
1186 if (!NT_STATUS_IS_OK(nt_status)) {
1187 state->log(ISC_LOG_ERROR, "samba_dlz: failed to create session info");
1188 talloc_free(tmp_ctx);
1192 /* Get the DN from name */
1193 result = b9_find_name_dn(state, name, tmp_ctx, &dn);
1194 if (result != ISC_R_SUCCESS) {
1195 state->log(ISC_LOG_ERROR, "samba_dlz: failed to find name %s", name);
1196 talloc_free(tmp_ctx);
1200 /* make sure the dn exists, or find parent dn in case new object is being added */
1201 ldb_ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
1202 attrs, "objectClass=dnsNode");
1203 if (ldb_ret == LDB_ERR_NO_SUCH_OBJECT) {
1204 ldb_dn_remove_child_components(dn, 1);
1205 access_mask = SEC_ADS_CREATE_CHILD;
1207 } else if (ldb_ret == LDB_SUCCESS) {
1208 access_mask = SEC_STD_REQUIRED | SEC_ADS_SELF_WRITE;
1211 talloc_free(tmp_ctx);
1216 ldb_ret = dsdb_check_access_on_dn(state->samdb, tmp_ctx, dn,
1217 session_info->security_token,
1219 if (ldb_ret != LDB_SUCCESS) {
1220 state->log(ISC_LOG_INFO,
1221 "samba_dlz: disallowing update of signer=%s name=%s type=%s error=%s",
1222 signer, name, type, ldb_strerror(ldb_ret));
1223 talloc_free(tmp_ctx);
1227 /* Cache session_info, so it can be used in the actual add/delete operation */
1228 state->update_name = talloc_strdup(state, name);
1229 if (state->update_name == NULL) {
1230 state->log(ISC_LOG_ERROR, "samba_dlz: memory allocation error");
1231 talloc_free(tmp_ctx);
1234 state->session_info = talloc_steal(state, session_info);
1236 state->log(ISC_LOG_INFO, "samba_dlz: allowing update of signer=%s name=%s tcpaddr=%s type=%s key=%s",
1237 signer, name, tcpaddr, type, key);
1239 talloc_free(tmp_ctx);
1247 static isc_result_t b9_add_record(struct dlz_bind9_data *state, const char *name,
1249 struct dnsp_DnssrvRpcRecord *rec)
1251 struct ldb_message *msg;
1252 enum ndr_err_code ndr_err;
1256 msg = ldb_msg_new(rec);
1258 return ISC_R_NOMEMORY;
1261 ret = ldb_msg_add_string(msg, "objectClass", "dnsNode");
1262 if (ret != LDB_SUCCESS) {
1263 return ISC_R_FAILURE;
1266 ndr_err = ndr_push_struct_blob(&v, rec, rec, (ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
1267 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1268 return ISC_R_FAILURE;
1270 ret = ldb_msg_add_value(msg, "dnsRecord", &v, NULL);
1271 if (ret != LDB_SUCCESS) {
1272 return ISC_R_FAILURE;
1275 ret = ldb_add(state->samdb, msg);
1276 if (ret != LDB_SUCCESS) {
1277 return ISC_R_FAILURE;
1280 return ISC_R_SUCCESS;
1284 see if two DNS names are the same
1286 static bool dns_name_equal(const char *name1, const char *name2)
1288 size_t len1 = strlen(name1);
1289 size_t len2 = strlen(name2);
1290 if (name1[len1-1] == '.') len1--;
1291 if (name2[len2-1] == '.') len2--;
1295 return strncasecmp_m(name1, name2, len1) == 0;
1300 see if two dns records match
1302 static bool b9_record_match(struct dlz_bind9_data *state,
1303 struct dnsp_DnssrvRpcRecord *rec1, struct dnsp_DnssrvRpcRecord *rec2)
1305 if (rec1->wType != rec2->wType) {
1308 /* see if this type is single valued */
1309 if (b9_single_valued(rec1->wType)) {
1313 /* see if the data matches */
1314 switch (rec1->wType) {
1316 return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0;
1318 return strcmp(rec1->data.ipv6, rec2->data.ipv6) == 0;
1319 case DNS_TYPE_CNAME:
1320 return dns_name_equal(rec1->data.cname, rec2->data.cname);
1322 return strcmp(rec1->data.txt, rec2->data.txt) == 0;
1324 return strcmp(rec1->data.ptr, rec2->data.ptr) == 0;
1326 return dns_name_equal(rec1->data.ns, rec2->data.ns);
1329 return rec1->data.srv.wPriority == rec2->data.srv.wPriority &&
1330 rec1->data.srv.wWeight == rec2->data.srv.wWeight &&
1331 rec1->data.srv.wPort == rec2->data.srv.wPort &&
1332 dns_name_equal(rec1->data.srv.nameTarget, rec2->data.srv.nameTarget);
1335 return rec1->data.mx.wPriority == rec2->data.mx.wPriority &&
1336 dns_name_equal(rec1->data.mx.nameTarget, rec2->data.mx.nameTarget);
1338 case DNS_TYPE_HINFO:
1339 return strcmp(rec1->data.hinfo.cpu, rec2->data.hinfo.cpu) == 0 &&
1340 strcmp(rec1->data.hinfo.os, rec2->data.hinfo.os) == 0;
1343 return dns_name_equal(rec1->data.soa.mname, rec2->data.soa.mname) &&
1344 dns_name_equal(rec1->data.soa.rname, rec2->data.soa.rname) &&
1345 rec1->data.soa.serial == rec2->data.soa.serial &&
1346 rec1->data.soa.refresh == rec2->data.soa.refresh &&
1347 rec1->data.soa.retry == rec2->data.soa.retry &&
1348 rec1->data.soa.expire == rec2->data.soa.expire &&
1349 rec1->data.soa.minimum == rec2->data.soa.minimum;
1351 state->log(ISC_LOG_ERROR, "samba b9_putrr: unhandled record type %u",
1360 * Update session_info on samdb using the cached credentials
1362 static bool b9_set_session_info(struct dlz_bind9_data *state, const char *name)
1366 if (state->update_name == NULL || state->session_info == NULL) {
1367 state->log(ISC_LOG_ERROR, "samba_dlz: invalid credentials");
1371 /* Do not use client credentials, if we not updating the client specified name */
1372 if (strcmp(state->update_name, name) != 0) {
1376 ret = ldb_set_opaque(state->samdb, "sessionInfo", state->session_info);
1377 if (ret != LDB_SUCCESS) {
1378 state->log(ISC_LOG_ERROR, "samba_dlz: unable to set session info");
1386 * Reset session_info on samdb as system session
1388 static void b9_reset_session_info(struct dlz_bind9_data *state)
1390 ldb_set_opaque(state->samdb, "sessionInfo", system_session(state->lp));
1394 add or modify a rdataset
1396 _PUBLIC_ isc_result_t dlz_addrdataset(const char *name, const char *rdatastr, void *dbdata, void *version)
1398 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
1399 struct dnsp_DnssrvRpcRecord *rec;
1401 isc_result_t result;
1402 struct ldb_result *res;
1403 const char *attrs[] = { "dnsRecord", NULL };
1405 struct ldb_message_element *el;
1406 enum ndr_err_code ndr_err;
1409 if (state->transaction_token != (void*)version) {
1410 state->log(ISC_LOG_INFO, "samba_dlz: bad transaction version");
1411 return ISC_R_FAILURE;
1414 rec = talloc_zero(state, struct dnsp_DnssrvRpcRecord);
1416 return ISC_R_NOMEMORY;
1419 unix_to_nt_time(&t, time(NULL));
1420 t /= 10*1000*1000; /* convert to seconds (NT time is in 100ns units) */
1421 t /= 3600; /* convert to hours */
1423 rec->rank = DNS_RANK_ZONE;
1424 rec->dwSerial = state->soa_serial;
1425 rec->dwTimeStamp = (uint32_t)t;
1427 if (!b9_parse(state, rdatastr, rec)) {
1428 state->log(ISC_LOG_INFO, "samba_dlz: failed to parse rdataset '%s'", rdatastr);
1430 return ISC_R_FAILURE;
1433 /* find the DN of the record */
1434 result = b9_find_name_dn(state, name, rec, &dn);
1435 if (result != ISC_R_SUCCESS) {
1440 /* get any existing records */
1441 ret = ldb_search(state->samdb, rec, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsNode");
1442 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
1443 if (!b9_set_session_info(state, name)) {
1445 return ISC_R_FAILURE;
1447 result = b9_add_record(state, name, dn, rec);
1448 b9_reset_session_info(state);
1450 if (result == ISC_R_SUCCESS) {
1451 state->log(ISC_LOG_ERROR, "samba_dlz: added %s %s", name, rdatastr);
1456 /* there are existing records. We need to see if this will
1457 * replace a record or add to it
1459 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
1461 state->log(ISC_LOG_ERROR, "samba_dlz: no dnsRecord attribute for %s",
1462 ldb_dn_get_linearized(dn));
1464 return ISC_R_FAILURE;
1467 for (i=0; i<el->num_values; i++) {
1468 struct dnsp_DnssrvRpcRecord rec2;
1470 ndr_err = ndr_pull_struct_blob(&el->values[i], rec, &rec2,
1471 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
1472 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1473 state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s",
1474 ldb_dn_get_linearized(dn));
1476 return ISC_R_FAILURE;
1479 if (b9_record_match(state, rec, &rec2)) {
1483 if (i == el->num_values) {
1484 /* adding a new value */
1485 el->values = talloc_realloc(el, el->values, struct ldb_val, el->num_values+1);
1486 if (el->values == NULL) {
1488 return ISC_R_NOMEMORY;
1493 ndr_err = ndr_push_struct_blob(&el->values[i], rec, rec,
1494 (ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
1495 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1496 state->log(ISC_LOG_ERROR, "samba_dlz: failed to push dnsRecord for %s",
1497 ldb_dn_get_linearized(dn));
1499 return ISC_R_FAILURE;
1503 if (!b9_set_session_info(state, name)) {
1505 return ISC_R_FAILURE;
1508 /* modify the record */
1509 el->flags = LDB_FLAG_MOD_REPLACE;
1510 ret = ldb_modify(state->samdb, res->msgs[0]);
1511 b9_reset_session_info(state);
1512 if (ret != LDB_SUCCESS) {
1513 state->log(ISC_LOG_ERROR, "samba_dlz: failed to modify %s - %s",
1514 ldb_dn_get_linearized(dn), ldb_errstring(state->samdb));
1516 return ISC_R_FAILURE;
1519 state->log(ISC_LOG_INFO, "samba_dlz: added rdataset %s '%s'", name, rdatastr);
1522 return ISC_R_SUCCESS;
1528 _PUBLIC_ isc_result_t dlz_subrdataset(const char *name, const char *rdatastr, void *dbdata, void *version)
1530 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
1531 struct dnsp_DnssrvRpcRecord *rec;
1533 isc_result_t result;
1534 struct ldb_result *res;
1535 const char *attrs[] = { "dnsRecord", NULL };
1537 struct ldb_message_element *el;
1538 enum ndr_err_code ndr_err;
1540 if (state->transaction_token != (void*)version) {
1541 state->log(ISC_LOG_INFO, "samba_dlz: bad transaction version");
1542 return ISC_R_FAILURE;
1545 rec = talloc_zero(state, struct dnsp_DnssrvRpcRecord);
1547 return ISC_R_NOMEMORY;
1550 if (!b9_parse(state, rdatastr, rec)) {
1551 state->log(ISC_LOG_INFO, "samba_dlz: failed to parse rdataset '%s'", rdatastr);
1553 return ISC_R_FAILURE;
1556 /* find the DN of the record */
1557 result = b9_find_name_dn(state, name, rec, &dn);
1558 if (result != ISC_R_SUCCESS) {
1563 /* get the existing records */
1564 ret = ldb_search(state->samdb, rec, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsNode");
1565 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
1567 return ISC_R_NOTFOUND;
1570 /* there are existing records. We need to see if any match
1572 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
1573 if (el == NULL || el->num_values == 0) {
1574 state->log(ISC_LOG_ERROR, "samba_dlz: no dnsRecord attribute for %s",
1575 ldb_dn_get_linearized(dn));
1577 return ISC_R_FAILURE;
1580 for (i=0; i<el->num_values; i++) {
1581 struct dnsp_DnssrvRpcRecord rec2;
1583 ndr_err = ndr_pull_struct_blob(&el->values[i], rec, &rec2,
1584 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
1585 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1586 state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s",
1587 ldb_dn_get_linearized(dn));
1589 return ISC_R_FAILURE;
1592 if (b9_record_match(state, rec, &rec2)) {
1596 if (i == el->num_values) {
1598 return ISC_R_NOTFOUND;
1601 if (i < el->num_values-1) {
1602 memmove(&el->values[i], &el->values[i+1], sizeof(el->values[0])*((el->num_values-1)-i));
1606 if (!b9_set_session_info(state, name)) {
1608 return ISC_R_FAILURE;
1611 if (el->num_values == 0) {
1612 /* delete the record */
1613 ret = ldb_delete(state->samdb, dn);
1614 b9_reset_session_info(state);
1616 /* modify the record */
1617 el->flags = LDB_FLAG_MOD_REPLACE;
1618 ret = ldb_modify(state->samdb, res->msgs[0]);
1620 b9_reset_session_info(state);
1621 if (ret != LDB_SUCCESS) {
1622 state->log(ISC_LOG_ERROR, "samba_dlz: failed to modify %s - %s",
1623 ldb_dn_get_linearized(dn), ldb_errstring(state->samdb));
1625 return ISC_R_FAILURE;
1628 state->log(ISC_LOG_INFO, "samba_dlz: subtracted rdataset %s '%s'", name, rdatastr);
1631 return ISC_R_SUCCESS;
1636 delete all records of the given type
1638 _PUBLIC_ isc_result_t dlz_delrdataset(const char *name, const char *type, void *dbdata, void *version)
1640 struct dlz_bind9_data *state = talloc_get_type_abort(dbdata, struct dlz_bind9_data);
1641 TALLOC_CTX *tmp_ctx;
1643 isc_result_t result;
1644 struct ldb_result *res;
1645 const char *attrs[] = { "dnsRecord", NULL };
1647 struct ldb_message_element *el;
1648 enum ndr_err_code ndr_err;
1649 enum dns_record_type dns_type;
1652 if (state->transaction_token != (void*)version) {
1653 state->log(ISC_LOG_INFO, "samba_dlz: bad transaction version");
1654 return ISC_R_FAILURE;
1657 if (!b9_dns_type(type, &dns_type)) {
1658 state->log(ISC_LOG_INFO, "samba_dlz: bad dns type %s in delete", type);
1659 return ISC_R_FAILURE;
1662 tmp_ctx = talloc_new(state);
1664 /* find the DN of the record */
1665 result = b9_find_name_dn(state, name, tmp_ctx, &dn);
1666 if (result != ISC_R_SUCCESS) {
1667 talloc_free(tmp_ctx);
1671 /* get the existing records */
1672 ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsNode");
1673 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
1674 talloc_free(tmp_ctx);
1675 return ISC_R_NOTFOUND;
1678 /* there are existing records. We need to see if any match the type
1680 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
1681 if (el == NULL || el->num_values == 0) {
1682 talloc_free(tmp_ctx);
1683 return ISC_R_NOTFOUND;
1686 for (i=0; i<el->num_values; i++) {
1687 struct dnsp_DnssrvRpcRecord rec2;
1689 ndr_err = ndr_pull_struct_blob(&el->values[i], tmp_ctx, &rec2,
1690 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
1691 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1692 state->log(ISC_LOG_ERROR, "samba_dlz: failed to parse dnsRecord for %s",
1693 ldb_dn_get_linearized(dn));
1694 talloc_free(tmp_ctx);
1695 return ISC_R_FAILURE;
1698 if (dns_type == rec2.wType) {
1699 if (i < el->num_values-1) {
1700 memmove(&el->values[i], &el->values[i+1],
1701 sizeof(el->values[0])*((el->num_values-1)-i));
1710 talloc_free(tmp_ctx);
1711 return ISC_R_FAILURE;
1714 if (!b9_set_session_info(state, name)) {
1715 talloc_free(tmp_ctx);
1716 return ISC_R_FAILURE;
1719 if (el->num_values == 0) {
1720 /* delete the record */
1721 ret = ldb_delete(state->samdb, dn);
1723 /* modify the record */
1724 el->flags = LDB_FLAG_MOD_REPLACE;
1725 ret = ldb_modify(state->samdb, res->msgs[0]);
1727 b9_reset_session_info(state);
1728 if (ret != LDB_SUCCESS) {
1729 state->log(ISC_LOG_ERROR, "samba_dlz: failed to delete type %s in %s - %s",
1730 type, ldb_dn_get_linearized(dn), ldb_errstring(state->samdb));
1731 talloc_free(tmp_ctx);
1732 return ISC_R_FAILURE;
1735 state->log(ISC_LOG_INFO, "samba_dlz: deleted rdataset %s of type %s", name, type);
1737 talloc_free(tmp_ctx);
1738 return ISC_R_SUCCESS;