VOID
DNSFreeNetworkInterfaceContents(
PLW_INTERFACE_INFO pInterfaceInfo
)
{
LWDNS_SAFE_FREE_STRING(pInterfaceInfo->pszName);
}
DWORD
DNSUpdatePtrSecure(
PSOCKADDR_IN pAddr,
PCSTR pszHostnameFQDN
)
{
DWORD dwError = 0;
PSTR pszZone = NULL;
PLW_NS_INFO pNameServerInfos = NULL;
DWORD dwNumNSInfos = 0;
BOOLEAN bDNSUpdated = FALSE;
PSTR pszRecordName = NULL;
PSTR pszPtrZone = NULL;
DWORD iNS = 0;
HANDLE hDNSServer = (HANDLE)NULL;
PCSTR pszAddress = NULL;
dwError = DNSGetPtrZoneForAddr(&pszPtrZone, pAddr);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSGetPtrNameForAddr(&pszRecordName, pAddr);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSGetNameServers(
pszPtrZone,
&pszZone,
&pNameServerInfos,
&dwNumNSInfos);
BAIL_ON_LWDNS_ERROR(dwError);
for (; !bDNSUpdated && (iNS < dwNumNSInfos); iNS++)
{
PSTR pszNameServer = NULL;
PLW_NS_INFO pNSInfo = NULL;
pNSInfo = &pNameServerInfos[iNS];
pszNameServer = pNSInfo->pszNSHostName;
if (hDNSServer != (HANDLE)NULL)
{
DNSClose(hDNSServer);
}
pszAddress = inet_ntoa(pAddr->sin_addr);
LWDNS_LOG_INFO("Attempting to update PTR record for %s to %s on name server [%s]", pszAddress, pszHostnameFQDN, pszNameServer);
dwError = DNSOpen(
pszNameServer,
DNS_TCP,
&hDNSServer);
if (dwError)
{
LWDNS_LOG_ERROR(
"Failed to open connection to Name Server [%s]. [Error code:%d]",
pszNameServer,
dwError);
dwError = 0;
continue;
}
dwError = DNSUpdatePtrSecureOnServer(
hDNSServer,
pszNameServer,
pszZone,
pszRecordName,
pszHostnameFQDN);
if (dwError)
{
LWDNS_LOG_ERROR(
"Failed to update Name Server [%s]. [Error code:%d]",
pszNameServer,
dwError);
dwError = 0;
continue;
}
bDNSUpdated = TRUE;
}
if (!bDNSUpdated)
{
dwError = LWDNS_ERROR_UPDATE_FAILED;
BAIL_ON_LWDNS_ERROR(dwError);
}
cleanup:
LWDNS_SAFE_FREE_STRING(pszZone);
LWDNS_SAFE_FREE_STRING(pszPtrZone);
if (pNameServerInfos)
{
DNSFreeNameServerInfoArray(
pNameServerInfos,
dwNumNSInfos);
}
LWDNS_SAFE_FREE_STRING(pszRecordName);
if (hDNSServer)
{
DNSClose(hDNSServer);
}
return dwError;
error:
goto cleanup;
}
DWORD
DNSUpdateSecure(
HANDLE hDNSServer,
PCSTR pszServerName,
PCSTR pszDomainName,
PCSTR pszHostNameFQDN,
DWORD dwNumAddrs,
PSOCKADDR_IN pAddrArray
)
{
DWORD dwError = 0;
DWORD dwResponseCode = 0;
CtxtHandle GSSContext = {0};
PCtxtHandle pGSSContext = &GSSContext;
PDNS_UPDATE_RESPONSE pDNSUpdateResponse = NULL;
PDNS_UPDATE_RESPONSE pDNSSecureUpdateResponse = NULL;
PSTR pszKeyName = NULL;
LWDNS_LOG_INFO("Attempting DNS Update (in-secure)");
dwError = DNSSendUpdate(
hDNSServer,
pszDomainName,
pszHostNameFQDN,
dwNumAddrs,
pAddrArray,
&pDNSUpdateResponse);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSUpdateGetResponseCode(
pDNSUpdateResponse,
&dwResponseCode);
BAIL_ON_LWDNS_ERROR(dwError);
if (dwResponseCode == DNS_REFUSED)
{
LWDNS_LOG_INFO("DNS Update (in-secure) denied");
dwError = DNSGenerateKeyName(&pszKeyName);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSNegotiateSecureContext(
hDNSServer,
pszDomainName,
pszServerName,
pszKeyName,
pGSSContext);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSSendSecureUpdate(
hDNSServer,
pGSSContext,
pszKeyName,
pszDomainName,
pszHostNameFQDN,
dwNumAddrs,
pAddrArray,
&pDNSSecureUpdateResponse);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSUpdateGetResponseCode(
pDNSSecureUpdateResponse,
&dwResponseCode);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSMapRCode(dwResponseCode);
BAIL_ON_LWDNS_ERROR(dwError);
}
else
{
dwError = DNSMapRCode(dwResponseCode);
BAIL_ON_LWDNS_ERROR(dwError);
LWDNS_LOG_INFO("DNS Update (in-secure) succeeded");
}
cleanup:
if (*pGSSContext != GSS_C_NO_CONTEXT)
{
OM_uint32 dwMinorStatus = 0;
gss_delete_sec_context(
&dwMinorStatus,
pGSSContext,
GSS_C_NO_BUFFER);
}
if (pDNSUpdateResponse){
DNSUpdateFreeResponse(pDNSUpdateResponse);
}
if (pDNSSecureUpdateResponse) {
DNSUpdateFreeResponse(pDNSSecureUpdateResponse);
}
LWDNS_SAFE_FREE_STRING(pszKeyName);
return dwError;
error:
goto cleanup;
}
DWORD
DNSUpdatePtrSecureOnServer(
HANDLE hDNSServer,
PCSTR pszServerName,
PCSTR pszZoneName,
PCSTR pszPtrName,
PCSTR pszHostNameFQDN
)
{
DWORD dwError = 0;
DWORD dwResponseCode = 0;
PCSTR pszDomainName = strchr(pszServerName, '.');
CtxtHandle GSSContext = {0};
PCtxtHandle pGSSContext = &GSSContext;
PDNS_UPDATE_RESPONSE pDNSUpdateResponse = NULL;
PDNS_UPDATE_RESPONSE pDNSSecureUpdateResponse = NULL;
PSTR pszKeyName = NULL;
if (pszDomainName != NULL)
{
pszDomainName++;
}
else
{
dwError = LWDNS_ERROR_NO_SUCH_ZONE;
BAIL_ON_LWDNS_ERROR(dwError);
}
dwError = DNSSendPtrUpdate(
hDNSServer,
pszZoneName,
pszPtrName,
pszHostNameFQDN,
&pDNSUpdateResponse);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSUpdateGetResponseCode(
pDNSUpdateResponse,
&dwResponseCode);
BAIL_ON_LWDNS_ERROR(dwError);
if (dwResponseCode == DNS_REFUSED) {
dwError = DNSGenerateKeyName(&pszKeyName);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSNegotiateSecureContext(
hDNSServer,
pszDomainName,
pszServerName,
pszKeyName,
pGSSContext);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSSendPtrSecureUpdate(
hDNSServer,
pGSSContext,
pszKeyName,
pszZoneName,
pszPtrName,
pszHostNameFQDN,
&pDNSSecureUpdateResponse);
BAIL_ON_LWDNS_ERROR(dwError);
dwError = DNSUpdateGetResponseCode(
pDNSSecureUpdateResponse,
&dwResponseCode);
BAIL_ON_LWDNS_ERROR(dwError);
}
dwError = DNSMapRCode(dwResponseCode);
BAIL_ON_LWDNS_ERROR(dwError);
cleanup:
if (*pGSSContext != GSS_C_NO_CONTEXT)
{
OM_uint32 dwMinorStatus = 0;
gss_delete_sec_context(
&dwMinorStatus,
pGSSContext,
GSS_C_NO_BUFFER);
}
if (pDNSUpdateResponse){
DNSUpdateFreeResponse(pDNSUpdateResponse);
}
if (pDNSSecureUpdateResponse) {
DNSUpdateFreeResponse(pDNSSecureUpdateResponse);
}
LWDNS_SAFE_FREE_STRING(pszKeyName);
return dwError;
error:
goto cleanup;
}
