LCOV - code coverage report
Current view: top level - source4/dns_server - dnsserver_common.c (source / functions) Hit Total Coverage
Test: coverage report for master 6248eab5 Lines: 561 712 78.8 %
Date: 2021-08-25 13:27:56 Functions: 25 27 92.6 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    DNS server utils
       5             : 
       6             :    Copyright (C) 2010 Kai Blin
       7             :    Copyright (C) 2014 Stefan Metzmacher
       8             :    Copyright (C) 2015 Andrew Bartlett
       9             : 
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             : 
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "libcli/util/ntstatus.h"
      26             : #include "libcli/util/werror.h"
      27             : #include "librpc/ndr/libndr.h"
      28             : #include "librpc/gen_ndr/ndr_dns.h"
      29             : #include "librpc/gen_ndr/ndr_dnsp.h"
      30             : #include <ldb.h>
      31             : #include "dsdb/samdb/samdb.h"
      32             : #include "dsdb/common/util.h"
      33             : #include "dns_server/dnsserver_common.h"
      34             : #include "rpc_server/dnsserver/dnsserver.h"
      35             : #include "lib/util/dlinklist.h"
      36             : #include "system/network.h"
      37             : 
      38             : #undef DBGC_CLASS
      39             : #define DBGC_CLASS DBGC_DNS
      40             : 
      41             : #undef strncasecmp
      42             : 
      43       69737 : uint8_t werr_to_dns_err(WERROR werr)
      44             : {
      45       69737 :         if (W_ERROR_EQUAL(WERR_OK, werr)) {
      46           0 :                 return DNS_RCODE_OK;
      47       69737 :         } else if (W_ERROR_EQUAL(DNS_ERR(FORMAT_ERROR), werr)) {
      48          15 :                 return DNS_RCODE_FORMERR;
      49       69722 :         } else if (W_ERROR_EQUAL(DNS_ERR(SERVER_FAILURE), werr)) {
      50           0 :                 return DNS_RCODE_SERVFAIL;
      51       69722 :         } else if (W_ERROR_EQUAL(DNS_ERR(NAME_ERROR), werr)) {
      52       69570 :                 return DNS_RCODE_NXDOMAIN;
      53         152 :         } else if (W_ERROR_EQUAL(WERR_DNS_ERROR_NAME_DOES_NOT_EXIST, werr)) {
      54           7 :                 return DNS_RCODE_NXDOMAIN;
      55         145 :         } else if (W_ERROR_EQUAL(DNS_ERR(NOT_IMPLEMENTED), werr)) {
      56          10 :                 return DNS_RCODE_NOTIMP;
      57         135 :         } else if (W_ERROR_EQUAL(DNS_ERR(REFUSED), werr)) {
      58          83 :                 return DNS_RCODE_REFUSED;
      59          52 :         } else if (W_ERROR_EQUAL(DNS_ERR(YXDOMAIN), werr)) {
      60           0 :                 return DNS_RCODE_YXDOMAIN;
      61          52 :         } else if (W_ERROR_EQUAL(DNS_ERR(YXRRSET), werr)) {
      62           0 :                 return DNS_RCODE_YXRRSET;
      63          52 :         } else if (W_ERROR_EQUAL(DNS_ERR(NXRRSET), werr)) {
      64          30 :                 return DNS_RCODE_NXRRSET;
      65          22 :         } else if (W_ERROR_EQUAL(DNS_ERR(NOTAUTH), werr)) {
      66           2 :                 return DNS_RCODE_NOTAUTH;
      67          20 :         } else if (W_ERROR_EQUAL(DNS_ERR(NOTZONE), werr)) {
      68           6 :                 return DNS_RCODE_NOTZONE;
      69          14 :         } else if (W_ERROR_EQUAL(DNS_ERR(BADKEY), werr)) {
      70           0 :                 return DNS_RCODE_BADKEY;
      71             :         }
      72          14 :         DEBUG(5, ("No mapping exists for %s\n", win_errstr(werr)));
      73          14 :         return DNS_RCODE_SERVFAIL;
      74             : }
      75             : 
      76      107538 : WERROR dns_common_extract(struct ldb_context *samdb,
      77             :                           const struct ldb_message_element *el,
      78             :                           TALLOC_CTX *mem_ctx,
      79             :                           struct dnsp_DnssrvRpcRecord **records,
      80             :                           uint16_t *num_records)
      81             : {
      82             :         uint16_t ri;
      83             :         struct dnsp_DnssrvRpcRecord *recs;
      84             : 
      85      107538 :         *records = NULL;
      86      107538 :         *num_records = 0;
      87             : 
      88      107538 :         recs = talloc_zero_array(mem_ctx, struct dnsp_DnssrvRpcRecord,
      89             :                                  el->num_values);
      90      107538 :         if (recs == NULL) {
      91           0 :                 return WERR_NOT_ENOUGH_MEMORY;
      92             :         }
      93      446215 :         for (ri = 0; ri < el->num_values; ri++) {
      94             :                 bool am_rodc;
      95             :                 int ret;
      96      338817 :                 const char *dnsHostName = NULL;
      97      338817 :                 struct ldb_val *v = &el->values[ri];
      98             :                 enum ndr_err_code ndr_err;
      99      338817 :                 ndr_err = ndr_pull_struct_blob(v, recs, &recs[ri],
     100             :                                 (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnssrvRpcRecord);
     101      338817 :                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
     102           0 :                         TALLOC_FREE(recs);
     103           0 :                         DEBUG(0, ("Failed to grab dnsp_DnssrvRpcRecord\n"));
     104           0 :                         return DNS_ERR(SERVER_FAILURE);
     105             :                 }
     106             : 
     107             :                 /*
     108             :                  * In AD, except on an RODC (where we should list a random RWDC,
     109             :                  * we should over-stamp the MNAME with our own hostname
     110             :                  */
     111      338817 :                 if (recs[ri].wType != DNS_TYPE_SOA) {
     112      506258 :                         continue;
     113             :                 }
     114             : 
     115       85694 :                 ret = samdb_rodc(samdb, &am_rodc);
     116       85694 :                 if (ret != LDB_SUCCESS) {
     117           0 :                         DEBUG(0, ("Failed to confirm we are not an RODC: %s\n",
     118             :                                   ldb_errstring(samdb)));
     119           0 :                         return DNS_ERR(SERVER_FAILURE);
     120             :                 }
     121             : 
     122       85694 :                 if (am_rodc) {
     123          12 :                         continue;
     124             :                 }
     125             : 
     126       85682 :                 ret = samdb_dns_host_name(samdb, &dnsHostName);
     127       85682 :                 if (ret != LDB_SUCCESS || dnsHostName == NULL) {
     128           0 :                         DEBUG(0, ("Failed to get dnsHostName from rootDSE"));
     129           0 :                         return DNS_ERR(SERVER_FAILURE);
     130             :                 }
     131             : 
     132       85682 :                 recs[ri].data.soa.mname = talloc_strdup(recs, dnsHostName);
     133             :         }
     134             : 
     135      107538 :         *records = recs;
     136      107538 :         *num_records = el->num_values;
     137      107538 :         return WERR_OK;
     138             : }
     139             : 
     140             : /*
     141             :  * Lookup a DNS record, performing an exact match.
     142             :  * i.e. DNS wild card records are not considered.
     143             :  */
     144      185020 : WERROR dns_common_lookup(struct ldb_context *samdb,
     145             :                          TALLOC_CTX *mem_ctx,
     146             :                          struct ldb_dn *dn,
     147             :                          struct dnsp_DnssrvRpcRecord **records,
     148             :                          uint16_t *num_records,
     149             :                          bool *tombstoned)
     150             : {
     151      185020 :         const struct timeval start = timeval_current();
     152             :         static const char * const attrs[] = {
     153             :                 "dnsRecord",
     154             :                 "dNSTombstoned",
     155             :                 NULL
     156             :         };
     157             :         int ret;
     158      185020 :         WERROR werr = WERR_OK;
     159      185020 :         struct ldb_message *msg = NULL;
     160             :         struct ldb_message_element *el;
     161             : 
     162      185020 :         *records = NULL;
     163      185020 :         *num_records = 0;
     164             : 
     165      185020 :         if (tombstoned != NULL) {
     166        1916 :                 *tombstoned = false;
     167        1916 :                 ret = dsdb_search_one(samdb, mem_ctx, &msg, dn,
     168             :                         LDB_SCOPE_BASE, attrs, 0,
     169             :                         "(objectClass=dnsNode)");
     170             :         } else {
     171      183104 :                 ret = dsdb_search_one(samdb, mem_ctx, &msg, dn,
     172             :                         LDB_SCOPE_BASE, attrs, 0,
     173             :                         "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))");
     174             :         }
     175      185020 :         if (ret == LDB_ERR_NO_SUCH_OBJECT) {
     176       77503 :                 werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
     177       77503 :                 goto exit;
     178             :         }
     179      107515 :         if (ret != LDB_SUCCESS) {
     180             :                 /* TODO: we need to check if there's a glue record we need to
     181             :                  * create a referral to */
     182           0 :                 werr = DNS_ERR(NAME_ERROR);
     183           0 :                 goto exit;
     184             :         }
     185             : 
     186      107515 :         if (tombstoned != NULL) {
     187        1440 :                 *tombstoned = ldb_msg_find_attr_as_bool(msg,
     188             :                                         "dNSTombstoned", false);
     189             :         }
     190             : 
     191      107515 :         el = ldb_msg_find_element(msg, "dnsRecord");
     192      107515 :         if (el == NULL) {
     193           3 :                 TALLOC_FREE(msg);
     194             :                 /*
     195             :                  * records produced by older Samba releases
     196             :                  * keep dnsNode objects without dnsRecord and
     197             :                  * without setting dNSTombstoned=TRUE.
     198             :                  *
     199             :                  * We just pretend they're tombstones.
     200             :                  */
     201           3 :                 if (tombstoned != NULL) {
     202             :                         struct dnsp_DnssrvRpcRecord *recs;
     203           3 :                         recs = talloc_array(mem_ctx,
     204             :                                             struct dnsp_DnssrvRpcRecord,
     205             :                                             1);
     206           3 :                         if (recs == NULL) {
     207           0 :                                 werr = WERR_NOT_ENOUGH_MEMORY;
     208           0 :                                 goto exit;
     209             :                         }
     210           3 :                         recs[0] = (struct dnsp_DnssrvRpcRecord) {
     211             :                                 .wType = DNS_TYPE_TOMBSTONE,
     212             :                                 /*
     213             :                                  * A value of timestamp != 0
     214             :                                  * indicated that the object was already
     215             :                                  * a tombstone, this will be used
     216             :                                  * in dns_common_replace()
     217             :                                  */
     218             :                                 .data.EntombedTime = 1,
     219             :                         };
     220             : 
     221           3 :                         *tombstoned = true;
     222           3 :                         *records = recs;
     223           3 :                         *num_records = 1;
     224           3 :                         werr = WERR_OK;
     225           3 :                         goto exit;
     226             :                 } else {
     227             :                         /*
     228             :                          * Because we are not looking for a tombstone
     229             :                          * in this codepath, we just pretend it does
     230             :                          * not exist at all.
     231             :                          */
     232           0 :                         werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
     233           0 :                         goto exit;
     234             :                 }
     235             :         }
     236             : 
     237      107512 :         werr = dns_common_extract(samdb, el, mem_ctx, records, num_records);
     238      107512 :         TALLOC_FREE(msg);
     239      107512 :         if (!W_ERROR_IS_OK(werr)) {
     240           0 :                 goto exit;
     241             :         }
     242             : 
     243      107512 :         werr = WERR_OK;
     244      185020 : exit:
     245      185020 :         DNS_COMMON_LOG_OPERATION(
     246             :                 win_errstr(werr),
     247             :                 &start,
     248             :                 NULL,
     249             :                 dn == NULL ? NULL : ldb_dn_get_linearized(dn),
     250             :                 NULL);
     251      185020 :         return werr;
     252             : }
     253             : 
     254             : /*
     255             :  * Build an ldb_parse_tree node for an equality check
     256             :  *
     257             :  * Note: name is assumed to have been validated by dns_name_check
     258             :  *       so will be zero terminated and of a reasonable size.
     259             :  */
     260      191882 : static struct ldb_parse_tree *build_equality_operation(
     261             :         TALLOC_CTX *mem_ctx,
     262             :         bool add_asterix,     /* prepend an '*' to the name          */
     263             :         const uint8_t *name,  /* the value being matched             */
     264             :         const char *attr,     /* the attribute to check name against */
     265             :         size_t size)          /* length of name                      */
     266             : {
     267             : 
     268      191882 :         struct ldb_parse_tree *el = NULL;  /* Equality node being built */
     269      191882 :         struct ldb_val *value = NULL;      /* Value the attr will be compared
     270             :                                               with */
     271      191882 :         size_t length = 0;                 /* calculated length of the value
     272             :                                               including option '*' prefix and
     273             :                                               '\0' string terminator */
     274             : 
     275      191882 :         el = talloc(mem_ctx, struct ldb_parse_tree);
     276      191882 :         if (el == NULL) {
     277           0 :                 DBG_ERR("Unable to allocate ldb_parse_tree\n");
     278           0 :                 return NULL;
     279             :         }
     280             : 
     281      191882 :         el->operation = LDB_OP_EQUALITY;
     282      191882 :         el->u.equality.attr = talloc_strdup(mem_ctx, attr);
     283      191882 :         value = &el->u.equality.value;
     284      191882 :         length = (add_asterix) ? size + 2 : size + 1;
     285      191882 :         value->data = talloc_zero_array(el, uint8_t, length);
     286      191882 :         if (el == NULL) {
     287           0 :                 DBG_ERR("Unable to allocate value->data\n");
     288           0 :                 TALLOC_FREE(el);
     289           0 :                 return NULL;
     290             :         }
     291             : 
     292      191882 :         value->length = length;
     293      191882 :         if (add_asterix) {
     294      115005 :                 value->data[0] = '*';
     295      115005 :                 memcpy(&value->data[1], name, size);
     296             :         } else {
     297       76877 :                 memcpy(value->data, name, size);
     298             :         }
     299      191882 :         return el;
     300             : }
     301             : 
     302             : /*
     303             :  * Determine the number of levels in name
     304             :  * essentially the number of '.'s in the name + 1
     305             :  *
     306             :  * name is assumed to have been validated by dns_name_check
     307             :  */
     308       76877 : static unsigned int number_of_labels(const struct ldb_val *name) {
     309       76877 :         int x  = 0;
     310       76877 :         unsigned int labels = 1;
     311     1786015 :         for (x = 0; x < name->length; x++) {
     312     1709138 :                 if (name->data[x] == '.') {
     313       38128 :                         labels++;
     314             :                 }
     315             :         }
     316       76877 :         return labels;
     317             : }
     318             : /*
     319             :  * Build a query that matches the target name, and any possible
     320             :  * DNS wild card entries
     321             :  *
     322             :  * Builds a parse tree equivalent to the example query.
     323             :  *
     324             :  * x.y.z -> (|(name=x.y.z)(name=\2a.y.z)(name=\2a.z)(name=\2a))
     325             :  *
     326             :  * The attribute 'name' is used as this is what the LDB index is on
     327             :  * (the RDN, being 'dc' in this use case, does not have an index in
     328             :  * the AD schema).
     329             :  *
     330             :  * Returns NULL if unable to build the query.
     331             :  *
     332             :  * The first component of the DN is assumed to be the name being looked up
     333             :  * and also that it has been validated by dns_name_check
     334             :  *
     335             :  */
     336             : #define BASE "(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))(|(a=b)(c=d)))"
     337       76877 : static struct ldb_parse_tree *build_wildcard_query(
     338             :         TALLOC_CTX *mem_ctx,
     339             :         struct ldb_dn *dn)
     340             : {
     341       76877 :         const struct ldb_val *name = NULL;            /* The DNS name being
     342             :                                                          queried */
     343       76877 :         const char *attr = "name";                    /* The attribute name */
     344       76877 :         struct ldb_parse_tree *query = NULL;          /* The constructed query
     345             :                                                          parse tree*/
     346       76877 :         struct ldb_parse_tree *wildcard_query = NULL; /* The parse tree for the
     347             :                                                          name and wild card
     348             :                                                          entries */
     349       76877 :         int labels = 0;         /* The number of labels in the name */
     350             : 
     351       76877 :         name = ldb_dn_get_rdn_val(dn);
     352       76877 :         if (name == NULL) {
     353           0 :                 DBG_ERR("Unable to get domain name value\n");
     354           0 :                 return NULL;
     355             :         }
     356       76877 :         labels = number_of_labels(name);
     357             : 
     358       76877 :         query = ldb_parse_tree(mem_ctx, BASE);
     359       76877 :         if (query == NULL) {
     360           0 :                 DBG_ERR("Unable to parse query %s\n", BASE);
     361           0 :                 return NULL;
     362             :         }
     363             : 
     364             :         /*
     365             :          * The 3rd element of BASE is a place holder which is replaced with
     366             :          * the actual wild card query
     367             :          */
     368       76877 :         wildcard_query = query->u.list.elements[2];
     369       76877 :         TALLOC_FREE(wildcard_query->u.list.elements);
     370             : 
     371       76877 :         wildcard_query->u.list.num_elements = labels + 1;
     372       76877 :         wildcard_query->u.list.elements = talloc_array(
     373             :                 wildcard_query,
     374             :                 struct ldb_parse_tree *,
     375             :                 labels + 1);
     376             :         /*
     377             :          * Build the wild card query
     378             :          */
     379             :         {
     380       76877 :                 int x = 0;   /* current character in the name               */
     381       76877 :                 int l = 0;   /* current equality operator index in elements */
     382       76877 :                 struct ldb_parse_tree *el = NULL; /* Equality operator being
     383             :                                                      built */
     384       76877 :                 bool add_asterix = true;  /* prepend an '*' to the value    */
     385      191882 :                 for (l = 0, x = 0; l < labels && x < name->length; l++) {
     386      115005 :                         unsigned int size = name->length - x;
     387      115005 :                         add_asterix = (name->data[x] == '.');
     388      345015 :                         el = build_equality_operation(
     389             :                                 mem_ctx,
     390             :                                 add_asterix,
     391      230010 :                                 &name->data[x],
     392             :                                 attr,
     393             :                                 size);
     394      115005 :                         if (el == NULL) {
     395           0 :                                 return NULL;  /* Reason will have been logged */
     396             :                         }
     397      115005 :                         wildcard_query->u.list.elements[l] = el;
     398             : 
     399             :                         /* skip to the start of the next label */
     400      115005 :                         x++;
     401      115005 :                         for (;x < name->length && name->data[x] != '.'; x++);
     402             :                 }
     403             : 
     404             :                 /* Add the base level "*" only query */
     405       76877 :                 el = build_equality_operation(mem_ctx, true, NULL, attr, 0);
     406       76877 :                 if (el == NULL) {
     407           0 :                         TALLOC_FREE(query);
     408           0 :                         return NULL;  /* Reason will have been logged */
     409             :                 }
     410       76877 :                 wildcard_query->u.list.elements[l] = el;
     411             :         }
     412       76877 :         return query;
     413             : }
     414             : 
     415             : /*
     416             :  * Scan the list of records matching a dns wildcard query and return the
     417             :  * best match.
     418             :  *
     419             :  * The best match is either an exact name match, or the longest wild card
     420             :  * entry returned
     421             :  *
     422             :  * i.e. name = a.b.c candidates *.b.c, *.c,        - *.b.c would be selected
     423             :  *      name = a.b.c candidates a.b.c, *.b.c, *.c  - a.b.c would be selected
     424             :  */
     425           8 : static struct ldb_message *get_best_match(struct ldb_dn *dn,
     426             :                                           struct ldb_result *result)
     427             : {
     428           8 :         int matched = 0;    /* Index of the current best match in result */
     429           8 :         size_t length = 0;  /* The length of the current candidate       */
     430           8 :         const struct ldb_val *target = NULL;    /* value we're looking for */
     431           8 :         const struct ldb_val *candidate = NULL; /* current candidate value */
     432           8 :         int x = 0;
     433             : 
     434           8 :         target = ldb_dn_get_rdn_val(dn);
     435          20 :         for(x = 0; x < result->count; x++) {
     436          12 :                 candidate = ldb_dn_get_rdn_val(result->msgs[x]->dn);
     437          24 :                 if (strncasecmp((char *) target->data,
     438          12 :                                 (char *) candidate->data,
     439             :                                 target->length) == 0) {
     440             :                         /* Exact match stop searching and return */
     441           0 :                         return result->msgs[x];
     442             :                 }
     443          12 :                 if (candidate->length > length) {
     444          10 :                         matched = x;
     445          10 :                         length  = candidate->length;
     446             :                 }
     447             :         }
     448           8 :         return result->msgs[matched];
     449             : }
     450             : 
     451             : /*
     452             :  * Look up a DNS entry, if an exact match does not exist, return the
     453             :  * closest matching DNS wildcard entry if available
     454             :  *
     455             :  * Returns: LDB_ERR_NO_SUCH_OBJECT     If no matching record exists
     456             :  *          LDB_ERR_OPERATIONS_ERROR   If the query fails
     457             :  *          LDB_SUCCESS                If a matching record was retrieved
     458             :  *
     459             :  */
     460       76877 : static int dns_wildcard_lookup(struct ldb_context *samdb,
     461             :                                TALLOC_CTX *mem_ctx,
     462             :                                struct ldb_dn *dn,
     463             :                                struct ldb_message **msg)
     464             : {
     465             :         static const char * const attrs[] = {
     466             :                 "dnsRecord",
     467             :                 "dNSTombstoned",
     468             :                 NULL
     469             :         };
     470       76877 :         struct ldb_dn *parent = NULL;     /* The parent dn                    */
     471       76877 :         struct ldb_result *result = NULL; /* Results of the search            */
     472             :         int ret;                          /* Return code                      */
     473       76877 :         struct ldb_parse_tree *query = NULL; /* The query to run              */
     474       76877 :         struct ldb_request *request = NULL;  /* LDB request for the query op  */
     475       76877 :         struct ldb_message *match = NULL;    /* the best matching DNS record  */
     476       76877 :         TALLOC_CTX *frame = talloc_stackframe();
     477             : 
     478       76877 :         parent = ldb_dn_get_parent(frame, dn);
     479       76877 :         if (parent == NULL) {
     480           0 :                 DBG_ERR("Unable to extract parent from dn\n");
     481           0 :                 TALLOC_FREE(frame);
     482           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     483             :         }
     484             : 
     485       76877 :         query = build_wildcard_query(frame, dn);
     486       76877 :         if (query == NULL) {
     487           0 :                 TALLOC_FREE(frame);
     488           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     489             :         }
     490             : 
     491       76877 :         result = talloc_zero(mem_ctx, struct ldb_result);
     492       76877 :         if (result == NULL) {
     493           0 :                 TALLOC_FREE(frame);
     494           0 :                 DBG_ERR("Unable to allocate ldb_result\n");
     495           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     496             :         }
     497             : 
     498       76877 :         ret = ldb_build_search_req_ex(&request,
     499             :                                       samdb,
     500             :                                       frame,
     501             :                                       parent,
     502             :                                       LDB_SCOPE_SUBTREE,
     503             :                                       query,
     504             :                                       attrs,
     505             :                                       NULL,
     506             :                                       result,
     507             :                                       ldb_search_default_callback,
     508             :                                       NULL);
     509       76877 :         if (ret != LDB_SUCCESS) {
     510           0 :                 TALLOC_FREE(frame);
     511           0 :                 DBG_ERR("ldb_build_search_req_ex returned %d\n", ret);
     512           0 :                 return ret;
     513             :         }
     514             : 
     515       76877 :         ret = ldb_request(samdb, request);
     516       76877 :         if (ret != LDB_SUCCESS) {
     517           0 :                 TALLOC_FREE(frame);
     518           0 :                 return ret;
     519             :         }
     520             : 
     521       76877 :         ret = ldb_wait(request->handle, LDB_WAIT_ALL);
     522       76877 :         if (ret != LDB_SUCCESS) {
     523           6 :                 TALLOC_FREE(frame);
     524           6 :                 return ret;
     525             :         }
     526             : 
     527       76871 :         if (result->count == 0) {
     528       76863 :                 TALLOC_FREE(frame);
     529       76863 :                 return LDB_ERR_NO_SUCH_OBJECT;
     530             :         }
     531             : 
     532           8 :         match = get_best_match(dn, result);
     533           8 :         if (match == NULL) {
     534           0 :                 TALLOC_FREE(frame);
     535           0 :                 return LDB_ERR_OPERATIONS_ERROR;
     536             :         }
     537             : 
     538           8 :         *msg = talloc_move(mem_ctx, &match);
     539           8 :         TALLOC_FREE(frame);
     540           8 :         return LDB_SUCCESS;
     541             : }
     542             : 
     543             : /*
     544             :  * Lookup a DNS record, will match DNS wild card records if an exact match
     545             :  * is not found.
     546             :  */
     547       98162 : WERROR dns_common_wildcard_lookup(struct ldb_context *samdb,
     548             :                                   TALLOC_CTX *mem_ctx,
     549             :                                   struct ldb_dn *dn,
     550             :                                   struct dnsp_DnssrvRpcRecord **records,
     551             :                                   uint16_t *num_records)
     552             : {
     553       98162 :         const struct timeval start = timeval_current();
     554             :         int ret;
     555       98162 :         WERROR werr = WERR_OK;
     556       98162 :         struct ldb_message *msg = NULL;
     557       98162 :         struct ldb_message_element *el = NULL;
     558       98162 :         const struct ldb_val *name = NULL;
     559             : 
     560       98162 :         *records = NULL;
     561       98162 :         *num_records = 0;
     562             : 
     563       98162 :         name = ldb_dn_get_rdn_val(dn);
     564       98162 :         if (name == NULL) {
     565           0 :                 werr = DNS_ERR(NAME_ERROR);
     566           0 :                 goto exit;
     567             :         }
     568             : 
     569             :         /* Don't look for a wildcard for @ */
     570       98162 :         if (name->length == 1 && name->data[0] == '@') {
     571        1255 :                 werr = dns_common_lookup(samdb,
     572             :                                          mem_ctx,
     573             :                                          dn,
     574             :                                          records,
     575             :                                          num_records,
     576             :                                          NULL);
     577        1255 :                 goto exit;
     578             :         }
     579             : 
     580       96907 :         werr =  dns_name_check(
     581             :                         mem_ctx,
     582       96847 :                         strlen((const char*)name->data),
     583       96907 :                         (const char*) name->data);
     584       96907 :         if (!W_ERROR_IS_OK(werr)) {
     585           0 :                 goto exit;
     586             :         }
     587             : 
     588             :         /*
     589             :          * Do a point search first, then fall back to a wildcard
     590             :          * lookup if it does not exist
     591             :          */
     592       96907 :         werr = dns_common_lookup(samdb,
     593             :                                  mem_ctx,
     594             :                                  dn,
     595             :                                  records,
     596             :                                  num_records,
     597             :                                  NULL);
     598       96907 :         if (!W_ERROR_EQUAL(werr, WERR_DNS_ERROR_NAME_DOES_NOT_EXIST)) {
     599       19970 :                 goto exit;
     600             :         }
     601             : 
     602       76877 :         ret = dns_wildcard_lookup(samdb, mem_ctx, dn, &msg);
     603       76877 :         if (ret == LDB_ERR_OPERATIONS_ERROR) {
     604           0 :                 werr = DNS_ERR(SERVER_FAILURE);
     605           0 :                 goto exit;
     606             :         }
     607       76877 :         if (ret != LDB_SUCCESS) {
     608       76869 :                 werr = DNS_ERR(NAME_ERROR);
     609       76869 :                 goto exit;
     610             :         }
     611             : 
     612           8 :         el = ldb_msg_find_element(msg, "dnsRecord");
     613           8 :         if (el == NULL) {
     614           0 :                 werr = WERR_DNS_ERROR_NAME_DOES_NOT_EXIST;
     615           0 :                 goto exit;
     616             :         }
     617             : 
     618           8 :         werr = dns_common_extract(samdb, el, mem_ctx, records, num_records);
     619           8 :         TALLOC_FREE(msg);
     620           8 :         if (!W_ERROR_IS_OK(werr)) {
     621           0 :                 goto exit;
     622             :         }
     623             : 
     624           8 :         werr = WERR_OK;
     625       98222 : exit:
     626       98162 :         DNS_COMMON_LOG_OPERATION(
     627             :                 win_errstr(werr),
     628             :                 &start,
     629             :                 NULL,
     630             :                 dn == NULL ? NULL : ldb_dn_get_linearized(dn),
     631             :                 NULL);
     632       98162 :         return werr;
     633             : }
     634             : 
     635       10029 : static int rec_cmp(const struct dnsp_DnssrvRpcRecord *r1,
     636             :                    const struct dnsp_DnssrvRpcRecord *r2)
     637             : {
     638       10029 :         if (r1->wType != r2->wType) {
     639             :                 /*
     640             :                  * The records are sorted with higher types first,
     641             :                  * which puts tombstones (type 0) last.
     642             :                  */
     643        1011 :                 return r2->wType - r1->wType;
     644             :         }
     645             :         /*
     646             :          * Then we need to sort from the oldest to newest timestamp.
     647             :          *
     648             :          * Note that dwTimeStamp == 0 (never expiring) records come first,
     649             :          * then the ones whose expiry is soonest.
     650             :          */
     651        9018 :         return r1->dwTimeStamp - r2->dwTimeStamp;
     652             : }
     653             : 
     654             : /*
     655             :  * Check for valid DNS names. These are names which:
     656             :  *   - are non-empty
     657             :  *   - do not start with a dot
     658             :  *   - do not have any empty labels
     659             :  *   - have no more than 127 labels
     660             :  *   - are no longer than 253 characters
     661             :  *   - none of the labels exceed 63 characters
     662             :  */
     663      287081 : WERROR dns_name_check(TALLOC_CTX *mem_ctx, size_t len, const char *name)
     664             : {
     665             :         size_t i;
     666      287081 :         unsigned int labels    = 0;
     667      287081 :         unsigned int label_len = 0;
     668             : 
     669      287081 :         if (len == 0) {
     670          39 :                 return WERR_DS_INVALID_DN_SYNTAX;
     671             :         }
     672             : 
     673      287042 :         if (len > 1 && name[0] == '.') {
     674         120 :                 return WERR_DS_INVALID_DN_SYNTAX;
     675             :         }
     676             : 
     677      286922 :         if ((len - 1) > DNS_MAX_DOMAIN_LENGTH) {
     678           0 :                 return WERR_DS_INVALID_DN_SYNTAX;
     679             :         }
     680             : 
     681     8975752 :         for (i = 0; i < len - 1; i++) {
     682     8689083 :                 if (name[i] == '.' && name[i+1] == '.') {
     683          40 :                         return WERR_DS_INVALID_DN_SYNTAX;
     684             :                 }
     685     8689043 :                 if (name[i] == '.') {
     686      739483 :                         labels++;
     687      739483 :                         if (labels > DNS_MAX_LABELS) {
     688           0 :                                 return WERR_DS_INVALID_DN_SYNTAX;
     689             :                         }
     690      738718 :                         label_len = 0;
     691             :                 } else {
     692     7949560 :                         label_len++;
     693     7949560 :                         if (label_len > DNS_MAX_LABEL_LENGTH) {
     694           0 :                                 return WERR_DS_INVALID_DN_SYNTAX;
     695             :                         }
     696             :                 }
     697             :         }
     698             : 
     699      286882 :         return WERR_OK;
     700             : }
     701             : 
     702        2983 : static WERROR check_name_list(TALLOC_CTX *mem_ctx, uint16_t rec_count,
     703             :                               struct dnsp_DnssrvRpcRecord *records)
     704             : {
     705             :         WERROR werr;
     706             :         uint16_t i;
     707             :         size_t len;
     708             :         struct dnsp_DnssrvRpcRecord record;
     709             : 
     710        2983 :         werr = WERR_OK;
     711       10207 :         for (i = 0; i < rec_count; i++) {
     712        7227 :                 record = records[i];
     713             : 
     714        7227 :                 switch (record.wType) {
     715             : 
     716         107 :                 case DNS_TYPE_NS:
     717         107 :                         len = strlen(record.data.ns);
     718         107 :                         werr = dns_name_check(mem_ctx, len, record.data.ns);
     719         107 :                         break;
     720          65 :                 case DNS_TYPE_CNAME:
     721          65 :                         len = strlen(record.data.cname);
     722          65 :                         werr = dns_name_check(mem_ctx, len, record.data.cname);
     723          65 :                         break;
     724         128 :                 case DNS_TYPE_SOA:
     725         128 :                         len = strlen(record.data.soa.mname);
     726         128 :                         werr = dns_name_check(mem_ctx, len, record.data.soa.mname);
     727         128 :                         if (!W_ERROR_IS_OK(werr)) {
     728           0 :                                 break;
     729             :                         }
     730         128 :                         len = strlen(record.data.soa.rname);
     731         128 :                         werr = dns_name_check(mem_ctx, len, record.data.soa.rname);
     732         128 :                         break;
     733           0 :                 case DNS_TYPE_PTR:
     734           0 :                         len = strlen(record.data.ptr);
     735           0 :                         werr = dns_name_check(mem_ctx, len, record.data.ptr);
     736           0 :                         break;
     737           3 :                 case DNS_TYPE_MX:
     738           3 :                         len = strlen(record.data.mx.nameTarget);
     739           3 :                         werr = dns_name_check(mem_ctx, len, record.data.mx.nameTarget);
     740           3 :                         break;
     741        1348 :                 case DNS_TYPE_SRV:
     742        1348 :                         len = strlen(record.data.srv.nameTarget);
     743        1348 :                         werr = dns_name_check(mem_ctx, len,
     744             :                                               record.data.srv.nameTarget);
     745        1348 :                         break;
     746             :                 /*
     747             :                  * In the default case, the record doesn't have a DN, so it
     748             :                  * must be ok.
     749             :                  */
     750        5576 :                 default:
     751        5576 :                         break;
     752             :                 }
     753             : 
     754        7227 :                 if (!W_ERROR_IS_OK(werr)) {
     755           3 :                         return werr;
     756             :                 }
     757             :         }
     758             : 
     759        2980 :         return WERR_OK;
     760             : }
     761             : 
     762        1917 : bool dns_name_is_static(struct dnsp_DnssrvRpcRecord *records,
     763             :                         uint16_t rec_count)
     764             : {
     765        1917 :         int i = 0;
     766        6768 :         for (i = 0; i < rec_count; i++) {
     767        5179 :                 if (records[i].wType == DNS_TYPE_TOMBSTONE) {
     768          21 :                         continue;
     769             :                 }
     770             : 
     771       10304 :                 if (records[i].wType == DNS_TYPE_SOA ||
     772        5146 :                     records[i].dwTimeStamp == 0) {
     773         328 :                         return true;
     774             :                 }
     775             :         }
     776        1589 :         return false;
     777             : }
     778             : 
     779             : /*
     780             :  * Helper function to copy a dnsp_ip4_array struct to an IP4_ARRAY struct.
     781             :  * The new structure and it's data are allocated on the supplied talloc context
     782             :  */
     783           4 : static struct IP4_ARRAY *copy_ip4_array(TALLOC_CTX *ctx,
     784             :                                         const char *name,
     785             :                                         struct dnsp_ip4_array array)
     786             : {
     787             : 
     788           4 :         struct IP4_ARRAY *ip4_array = NULL;
     789             :         unsigned int i;
     790             : 
     791           4 :         ip4_array = talloc_zero(ctx, struct IP4_ARRAY);
     792           4 :         if (ip4_array == NULL) {
     793           0 :                 DBG_ERR("Out of memory copying property [%s]\n", name);
     794           0 :                 return NULL;
     795             :         }
     796             : 
     797           4 :         ip4_array->AddrCount = array.addrCount;
     798           4 :         if (ip4_array->AddrCount == 0) {
     799           0 :                 return ip4_array;
     800             :         }
     801             : 
     802           2 :         ip4_array->AddrArray =
     803           2 :             talloc_array(ip4_array, uint32_t, ip4_array->AddrCount);
     804           2 :         if (ip4_array->AddrArray == NULL) {
     805           0 :                 TALLOC_FREE(ip4_array);
     806           0 :                 DBG_ERR("Out of memory copying property [%s] values\n", name);
     807           0 :                 return NULL;
     808             :         }
     809             : 
     810           8 :         for (i = 0; i < ip4_array->AddrCount; i++) {
     811           8 :                 ip4_array->AddrArray[i] = array.addrArray[i];
     812             :         }
     813             : 
     814           0 :         return ip4_array;
     815             : }
     816             : 
     817       50505 : bool dns_zoneinfo_load_zone_property(struct dnsserver_zoneinfo *zoneinfo,
     818             :                                      struct dnsp_DnsProperty *prop)
     819             : {
     820       50505 :         switch (prop->id) {
     821        7214 :         case DSPROPERTY_ZONE_TYPE:
     822        7214 :                 zoneinfo->dwZoneType = prop->data.zone_type;
     823        7214 :                 break;
     824        7217 :         case DSPROPERTY_ZONE_ALLOW_UPDATE:
     825        7217 :                 zoneinfo->fAllowUpdate = prop->data.allow_update_flag;
     826        7217 :                 break;
     827        7214 :         case DSPROPERTY_ZONE_NOREFRESH_INTERVAL:
     828        7214 :                 zoneinfo->dwNoRefreshInterval = prop->data.norefresh_hours;
     829        7214 :                 break;
     830        7214 :         case DSPROPERTY_ZONE_REFRESH_INTERVAL:
     831        7214 :                 zoneinfo->dwRefreshInterval = prop->data.refresh_hours;
     832        7214 :                 break;
     833        7214 :         case DSPROPERTY_ZONE_AGING_STATE:
     834        7214 :                 zoneinfo->fAging = prop->data.aging_enabled;
     835        7214 :                 break;
     836           2 :         case DSPROPERTY_ZONE_SCAVENGING_SERVERS:
     837           2 :                 zoneinfo->aipScavengeServers = copy_ip4_array(
     838             :                     zoneinfo, "ZONE_SCAVENGING_SERVERS", prop->data.servers);
     839           2 :                 if (zoneinfo->aipScavengeServers == NULL) {
     840           0 :                         return false;
     841             :                 }
     842           0 :                 break;
     843        7214 :         case DSPROPERTY_ZONE_AGING_ENABLED_TIME:
     844        7214 :                 zoneinfo->dwAvailForScavengeTime =
     845        7214 :                     prop->data.next_scavenging_cycle_hours;
     846        7214 :                 break;
     847           2 :         case DSPROPERTY_ZONE_MASTER_SERVERS:
     848           2 :                 zoneinfo->aipLocalMasters = copy_ip4_array(
     849             :                     zoneinfo, "ZONE_MASTER_SERVERS", prop->data.master_servers);
     850           2 :                 if (zoneinfo->aipLocalMasters == NULL) {
     851           0 :                         return false;
     852             :                 }
     853           0 :                 break;
     854        7195 :         case DSPROPERTY_ZONE_EMPTY:
     855             :         case DSPROPERTY_ZONE_SECURE_TIME:
     856             :         case DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME:
     857             :         case DSPROPERTY_ZONE_AUTO_NS_SERVERS:
     858             :         case DSPROPERTY_ZONE_DCPROMO_CONVERT:
     859             :         case DSPROPERTY_ZONE_SCAVENGING_SERVERS_DA:
     860             :         case DSPROPERTY_ZONE_MASTER_SERVERS_DA:
     861             :         case DSPROPERTY_ZONE_NS_SERVERS_DA:
     862             :         case DSPROPERTY_ZONE_NODE_DBFLAGS:
     863        7195 :                 break;
     864             :         }
     865       50368 :         return true;
     866             : }
     867        3001 : WERROR dns_get_zone_properties(struct ldb_context *samdb,
     868             :                                TALLOC_CTX *mem_ctx,
     869             :                                struct ldb_dn *zone_dn,
     870             :                                struct dnsserver_zoneinfo *zoneinfo)
     871             : {
     872             : 
     873             :         int ret, i;
     874        3001 :         struct dnsp_DnsProperty *prop = NULL;
     875        3001 :         struct ldb_message_element *element = NULL;
     876        3001 :         const char *const attrs[] = {"dNSProperty", NULL};
     877        3001 :         struct ldb_result *res = NULL;
     878             :         enum ndr_err_code err;
     879             : 
     880        3001 :         ret = ldb_search(samdb,
     881             :                          mem_ctx,
     882             :                          &res,
     883             :                          zone_dn,
     884             :                          LDB_SCOPE_BASE,
     885             :                          attrs,
     886             :                          "(objectClass=dnsZone)");
     887        3001 :         if (ret != LDB_SUCCESS) {
     888           0 :                 DBG_ERR("dnsserver: Failed to find DNS zone: %s\n",
     889             :                         ldb_dn_get_linearized(zone_dn));
     890           0 :                 return DNS_ERR(SERVER_FAILURE);
     891             :         }
     892             : 
     893        3001 :         element = ldb_msg_find_element(res->msgs[0], "dNSProperty");
     894        3001 :         if (element == NULL) {
     895         395 :                 return DNS_ERR(NOTZONE);
     896             :         }
     897             : 
     898       20814 :         for (i = 0; i < element->num_values; i++) {
     899             :                 bool valid_property;
     900       18227 :                 prop = talloc_zero(mem_ctx, struct dnsp_DnsProperty);
     901       18227 :                 if (prop == NULL) {
     902           0 :                         return WERR_NOT_ENOUGH_MEMORY;
     903             :                 }
     904       18227 :                 err = ndr_pull_struct_blob(
     905       18227 :                     &(element->values[i]),
     906             :                     mem_ctx,
     907             :                     prop,
     908             :                     (ndr_pull_flags_fn_t)ndr_pull_dnsp_DnsProperty);
     909       18227 :                 if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
     910             :                         /*
     911             :                          * If we can't pull it, then there is no valid
     912             :                          * data to load into the zone, so ignore this
     913             :                          * as Micosoft does.  Windows can load an
     914             :                          * invalid property with a zero length into
     915             :                          * the dnsProperty attribute.
     916             :                          */
     917           3 :                         continue;
     918             :                 }
     919             : 
     920       18224 :                 valid_property =
     921             :                     dns_zoneinfo_load_zone_property(zoneinfo, prop);
     922       18224 :                 if (!valid_property) {
     923           0 :                         return DNS_ERR(SERVER_FAILURE);
     924             :                 }
     925             :         }
     926             : 
     927        2606 :         return WERR_OK;
     928             : }
     929             : 
     930        2983 : WERROR dns_common_replace(struct ldb_context *samdb,
     931             :                           TALLOC_CTX *mem_ctx,
     932             :                           struct ldb_dn *dn,
     933             :                           bool needs_add,
     934             :                           uint32_t serial,
     935             :                           struct dnsp_DnssrvRpcRecord *records,
     936             :                           uint16_t rec_count)
     937             : {
     938        2983 :         const struct timeval start = timeval_current();
     939             :         struct ldb_message_element *el;
     940             :         uint16_t i;
     941             :         int ret;
     942             :         WERROR werr;
     943        2983 :         struct ldb_message *msg = NULL;
     944        2983 :         bool was_tombstoned = false;
     945        2983 :         bool become_tombstoned = false;
     946        2983 :         struct ldb_dn *zone_dn = NULL;
     947        2983 :         struct dnsserver_zoneinfo *zoneinfo = NULL;
     948             :         uint32_t t;
     949             : 
     950        2983 :         msg = ldb_msg_new(mem_ctx);
     951        2983 :         W_ERROR_HAVE_NO_MEMORY(msg);
     952             : 
     953        2983 :         msg->dn = dn;
     954             : 
     955        2983 :         zone_dn = ldb_dn_copy(mem_ctx, dn);
     956        2983 :         if (zone_dn == NULL) {
     957           0 :                 werr = WERR_NOT_ENOUGH_MEMORY;
     958           0 :                 goto exit;
     959             :         }
     960        2983 :         if (!ldb_dn_remove_child_components(zone_dn, 1)) {
     961           0 :                 werr = DNS_ERR(SERVER_FAILURE);
     962           0 :                 goto exit;
     963             :         }
     964        2983 :         zoneinfo = talloc(mem_ctx, struct dnsserver_zoneinfo);
     965        2983 :         if (zoneinfo == NULL) {
     966           0 :                 werr = WERR_NOT_ENOUGH_MEMORY;
     967           0 :                 goto exit;
     968             :         }
     969        2983 :         werr = dns_get_zone_properties(samdb, mem_ctx, zone_dn, zoneinfo);
     970        2983 :         if (W_ERROR_EQUAL(DNS_ERR(NOTZONE), werr)) {
     971             :                 /*
     972             :                  * We only got zoneinfo for aging so if we didn't find any
     973             :                  * properties then just disable aging and keep going.
     974             :                  */
     975         389 :                 zoneinfo->fAging = 0;
     976        2594 :         } else if (!W_ERROR_IS_OK(werr)) {
     977           0 :                 goto exit;
     978             :         }
     979             : 
     980        2983 :         werr = check_name_list(mem_ctx, rec_count, records);
     981        2983 :         if (!W_ERROR_IS_OK(werr)) {
     982           3 :                 goto exit;
     983             :         }
     984             : 
     985        2980 :         ret = ldb_msg_add_empty(msg, "dnsRecord", LDB_FLAG_MOD_REPLACE, &el);
     986        2980 :         if (ret != LDB_SUCCESS) {
     987           0 :                 werr = DNS_ERR(SERVER_FAILURE);
     988           0 :                 goto exit;
     989             :         }
     990             : 
     991             :         /*
     992             :          * we have at least one value,
     993             :          * which might be used for the tombstone marker
     994             :          */
     995        2980 :         el->values = talloc_zero_array(el, struct ldb_val, MAX(1, rec_count));
     996        2980 :         if (el->values == NULL) {
     997           0 :                 werr = WERR_NOT_ENOUGH_MEMORY;
     998           0 :                 goto exit;
     999             :         }
    1000             : 
    1001        2980 :         if (rec_count > 1) {
    1002             :                 /*
    1003             :                  * We store a sorted list with the high wType values first
    1004             :                  * that's what windows does. It also simplifies the
    1005             :                  * filtering of DNS_TYPE_TOMBSTONE records
    1006             :                  */
    1007        1332 :                 TYPESAFE_QSORT(records, rec_count, rec_cmp);
    1008             :         }
    1009             : 
    1010       10175 :         for (i = 0; i < rec_count; i++) {
    1011        7224 :                 struct ldb_val *v = &el->values[el->num_values];
    1012             :                 enum ndr_err_code ndr_err;
    1013             : 
    1014        7224 :                 if (records[i].wType == DNS_TYPE_TOMBSTONE) {
    1015             :                         /*
    1016             :                          * There are two things that could be going on here.
    1017             :                          *
    1018             :                          * 1. We use a tombstone with EntombedTime == 0 for
    1019             :                          * passing deletion messages through the stack, and
    1020             :                          * this is the place we filter them out to perform
    1021             :                          * that deletion.
    1022             :                          *
    1023             :                          * 2. This node is tombstoned, with no records except
    1024             :                          * for a single tombstone, and it is just waiting to
    1025             :                          * disappear. In this case, unless the caller has
    1026             :                          * added a record, rec_count should be 1, and
    1027             :                          * el->num_values will end up at 0, and we will make
    1028             :                          * no changes. But if the caller has added a record,
    1029             :                          * we need to un-tombstone the node.
    1030             :                          *
    1031             :                          * It is not possible to add an explicit tombstone
    1032             :                          * record.
    1033             :                          */
    1034         244 :                         if (records[i].data.EntombedTime != 0) {
    1035          23 :                                 was_tombstoned = true;
    1036             :                         }
    1037         244 :                         continue;
    1038             :                 }
    1039             : 
    1040        6980 :                 if (zoneinfo->fAging == 1 && records[i].dwTimeStamp != 0) {
    1041         933 :                         t = unix_to_dns_timestamp(time(NULL));
    1042        1866 :                         if (t - records[i].dwTimeStamp >
    1043         933 :                             zoneinfo->dwNoRefreshInterval) {
    1044         189 :                                 records[i].dwTimeStamp = t;
    1045             :                         }
    1046             :                 }
    1047             : 
    1048        6980 :                 records[i].dwSerial = serial;
    1049        6980 :                 ndr_err = ndr_push_struct_blob(v, el->values, &records[i],
    1050             :                                 (ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
    1051        6980 :                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
    1052           0 :                         DEBUG(0, ("Failed to push dnsp_DnssrvRpcRecord\n"));
    1053           0 :                         werr = DNS_ERR(SERVER_FAILURE);
    1054           0 :                         goto exit;
    1055             :                 }
    1056        6980 :                 el->num_values++;
    1057             :         }
    1058             : 
    1059        2980 :         if (needs_add) {
    1060             :                 /*
    1061             :                  * This is a new dnsNode, which simplifies everything as we
    1062             :                  * know there is nothing to delete or change. We add the
    1063             :                  * records and get out.
    1064             :                  */
    1065         473 :                 if (el->num_values == 0) {
    1066          20 :                         werr = WERR_OK;
    1067          20 :                         goto exit;
    1068             :                 }
    1069             : 
    1070         453 :                 ret = ldb_msg_add_string(msg, "objectClass", "dnsNode");
    1071         453 :                 if (ret != LDB_SUCCESS) {
    1072           0 :                         werr = DNS_ERR(SERVER_FAILURE);
    1073           0 :                         goto exit;
    1074             :                 }
    1075             : 
    1076         453 :                 ret = ldb_add(samdb, msg);
    1077         453 :                 if (ret != LDB_SUCCESS) {
    1078           0 :                         werr = DNS_ERR(SERVER_FAILURE);
    1079           0 :                         goto exit;
    1080             :                 }
    1081             : 
    1082         453 :                 werr = WERR_OK;
    1083         453 :                 goto exit;
    1084             :         }
    1085             : 
    1086        2507 :         if (el->num_values == 0) {
    1087             :                 /*
    1088             :                  * We get here if there are no records or all the records were
    1089             :                  * tombstones.
    1090             :                  */
    1091             :                 struct dnsp_DnssrvRpcRecord tbs;
    1092         818 :                 struct ldb_val *v = &el->values[el->num_values];
    1093             :                 enum ndr_err_code ndr_err;
    1094             :                 struct timeval tv;
    1095             : 
    1096         818 :                 if (was_tombstoned) {
    1097             :                         /*
    1098             :                          * This is already a tombstoned object.
    1099             :                          * Just leave it instead of updating the time stamp.
    1100             :                          */
    1101           6 :                         werr = WERR_OK;
    1102          12 :                         goto exit;
    1103             :                 }
    1104             : 
    1105         812 :                 tv = timeval_current();
    1106         812 :                 tbs = (struct dnsp_DnssrvRpcRecord) {
    1107             :                         .wType = DNS_TYPE_TOMBSTONE,
    1108             :                         .dwSerial = serial,
    1109         812 :                         .data.EntombedTime = timeval_to_nttime(&tv),
    1110             :                 };
    1111             : 
    1112         812 :                 ndr_err = ndr_push_struct_blob(v, el->values, &tbs,
    1113             :                                 (ndr_push_flags_fn_t)ndr_push_dnsp_DnssrvRpcRecord);
    1114         812 :                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
    1115           0 :                         DEBUG(0, ("Failed to push dnsp_DnssrvRpcRecord\n"));
    1116           0 :                         werr = DNS_ERR(SERVER_FAILURE);
    1117           0 :                         goto exit;
    1118             :                 }
    1119         812 :                 el->num_values++;
    1120             : 
    1121         812 :                 become_tombstoned = true;
    1122             :         }
    1123             : 
    1124        2501 :         if (was_tombstoned || become_tombstoned) {
    1125         829 :                 ret = ldb_msg_add_empty(msg, "dNSTombstoned",
    1126             :                                         LDB_FLAG_MOD_REPLACE, NULL);
    1127         829 :                 if (ret != LDB_SUCCESS) {
    1128           0 :                         werr = DNS_ERR(SERVER_FAILURE);
    1129           0 :                         goto exit;
    1130             :                 }
    1131             : 
    1132         829 :                 ret = ldb_msg_add_fmt(msg, "dNSTombstoned", "%s",
    1133             :                                       become_tombstoned ? "TRUE" : "FALSE");
    1134         829 :                 if (ret != LDB_SUCCESS) {
    1135           0 :                         werr = DNS_ERR(SERVER_FAILURE);
    1136           0 :                         goto exit;
    1137             :                 }
    1138             :         }
    1139             : 
    1140        2501 :         ret = ldb_modify(samdb, msg);
    1141        2501 :         if (ret != LDB_SUCCESS) {
    1142           2 :                 NTSTATUS nt = dsdb_ldb_err_to_ntstatus(ret);
    1143           2 :                 werr = ntstatus_to_werror(nt);
    1144           2 :                 goto exit;
    1145             :         }
    1146             : 
    1147        2470 :         werr = WERR_OK;
    1148        2983 : exit:
    1149        2983 :         talloc_free(msg);
    1150        2983 :         DNS_COMMON_LOG_OPERATION(
    1151             :                 win_errstr(werr),
    1152             :                 &start,
    1153             :                 NULL,
    1154             :                 dn == NULL ? NULL : ldb_dn_get_linearized(dn),
    1155             :                 NULL);
    1156        2983 :         return werr;
    1157             : }
    1158             : 
    1159      599997 : bool dns_name_match(const char *zone, const char *name, size_t *host_part_len)
    1160             : {
    1161      599997 :         size_t zl = strlen(zone);
    1162      599997 :         size_t nl = strlen(name);
    1163             :         ssize_t zi, ni;
    1164             :         static const size_t fixup = 'a' - 'A';
    1165             : 
    1166      599997 :         if (zl > nl) {
    1167       66616 :                 return false;
    1168             :         }
    1169             : 
    1170    13557560 :         for (zi = zl, ni = nl; zi >= 0; zi--, ni--) {
    1171    13191340 :                 char zc = zone[zi];
    1172    13191340 :                 char nc = name[ni];
    1173             : 
    1174             :                 /* convert to lower case */
    1175    13191340 :                 if (zc >= 'A' && zc <= 'Z') {
    1176        3036 :                         zc += fixup;
    1177             :                 }
    1178    13191340 :                 if (nc >= 'A' && nc <= 'Z') {
    1179     5255994 :                         nc += fixup;
    1180             :                 }
    1181             : 
    1182    13191340 :                 if (zc != nc) {
    1183      166975 :                         return false;
    1184             :                 }
    1185             :         }
    1186             : 
    1187      366220 :         if (ni >= 0) {
    1188      274118 :                 if (name[ni] != '.') {
    1189           0 :                         return false;
    1190             :                 }
    1191             : 
    1192      274118 :                 ni--;
    1193             :         }
    1194             : 
    1195      366220 :         *host_part_len = ni+1;
    1196             : 
    1197      366220 :         return true;
    1198             : }
    1199             : 
    1200      187042 : WERROR dns_common_name2dn(struct ldb_context *samdb,
    1201             :                           struct dns_server_zone *zones,
    1202             :                           TALLOC_CTX *mem_ctx,
    1203             :                           const char *name,
    1204             :                           struct ldb_dn **_dn)
    1205             : {
    1206             :         struct ldb_dn *base;
    1207             :         struct ldb_dn *dn;
    1208             :         const struct dns_server_zone *z;
    1209      187042 :         size_t host_part_len = 0;
    1210             :         struct ldb_val host_part;
    1211             :         WERROR werr;
    1212             :         bool ok;
    1213      187042 :         const char *casefold = NULL;
    1214             : 
    1215      187042 :         if (name == NULL) {
    1216           0 :                 return DNS_ERR(FORMAT_ERROR);
    1217             :         }
    1218             : 
    1219      187042 :         if (strcmp(name, "") == 0) {
    1220           0 :                 base = ldb_get_default_basedn(samdb);
    1221           0 :                 dn = ldb_dn_copy(mem_ctx, base);
    1222           0 :                 ok = ldb_dn_add_child_fmt(dn,
    1223             :                                           "DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System");
    1224           0 :                 if (ok == false) {
    1225           0 :                         TALLOC_FREE(dn);
    1226           0 :                         return WERR_NOT_ENOUGH_MEMORY;
    1227             :                 }
    1228             : 
    1229           0 :                 *_dn = dn;
    1230           0 :                 return WERR_OK;
    1231             :         }
    1232             : 
    1233             :         /* Check non-empty names */
    1234      187042 :         werr = dns_name_check(mem_ctx, strlen(name), name);
    1235      187042 :         if (!W_ERROR_IS_OK(werr)) {
    1236           0 :                 return werr;
    1237             :         }
    1238             : 
    1239      310494 :         for (z = zones; z != NULL; z = z->next) {
    1240             :                 bool match;
    1241             : 
    1242      310628 :                 match = dns_name_match(z->name, name, &host_part_len);
    1243      310628 :                 if (match) {
    1244      186884 :                         break;
    1245             :                 }
    1246             :         }
    1247             : 
    1248      187042 :         if (z == NULL) {
    1249          12 :                 return DNS_ERR(NAME_ERROR);
    1250             :         }
    1251             : 
    1252      187030 :         if (host_part_len == 0) {
    1253       87583 :                 dn = ldb_dn_copy(mem_ctx, z->dn);
    1254       87583 :                 ok = ldb_dn_add_child_fmt(dn, "DC=@");
    1255       87583 :                 if (! ok) {
    1256           0 :                         TALLOC_FREE(dn);
    1257           0 :                         return WERR_NOT_ENOUGH_MEMORY;
    1258             :                 }
    1259       87583 :                 *_dn = dn;
    1260       87583 :                 return WERR_OK;
    1261             :         }
    1262             : 
    1263       99447 :         dn = ldb_dn_copy(mem_ctx, z->dn);
    1264       99447 :         if (dn == NULL) {
    1265           0 :                 TALLOC_FREE(dn);
    1266           0 :                 return WERR_NOT_ENOUGH_MEMORY;
    1267             :         }
    1268             : 
    1269       99447 :         host_part = data_blob_const(name, host_part_len);
    1270             : 
    1271       99447 :         ok = ldb_dn_add_child_val(dn, "DC", host_part);
    1272             : 
    1273       99447 :         if (ok == false) {
    1274           0 :                 TALLOC_FREE(dn);
    1275           0 :                 return WERR_NOT_ENOUGH_MEMORY;
    1276             :         }
    1277             : 
    1278             :         /*
    1279             :          * Check the new DN here for validity, so as to catch errors
    1280             :          * early
    1281             :          */
    1282       99447 :         ok = ldb_dn_validate(dn);
    1283       99447 :         if (ok == false) {
    1284           0 :                 TALLOC_FREE(dn);
    1285           0 :                 return DNS_ERR(NAME_ERROR);
    1286             :         }
    1287             : 
    1288             :         /*
    1289             :          * The value from this check is saved in the DN, and doing
    1290             :          * this here allows an easy return here.
    1291             :          */
    1292       99447 :         casefold = ldb_dn_get_casefold(dn);
    1293       99447 :         if (casefold == NULL) {
    1294           0 :                 TALLOC_FREE(dn);
    1295           0 :                 return DNS_ERR(NAME_ERROR);
    1296             :         }
    1297             : 
    1298       99447 :         *_dn = dn;
    1299       99447 :         return WERR_OK;
    1300             : }
    1301             : 
    1302             : 
    1303             : /*
    1304             :   see if two dns records match
    1305             :  */
    1306             : 
    1307             : 
    1308       11629 : bool dns_record_match(struct dnsp_DnssrvRpcRecord *rec1,
    1309             :                       struct dnsp_DnssrvRpcRecord *rec2)
    1310             : {
    1311             :         int i;
    1312             :         struct in6_addr rec1_in_addr6;
    1313             :         struct in6_addr rec2_in_addr6;
    1314             : 
    1315       11629 :         if (rec1->wType != rec2->wType) {
    1316        2115 :                 return false;
    1317             :         }
    1318             : 
    1319             :         /* see if the data matches */
    1320        9514 :         switch (rec1->wType) {
    1321        2661 :         case DNS_TYPE_A:
    1322        2661 :                 return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0;
    1323        1665 :         case DNS_TYPE_AAAA: {
    1324             :                 int ret;
    1325             : 
    1326        1665 :                 ret = inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
    1327        1665 :                 if (ret != 1) {
    1328           0 :                         return false;
    1329             :                 }
    1330        1665 :                 ret = inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
    1331        1665 :                 if (ret != 1) {
    1332           0 :                         return false;
    1333             :                 }
    1334             : 
    1335        1665 :                 return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
    1336             :         }
    1337         211 :         case DNS_TYPE_CNAME:
    1338         211 :                 return dns_name_equal(rec1->data.cname, rec2->data.cname);
    1339        2872 :         case DNS_TYPE_TXT:
    1340        2872 :                 if (rec1->data.txt.count != rec2->data.txt.count) {
    1341         345 :                         return false;
    1342             :                 }
    1343        4388 :                 for (i = 0; i < rec1->data.txt.count; i++) {
    1344        2944 :                         if (strcmp(rec1->data.txt.str[i], rec2->data.txt.str[i]) != 0) {
    1345        1083 :                                 return false;
    1346             :                         }
    1347             :                 }
    1348        1444 :                 return true;
    1349         271 :         case DNS_TYPE_PTR:
    1350         271 :                 return dns_name_equal(rec1->data.ptr, rec2->data.ptr);
    1351         277 :         case DNS_TYPE_NS:
    1352         277 :                 return dns_name_equal(rec1->data.ns, rec2->data.ns);
    1353             : 
    1354        1319 :         case DNS_TYPE_SRV:
    1355        2599 :                 return rec1->data.srv.wPriority == rec2->data.srv.wPriority &&
    1356        2532 :                         rec1->data.srv.wWeight  == rec2->data.srv.wWeight &&
    1357        3814 :                         rec1->data.srv.wPort    == rec2->data.srv.wPort &&
    1358        1243 :                         dns_name_equal(rec1->data.srv.nameTarget, rec2->data.srv.nameTarget);
    1359             : 
    1360         238 :         case DNS_TYPE_MX:
    1361         464 :                 return rec1->data.mx.wPriority == rec2->data.mx.wPriority &&
    1362         226 :                         dns_name_equal(rec1->data.mx.nameTarget, rec2->data.mx.nameTarget);
    1363             : 
    1364           0 :         case DNS_TYPE_SOA:
    1365           0 :                 return dns_name_equal(rec1->data.soa.mname, rec2->data.soa.mname) &&
    1366           0 :                         dns_name_equal(rec1->data.soa.rname, rec2->data.soa.rname) &&
    1367           0 :                         rec1->data.soa.serial == rec2->data.soa.serial &&
    1368           0 :                         rec1->data.soa.refresh == rec2->data.soa.refresh &&
    1369           0 :                         rec1->data.soa.retry == rec2->data.soa.retry &&
    1370           0 :                         rec1->data.soa.expire == rec2->data.soa.expire &&
    1371           0 :                         rec1->data.soa.minimum == rec2->data.soa.minimum;
    1372           0 :         case DNS_TYPE_TOMBSTONE:
    1373           0 :                 return true;
    1374           0 :         default:
    1375           0 :                 break;
    1376             :         }
    1377             : 
    1378           0 :         return false;
    1379             : }
    1380             : 
    1381             : 
    1382       19108 : static int dns_common_sort_zones(struct ldb_message **m1, struct ldb_message **m2)
    1383             : {
    1384             :         const char *n1, *n2;
    1385             :         size_t l1, l2;
    1386             : 
    1387       19108 :         n1 = ldb_msg_find_attr_as_string(*m1, "name", NULL);
    1388       19108 :         n2 = ldb_msg_find_attr_as_string(*m2, "name", NULL);
    1389       19108 :         if (n1 == NULL || n2 == NULL) {
    1390           0 :                 if (n1 != NULL) {
    1391           0 :                         return -1;
    1392           0 :                 } else if (n2 != NULL) {
    1393           0 :                         return 1;
    1394             :                 } else {
    1395           0 :                         return 0;
    1396             :                 }
    1397             :         }
    1398       19108 :         l1 = strlen(n1);
    1399       19108 :         l2 = strlen(n2);
    1400             : 
    1401             :         /* If the string lengths are not equal just sort by length */
    1402       19108 :         if (l1 != l2) {
    1403             :                 /* If m1 is the larger zone name, return it first */
    1404       16618 :                 return l2 - l1;
    1405             :         }
    1406             : 
    1407             :         /*TODO: We need to compare DNs here, we want the DomainDNSZones first */
    1408        2476 :         return 0;
    1409             : }
    1410             : 
    1411        2510 : NTSTATUS dns_common_zones(struct ldb_context *samdb,
    1412             :                           TALLOC_CTX *mem_ctx,
    1413             :                           struct ldb_dn *base_dn,
    1414             :                           struct dns_server_zone **zones_ret)
    1415             : {
    1416        2510 :         const struct timeval start = timeval_current();
    1417             :         int ret;
    1418             :         static const char * const attrs[] = { "name", NULL};
    1419             :         struct ldb_result *res;
    1420             :         int i;
    1421        2510 :         struct dns_server_zone *new_list = NULL;
    1422        2510 :         TALLOC_CTX *frame = talloc_stackframe();
    1423        2510 :         NTSTATUS result = NT_STATUS_OK;
    1424             : 
    1425        2510 :         if (base_dn) {
    1426             :                 /* This search will work against windows */
    1427          89 :                 ret = dsdb_search(samdb, frame, &res,
    1428             :                                   base_dn, LDB_SCOPE_SUBTREE,
    1429             :                                   attrs, 0, "(objectClass=dnsZone)");
    1430             :         } else {
    1431             :                 /* TODO: this search does not work against windows */
    1432        2421 :                 ret = dsdb_search(samdb, frame, &res, NULL,
    1433             :                                   LDB_SCOPE_SUBTREE,
    1434             :                                   attrs,
    1435             :                                   DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
    1436             :                                   "(objectClass=dnsZone)");
    1437             :         }
    1438        2510 :         if (ret != LDB_SUCCESS) {
    1439           0 :                 TALLOC_FREE(frame);
    1440           0 :                 result = NT_STATUS_INTERNAL_DB_CORRUPTION;
    1441           0 :                 goto exit;
    1442             :         }
    1443             : 
    1444        2510 :         TYPESAFE_QSORT(res->msgs, res->count, dns_common_sort_zones);
    1445             : 
    1446       14027 :         for (i=0; i < res->count; i++) {
    1447             :                 struct dns_server_zone *z;
    1448             : 
    1449       11531 :                 z = talloc_zero(mem_ctx, struct dns_server_zone);
    1450       11531 :                 if (z == NULL) {
    1451           0 :                         TALLOC_FREE(frame);
    1452           0 :                         result = NT_STATUS_NO_MEMORY;
    1453           0 :                         goto exit;
    1454             :                 }
    1455             : 
    1456       11531 :                 z->name = ldb_msg_find_attr_as_string(res->msgs[i], "name", NULL);
    1457       11531 :                 talloc_steal(z, z->name);
    1458       11531 :                 z->dn = talloc_move(z, &res->msgs[i]->dn);
    1459             :                 /*
    1460             :                  * Ignore the RootDNSServers zone and zones that we don't support yet
    1461             :                  * RootDNSServers should never be returned (Windows DNS server don't)
    1462             :                  * ..TrustAnchors should never be returned as is, (Windows returns
    1463             :                  * TrustAnchors) and for the moment we don't support DNSSEC so we'd better
    1464             :                  * not return this zone.
    1465             :                  */
    1466       18178 :                 if ((strcmp(z->name, "RootDNSServers") == 0) ||
    1467        6647 :                     (strcmp(z->name, "..TrustAnchors") == 0))
    1468             :                 {
    1469        4884 :                         DEBUG(10, ("Ignoring zone %s\n", z->name));
    1470        4884 :                         talloc_free(z);
    1471        4884 :                         continue;
    1472             :                 }
    1473        6647 :                 DLIST_ADD_END(new_list, z);
    1474             :         }
    1475             : 
    1476        2510 :         *zones_ret = new_list;
    1477        2510 :         TALLOC_FREE(frame);
    1478        2496 :         result = NT_STATUS_OK;
    1479        2510 : exit:
    1480        2510 :         DNS_COMMON_LOG_OPERATION(
    1481             :                 nt_errstr(result),
    1482             :                 &start,
    1483             :                 NULL,
    1484             :                 base_dn == NULL ? NULL : ldb_dn_get_linearized(base_dn),
    1485             :                 NULL);
    1486        2510 :         return result;
    1487             : }
    1488             : 
    1489             : /*
    1490             :   see if two DNS names are the same
    1491             :  */
    1492       45437 : bool dns_name_equal(const char *name1, const char *name2)
    1493             : {
    1494       45437 :         size_t len1 = strlen(name1);
    1495       45437 :         size_t len2 = strlen(name2);
    1496             : 
    1497       45437 :         if (len1 > 0 && name1[len1 - 1] == '.') {
    1498        1754 :                 len1--;
    1499             :         }
    1500       45437 :         if (len2 > 0 && name2[len2 - 1] == '.') {
    1501        9770 :                 len2--;
    1502             :         }
    1503       45437 :         if (len1 != len2) {
    1504       23161 :                 return false;
    1505             :         }
    1506       22276 :         return strncasecmp(name1, name2, len1) == 0;
    1507             : }
    1508             : 
    1509             : 
    1510             : /*
    1511             :  * Convert unix time to a DNS timestamp
    1512             :  * uint32 hours in the NTTIME epoch
    1513             :  *
    1514             :  * This uses unix_to_nt_time() which can return special flag NTTIMEs like
    1515             :  * UINT64_MAX (0xFFF...) or NTTIME_MAX (0x7FF...), which will convert to
    1516             :  * distant future timestamps; or 0 as a flag value, meaning a 1601 timestamp,
    1517             :  * which is used to indicate a record does not expire.
    1518             :  *
    1519             :  * As we don't generally check for these special values in NTTIME conversions,
    1520             :  * we also don't check here, but for the benefit of people encountering these
    1521             :  * timestamps and searching for their origin, here is a list:
    1522             :  *
    1523             :  **  TIME_T_MAX
    1524             :  *
    1525             :  * Even if time_t is 32 bit, this will become NTTIME_MAX (a.k.a INT64_MAX,
    1526             :  * 0x7fffffffffffffff) in 100ns units. That translates to 256204778 hours
    1527             :  * since 1601, which converts back to 9223372008000000000 or
    1528             :  * 0x7ffffff9481f1000. It will present as 30828-09-14 02:00:00, around 48
    1529             :  * minutes earlier than NTTIME_MAX.
    1530             :  *
    1531             :  **  0, the start of the unix epoch, 1970-01-01 00:00:00
    1532             :  *
    1533             :  * This is converted into 0 in the Windows epoch, 1601-01-01 00:00:00 which is
    1534             :  * clearly the same whether you count in 100ns units or hours. In DNS record
    1535             :  * timestamps this is a flag meaning the record will never expire.
    1536             :  *
    1537             :  **  (time_t)-1, such as what *might* mean 1969-12-31 23:59:59
    1538             :  *
    1539             :  * This becomes (NTTIME)-1ULL a.k.a. UINT64_MAX, 0xffffffffffffffff thence
    1540             :  * 512409557 in hours since 1601. That in turn is 0xfffffffaf2028800 or
    1541             :  * 18446744052000000000 in NTTIME (rounded to the hour), which might be
    1542             :  * presented as -21709551616 or -0x50dfd7800, because NTITME is not completely
    1543             :  * dedicated to being unsigned. If it gets shown as a year, it will be around
    1544             :  * 60055.
    1545             :  *
    1546             :  **  Other negative time_t values (e.g. 1969-05-29).
    1547             :  *
    1548             :  * The meaning of these is somewhat undefined, but in any case they will
    1549             :  * translate perfectly well into the same dates in NTTIME.
    1550             :  *
    1551             :  **  Notes
    1552             :  *
    1553             :  * There are dns timestamps that exceed the range of NTTIME (up to 488356 AD),
    1554             :  * but it is not possible for this function to produce them.
    1555             :  *
    1556             :  * It is plausible that it was at midnight on 1601-01-01, in London, that
    1557             :  * Shakespeare wrote:
    1558             :  *
    1559             :  *  The time is out of joint. O cursed spite
    1560             :  *  That ever I was born to set it right!
    1561             :  *
    1562             :  * and this is why we have this epoch and time zone.
    1563             :  */
    1564        2857 : uint32_t unix_to_dns_timestamp(time_t t)
    1565             : {
    1566             :         NTTIME nt;
    1567        2857 :         unix_to_nt_time(&nt, t);
    1568        2857 :         nt /= NTTIME_TO_HOURS;
    1569        2857 :         return (uint32_t) nt;
    1570             : }
    1571             : 
    1572             : /*
    1573             :  * Convert a DNS timestamp into NTTIME.
    1574             :  *
    1575             :  * Because DNS timestamps cover a longer time period than NTTIME, and these
    1576             :  * would wrap to an arbitrary NTTIME, we saturate at NTTIME_MAX and return an
    1577             :  * error in this case.
    1578             :  */
    1579          80 : NTSTATUS dns_timestamp_to_nt_time(NTTIME *_nt, uint32_t t)
    1580             : {
    1581          80 :         NTTIME nt = t;
    1582          80 :         if (nt > NTTIME_MAX / NTTIME_TO_HOURS) {
    1583           2 :                 *_nt = NTTIME_MAX;
    1584           2 :                 return NT_STATUS_INTEGER_OVERFLOW;
    1585             :         }
    1586          78 :         *_nt = nt * NTTIME_TO_HOURS;
    1587          78 :         return NT_STATUS_OK;
    1588             : }

Generated by: LCOV version 1.13