2 Unix SMB/CIFS implementation.
6 Copyright (C) 2010 Kai Blin
7 Copyright (C) 2014 Stefan Metzmacher
8 Copyright (C) 2015 Andrew Bartlett
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "libcli/util/ntstatus.h"
26 #include "libcli/util/werror.h"
27 #include "librpc/ndr/libndr.h"
28 #include "librpc/gen_ndr/ndr_dns.h"
29 #include "librpc/gen_ndr/ndr_dnsp.h"
31 #include "dsdb/samdb/samdb.h"
32 #include "dsdb/common/util.h"
33 #include "dns_server/dnsserver_common.h"
34 #include "lib/util/dlinklist.h"
37 #define DBGC_CLASS DBGC_DNS
39 uint8_t werr_to_dns_err(WERROR werr)
41 if (W_ERROR_EQUAL(WERR_OK, werr)) {
43 } else if (W_ERROR_EQUAL(DNS_ERR(FORMAT_ERROR), werr)) {
44 return DNS_RCODE_FORMERR;
45 } else if (W_ERROR_EQUAL(DNS_ERR(SERVER_FAILURE), werr)) {
46 return DNS_RCODE_SERVFAIL;
47 } else if (W_ERROR_EQUAL(DNS_ERR(NAME_ERROR), werr)) {
48 return DNS_RCODE_NXDOMAIN;
49 } else if (W_ERROR_EQUAL(WERR_DNS_ERROR_NAME_DOES_NOT_EXIST, werr)) {
50 return DNS_RCODE_NXDOMAIN;
51 } else if (W_ERROR_EQUAL(DNS_ERR(NOT_IMPLEMENTED), werr)) {
52 return DNS_RCODE_NOTIMP;
53 } else if (W_ERROR_EQUAL(DNS_ERR(REFUSED), werr)) {
54 return DNS_RCODE_REFUSED;
55 } else if (W_ERROR_EQUAL(DNS_ERR(YXDOMAIN), werr)) {
56 return DNS_RCODE_YXDOMAIN;
57 } else if (W_ERROR_EQUAL(DNS_ERR(YXRRSET), werr)) {
58 return DNS_RCODE_YXRRSET;
59 } else if (W_ERROR_EQUAL(DNS_ERR(NXRRSET), werr)) {
60 return DNS_RCODE_NXRRSET;
61 } else if (W_ERROR_EQUAL(DNS_ERR(NOTAUTH), werr)) {
62 return DNS_RCODE_NOTAUTH;
63 } else if (W_ERROR_EQUAL(DNS_ERR(NOTZONE), werr)) {
64 return DNS_RCODE_NOTZONE;
65 } else if (W_ERROR_EQUAL(DNS_ERR(BADKEY), werr)) {
66 return DNS_RCODE_BADKEY;
68 DEBUG(5, ("No mapping exists for %s\n", win_errstr(werr)));
69 return DNS_RCODE_SERVFAIL;
72 WERROR dns_common_extract(struct ldb_context *samdb,
73 const struct ldb_message_element *el,
75 struct dnsp_DnssrvRpcRecord **records,
76 uint16_t *num_records)
79 struct dnsp_DnssrvRpcRecord *recs;
84 recs = talloc_zero_array(mem_ctx, struct dnsp_DnssrvRpcRecord,
87 return WERR_NOT_ENOUGH_MEMORY;
89 for (ri = 0; ri < el->num_values; ri++) {
92 const char *dnsHostName = NULL;
93 struct ldb_val *v = &el->values[ri];
94 enum ndr_err_code ndr_err;
95 ndr_err = ndr_pull_struct_blob(v, recs, &recs[ri],
96 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
97 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
99 DEBUG(0, ("Failed to grab dnsp_DnssrvRpcRecord\n"));
100 return DNS_ERR(SERVER_FAILURE);
104 * In AD, except on an RODC (where we should list a random RWDC,
105 * we should over-stamp the MNAME with our own hostname
107 if (recs[ri].wType != DNS_TYPE_SOA) {
111 ret = samdb_rodc(samdb, &am_rodc);
112 if (ret != LDB_SUCCESS) {
113 DEBUG(0, ("Failed to confirm we are not an RODC: %s\n",
114 ldb_errstring(samdb)));
115 return DNS_ERR(SERVER_FAILURE);
122 ret = samdb_dns_host_name(samdb, &dnsHostName);
123 if (ret != LDB_SUCCESS || dnsHostName == NULL) {
124 DEBUG(0, ("Failed to get dnsHostName from rootDSE"));
125 return DNS_ERR(SERVER_FAILURE);
128 recs[ri].data.soa.mname = talloc_strdup(recs, dnsHostName);
132 *num_records = el->num_values;
137 * Lookup a DNS record, performing an exact match.
138 * i.e. DNS wild card records are not considered.
140 WERROR dns_common_lookup(struct ldb_context *samdb,
143 struct dnsp_DnssrvRpcRecord **records,
144 uint16_t *num_records,
147 static const char * const attrs[] = {
154 struct ldb_message *msg = NULL;
155 struct ldb_message_element *el;
160 if (tombstoned != NULL) {
162 ret = dsdb_search_one(samdb, mem_ctx, &msg, dn,
163 LDB_SCOPE_BASE, attrs, 0,
164 "(objectClass=dnsNode)");
166 ret = dsdb_search_one(samdb, mem_ctx, &msg, dn,
167 LDB_SCOPE_BASE, attrs, 0,
168 "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
170 if (ret == LDB_ERR_NO_SUCH_OBJECT) {
171 return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
173 if (ret != LDB_SUCCESS) {
174 /* TODO: we need to check if there's a glue record we need to
175 * create a referral to */
176 return DNS_ERR(NAME_ERROR);
179 if (tombstoned != NULL) {
180 *tombstoned = ldb_msg_find_attr_as_bool(msg,
181 "dNSTombstoned", false);
184 el = ldb_msg_find_element(msg, "dnsRecord");
188 * records produced by older Samba releases
189 * keep dnsNode objects without dnsRecord and
190 * without setting dNSTombstoned=TRUE.
192 * We just pretend they're tombstones.
194 if (tombstoned != NULL) {
195 struct dnsp_DnssrvRpcRecord *recs;
196 recs = talloc_array(mem_ctx,
197 struct dnsp_DnssrvRpcRecord,
200 return WERR_NOT_ENOUGH_MEMORY;
202 recs[0] = (struct dnsp_DnssrvRpcRecord) {
203 .wType = DNS_TYPE_TOMBSTONE,
205 * A value of timestamp != 0
206 * indicated that the object was already
207 * a tombstone, this will be used
208 * in dns_common_replace()
219 * Because we are not looking for a tombstone
220 * in this codepath, we just pretend it does
223 return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
227 werr = dns_common_extract(samdb, el, mem_ctx, records, num_records);
229 if (!W_ERROR_IS_OK(werr)) {
237 * Build an ldb_parse_tree node for an equality check
239 * Note: name is assumed to have been validated by dns_name_check
240 * so will be zero terminated and of a reasonable size.
242 static struct ldb_parse_tree *build_equality_operation(
244 bool add_asterix, /* prepend an '*' to the name */
245 const uint8_t *name, /* the value being matched */
246 const char *attr, /* the attribute to check name against */
247 size_t size) /* length of name */
250 struct ldb_parse_tree *el = NULL; /* Equality node being built */
251 struct ldb_val *value = NULL; /* Value the attr will be compared
253 size_t length = 0; /* calculated length of the value
254 including option '*' prefix and
255 '\0' string terminator */
257 el = talloc(mem_ctx, struct ldb_parse_tree);
259 DBG_ERR("Unable to allocate ldb_parse_tree\n");
263 el->operation = LDB_OP_EQUALITY;
264 el->u.equality.attr = talloc_strdup(mem_ctx, attr);
265 value = &el->u.equality.value;
266 length = (add_asterix) ? size + 2 : size + 1;
267 value->data = talloc_zero_array(el, uint8_t, length);
269 DBG_ERR("Unable to allocate value->data\n");
274 value->length = length;
276 value->data[0] = '*';
277 memcpy(&value->data[1], name, size);
279 memcpy(value->data, name, size);
285 * Determine the number of levels in name
286 * essentially the number of '.'s in the name + 1
288 * name is assumed to have been validated by dns_name_check
290 static unsigned int number_of_labels(const struct ldb_val *name) {
292 unsigned int labels = 1;
293 for (x = 0; x < name->length; x++) {
294 if (name->data[x] == '.') {
301 * Build a query that matches the target name, and any possible
302 * DNS wild card entries
304 * Builds a parse tree equivalent to the example query.
306 * x.y.z -> (|(name=x.y.z)(name=\2a.y.z)(name=\2a.z)(name=\2a))
308 * The attribute 'name' is used as this is what the LDB index is on
309 * (the RDN, being 'dc' in this use case, does not have an index in
312 * Returns NULL if unable to build the query.
314 * The first component of the DN is assumed to be the name being looked up
315 * and also that it has been validated by dns_name_check
318 #define BASE "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))(|(a=b)(c=d)))"
319 static struct ldb_parse_tree *build_wildcard_query(
323 const struct ldb_val *name = NULL; /* The DNS name being
325 const char *attr = "name"; /* The attribute name */
326 struct ldb_parse_tree *query = NULL; /* The constructed query
328 struct ldb_parse_tree *wildcard_query = NULL; /* The parse tree for the
331 int labels = 0; /* The number of labels in the name */
333 name = ldb_dn_get_rdn_val(dn);
335 DBG_ERR("Unable to get domain name value\n");
338 labels = number_of_labels(name);
340 query = ldb_parse_tree(mem_ctx, BASE);
342 DBG_ERR("Unable to parse query %s\n", BASE);
347 * The 3rd element of BASE is a place holder which is replaced with
348 * the actual wild card query
350 wildcard_query = query->u.list.elements[2];
351 TALLOC_FREE(wildcard_query->u.list.elements);
353 wildcard_query->u.list.num_elements = labels + 1;
354 wildcard_query->u.list.elements = talloc_array(
356 struct ldb_parse_tree *,
359 * Build the wild card query
362 int x = 0; /* current character in the name */
363 int l = 0; /* current equality operator index in elements */
364 struct ldb_parse_tree *el = NULL; /* Equality operator being
366 bool add_asterix = true; /* prepend an '*' to the value */
367 for (l = 0, x = 0; l < labels && x < name->length; l++) {
368 unsigned int size = name->length - x;
369 add_asterix = (name->data[x] == '.');
370 el = build_equality_operation(
377 return NULL; /* Reason will have been logged */
379 wildcard_query->u.list.elements[l] = el;
381 /* skip to the start of the next label */
382 for (;x < name->length && name->data[x] != '.'; x++);
385 /* Add the base level "*" only query */
386 el = build_equality_operation(mem_ctx, true, NULL, attr, 0);
389 return NULL; /* Reason will have been logged */
391 wildcard_query->u.list.elements[l] = el;
397 * Scan the list of records matching a dns wildcard query and return the
400 * The best match is either an exact name match, or the longest wild card
403 * i.e. name = a.b.c candidates *.b.c, *.c, - *.b.c would be selected
404 * name = a.b.c candidates a.b.c, *.b.c, *.c - a.b.c would be selected
406 static struct ldb_message *get_best_match(struct ldb_dn *dn,
407 struct ldb_result *result)
409 int matched = 0; /* Index of the current best match in result */
410 size_t length = 0; /* The length of the current candidate */
411 const struct ldb_val *target = NULL; /* value we're looking for */
412 const struct ldb_val *candidate = NULL; /* current candidate value */
415 target = ldb_dn_get_rdn_val(dn);
416 for(x = 0; x < result->count; x++) {
417 candidate = ldb_dn_get_rdn_val(result->msgs[x]->dn);
418 if (strncasecmp((char *) target->data,
419 (char *) candidate->data,
420 target->length) == 0) {
421 /* Exact match stop searching and return */
422 return result->msgs[x];
424 if (candidate->length > length) {
426 length = candidate->length;
429 return result->msgs[matched];
433 * Look up a DNS entry, if an exact match does not exist, return the
434 * closest matching DNS wildcard entry if available
436 * Returns: LDB_ERR_NO_SUCH_OBJECT If no matching record exists
437 * LDB_ERR_OPERATIONS_ERROR If the query fails
438 * LDB_SUCCESS If a matching record was retrieved
441 static int dns_wildcard_lookup(struct ldb_context *samdb,
444 struct ldb_message **msg)
446 static const char * const attrs[] = {
451 struct ldb_dn *parent = NULL; /* The parent dn */
452 struct ldb_result *result = NULL; /* Results of the search */
453 int ret; /* Return code */
454 struct ldb_parse_tree *query = NULL; /* The query to run */
455 struct ldb_request *request = NULL; /* LDB request for the query op */
456 struct ldb_message *match = NULL; /* the best matching DNS record */
457 TALLOC_CTX *frame = talloc_stackframe();
459 parent = ldb_dn_get_parent(frame, dn);
460 if (parent == NULL) {
461 DBG_ERR("Unable to extract parent from dn\n");
463 return LDB_ERR_OPERATIONS_ERROR;
466 query = build_wildcard_query(frame, dn);
469 return LDB_ERR_OPERATIONS_ERROR;
472 result = talloc_zero(mem_ctx, struct ldb_result);
473 if (result == NULL) {
475 DBG_ERR("Unable to allocate ldb_result\n");
476 return LDB_ERR_OPERATIONS_ERROR;
479 ret = ldb_build_search_req_ex(&request,
488 ldb_search_default_callback,
490 if (ret != LDB_SUCCESS) {
492 DBG_ERR("ldb_build_search_req_ex returned %d\n", ret);
496 ret = ldb_request(samdb, request);
497 if (ret != LDB_SUCCESS) {
502 ret = ldb_wait(request->handle, LDB_WAIT_ALL);
503 if (ret != LDB_SUCCESS) {
508 if (result->count == 0) {
510 return LDB_ERR_NO_SUCH_OBJECT;
513 match = get_best_match(dn, result);
516 return LDB_ERR_OPERATIONS_ERROR;
519 *msg = talloc_move(mem_ctx, &match);
525 * Lookup a DNS record, will match DNS wild card records if an exact match
528 WERROR dns_common_wildcard_lookup(struct ldb_context *samdb,
531 struct dnsp_DnssrvRpcRecord **records,
532 uint16_t *num_records)
536 struct ldb_message *msg = NULL;
537 struct ldb_message_element *el = NULL;
538 const struct ldb_val *name = NULL;
543 name = ldb_dn_get_rdn_val(dn);
545 return DNS_ERR(NAME_ERROR);
548 /* Don't look for a wildcard for @ */
549 if (name->length == 1 && name->data[0] == '@') {
550 return dns_common_lookup(samdb,
558 werr = dns_name_check(
560 strlen((const char*)name->data),
561 (const char*) name->data);
562 if (!W_ERROR_IS_OK(werr)) {
567 * Do a point search first, then fall back to a wildcard
568 * lookup if it does not exist
570 werr = dns_common_lookup(samdb,
576 if (!W_ERROR_EQUAL(werr, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
580 ret = dns_wildcard_lookup(samdb, mem_ctx, dn, &msg);
581 if (ret == LDB_ERR_OPERATIONS_ERROR) {
582 return DNS_ERR(SERVER_FAILURE);
584 if (ret != LDB_SUCCESS) {
585 return DNS_ERR(NAME_ERROR);
588 el = ldb_msg_find_element(msg, "dnsRecord");
590 return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
593 werr = dns_common_extract(samdb, el, mem_ctx, records, num_records);
595 if (!W_ERROR_IS_OK(werr)) {
602 static int rec_cmp(const struct dnsp_DnssrvRpcRecord *r1,
603 const struct dnsp_DnssrvRpcRecord *r2)
605 if (r1->wType != r2->wType) {
607 * The records are sorted with higher types first
609 return r2->wType - r1->wType;
613 * Then we need to sort from the oldest to newest timestamp
615 return r1->dwTimeStamp - r2->dwTimeStamp;
619 * Check for valid DNS names. These are names which:
621 * - do not start with a dot
622 * - do not have any empty labels
623 * - have no more than 127 labels
624 * - are no longer than 253 characters
625 * - none of the labels exceed 63 characters
627 WERROR dns_name_check(TALLOC_CTX *mem_ctx, size_t len, const char *name)
630 unsigned int labels = 0;
631 unsigned int label_len = 0;
634 return WERR_DS_INVALID_DN_SYNTAX;
637 if (len > 1 && name[0] == '.') {
638 return WERR_DS_INVALID_DN_SYNTAX;
641 if ((len - 1) > DNS_MAX_DOMAIN_LENGTH) {
642 return WERR_DS_INVALID_DN_SYNTAX;
645 for (i = 0; i < len - 1; i++) {
646 if (name[i] == '.' && name[i+1] == '.') {
647 return WERR_DS_INVALID_DN_SYNTAX;
649 if (name[i] == '.') {
651 if (labels > DNS_MAX_LABELS) {
652 return WERR_DS_INVALID_DN_SYNTAX;
657 if (label_len > DNS_MAX_LABEL_LENGTH) {
658 return WERR_DS_INVALID_DN_SYNTAX;
666 static WERROR check_name_list(TALLOC_CTX *mem_ctx, uint16_t rec_count,
667 struct dnsp_DnssrvRpcRecord *records)
672 struct dnsp_DnssrvRpcRecord record;
675 for (i = 0; i < rec_count; i++) {
678 switch (record.wType) {
681 len = strlen(record.data.ns);
682 werr = dns_name_check(mem_ctx, len, record.data.ns);
685 len = strlen(record.data.cname);
686 werr = dns_name_check(mem_ctx, len, record.data.cname);
689 len = strlen(record.data.soa.mname);
690 werr = dns_name_check(mem_ctx, len, record.data.soa.mname);
691 if (!W_ERROR_IS_OK(werr)) {
694 len = strlen(record.data.soa.rname);
695 werr = dns_name_check(mem_ctx, len, record.data.soa.rname);
698 len = strlen(record.data.ptr);
699 werr = dns_name_check(mem_ctx, len, record.data.ptr);
702 len = strlen(record.data.mx.nameTarget);
703 werr = dns_name_check(mem_ctx, len, record.data.mx.nameTarget);
706 len = strlen(record.data.srv.nameTarget);
707 werr = dns_name_check(mem_ctx, len,
708 record.data.srv.nameTarget);
711 * In the default case, the record doesn't have a DN, so it
718 if (!W_ERROR_IS_OK(werr)) {
726 WERROR dns_common_replace(struct ldb_context *samdb,
731 struct dnsp_DnssrvRpcRecord *records,
734 struct ldb_message_element *el;
738 struct ldb_message *msg = NULL;
739 bool was_tombstoned = false;
740 bool become_tombstoned = false;
742 msg = ldb_msg_new(mem_ctx);
743 W_ERROR_HAVE_NO_MEMORY(msg);
747 werr = check_name_list(mem_ctx, rec_count, records);
748 if (!W_ERROR_IS_OK(werr)) {
752 ret = ldb_msg_add_empty(msg, "dnsRecord", LDB_FLAG_MOD_REPLACE, &el);
753 if (ret != LDB_SUCCESS) {
754 return DNS_ERR(SERVER_FAILURE);
758 * we have at least one value,
759 * which might be used for the tombstone marker
761 el->values = talloc_zero_array(el, struct ldb_val, MAX(1, rec_count));
763 W_ERROR_HAVE_NO_MEMORY(el->values);
766 * We store a sorted list with the high wType values first
767 * that's what windows does. It also simplifies the
768 * filtering of DNS_TYPE_TOMBSTONE records
770 TYPESAFE_QSORT(records, rec_count, rec_cmp);
773 for (i = 0; i < rec_count; i++) {
774 struct ldb_val *v = &el->values[el->num_values];
775 enum ndr_err_code ndr_err;
777 if (records[i].wType == DNS_TYPE_TOMBSTONE) {
778 if (records[i].data.timestamp != 0) {
779 was_tombstoned = true;
784 records[i].dwSerial = serial;
785 ndr_err = ndr_push_struct_blob(v, el->values, &records[i],
786 (ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
787 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
788 DEBUG(0, ("Failed to push dnsp_DnssrvRpcRecord\n"));
789 return DNS_ERR(SERVER_FAILURE);
795 if (el->num_values == 0) {
799 ret = ldb_msg_add_string(msg, "objectClass", "dnsNode");
800 if (ret != LDB_SUCCESS) {
801 return DNS_ERR(SERVER_FAILURE);
804 ret = ldb_add(samdb, msg);
805 if (ret != LDB_SUCCESS) {
806 return DNS_ERR(SERVER_FAILURE);
812 if (el->num_values == 0) {
813 struct dnsp_DnssrvRpcRecord tbs;
814 struct ldb_val *v = &el->values[el->num_values];
815 enum ndr_err_code ndr_err;
818 if (was_tombstoned) {
820 * This is already a tombstoned object.
821 * Just leave it instead of updating the time stamp.
826 tv = timeval_current();
827 tbs = (struct dnsp_DnssrvRpcRecord) {
828 .wType = DNS_TYPE_TOMBSTONE,
830 .data.timestamp = timeval_to_nttime(&tv),
833 ndr_err = ndr_push_struct_blob(v, el->values, &tbs,
834 (ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
835 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
836 DEBUG(0, ("Failed to push dnsp_DnssrvRpcRecord\n"));
837 return DNS_ERR(SERVER_FAILURE);
841 become_tombstoned = true;
844 if (was_tombstoned || become_tombstoned) {
845 ret = ldb_msg_add_empty(msg, "dNSTombstoned",
846 LDB_FLAG_MOD_REPLACE, NULL);
847 if (ret != LDB_SUCCESS) {
848 return DNS_ERR(SERVER_FAILURE);
851 ret = ldb_msg_add_fmt(msg, "dNSTombstoned", "%s",
852 become_tombstoned ? "TRUE" : "FALSE");
853 if (ret != LDB_SUCCESS) {
854 return DNS_ERR(SERVER_FAILURE);
858 ret = ldb_modify(samdb, msg);
859 if (ret != LDB_SUCCESS) {
860 NTSTATUS nt = dsdb_ldb_err_to_ntstatus(ret);
861 return ntstatus_to_werror(nt);
867 bool dns_name_match(const char *zone, const char *name, size_t *host_part_len)
869 size_t zl = strlen(zone);
870 size_t nl = strlen(name);
872 static const size_t fixup = 'a' - 'A';
878 for (zi = zl, ni = nl; zi >= 0; zi--, ni--) {
882 /* convert to lower case */
883 if (zc >= 'A' && zc <= 'Z') {
886 if (nc >= 'A' && nc <= 'Z') {
896 if (name[ni] != '.') {
903 *host_part_len = ni+1;
908 WERROR dns_common_name2dn(struct ldb_context *samdb,
909 struct dns_server_zone *zones,
916 const struct dns_server_zone *z;
917 size_t host_part_len = 0;
921 return DNS_ERR(FORMAT_ERROR);
924 if (strcmp(name, "") == 0) {
925 base = ldb_get_default_basedn(samdb);
926 dn = ldb_dn_copy(mem_ctx, base);
927 ldb_dn_add_child_fmt(dn, "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System");
932 /* Check non-empty names */
933 werr = dns_name_check(mem_ctx, strlen(name), name);
934 if (!W_ERROR_IS_OK(werr)) {
938 for (z = zones; z != NULL; z = z->next) {
941 match = dns_name_match(z->name, name, &host_part_len);
948 return DNS_ERR(NAME_ERROR);
951 if (host_part_len == 0) {
952 dn = ldb_dn_copy(mem_ctx, z->dn);
953 ldb_dn_add_child_fmt(dn, "DC=@");
958 dn = ldb_dn_copy(mem_ctx, z->dn);
959 ldb_dn_add_child_fmt(dn, "DC=%*.*s", (int)host_part_len, (int)host_part_len, name);
964 static int dns_common_sort_zones(struct ldb_message **m1, struct ldb_message **m2)
969 n1 = ldb_msg_find_attr_as_string(*m1, "name", NULL);
970 n2 = ldb_msg_find_attr_as_string(*m2, "name", NULL);
975 /* If the string lengths are not equal just sort by length */
977 /* If m1 is the larger zone name, return it first */
981 /*TODO: We need to compare DNs here, we want the DomainDNSZones first */
985 NTSTATUS dns_common_zones(struct ldb_context *samdb,
987 struct ldb_dn *base_dn,
988 struct dns_server_zone **zones_ret)
991 static const char * const attrs[] = { "name", NULL};
992 struct ldb_result *res;
994 struct dns_server_zone *new_list = NULL;
995 TALLOC_CTX *frame = talloc_stackframe();
998 /* This search will work against windows */
999 ret = dsdb_search(samdb, frame, &res,
1000 base_dn, LDB_SCOPE_SUBTREE,
1001 attrs, 0, "(objectClass=dnsZone)");
1003 /* TODO: this search does not work against windows */
1004 ret = dsdb_search(samdb, frame, &res, NULL,
1007 DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
1008 "(objectClass=dnsZone)");
1010 if (ret != LDB_SUCCESS) {
1012 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1015 TYPESAFE_QSORT(res->msgs, res->count, dns_common_sort_zones);
1017 for (i=0; i < res->count; i++) {
1018 struct dns_server_zone *z;
1020 z = talloc_zero(mem_ctx, struct dns_server_zone);
1023 return NT_STATUS_NO_MEMORY;
1026 z->name = ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL);
1027 talloc_steal(z, z->name);
1028 z->dn = talloc_move(z, &res->msgs[i]->dn);
1030 * Ignore the RootDNSServers zone and zones that we don't support yet
1031 * RootDNSServers should never be returned (Windows DNS server don't)
1032 * ..TrustAnchors should never be returned as is, (Windows returns
1033 * TrustAnchors) and for the moment we don't support DNSSEC so we'd better
1034 * not return this zone.
1036 if ((strcmp(z->name, "RootDNSServers") == 0) ||
1037 (strcmp(z->name, "..TrustAnchors") == 0))
1039 DEBUG(10, ("Ignoring zone %s\n", z->name));
1043 DLIST_ADD_END(new_list, z);
1046 *zones_ret = new_list;
1048 return NT_STATUS_OK;
1052 see if two DNS names are the same
1054 bool dns_name_equal(const char *name1, const char *name2)
1056 size_t len1 = strlen(name1);
1057 size_t len2 = strlen(name2);
1059 if (len1 > 0 && name1[len1 - 1] == '.') {
1062 if (len2 > 0 && name2[len2 - 1] == '.') {
1068 return strncasecmp(name1, name2, len1) == 0;