From fea8a9d56bbfa75371047482925919d749f21d14 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Sat, 22 Aug 2015 15:27:33 +1000 Subject: [PATCH] 4190. [protocol] Accept Active Diretory gc._msdcs. name as valid with check-names. still needs to be LDH. [RT #40399] (cherry picked from commit dc3912f3caac1104fef441fd18571b7a975708ea) --- CHANGES | 4 ++++ bin/tests/system/checkzone/tests.sh | 9 ++++++++- .../system/checkzone/zones/good-gc-msdcs.db | 19 +++++++++++++++++++ lib/dns/include/dns/name.h | 4 ---- lib/dns/name.c | 2 -- lib/dns/rdata.c | 15 +++++++++++++++ lib/dns/rdata/in_1/a_1.c | 14 ++++++++++++++ lib/dns/rdata/in_1/aaaa_28.c | 14 ++++++++++++++ 8 files changed, 74 insertions(+), 7 deletions(-) create mode 100644 bin/tests/system/checkzone/zones/good-gc-msdcs.db diff --git a/CHANGES b/CHANGES index ced09ff212..5e00f8776a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4190. [protocol] Accept Active Diretory gc._msdcs. name as + valid with check-names. still needs to be + LDH. [RT #40399] + 4189. [cleanup] Don't exit on overly long tokens in named.conf. [RT #40418] diff --git a/bin/tests/system/checkzone/tests.sh b/bin/tests/system/checkzone/tests.sh index b26c3062d5..e77a09965a 100644 --- a/bin/tests/system/checkzone/tests.sh +++ b/bin/tests/system/checkzone/tests.sh @@ -24,7 +24,14 @@ for db in zones/good*.db do echo "I:checking $db ($n)" ret=0 - $CHECKZONE -i local example $db > test.out.$n 2>&1 || ret=1 + case $db in + zones/good-gc-msdcs.db) + $CHECKZONE -k fail -i local example $db > test.out.$n 2>&1 || ret=1 + ;; + *) + $CHECKZONE -i local example $db > test.out.$n 2>&1 || ret=1 + ;; + esac n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/checkzone/zones/good-gc-msdcs.db b/bin/tests/system/checkzone/zones/good-gc-msdcs.db new file mode 100644 index 0000000000..941112ae74 --- /dev/null +++ b/bin/tests/system/checkzone/zones/good-gc-msdcs.db @@ -0,0 +1,19 @@ +; Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +gc._msdcs A 192.0.2.2 diff --git a/lib/dns/include/dns/name.h b/lib/dns/include/dns/name.h index ca8c44905b..2bbf210664 100644 --- a/lib/dns/include/dns/name.h +++ b/lib/dns/include/dns/name.h @@ -989,10 +989,6 @@ dns_name_split(dns_name_t *name, unsigned int suffixlabels, * *\li 'suffix' is a valid name or NULL, and cannot be read-only. * - *\li If non-NULL, 'prefix' and 'suffix' must have dedicated buffers. - * - *\li 'prefix' and 'suffix' cannot point to the same buffer. - * * Ensures: * *\li On success: diff --git a/lib/dns/name.c b/lib/dns/name.c index 8373246d56..a5af3cf1ff 100644 --- a/lib/dns/name.c +++ b/lib/dns/name.c @@ -2114,11 +2114,9 @@ dns_name_split(dns_name_t *name, unsigned int suffixlabels, REQUIRE(prefix != NULL || suffix != NULL); REQUIRE(prefix == NULL || (VALID_NAME(prefix) && - prefix->buffer != NULL && BINDABLE(prefix))); REQUIRE(suffix == NULL || (VALID_NAME(suffix) && - suffix->buffer != NULL && BINDABLE(suffix))); splitlabel = name->labels - suffixlabels; diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index d9e2e54636..6c0a319537 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -223,6 +223,21 @@ unknown_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx, /*% IPv6 Address Size */ #define NS_LOCATORSZ 8 +/* + * Active Diretory gc._msdcs. prefix. + */ +static unsigned char gc_msdcs_data[] = "\002gc\006_msdcs"; +static unsigned char gc_msdcs_offset [] = { 0, 3 }; + +static const dns_name_t gc_msdcs = { + DNS_NAME_MAGIC, + gc_msdcs_data, 10, 2, + DNS_NAMEATTR_READONLY, + gc_msdcs_offset, NULL, + {(void *)-1, (void *)-1}, + {NULL, NULL} +}; + /*% * convert presentation level address to network order binary form. * \return diff --git a/lib/dns/rdata/in_1/a_1.c b/lib/dns/rdata/in_1/a_1.c index 5912d0a6a0..3a5f4cb3c5 100644 --- a/lib/dns/rdata/in_1/a_1.c +++ b/lib/dns/rdata/in_1/a_1.c @@ -210,6 +210,7 @@ digest_in_a(ARGS_DIGEST) { static inline isc_boolean_t checkowner_in_a(ARGS_CHECKOWNER) { + dns_name_t prefix, suffix; REQUIRE(type == dns_rdatatype_a); REQUIRE(rdclass == dns_rdataclass_in); @@ -217,6 +218,19 @@ checkowner_in_a(ARGS_CHECKOWNER) { UNUSED(type); UNUSED(rdclass); + /* + * Handle Active Diretory gc._msdcs. name. + */ + if (dns_name_countlabels(name) > 2U) { + dns_name_init(&prefix, NULL); + dns_name_init(&suffix, NULL); + dns_name_split(name, dns_name_countlabels(name) - 2, + &prefix, &suffix); + if (dns_name_equal(&gc_msdcs, &prefix) && + dns_name_ishostname(&suffix, ISC_FALSE)) + return (ISC_TRUE); + } + return (dns_name_ishostname(name, wildcard)); } diff --git a/lib/dns/rdata/in_1/aaaa_28.c b/lib/dns/rdata/in_1/aaaa_28.c index 9e098944c9..f0a40ebbd7 100644 --- a/lib/dns/rdata/in_1/aaaa_28.c +++ b/lib/dns/rdata/in_1/aaaa_28.c @@ -207,6 +207,7 @@ digest_in_aaaa(ARGS_DIGEST) { static inline isc_boolean_t checkowner_in_aaaa(ARGS_CHECKOWNER) { + dns_name_t prefix, suffix; REQUIRE(type == dns_rdatatype_aaaa); REQUIRE(rdclass == dns_rdataclass_in); @@ -214,6 +215,19 @@ checkowner_in_aaaa(ARGS_CHECKOWNER) { UNUSED(type); UNUSED(rdclass); + /* + * Handle Active Diretory gc._msdcs. name. + */ + if (dns_name_countlabels(name) > 2U) { + dns_name_init(&prefix, NULL); + dns_name_init(&suffix, NULL); + dns_name_split(name, dns_name_countlabels(name) - 2, + &prefix, &suffix); + if (dns_name_equal(&gc_msdcs, &prefix) && + dns_name_ishostname(&suffix, ISC_FALSE)) + return (ISC_TRUE); + } + return (dns_name_ishostname(name, wildcard)); }