]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
net: Move dns_negotiate_sec_ctx() into its only caller
authorVolker Lendecke <vl@samba.org>
Sat, 13 Jun 2026 08:59:08 +0000 (10:59 +0200)
committerVolker Lendecke <vl@samba.org>
Fri, 3 Jul 2026 08:08:36 +0000 (08:08 +0000)
Now that it's converted to NDR-generated structures and uses
dns_cli_request() from toplevel libcli/dns, dns_negotiate_sec_ctx()
does not have to live in lib/addns anymore. If we were to make this
more generally available, it would move together with
DoDNSUpdateNegotiateGensec() or even DoDNSUpdate().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
lib/addns/dns.h
lib/addns/dnsgss.c [deleted file]
lib/addns/wscript_build
source3/utils/net_dns.c

index bff10db800bdf026e401465d11cf2989bb2cd302..457b7b38a22c7af390932c757a83d12286150f18 100644 (file)
@@ -185,13 +185,4 @@ struct dns_update_request *dns_request2update(struct dns_request *request);
 uint16_t dns_response_code(uint16_t flags);
 const char *dns_errstr(DNS_ERROR err);
 
-/* from dnsgss.c */
-
-struct gensec_security;
-
-DNS_ERROR dns_negotiate_sec_ctx(const char *serveraddress,
-                               const char *keyname,
-                               struct gensec_security *gensec,
-                               enum dns_ServerType srv_type);
-
 #endif /* _DNS_H */
diff --git a/lib/addns/dnsgss.c b/lib/addns/dnsgss.c
deleted file mode 100644 (file)
index 07714aa..0000000
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
-  Public Interface file for Linux DNS client library implementation
-
-  Copyright (C) 2006 Krishna Ganugapati <krishnag@centeris.com>
-  Copyright (C) 2006 Gerald Carter <jerry@samba.org>
-
-     ** NOTE! The following LGPL license applies to the libaddns
-     ** library. This does NOT imply that all of Samba is released
-     ** under the LGPL
-
-  This library is free software; you can redistribute it and/or
-  modify it under the terms of the GNU Lesser General Public
-  License as published by the Free Software Foundation; either
-  version 2.1 of the License, or (at your option) any later version.
-
-  This library is distributed in the hope that it will be useful,
-  but WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public
-  License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "replace.h"
-#include <talloc.h>
-#include "lib/util/talloc_stack.h"
-#include "lib/util/data_blob.h"
-#include "lib/util/time.h"
-#include "lib/util/charset/charset.h"
-#include "libcli/util/ntstatus.h"
-#include "auth/gensec/gensec.h"
-#include "dnserr.h"
-#include "lib/addns/dns.h"
-#include "libcli/dns/libdns.h"
-
-DNS_ERROR dns_negotiate_sec_ctx(const char *serveraddress,
-                               const char *keyname,
-                               struct gensec_security *gensec,
-                               enum dns_ServerType srv_type)
-{
-       TALLOC_CTX *frame = talloc_stackframe();
-       struct dns_name_packet *reply = NULL;
-       DATA_BLOB in = { .length = 0, };
-       DATA_BLOB out = { .length = 0, };
-       NTSTATUS status;
-       DNS_ERROR err;
-
-       do {
-               status = gensec_update(gensec, frame, in, &out);
-               TALLOC_FREE(reply);
-               if (GENSEC_UPDATE_IS_NTERROR(status)) {
-                       err = ERROR_DNS_GSS_ERROR;
-                       goto error;
-               }
-
-               if (out.length != 0) {
-                       int ret;
-                       time_t t = time(NULL);
-
-                       struct dns_res_rec tkey = {
-                               .name = keyname,
-                               .rr_type = DNS_QTYPE_TKEY,
-                               .rr_class = DNS_QCLASS_ANY,
-                               .length = 1,
-                               .rdata.tkey_record
-                                       .algorithm = "gss.microsoft.com",
-                               .rdata.tkey_record.inception = t,
-                               .rdata.tkey_record.expiration = t + 86400,
-                               .rdata.tkey_record.mode = DNS_TKEY_MODE_GSSAPI,
-                               .rdata.tkey_record.key_size = out.length,
-                               .rdata.tkey_record.key_data = out.data,
-                       };
-                       struct dns_name_question question = {
-                               .name = keyname,
-                               .question_class = DNS_QCLASS_IN,
-                               .question_type = DNS_QTYPE_TKEY,
-                       };
-                       struct dns_name_packet rec = {
-                               .operation = DNS_OPCODE_QUERY,
-                               .qdcount = 1,
-                               .questions = &question,
-                       };
-
-                       /* Windows 2000 DNS is broken and requires the
-                          TKEY payload in the Answer section instead
-                          of the Additional section like Windows 2003 */
-
-                       if ( srv_type == DNS_SRV_WIN2000 ) {
-                               rec.ancount = 1;
-                               rec.answers = &tkey;
-                       } else {
-                               rec.arcount = 1;
-                               rec.additional = &tkey;
-                       }
-
-                       ret = dns_cli_request(frame,
-                                             serveraddress,
-                                             &rec,
-                                             &reply);
-                       if (ret != 0) {
-                               err = ERROR_DNS_SOCKET_ERROR;
-                               goto error;
-                       }
-               }
-
-               if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-                       struct dns_res_rec *tkey_answer = NULL;
-                       struct dns_tkey_record *tkey = NULL;
-
-                       uint16_t i;
-
-                       /*
-                        * TODO: Compare id and keyname
-                        */
-
-                       for (i = 0; i < reply->ancount; i++) {
-                               tkey_answer = &reply->answers[i];
-
-                               if (tkey_answer->rr_type == DNS_QTYPE_TKEY) {
-                                       break;
-                               }
-                       }
-
-                       if (i == reply->ancount) {
-                               err = ERROR_DNS_INVALID_MESSAGE;
-                               goto error;
-                       }
-
-                       tkey = &tkey_answer->rdata.tkey_record;
-
-                       in = data_blob_const(tkey->key_data, tkey->key_size);
-               }
-
-       } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
-
-       /* If we arrive here, we have a valid security context */
-
-       err = ERROR_DNS_SUCCESS;
-
-      error:
-
-       TALLOC_FREE(frame);
-       return err;
-}
index d6ad5952c2b4a691e2317934e8750321342a4cd1..656c596191b7ab701c2aafcf4006c2a6cea2960b 100644 (file)
@@ -5,7 +5,6 @@ bld.SAMBA_LIBRARY('addns',
                        dnsquery.c
                        dnsrecord.c
                        dnssock.c
-                       dnsgss.c
                        dnsmarshall.c
                        error.c
                        dnsquery_srv.c
index 51648a37c4fbb9aebc5372134b9773ce2c492e84..63cd4f6c8db437cbbe8c19b437d4eb6a8aefdc51 100644 (file)
 
 #if defined(HAVE_KRB5)
 
+static DNS_ERROR dns_negotiate_sec_ctx(const char *serveraddress,
+                                      const char *keyname,
+                                      struct gensec_security *gensec,
+                                      enum dns_ServerType srv_type)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct dns_name_packet *reply = NULL;
+       DATA_BLOB in = { .length = 0, };
+       DATA_BLOB out = { .length = 0, };
+       NTSTATUS status;
+       DNS_ERROR err;
+
+       do {
+               status = gensec_update(gensec, frame, in, &out);
+               TALLOC_FREE(reply);
+               if (GENSEC_UPDATE_IS_NTERROR(status)) {
+                       err = ERROR_DNS_GSS_ERROR;
+                       goto error;
+               }
+
+               if (out.length != 0) {
+                       int ret;
+                       time_t t = time(NULL);
+
+                       struct dns_res_rec tkey = {
+                               .name = keyname,
+                               .rr_type = DNS_QTYPE_TKEY,
+                               .rr_class = DNS_QCLASS_ANY,
+                               .length = 1,
+                               .rdata.tkey_record
+                                       .algorithm = "gss.microsoft.com",
+                               .rdata.tkey_record.inception = t,
+                               .rdata.tkey_record.expiration = t + 86400,
+                               .rdata.tkey_record.mode = DNS_TKEY_MODE_GSSAPI,
+                               .rdata.tkey_record.key_size = out.length,
+                               .rdata.tkey_record.key_data = out.data,
+                       };
+                       struct dns_name_question question = {
+                               .name = keyname,
+                               .question_class = DNS_QCLASS_IN,
+                               .question_type = DNS_QTYPE_TKEY,
+                       };
+                       struct dns_name_packet rec = {
+                               .operation = DNS_OPCODE_QUERY,
+                               .qdcount = 1,
+                               .questions = &question,
+                       };
+
+                       /* Windows 2000 DNS is broken and requires the
+                          TKEY payload in the Answer section instead
+                          of the Additional section like Windows 2003 */
+
+                       if ( srv_type == DNS_SRV_WIN2000 ) {
+                               rec.ancount = 1;
+                               rec.answers = &tkey;
+                       } else {
+                               rec.arcount = 1;
+                               rec.additional = &tkey;
+                       }
+
+                       ret = dns_cli_request(frame,
+                                             serveraddress,
+                                             &rec,
+                                             &reply);
+                       if (ret != 0) {
+                               err = ERROR_DNS_SOCKET_ERROR;
+                               goto error;
+                       }
+               }
+
+               if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+                       struct dns_res_rec *tkey_answer = NULL;
+                       struct dns_tkey_record *tkey = NULL;
+
+                       uint16_t i;
+
+                       /*
+                        * TODO: Compare id and keyname
+                        */
+
+                       for (i = 0; i < reply->ancount; i++) {
+                               tkey_answer = &reply->answers[i];
+
+                               if (tkey_answer->rr_type == DNS_QTYPE_TKEY) {
+                                       break;
+                               }
+                       }
+
+                       if (i == reply->ancount) {
+                               err = ERROR_DNS_INVALID_MESSAGE;
+                               goto error;
+                       }
+
+                       tkey = &tkey_answer->rdata.tkey_record;
+
+                       in = data_blob_const(tkey->key_data, tkey->key_size);
+               }
+
+       } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
+
+       /* If we arrive here, we have a valid security context */
+
+       err = ERROR_DNS_SUCCESS;
+
+      error:
+
+       TALLOC_FREE(frame);
+       return err;
+}
+
 /*********************************************************************
 *********************************************************************/