int i;
for (i=0; zone_prefixes[i]; i++) {
+ const char *casefold;
struct ldb_dn *dn;
struct ldb_result *res;
+ struct ldb_val zone_name_val
+ = data_blob_string_const(zone_name);
dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
if (dn == NULL) {
return ISC_R_NOMEMORY;
}
- if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone_name, zone_prefixes[i])) {
+ /*
+ * This dance ensures that it is not possible to put
+ * (eg) an extra DC=x, into the DNS name being
+ * queried
+ */
+
+ if (!ldb_dn_add_child_fmt(dn,
+ "DC=X,%s",
+ zone_prefixes[i])) {
+ talloc_free(tmp_ctx);
+ return ISC_R_NOMEMORY;
+ }
+
+ ret = ldb_dn_set_component(dn,
+ 0,
+ "DC",
+ zone_name_val);
+ if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
+ /*
+ * Check if this is a plausibly valid DN early
+ * (time spent here will be saved during the
+ * search due to an internal cache)
+ */
+ casefold = ldb_dn_get_casefold(dn);
+
+ if (casefold == NULL) {
+ talloc_free(tmp_ctx);
+ return ISC_R_NOTFOUND;
+ }
+
ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "objectClass=dnsZone");
if (ret == LDB_SUCCESS) {
if (zone_dn != NULL) {
isc_result_t result;
result = b9_find_zone_dn(state, p, mem_ctx, dn);
if (result == ISC_R_SUCCESS) {
+ const char *casefold;
+
/* we found a zone, now extend the DN to get
* the full DN
*/
bool ret;
if (p == name) {
ret = ldb_dn_add_child_fmt(*dn, "DC=@");
+ if (ret == false) {
+ talloc_free(*dn);
+ return ISC_R_NOMEMORY;
+ }
} else {
- ret = ldb_dn_add_child_fmt(*dn, "DC=%.*s", (int)(p-name)-1, name);
+ struct ldb_val name_val
+ = data_blob_const(name,
+ (int)(p-name)-1);
+
+ if (!ldb_dn_add_child_val(*dn,
+ "DC",
+ name_val)) {
+ talloc_free(*dn);
+ return ISC_R_NOMEMORY;
+ }
}
- if (!ret) {
- talloc_free(*dn);
- return ISC_R_NOMEMORY;
+
+ /*
+ * Check if this is a plausibly valid DN early
+ * (time spent here will be saved during the
+ * search due to an internal cache)
+ */
+ casefold = ldb_dn_get_casefold(*dn);
+
+ if (casefold == NULL) {
+ return ISC_R_NOTFOUND;
}
+
return ISC_R_SUCCESS;
}
p = strchr(p, '.');
WERROR werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
struct dnsp_DnssrvRpcRecord *records = NULL;
uint16_t num_records = 0, i;
+ struct ldb_val zone_name_val
+ = data_blob_string_const(zone);
+ struct ldb_val name_val
+ = data_blob_string_const(name);
for (i=0; zone_prefixes[i]; i++) {
+ int ret;
+ const char *casefold;
dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
if (dn == NULL) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
- if (!ldb_dn_add_child_fmt(dn, "DC=%s,DC=%s,%s", name, zone, zone_prefixes[i])) {
+ /*
+ * This dance ensures that it is not possible to put
+ * (eg) an extra DC=x, into the DNS name being
+ * queried
+ */
+
+ if (!ldb_dn_add_child_fmt(dn,
+ "DC=X,DC=X,%s",
+ zone_prefixes[i])) {
+ talloc_free(tmp_ctx);
+ return ISC_R_NOMEMORY;
+ }
+
+ ret = ldb_dn_set_component(dn,
+ 1,
+ "DC",
+ zone_name_val);
+ if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
+ ret = ldb_dn_set_component(dn,
+ 0,
+ "DC",
+ name_val);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ISC_R_NOMEMORY;
+ }
+
+ /*
+ * Check if this is a plausibly valid DN early
+ * (time spent here will be saved during the
+ * search due to an internal cache)
+ */
+ casefold = ldb_dn_get_casefold(dn);
+
+ if (casefold == NULL) {
+ talloc_free(tmp_ctx);
+ return ISC_R_NOTFOUND;
+ }
+
werr = dns_common_wildcard_lookup(state->samdb, tmp_ctx, dn,
&records, &num_records);
if (W_ERROR_IS_OK(werr)) {
struct ldb_dn *dn;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx = talloc_new(state);
+ struct ldb_val zone_name_val = data_blob_string_const(zone);
for (i=0; zone_prefixes[i]; i++) {
+ const char *casefold;
+
dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->samdb));
if (dn == NULL) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
- if (!ldb_dn_add_child_fmt(dn, "DC=%s,%s", zone, zone_prefixes[i])) {
+ /*
+ * This dance ensures that it is not possible to put
+ * (eg) an extra DC=x, into the DNS name being
+ * queried
+ */
+
+ if (!ldb_dn_add_child_fmt(dn,
+ "DC=X,%s",
+ zone_prefixes[i])) {
+ talloc_free(tmp_ctx);
+ return ISC_R_NOMEMORY;
+ }
+
+ ret = ldb_dn_set_component(dn,
+ 0,
+ "DC",
+ zone_name_val);
+ if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ISC_R_NOMEMORY;
}
+ /*
+ * Check if this is a plausibly valid DN early
+ * (time spent here will be saved during the
+ * search due to an internal cache)
+ */
+ casefold = ldb_dn_get_casefold(dn);
+
+ if (casefold == NULL) {
+ return ISC_R_NOTFOUND;
+ }
+
ret = ldb_search(state->samdb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
attrs, "objectClass=dnsNode");
if (ret == LDB_SUCCESS) {
WERROR werr;
struct dnsp_DnssrvRpcRecord *records = NULL;
uint16_t num_records = 0, i;
+ struct ldb_val zone_name_val
+ = data_blob_string_const(zone);
+
+ /*
+ * This dance ensures that it is not possible to put
+ * (eg) an extra DC=x, into the DNS name being
+ * queried
+ */
- if (!ldb_dn_add_child_fmt(dn, "DC=@,DC=%s", zone)) {
+ if (!ldb_dn_add_child_val(dn,
+ "DC",
+ zone_name_val)) {
talloc_free(tmp_ctx);
return false;
}
struct ldb_result *res;
struct ldb_dn *dn;
char *encoded_name = ldb_binary_encode_string(mem_ctx, name);
+ struct ldb_val name_val = data_blob_string_const(name);
int ret;
ret = ldb_search(samdb, mem_ctx, &res, z->zone_dn, LDB_SCOPE_BASE, attrs,
dn = ldb_dn_copy(mem_ctx, z->zone_dn);
W_ERROR_HAVE_NO_MEMORY(dn);
- if (!ldb_dn_add_child_fmt(dn, "DC=%s", name)) {
+ if (!ldb_dn_add_child_val(dn, "DC", name_val)) {
return WERR_NOT_ENOUGH_MEMORY;
}
struct dnsp_DnssrvRpcRecord *dns_rec;
struct dnsp_soa soa;
char *tmpstr, *server_fqdn, *soa_email;
+ struct ldb_val name_val = data_blob_string_const(zone->name);
/* We only support primary zones for now */
if (zone->zoneinfo->dwZoneType != DNS_ZONE_TYPE_PRIMARY) {
dn = ldb_dn_copy(tmp_ctx, p->partition_dn);
W_ERROR_HAVE_NO_MEMORY_AND_FREE(dn, tmp_ctx);
- if(!ldb_dn_add_child_fmt(dn, "DC=%s,CN=MicrosoftDNS", zone->name)) {
+ if (!ldb_dn_add_child_fmt(dn, "CN=MicrosoftDNS")) {
+ talloc_free(tmp_ctx);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ if (!ldb_dn_add_child_val(dn, "DC", name_val)) {
talloc_free(tmp_ctx);
return WERR_NOT_ENOUGH_MEMORY;
}
projects / thirdparty / samba.git / commitdiff
