2 Unix SMB/CIFS implementation.
4 DNS server handler for queries
6 Copyright (C) 2010 Kai Blin <kai@samba.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/service_task.h"
24 #include "libcli/util/werror.h"
25 #include "librpc/ndr/libndr.h"
26 #include "librpc/gen_ndr/ndr_dns.h"
27 #include "librpc/gen_ndr/ndr_dnsp.h"
29 #include "param/param.h"
30 #include "dsdb/samdb/samdb.h"
31 #include "dsdb/common/util.h"
32 #include "dns_server/dns_server.h"
33 #include "libcli/dns/libdns.h"
34 #include "lib/util/util_net.h"
35 #include "lib/util/tevent_werror.h"
37 static WERROR create_response_rr(const struct dns_name_question *question,
38 const struct dnsp_DnssrvRpcRecord *rec,
39 struct dns_res_rec **answers, uint16_t *ancount)
41 struct dns_res_rec *ans = *answers;
42 uint16_t ai = *ancount;
50 ans[ai].rdata.cname_record = talloc_strdup(ans, rec->data.cname);
51 if (ans[ai].rdata.cname_record == NULL) {
56 ans[ai].rdata.ipv4_record = talloc_strdup(ans, rec->data.ipv4);
57 if (ans[ai].rdata.ipv4_record == NULL) {
62 ans[ai].rdata.ipv6_record = rec->data.ipv6;
65 ans[ai].rdata.ns_record = rec->data.ns;
68 ans[ai].rdata.srv_record.priority = rec->data.srv.wPriority;
69 ans[ai].rdata.srv_record.weight = rec->data.srv.wWeight;
70 ans[ai].rdata.srv_record.port = rec->data.srv.wPort;
71 ans[ai].rdata.srv_record.target = talloc_strdup(
72 ans, rec->data.srv.nameTarget);
73 if (ans[ai].rdata.srv_record.target == NULL) {
78 ans[ai].rdata.soa_record.mname = talloc_strdup(
79 ans, rec->data.soa.mname);
80 if (ans[ai].rdata.soa_record.mname == NULL) {
83 ans[ai].rdata.soa_record.rname = talloc_strdup(
84 ans, rec->data.soa.rname);
85 if (ans[ai].rdata.soa_record.rname == NULL) {
88 ans[ai].rdata.soa_record.serial = rec->data.soa.serial;
89 ans[ai].rdata.soa_record.refresh = rec->data.soa.refresh;
90 ans[ai].rdata.soa_record.retry = rec->data.soa.retry;
91 ans[ai].rdata.soa_record.expire = rec->data.soa.expire;
92 ans[ai].rdata.soa_record.minimum = rec->data.soa.minimum;
95 ans[ai].rdata.ptr_record = talloc_strdup(ans, rec->data.ptr);
98 tmp = talloc_asprintf(ans, "\"%s\"", rec->data.txt.str[0]);
102 for (i=1; i<rec->data.txt.count; i++) {
103 tmp = talloc_asprintf_append_buffer(
104 tmp, " \"%s\"", rec->data.txt.str[i]);
109 ans[ai].rdata.txt_record.txt = tmp;
112 DEBUG(0, ("Got unhandled type %u query.\n", rec->wType));
113 return DNS_ERR(NOT_IMPLEMENTED);
116 ans[ai].name = talloc_strdup(ans, question->name);
117 if (ans[ai].name == NULL) {
120 ans[ai].rr_type = rec->wType;
121 ans[ai].rr_class = DNS_QCLASS_IN;
122 ans[ai].ttl = rec->dwTtlSeconds;
123 ans[ai].length = UINT16_MAX;
132 struct ask_forwarder_state {
133 struct tevent_context *ev;
135 struct dns_name_packet in_packet;
138 static void ask_forwarder_done(struct tevent_req *subreq);
140 static struct tevent_req *ask_forwarder_send(
141 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
142 const char *forwarder, struct dns_name_question *question)
144 struct tevent_req *req, *subreq;
145 struct ask_forwarder_state *state;
146 struct dns_name_packet out_packet = { 0, };
148 enum ndr_err_code ndr_err;
150 req = tevent_req_create(mem_ctx, &state, struct ask_forwarder_state);
155 generate_random_buffer((uint8_t *)&state->id, sizeof(state->id));
157 if (!is_ipaddress(forwarder)) {
158 DEBUG(0, ("Invalid 'dns forwarder' setting '%s', needs to be "
159 "an IP address\n", forwarder));
160 tevent_req_werror(req, DNS_ERR(NAME_ERROR));
161 return tevent_req_post(req, ev);
164 out_packet.id = state->id;
165 out_packet.operation |= DNS_OPCODE_QUERY | DNS_FLAG_RECURSION_DESIRED;
166 out_packet.qdcount = 1;
167 out_packet.questions = question;
169 ndr_err = ndr_push_struct_blob(
170 &out_blob, state, &out_packet,
171 (ndr_push_flags_fn_t)ndr_push_dns_name_packet);
172 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
173 tevent_req_werror(req, DNS_ERR(SERVER_FAILURE));
174 return tevent_req_post(req, ev);
176 subreq = dns_udp_request_send(state, ev, forwarder, out_blob.data,
178 if (tevent_req_nomem(subreq, req)) {
179 return tevent_req_post(req, ev);
181 tevent_req_set_callback(subreq, ask_forwarder_done, req);
185 static void ask_forwarder_done(struct tevent_req *subreq)
187 struct tevent_req *req = tevent_req_callback_data(
188 subreq, struct tevent_req);
189 struct ask_forwarder_state *state = tevent_req_data(
190 req, struct ask_forwarder_state);
192 enum ndr_err_code ndr_err;
195 ret = dns_udp_request_recv(subreq, state,
196 &in_blob.data, &in_blob.length);
198 if (tevent_req_werror(req, ret)) {
202 ndr_err = ndr_pull_struct_blob(
203 &in_blob, state, &state->in_packet,
204 (ndr_pull_flags_fn_t)ndr_pull_dns_name_packet);
205 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
206 tevent_req_werror(req, DNS_ERR(SERVER_FAILURE));
209 if (state->in_packet.id != state->id) {
210 tevent_req_werror(req, DNS_ERR(NAME_ERROR));
213 tevent_req_done(req);
216 static WERROR ask_forwarder_recv(
217 struct tevent_req *req, TALLOC_CTX *mem_ctx,
218 struct dns_res_rec **answers, uint16_t *ancount,
219 struct dns_res_rec **nsrecs, uint16_t *nscount,
220 struct dns_res_rec **additional, uint16_t *arcount)
222 struct ask_forwarder_state *state = tevent_req_data(
223 req, struct ask_forwarder_state);
224 struct dns_name_packet *in_packet = &state->in_packet;
227 if (tevent_req_is_werror(req, &err)) {
231 *ancount = in_packet->ancount;
232 *answers = talloc_move(mem_ctx, &in_packet->answers);
234 *nscount = in_packet->nscount;
235 *nsrecs = talloc_move(mem_ctx, &in_packet->nsrecs);
237 *arcount = in_packet->arcount;
238 *additional = talloc_move(mem_ctx, &in_packet->additional);
243 static WERROR handle_question(struct dns_server *dns,
245 const struct dns_name_question *question,
246 struct dns_res_rec **answers, uint16_t *ancount)
248 struct dns_res_rec *ans;
251 struct dnsp_DnssrvRpcRecord *recs;
252 uint16_t rec_count, ai = 0;
253 struct ldb_dn *dn = NULL;
255 werror = dns_name2dn(dns, mem_ctx, question->name, &dn);
256 W_ERROR_NOT_OK_RETURN(werror);
258 werror = dns_lookup_records(dns, mem_ctx, dn, &recs, &rec_count);
259 W_ERROR_NOT_OK_RETURN(werror);
261 ans = talloc_zero_array(mem_ctx, struct dns_res_rec, rec_count);
262 W_ERROR_HAVE_NO_MEMORY(ans);
264 for (ri = 0; ri < rec_count; ri++) {
265 if ((question->question_type != DNS_QTYPE_ALL) &&
266 (recs[ri].wType != question->question_type)) {
269 werror = create_response_rr(question, &recs[ri], &ans, &ai);
270 W_ERROR_NOT_OK_RETURN(werror);
274 return DNS_ERR(NAME_ERROR);
284 struct dns_server_process_query_state {
285 struct dns_res_rec *answers;
287 struct dns_res_rec *nsrecs;
289 struct dns_res_rec *additional;
293 static void dns_server_process_query_got_response(struct tevent_req *subreq);
295 struct tevent_req *dns_server_process_query_send(
296 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
297 struct dns_server *dns, struct dns_request_state *req_state,
298 const struct dns_name_packet *in)
300 struct tevent_req *req, *subreq;
301 struct dns_server_process_query_state *state;
303 req = tevent_req_create(mem_ctx, &state,
304 struct dns_server_process_query_state);
308 if (in->qdcount != 1) {
309 tevent_req_werror(req, DNS_ERR(FORMAT_ERROR));
310 return tevent_req_post(req, ev);
313 /* Windows returns NOT_IMPLEMENTED on this as well */
314 if (in->questions[0].question_class == DNS_QCLASS_NONE) {
315 tevent_req_werror(req, DNS_ERR(NOT_IMPLEMENTED));
316 return tevent_req_post(req, ev);
319 if (dns_authorative_for_zone(dns, in->questions[0].name)) {
322 req_state->flags |= DNS_FLAG_AUTHORITATIVE;
323 err = handle_question(dns, state, &in->questions[0],
324 &state->answers, &state->ancount);
325 if (tevent_req_werror(req, err)) {
326 return tevent_req_post(req, ev);
328 tevent_req_done(req);
329 return tevent_req_post(req, ev);
332 if ((req_state->flags & DNS_FLAG_RECURSION_DESIRED) &&
333 (req_state->flags & DNS_FLAG_RECURSION_AVAIL)) {
334 DEBUG(2, ("Not authoritative for '%s', forwarding\n",
335 in->questions[0].name));
337 subreq = ask_forwarder_send(
338 state, ev, lpcfg_dns_forwarder(dns->task->lp_ctx),
340 if (tevent_req_nomem(subreq, req)) {
341 return tevent_req_post(req, ev);
343 tevent_req_set_callback(
344 subreq, dns_server_process_query_got_response, req);
348 tevent_req_werror(req, DNS_ERR(NAME_ERROR));
349 return tevent_req_post(req, ev);
352 static void dns_server_process_query_got_response(struct tevent_req *subreq)
354 struct tevent_req *req = tevent_req_callback_data(
355 subreq, struct tevent_req);
356 struct dns_server_process_query_state *state = tevent_req_data(
357 req, struct dns_server_process_query_state);
360 err = ask_forwarder_recv(subreq, state,
361 &state->answers, &state->ancount,
362 &state->nsrecs, &state->nscount,
363 &state->additional, &state->arcount);
365 if (tevent_req_werror(req, err)) {
368 tevent_req_done(req);
371 WERROR dns_server_process_query_recv(
372 struct tevent_req *req, TALLOC_CTX *mem_ctx,
373 struct dns_res_rec **answers, uint16_t *ancount,
374 struct dns_res_rec **nsrecs, uint16_t *nscount,
375 struct dns_res_rec **additional, uint16_t *arcount)
377 struct dns_server_process_query_state *state = tevent_req_data(
378 req, struct dns_server_process_query_state);
381 if (tevent_req_is_werror(req, &err)) {
384 *answers = talloc_move(mem_ctx, &state->answers);
385 *ancount = state->ancount;
386 *nsrecs = talloc_move(mem_ctx, &state->nsrecs);
387 *nscount = state->nscount;
388 *additional = talloc_move(mem_ctx, &state->additional);
389 *arcount = state->arcount;