4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as

valid with check-names. <forest> still needs to be LDH. [RT #40399] (cherry picked from commit dc3912f3ca)
2026-06-13 01:50:00 -04:00 · 2015-08-22 15:27:33 +10:00 · 2015-08-22 15:27:33 +10:00 · fea8a9d56b
commit fea8a9d56b
parent d7ef667588
8 changed files with 74 additions and 7 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+4190.	[protocol]	Accept Active Diretory gc._msdcs.<forest> name as
+			valid with check-names.  <forest> still needs to be
+			LDH. [RT #40399]
+
 4189.	[cleanup]	Don't exit on overly long tokens in named.conf.
 			[RT #40418]

--- a/bin/tests/system/checkzone/tests.sh
+++ b/bin/tests/system/checkzone/tests.sh
@ -24,7 +24,14 @@ for db in zones/good*.db
 do
 	echo "I:checking $db ($n)"
 	ret=0
-	$CHECKZONE -i local example $db > test.out.$n 2>&1 || ret=1
+	case $db in
+	zones/good-gc-msdcs.db)
+		$CHECKZONE -k fail -i local example $db > test.out.$n 2>&1 || ret=1
+		;;
+	*)
+		$CHECKZONE -i local example $db > test.out.$n 2>&1 || ret=1
+		;;
+	esac
 	n=`expr $n + 1`
 	if [ $ret != 0 ]; then echo "I:failed"; fi
 	status=`expr $status + $ret`
--- a/bin/tests/system/checkzone/zones/good-gc-msdcs.db
+++ b/bin/tests/system/checkzone/zones/good-gc-msdcs.db
@ -0,0 +1,19 @@
+; Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+$TTL 600
+@		SOA	ns hostmaster 2011012708 3600 1200 604800 1200
+		NS	ns
+ns		A	192.0.2.1
+gc._msdcs	A	192.0.2.2
--- a/lib/dns/include/dns/name.h
+++ b/lib/dns/include/dns/name.h
@ -989,10 +989,6 @@ dns_name_split(dns_name_t *name, unsigned int suffixlabels,
 *
 *\li	'suffix' is a valid name or NULL, and cannot be read-only.
 *
- *\li	If non-NULL, 'prefix' and 'suffix' must have dedicated buffers.
- *
- *\li	'prefix' and 'suffix' cannot point to the same buffer.
- *
 * Ensures:
 *
 *\li	On success:
--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@ -2114,11 +2114,9 @@ dns_name_split(dns_name_t *name, unsigned int suffixlabels,
 	REQUIRE(prefix != NULL || suffix != NULL);
 	REQUIRE(prefix == NULL ||
 		(VALID_NAME(prefix) &&
-		 prefix->buffer != NULL &&
 		 BINDABLE(prefix)));
 	REQUIRE(suffix == NULL ||
 		(VALID_NAME(suffix) &&
-		 suffix->buffer != NULL &&
 		 BINDABLE(suffix)));

 	splitlabel = name->labels - suffixlabels;
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@ -223,6 +223,21 @@ unknown_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx,
 /*% IPv6 Address Size */
 #define NS_LOCATORSZ	8

+/*
+ * Active Diretory gc._msdcs.<forest> prefix.
+ */
+static unsigned char gc_msdcs_data[]  = "\002gc\006_msdcs";
+static unsigned char gc_msdcs_offset [] = { 0, 3 };
+
+static const dns_name_t gc_msdcs = {
+	DNS_NAME_MAGIC,
+	gc_msdcs_data, 10, 2,
+	DNS_NAMEATTR_READONLY,
+	gc_msdcs_offset, NULL,
+	{(void *)-1, (void *)-1},
+	{NULL, NULL}
+};
+
 /*%
 *	convert presentation level address to network order binary form.
 * \return
--- a/lib/dns/rdata/in_1/a_1.c
+++ b/lib/dns/rdata/in_1/a_1.c
@ -210,6 +210,7 @@ digest_in_a(ARGS_DIGEST) {

 static inline isc_boolean_t
 checkowner_in_a(ARGS_CHECKOWNER) {
+	dns_name_t prefix, suffix;

 	REQUIRE(type == dns_rdatatype_a);
 	REQUIRE(rdclass == dns_rdataclass_in);
@ -217,6 +218,19 @@ checkowner_in_a(ARGS_CHECKOWNER) {
 	UNUSED(type);
 	UNUSED(rdclass);

+	/*
+	 * Handle Active Diretory gc._msdcs.<forest> name.
+	 */
+	if (dns_name_countlabels(name) > 2U) {
+		dns_name_init(&prefix, NULL);
+		dns_name_init(&suffix, NULL);
+		dns_name_split(name, dns_name_countlabels(name) - 2,
+			       &prefix, &suffix);
+		if (dns_name_equal(&gc_msdcs, &prefix) &&
+		    dns_name_ishostname(&suffix, ISC_FALSE))
+			return (ISC_TRUE);
+	}
+
 	return (dns_name_ishostname(name, wildcard));
 }

--- a/lib/dns/rdata/in_1/aaaa_28.c
+++ b/lib/dns/rdata/in_1/aaaa_28.c
@ -207,6 +207,7 @@ digest_in_aaaa(ARGS_DIGEST) {

 static inline isc_boolean_t
 checkowner_in_aaaa(ARGS_CHECKOWNER) {
+	dns_name_t prefix, suffix;

 	REQUIRE(type == dns_rdatatype_aaaa);
 	REQUIRE(rdclass == dns_rdataclass_in);
@ -214,6 +215,19 @@ checkowner_in_aaaa(ARGS_CHECKOWNER) {
 	UNUSED(type);
 	UNUSED(rdclass);

+	/*
+	 * Handle Active Diretory gc._msdcs.<forest> name.
+	 */
+	if (dns_name_countlabels(name) > 2U) {
+		dns_name_init(&prefix, NULL);
+		dns_name_init(&suffix, NULL);
+		dns_name_split(name, dns_name_countlabels(name) - 2,
+			       &prefix, &suffix);
+		if (dns_name_equal(&gc_msdcs, &prefix) &&
+		    dns_name_ishostname(&suffix, ISC_FALSE))
+			return (ISC_TRUE);
+	}
+
 	return (dns_name_ishostname(name, wildcard));
 }