[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [EXTERNAL] Re: dNSProperty parsing of DSPROPERTY_ZONE_NS_SERVERS_DA in particula
From: Obaid Farooqi via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2020-04-23 5:25:11
Message-ID: CY4PR21MB07927A85B656B3F11B5DD5D0C6D30 () CY4PR21MB0792 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
Hi Andrew:
DNS just ignores records like this .i.e. when wDataLength is 0, it will log an error \
and move on.
Regards,
Obaid Farooqi
Escalatiion Engineer | Microsoft
-----Original Message-----
From: Obaid Farooqi
Sent: Wednesday, April 22, 2020 6:51 PM
To: Andrew Bartlett <abartlet@samba.org>; cifs-protocol mailing list \
<cifs-protocol@lists.samba.org>
Cc: support <support@mail.support.microsoft.com>
Subject: RE: [EXTERNAL] Re: [cifs-protocol] dNSProperty parsing of \
DSPROPERTY_ZONE_NS_SERVERS_DA in particular [120040622000005]
Hi Andrew:
I'll update with the formal version as soon as I have it.
Regards,
Obaid Farooqi
Escalatiion Engineer | Microsoft
-----Original Message-----
From: Andrew Bartlett <abartlet@samba.org>
Sent: Wednesday, April 22, 2020 5:25 PM
To: Obaid Farooqi <obaidf@microsoft.com>; cifs-protocol mailing list \
<cifs-protocol@lists.samba.org>
Cc: support <support@mail.support.microsoft.com>
Subject: Re: [EXTERNAL] Re: [cifs-protocol] dNSProperty parsing of \
DSPROPERTY_ZONE_NS_SERVERS_DA in particular [120040622000005]
Thanks, so by reject do you mean ignore (pretend that value was never there)?
(We got into the muddle because we started to hard reject the records, and failed the \
operation).
Thanks,
Andrew Bartlett
On Wed, 2020-04-22 at 22:18 +0000, Obaid Farooqi wrote:
> Hi Andrew:
> We are almost there.
> The research is just waiting some official confirmation but code
> browsing suggest that we do not perform any validation when data is
> written to AD. But at the time when DNS reads it, it will reject such
> kind of records.
>
> I'll update you if there is a change in this.
>
> Regards,
> Obaid Farooqi
> Escalatiion Engineer | Microsoft
>
> -----Original Message-----
> From: Andrew Bartlett <abartlet@samba.org>
> Sent: Wednesday, April 22, 2020 4:59 PM
> To: Obaid Farooqi <obaidf@microsoft.com>; cifs-protocol mailing list
> <cifs-protocol@lists.samba.org>
> Cc: support <support@mail.support.microsoft.com>
> Subject: [EXTERNAL] Re: [cifs-protocol] dNSProperty parsing of
> DSPROPERTY_ZONE_NS_SERVERS_DA in particular [120040622000005]
>
> G'Day Obiad,
>
> Any news on this one?
>
> Thanks,
>
> Andrew Bartlett
>
> On Mon, 2020-04-06 at 01:44 +0000, Obaid Farooqi via cifs-protocol
> wrote:
> > Hi Andrew:
> > Thanks for contacting Microsoft. I have created a case to track this
> > issue. A member of the open specifications team will be in touch
> > soon.
> >
> > Regards,
> > Obaid Farooqi
> > Escalation Engineer | Microsoft
> >
> > -----Original Message-----
> > From: Andrew Bartlett <abartlet@samba.org>
> > Sent: Sunday, April 5, 2020 6:44 PM
> > To: Interoperability Documentation Help <dochelp@microsoft.com>;
> > cifs-protocol mailing list <cifs-protocol@lists.samba.org>
> > Subject: [EXTERNAL] dNSProperty parsing of
> > DSPROPERTY_ZONE_NS_SERVERS_DA in particular
> >
> > G'Day Dochelp,
> >
> > I'm hoping for a little help with interoperability here. The
> > situation is a Samba AD Domain that has also had a Windows AD DC in
> > it, so some records were not created by Samba, like this records in
> > the DNS partition.
> >
> > In the
> >
> > DC=_msdcs.X.Y,CN=MicrosoftDNS,DC=ForestDnsZones,DC=X,DC=Y
> >
> > record, there is an attribute:
> >
> > dNSProperty:: AAAAAAAAAAAAAAAAAQAAAJIAAAAAAAAA
> >
> > 000000 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00
> > 00 >................<
> > 000010 92 00 00 00 00 00 00 00 >........<
> > 000018
> >
> > We, until samba 4.12, would parse this as:
> >
> > pull returned Success
> > dnsp_DnsProperty: struct dnsp_DnsProperty
> > wDataLength : 0x00000000 (0)
> > namelength : 0x00000000 (0)
> > flag : 0x00000000 (0)
> > version : 0x00000001 (1)
> > id : DSPROPERTY_ZONE_NS_SERVERS_DA
> > (146)
> > data : union dnsPropertyData(case 0)
> > name : 0x00000000 (0)
> > dump OK
> >
> > However, the wDataLength is 0. There is not anything in [MS-DNSP]
> > 2.3.2.1 dnsProperty to describe any special behaviour for when the
> > id suggests that there is a value, but wDataLength is 0.
> >
> >
>
>
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2 \
Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-dnsp%2F445c7843-e4a1-4222-8c0f-630c230a4c8 \
0&data=02%7C01%7Cobaidf%40microsoft.com%7C5e567c5c020f4182e3d208d7e70c1741%7C72f98 \
8bf86f141af91ab2d7cd011db47%7C1%7C0%7C637231911431299996&sdata=x87%2Fb8mukwyXEuqSF%2BAmyR4HuadN3kKk%2Br2xc3XduSE%3D&reserved=0
> >
> > We now fail to parse it, because we expect an entry with id
> > DSPROPERTY_ZONE_NS_SERVERS_DA to therefore have a valid
> > DNS_ADDR_ARRAY (section 2.2.3.2.3).
> >
> > As context (mostly for my fellow team members), we changed it in our
> > commit
> >
>
>
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.samba.org%2F%3Fp \
%3Dsamba.git%3Ba%3Dcommit%3Bh%3Dfee5c6a4247aeac71318186bbff7708d25de5912&data=02%7 \
C01%7Cobaidf%40microsoft.com%7C5e567c5c020f4182e3d208d7e70c1741%7C72f988bf86f141af91ab \
2d7cd011db47%7C1%7C0%7C637231911431299996&sdata=D1tM6Qk%2FO07%2FBERAyi6VmLsKRh5F2UyEN%2FXMY6Hthvs%3D&reserved=0
> > because of bug
> >
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz
> > illa.samba.org%2Fshow_bug.cgi%3Fid%3D14206&data=02%7C01%7Cobaid
> > f%4
> > 0microsoft.com%7C314454599b904edc858d08d7e7086cf2%7C72f988bf86f141a
> > f91
> > ab2d7cd011db47%7C1%7C0%7C637231895691697152&sdata=3hTeDUXXBaCPK
> > EA0
> > aefJ%2Bswd4XDRvrvgflV3iKEM5%2F4%3D&reserved=0
> > which was due to the artificial environment of the fuzzer.
> >
> > Can you clarify how this should be interpreted, so we can fix this
> > properly?
> >
> > Thanks!
> >
> > Andrew Bartlett
> >
>
> --
> Andrew Bartlett
> https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fsamba.
> org%2F~abartlet%2F&data=02%7C01%7Cobaidf%40microsoft.com%7C5e567c5
> c020f4182e3d208d7e70c1741%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7
> C637231911431299996&sdata=nnmBM9j8MYSy4l8jsKmuVuf6So2HSNMPTRuBoCQg
> dao%3D&reserved=0 Authentication Developer, Samba Team
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&d \
> ata=02%7C01%7Cobaidf%40microsoft.com%7C5e567c5c020f4182e3d208d7e70c1741%7C72f988bf86 \
> f141af91ab2d7cd011db47%7C1%7C0%7C637231911431299996&sdata=WoxZ67781RGjVdWaseI%2F8i%2BsVuAxWMAn%2BJdcp1dSAr4%3D&reserved=0
> Samba Developer, Catalyst IT
>
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fse \
rvices%2Fsamba&data=02%7C01%7Cobaidf%40microsoft.com%7C5e567c5c020f4182e3d208d7e70 \
c1741%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637231911431299996&sdata=2B6Vg2hc%2FmWQS%2FPW%2FcLQ1paxgOPbmnfik5CPap6GP7c%3D&reserved=0
>
>
>
--
Andrew Bartlett \
https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fsamba.org%2F~abartlet% \
2F&data=02%7C01%7Cobaidf%40microsoft.com%7C5e567c5c020f4182e3d208d7e70c1741%7C72f9 \
88bf86f141af91ab2d7cd011db47%7C1%7C0%7C637231911431299996&sdata=nnmBM9j8MYSy4l8jsKmuVuf6So2HSNMPTRuBoCQgdao%3D&reserved=0
Authentication Developer, Samba Team \
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&dat \
a=02%7C01%7Cobaidf%40microsoft.com%7C5e567c5c020f4182e3d208d7e70c1741%7C72f988bf86f141 \
af91ab2d7cd011db47%7C1%7C0%7C637231911431309988&sdata=V77W%2FMh8yKjJj7HCwL%2F%2FQh3Vw%2BCcsNSv5x6hKSFgnAg%3D&reserved=0
Samba Developer, Catalyst IT
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fse \
rvices%2Fsamba&data=02%7C01%7Cobaidf%40microsoft.com%7C5e567c5c020f4182e3d208d7e70 \
c1741%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637231911431309988&sdata=5xMYAcIBkl%2BTnocEnOSrq%2BPDc7YbSVMFJvEymL6MX20%3D&reserved=0
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic