s4-dns: dlz-bind: Add trailing '.' to all fqdn strings

BIND 9.10.x is strict when sending records via putrr and putnamedrr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10620

Thanks to Guenter Kukkukk for identifying the problem and resolution.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Guenter Kukkukk <kukks@samba.org>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Nov 21 06:14:55 CET 2014 on sn-devel-104

(cherry picked from commit b7f6b09a13daaa702aef5a0ab9f458521e4902b1)

Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Mon Nov 24 23:27:37 CET 2014 on sn-devel-104

2 files changed, 59 insertions, 20 deletions

diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 62e6f377d9..604d4b9ddd 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -103,6 +103,27 @@ static void b9_add_helper(struct dlz_bind9_data *state, const char *helper_name,
 }
 
 /*
+ * Add a trailing '.' if it's missing
+ */
+static const char *b9_format_fqdn(TALLOC_CTX *mem_ctx, const char *str)
+{
+	size_t len;
+	const char *tmp;
+
+	if (str == NULL || str[0] == '\0') {
+		return str;
+	}
+
+	len = strlen(str);
+	if (str[len-1] != '.') {
+		tmp = talloc_asprintf(mem_ctx, "%s.", str);
+	} else {
+		tmp = str;
+	}
+	return tmp;
+}
+
+/*
   format a record for bind9
  */
 static bool b9_format(struct dlz_bind9_data *state,
@@ -112,6 +133,7 @@ static bool b9_format(struct dlz_bind9_data *state,
 {
 	uint32_t i;
 	char *tmp;
+	const char *fqdn;
 
 	switch (rec->wType) {
 	case DNS_TYPE_A:
@@ -126,7 +148,7 @@ static bool b9_format(struct dlz_bind9_data *state,
 
 	case DNS_TYPE_CNAME:
 		*type = "cname";
-		*data = rec->data.cname;
+		*data = b9_format_fqdn(mem_ctx, rec->data.cname);
 		break;
 
 	case DNS_TYPE_TXT:
@@ -140,23 +162,30 @@ static bool b9_format(struct dlz_bind9_data *state,
 
 	case DNS_TYPE_PTR:
 		*type = "ptr";
-		*data = rec->data.ptr;
+		*data = b9_format_fqdn(mem_ctx, rec->data.ptr);
 		break;
 
 	case DNS_TYPE_SRV:
 		*type = "srv";
+		fqdn = b9_format_fqdn(mem_ctx, rec->data.srv.nameTarget);
+		if (fqdn == NULL) {
+			return false;
+		}
 		*data = talloc_asprintf(mem_ctx, "%u %u %u %s",
 					rec->data.srv.wPriority,
 					rec->data.srv.wWeight,
 					rec->data.srv.wPort,
-					rec->data.srv.nameTarget);
+					fqdn);
 		break;
 
 	case DNS_TYPE_MX:
 		*type = "mx";
+		fqdn = b9_format_fqdn(mem_ctx, rec->data.mx.nameTarget);
+		if (fqdn == NULL) {
+			return false;
+		}
 		*data = talloc_asprintf(mem_ctx, "%u %s",
-					rec->data.mx.wPriority,
-					rec->data.mx.nameTarget);
+					rec->data.mx.wPriority, fqdn);
 		break;
 
 	case DNS_TYPE_HINFO:
@@ -168,7 +197,7 @@ static bool b9_format(struct dlz_bind9_data *state,
 
 	case DNS_TYPE_NS:
 		*type = "ns";
-		*data = rec->data.ns;
+		*data = b9_format_fqdn(mem_ctx, rec->data.ns);
 		break;
 
 	case DNS_TYPE_SOA: {
@@ -179,8 +208,9 @@ static bool b9_format(struct dlz_bind9_data *state,
 		 * point at ourselves. This is how AD DNS servers
 		 * force clients to send updates to the right local DC
 		 */
-		mname = talloc_asprintf(mem_ctx, "%s.%s",
-					lpcfg_netbios_name(state->lp), lpcfg_dnsdomain(state->lp));
+		mname = talloc_asprintf(mem_ctx, "%s.%s.",
+					lpcfg_netbios_name(state->lp),
+					lpcfg_dnsdomain(state->lp));
 		if (mname == NULL) {
 			return false;
 		}
@@ -189,11 +219,15 @@ static bool b9_format(struct dlz_bind9_data *state,
 			return false;
 		}
 
+		fqdn = b9_format_fqdn(mem_ctx, rec->data.soa.rname);
+		if (fqdn == NULL) {
+			return false;
+		}
+
 		state->soa_serial = rec->data.soa.serial;
 
 		*data = talloc_asprintf(mem_ctx, "%s %s %u %u %u %u %u",
-					mname,
-					rec->data.soa.rname,
+					mname, fqdn,
 					rec->data.soa.serial,
 					rec->data.soa.refresh,
 					rec->data.soa.retry,
@@ -950,6 +984,7 @@ _PUBLIC_ isc_result_t dlz_allnodes(const char *zone, void *dbdata,
 		} else {
 			name = talloc_asprintf(el_ctx, "%s.%s", rdn, zone);
 		}
+		name = b9_format_fqdn(el_ctx, name);
 		if (name == NULL) {
 			talloc_free(tmp_ctx);
 			return ISC_R_NOMEMORY;
diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
index fa6967dc76..1b4bca4a99 100644
--- a/source4/torture/dns/dlz_bind9.c
+++ b/source4/torture/dns/dlz_bind9.c
@@ -353,7 +353,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx)
 	expected1->records[0].type = "soa";
 	expected1->records[0].ttl = 3600;
 	expected1->records[0].data = talloc_asprintf(expected1->records,
-				"%s.%s hostmaster.%s 1 900 600 86400 3600",
+				"%s.%s. hostmaster.%s. 1 900 600 86400 3600",
 				torture_setting_string(tctx, "host", NULL),
 				lpcfg_dnsdomain(tctx->lp_ctx),
 				lpcfg_dnsdomain(tctx->lp_ctx));
@@ -362,7 +362,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx)
 	expected1->records[1].name = expected1->query_name;
 	expected1->records[1].type = "ns";
 	expected1->records[1].ttl = 900;
-	expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s",
+	expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.",
 				torture_setting_string(tctx, "host", NULL),
 				lpcfg_dnsdomain(tctx->lp_ctx));
 	torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed");
@@ -471,40 +471,44 @@ static bool test_dlz_bind9_zonedump(struct torture_context *tctx)
 					       expected1->num_records);
 	torture_assert(tctx, expected1->records != NULL, "talloc failed");
 
-	expected1->records[0].name = lpcfg_dnsdomain(tctx->lp_ctx);
+	expected1->records[0].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
 	expected1->records[0].type = "soa";
 	expected1->records[0].ttl = 3600;
 	expected1->records[0].data = talloc_asprintf(expected1->records,
-				"%s.%s hostmaster.%s 1 900 600 86400 3600",
+				"%s.%s. hostmaster.%s. 1 900 600 86400 3600",
 				torture_setting_string(tctx, "host", NULL),
 				lpcfg_dnsdomain(tctx->lp_ctx),
 				lpcfg_dnsdomain(tctx->lp_ctx));
 	torture_assert(tctx, expected1->records[0].data != NULL, "talloc failed");
 
-	expected1->records[1].name = lpcfg_dnsdomain(tctx->lp_ctx);
+	expected1->records[1].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
 	expected1->records[1].type = "ns";
 	expected1->records[1].ttl = 900;
-	expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s",
+	expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.",
 				torture_setting_string(tctx, "host", NULL),
 				lpcfg_dnsdomain(tctx->lp_ctx));
 	torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed");
 
-	expected1->records[2].name = lpcfg_dnsdomain(tctx->lp_ctx);
+	expected1->records[2].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
 	expected1->records[2].type = "aaaa";
 	expected1->records[2].ttl = 900;
 
-	expected1->records[3].name = lpcfg_dnsdomain(tctx->lp_ctx);
+	expected1->records[3].name = talloc_asprintf(expected1->records,
+				"%s.", lpcfg_dnsdomain(tctx->lp_ctx));
 	expected1->records[3].type = "a";
 	expected1->records[3].ttl = 900;
 
-	expected1->records[4].name = talloc_asprintf(expected1->records, "%s.%s",
+	expected1->records[4].name = talloc_asprintf(expected1->records, "%s.%s.",
 				torture_setting_string(tctx, "host", NULL),
 				lpcfg_dnsdomain(tctx->lp_ctx));
 	torture_assert(tctx, expected1->records[4].name != NULL, "unknown host");
 	expected1->records[4].type = "aaaa";
 	expected1->records[4].ttl = 900;
 
-	expected1->records[5].name = talloc_asprintf(expected1->records, "%s.%s",
+	expected1->records[5].name = talloc_asprintf(expected1->records, "%s.%s.",
 				torture_setting_string(tctx, "host", NULL),
 				lpcfg_dnsdomain(tctx->lp_ctx));
 	torture_assert(tctx, expected1->records[5].name != NULL, "unknown host");