The branch, v4-1-test has been updated via 637c0e7 VERSION: Bump version up to 4.1.24... via e103e6b Merge tag 'samba-4.1.23' into v4-1-test via fd69161 VERSION: Disable git snapshots for the 4.1.23 release. via 8b05063 WHATSNEW: Add release notes for Samba 4.0.23. via f548984 CVE-2016-0771: tests/dns: Remove dependencies on env variables via 600af99 CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest via feadfc4 CVE-2016-0771: tests: rename test getopt to get_opt via c7598f1 CVE-2016-0771: tests/dns: RPC => DNS roundtrip test via 74fc257 CVE-2016-0771: dnsserver: don't force UTF-8 for TXT via 1a97ee3 CVE-2016-0771: tests/dns: modify tests to check via RPC via 006551d CVE-2016-0771: tests/dns: Add some more test cases for TXT records via 6395b6c CVE-2016-0771: tests/dns: Correct error code for formerly unrun test via 83d94cb CVE-2016-0771: tests/dns: restore formerly segfaulting test via a76db39 CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour via a03e3fa CVE-2016-0771: tests/dns: prepare script for further testing via ede159b CVE-2016-0771: tests/dns: Modify dns tests to match new IDL via 24c5af7 CVE-2016-0771: dns.idl: make use of dnsp_hinfo via 79f2cf1 CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record via 4c40108 CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function via b003b71 CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library via 757e25a CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings via 5b5fcbf CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test. via 2a7b77b CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test. via 72f4892 CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests. via 09514d7 CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames. via e1825c8 CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink. via 63a27a3 CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink. via 39aaef0 CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication. via e387562 CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink. via c4fade4 CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink. via 9e6620b CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink. via 7f893ff CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink. via 24f3cb0 CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink. via eba93d6 VERSION: Bump version up to 4.1.23... from 08cff9c VERSION: Bump version up to 4.1.23...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log ----------------------------------------------------------------- commit 637c0e7e6204077caca5933bf5751cd1d7332b84 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Mar 8 14:16:10 2016 +0100 VERSION: Bump version up to 4.1.24... and re-enable git snapshots. Signed-off-by: Stefan Metzmacher <me...@samba.org> commit e103e6b89168b02a16d2f432d347515887a49aa4 Merge: 08cff9c fd69161 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Mar 8 14:11:51 2016 +0100 Merge tag 'samba-4.1.23' into v4-1-test samba: tag release samba-4.1.23 Signed-off-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 87 +++- librpc/idl/dns.idl | 18 +- librpc/idl/dnsp.idl | 4 +- librpc/idl/dnsserver.idl | 2 +- librpc/ndr/ndr_dns.c | 27 ++ librpc/ndr/ndr_dnsp.c | 24 ++ librpc/ndr/ndr_dnsp.h | 4 + librpc/wscript_build | 20 +- python/samba/tests/dns.py | 577 +++++++++++++++++++++------ python/samba/tests/{getopt.py => get_opt.py} | 0 selftest/knownfail | 2 + selftest/tests.py | 2 +- source3/client/client.c | 2 +- source3/libsmb/clifile.c | 130 +++++- source3/libsmb/proto.h | 17 +- source3/selftest/tests.py | 2 +- source3/smbd/nttrans.c | 13 + source3/smbd/trans2.c | 68 +++- source3/torture/torture.c | 376 +++++++++++++++++ source4/dns_server/dns_query.c | 15 +- source4/dns_server/dns_update.c | 31 +- source4/librpc/wscript_build | 4 +- source4/selftest/tests.py | 3 +- 24 files changed, 1198 insertions(+), 232 deletions(-) rename python/samba/tests/{getopt.py => get_opt.py} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a638821..2abf0c3 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=23 +SAMBA_VERSION_RELEASE=24 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2cd1a20..dc94dd4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,87 @@ ============================== + Release Notes for Samba 4.1.23 + March 8, 2015 + ============================== + + +This is a security release in order to address the following CVEs: + +o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) +o CVE-2016-0771 (Out-of-bounds read in internal DNS server) + +======= +Details +======= + +o CVE-2015-7560: + All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to + a malicious client overwriting the ownership of ACLs using symlinks. + + An authenticated malicious client can use SMB1 UNIX extensions to + create a symlink to a file or directory, and then use non-UNIX SMB1 + calls to overwrite the contents of the ACL on the file or directory + linked to. + +o CVE-2016-0771: + All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as + an AD DC and choose to run the internal DNS server, are vulnerable to an + out-of-bounds read issue during DNS TXT record handling caused by users + with permission to modify DNS records. + + A malicious client can upload a specially constructed DNS TXT record, + resulting in a remote denial-of-service attack. As long as the affected + TXT record remains undisturbed in the Samba database, a targeted DNS + query may continue to trigger this exploit. + + While unlikely, the out-of-bounds read may bypass safety checks and + allow leakage of memory from the server in the form of a DNS TXT reply. + + By default only authenticated accounts can upload DNS records, + as "allow dns updates = secure only" is the default. + Any other value would allow anonymous clients to trigger this + bug, which is a much higher risk. + + +Changes since 4.1.22: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can + change permissions on link target. + +o Garming Sam <garm...@catalyst.net.nz> + * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT + handling. + +o Stefan Metzmacher <me...@samba.org> + * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT + handling. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 4.1.22 December 16, 2015 ============================== @@ -153,8 +236,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 4.1.21 diff --git a/librpc/idl/dns.idl b/librpc/idl/dns.idl index d247e0e..5435fcf 100644 --- a/librpc/idl/dns.idl +++ b/librpc/idl/dns.idl @@ -8,7 +8,7 @@ encoding if it doesn't work out */ -import "misc.idl"; +import "misc.idl", "dnsp.idl"; [ helper("librpc/ndr/ndr_dns.h"), helpstring("DNS records"), @@ -152,20 +152,12 @@ interface dns } dns_soa_record; typedef [public] struct { - [value(strlen(cpu))] uint8 cpu_length; - [charset(DOS)] uint8 cpu[cpu_length]; - [value(strlen(os))] uint8 os_length; - [charset(DOS)] uint8 os[os_length]; - } dns_hinfo_record; - - typedef [public] struct { uint16 preference; dns_string exchange; } dns_mx_record; - typedef [public] struct { - [value(strlen(txt))] uint8 length; - [charset(DOS)] uint8 txt[length]; + typedef [public,nopull] struct { + dnsp_string_list txt; } dns_txt_record; typedef [public] struct { @@ -232,7 +224,7 @@ interface dns [case(DNS_QTYPE_CNAME)] dns_string cname_record; [case(DNS_QTYPE_SOA)] dns_soa_record soa_record; [case(DNS_QTYPE_PTR)] dns_string ptr_record; - [case(DNS_QTYPE_HINFO)] dns_hinfo_record hinfo_record; + [case(DNS_QTYPE_HINFO)] dnsp_hinfo hinfo_record; [case(DNS_QTYPE_MX)] dns_mx_record mx_record; [case(DNS_QTYPE_TXT)] dns_txt_record txt_record; [case(DNS_QTYPE_RP)] dns_rp_record rp_record; @@ -270,7 +262,7 @@ interface dns /* this is a convenience hook for ndrdump */ - void decode_dns_name_packet( + [nopython] void decode_dns_name_packet( [in] dns_name_packet packet ); } diff --git a/librpc/idl/dnsp.idl b/librpc/idl/dnsp.idl index 4c49001..d705cfc 100644 --- a/librpc/idl/dnsp.idl +++ b/librpc/idl/dnsp.idl @@ -263,11 +263,11 @@ interface dnsp /* these are convenience hooks for ndrdump */ - void decode_DnssrvRpcRecord( + [nopython] void decode_DnssrvRpcRecord( [in] dnsp_DnssrvRpcRecord blob ); - void decode_DnsProperty( + [nopython] void decode_DnsProperty( [in] dnsp_DnsProperty blob ); } diff --git a/librpc/idl/dnsserver.idl b/librpc/idl/dnsserver.idl index 506d72e..d567ec9 100644 --- a/librpc/idl/dnsserver.idl +++ b/librpc/idl/dnsserver.idl @@ -73,7 +73,7 @@ import "misc.idl", "dnsp.idl"; typedef [public,gensize] struct { [value(strlen(str))] uint8 len; - [charset(UTF8)] uint8 str[len]; + [charset(UNIX)] uint8 str[len]; } DNS_RPC_NAME; diff --git a/librpc/ndr/ndr_dns.c b/librpc/ndr/ndr_dns.c index 0b9e3b0..065d992 100644 --- a/librpc/ndr/ndr_dns.c +++ b/librpc/ndr/ndr_dns.c @@ -30,6 +30,7 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_dns.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_dnsp.h" #include "system/locale.h" #include "lib/util/util_net.h" @@ -230,6 +231,29 @@ _PUBLIC_ enum ndr_err_code ndr_push_dns_string(struct ndr_push *ndr, return ndr_push_bytes(ndr, (const uint8_t *)"", 1); } +_PUBLIC_ enum ndr_err_code ndr_pull_dns_txt_record(struct ndr_pull *ndr, int ndr_flags, struct dns_txt_record *r) +{ + NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + if (ndr_flags & NDR_SCALARS) { + enum ndr_err_code ndr_err; + uint32_t data_size = ndr->data_size; + uint32_t record_size = 0; + ndr_err = ndr_token_retrieve(&ndr->array_size_list, r, + &record_size); + if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NDR_PULL_NEED_BYTES(ndr, record_size); + ndr->data_size = ndr->offset + record_size; + } + NDR_CHECK(ndr_pull_align(ndr, 1)); + NDR_CHECK(ndr_pull_dnsp_string_list(ndr, NDR_SCALARS, &r->txt)); + NDR_CHECK(ndr_pull_trailer_align(ndr, 1)); + ndr->data_size = data_size; + } + if (ndr_flags & NDR_BUFFERS) { + } + return NDR_ERR_SUCCESS; +} + _PUBLIC_ enum ndr_err_code ndr_push_dns_res_rec(struct ndr_push *ndr, int ndr_flags, const struct dns_res_rec *r) @@ -302,6 +326,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dns_res_rec(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length)); _saved_offset1 = ndr->offset; if (r->length > 0) { + NDR_CHECK(ndr_token_store(ndr, &ndr->array_size_list, + &r->rdata, + r->length)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->rdata, r->rr_type)); NDR_CHECK(ndr_pull_dns_rdata(ndr, NDR_SCALARS, diff --git a/librpc/ndr/ndr_dnsp.c b/librpc/ndr/ndr_dnsp.c index fcb623a..82b5fb5 100644 --- a/librpc/ndr/ndr_dnsp.c +++ b/librpc/ndr/ndr_dnsp.c @@ -225,3 +225,27 @@ enum ndr_err_code ndr_push_dnsp_string_list(struct ndr_push *ndr, int ndr_flags, } return NDR_ERR_SUCCESS; } + +enum ndr_err_code ndr_dnsp_string_list_copy(TALLOC_CTX *mem_ctx, + const struct dnsp_string_list *src, + struct dnsp_string_list *dst) +{ + size_t i; + + dst->count = 0; + dst->str = talloc_zero_array(mem_ctx, const char *, src->count); + if (dst->str == NULL) { + return NDR_ERR_ALLOC; + } + + for (i = 0; i < src->count; i++) { + dst->str[i] = talloc_strdup(dst->str, src->str[i]); + if (dst->str[i] == NULL) { + TALLOC_FREE(dst->str); + return NDR_ERR_ALLOC; + } + } + + dst->count = src->count; + return NDR_ERR_SUCCESS; +} diff --git a/librpc/ndr/ndr_dnsp.h b/librpc/ndr/ndr_dnsp.h index 67f952c..0d56633 100644 --- a/librpc/ndr/ndr_dnsp.h +++ b/librpc/ndr/ndr_dnsp.h @@ -27,3 +27,7 @@ void ndr_print_dnsp_string(struct ndr_print *ndr, const char *name, const char *dns_string); enum ndr_err_code ndr_pull_dnsp_string(struct ndr_pull *ndr, int ndr_flags, const char **string); enum ndr_err_code ndr_push_dnsp_string(struct ndr_push *ndr, int ndr_flags, const char *string); + +enum ndr_err_code ndr_dnsp_string_list_copy(TALLOC_CTX *mem_ctx, + const struct dnsp_string_list *src, + struct dnsp_string_list *dst); diff --git a/librpc/wscript_build b/librpc/wscript_build index 2017a29..30820d2 100644 --- a/librpc/wscript_build +++ b/librpc/wscript_build @@ -27,12 +27,12 @@ bld.SAMBA_SUBSYSTEM('NDR_NAMED_PIPE_AUTH', bld.SAMBA_SUBSYSTEM('NDR_DNSSERVER', source='gen_ndr/ndr_dnsserver.c ndr/ndr_dnsserver.c', - public_deps='ndr' + public_deps='ndr NDR_DNSP' ) bld.SAMBA_SUBSYSTEM('NDR_DNS', source='gen_ndr/ndr_dns.c ndr/ndr_dns.c', - public_deps='ndr' + public_deps='ndr NDR_DNSP' ) bld.SAMBA_SUBSYSTEM('NDR_DSBACKUP', @@ -336,7 +336,7 @@ bld.SAMBA_LIBRARY('ndr-standard', pc_files='ndr_standard.pc', deps='''NDR_SECURITY NDR_LSA NDR_SAMR NDR_NETLOGON NDR_EVENTLOG NDR_DFS NDR_NTSVCS NDR_SVCCTL NDR_INITSHUTDOWN NDR_WKSSVC NDR_SRVSVC NDR_WINREG - NDR_ECHO security NDR_DNS NDR_ATSVC NDR_SPOOLSS NDR_DSSETUP + NDR_ECHO security NDR_DNS NDR_DNSP NDR_ATSVC NDR_SPOOLSS NDR_DSSETUP NDR_SERVER_ID NDR_NOTIFY''', public_deps='ndr', public_headers='gen_ndr/samr.h gen_ndr/ndr_samr.h gen_ndr/lsa.h gen_ndr/netlogon.h gen_ndr/atsvc.h gen_ndr/ndr_atsvc.h gen_ndr/ndr_svcctl.h gen_ndr/svcctl.h', @@ -407,11 +407,6 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_AUDIOSRV', public_deps='NDR_AUDIOSRV dcerpc-binding' ) -bld.SAMBA_SUBSYSTEM('RPC_NDR_DNS', - source='gen_ndr/ndr_dns_c.c', - public_deps='dcerpc-binding NDR_DNS' - ) - bld.SAMBA_SUBSYSTEM('RPC_NDR_ECHO', source='gen_ndr/ndr_echo_c.c', public_deps='dcerpc-binding NDR_ECHO' @@ -594,11 +589,6 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_BACKUPKEY', public_deps='dcerpc-binding NDR_BACKUPKEY' ) -bld.SAMBA_SUBSYSTEM('RPC_NDR_DNSP', - source='gen_ndr/ndr_dnsp_c.c', - public_deps='dcerpc-binding NDR_DNSP' - ) - bld.SAMBA_SUBSYSTEM('RPC_NDR_DNSSERVER', source='gen_ndr/ndr_dnsserver_c.c', public_deps='dcerpc-binding ndr-standard' @@ -618,7 +608,7 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_FSRVP', bld.SAMBA_LIBRARY('ndr-samba', source=[], deps='''NDR_DRSBLOBS NDR_DRSUAPI NDR_IDMAP NDR_NTLMSSP NDR_SCHANNEL NDR_MGMT - NDR_DNSP NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH NDR_DCOM + NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH NDR_DCOM NDR_NTPRINTING NDR_FSRVP NDR_OPEN_FILES NDR_SMBXSRV''', private_library=True, grouping_library=True @@ -630,7 +620,7 @@ bld.SAMBA_LIBRARY('dcerpc-samba', deps='''RPC_NDR_LSA RPC_NDR_SAMR RPC_NDR_NETLOGON RPC_NDR_EVENTLOG RPC_NDR_DFS RPC_NDR_NTSVCS RPC_NDR_SVCCTL RPC_NDR_INITSHUTDOWN RPC_NDR_WKSSVC RPC_NDR_SRVSVC RPC_NDR_WINREG RPC_NDR_ECHO RPC_NDR_EPMAPPER - RPC_NDR_ATSVC RPC_NDR_SPOOLSS RPC_NDR_DNS''', + RPC_NDR_ATSVC RPC_NDR_SPOOLSS RPC_NDR_DNSSERVER''', public_deps='ndr-standard', private_library=True, grouping_library=True diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 2983de3..75b5b7f 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -16,18 +16,67 @@ # import os +import sys import struct import random + +sys.path.insert(0, "bin/python") +import samba +samba.ensure_external_module("testtools", "testtools") +samba.ensure_external_module("subunit", "subunit/python") +from subunit.run import SubunitTestRunner +import unittest + from samba import socket import samba.ndr as ndr -import samba.dcerpc.dns as dns +from samba import credentials, param from samba.tests import TestCase +from samba.dcerpc import dns, dnsp, dnsserver +from samba.netcmd.dns import TXTRecord, dns_record_match, data_to_dns_record +import samba.getopt as options +import optparse + +parser = optparse.OptionParser("dns.py <server name> <server ip> [options]") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) FILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)]) +# use command line creds if available +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) + +opts, args = parser.parse_args() + +lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) + +if len(args) < 2: + parser.print_usage() + sys.exit(1) + +server_name = args[0] +server_ip = args[1] +creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE) + +def make_txt_record(records): + rdata_txt = dns.txt_record() + s_list = dnsp.string_list() + s_list.count = len(records) + s_list.str = records + rdata_txt.txt = s_list + return rdata_txt class DNSTest(TestCase): + def setUp(self): + global server, server_ip, lp, creds + super(DNSTest, self).setUp() + self.server = server_name + self.server_ip = server_ip + self.lp = lp + self.creds = creds + def errstr(self, errcode): "Return a readable error code" string_codes = [ @@ -83,9 +132,10 @@ class DNSTest(TestCase): def get_dns_domain(self): "Helper to get dns domain" - return os.getenv('REALM', 'example.com').lower() + return self.creds.get_realm().lower() - def dns_transaction_udp(self, packet, host=os.getenv('SERVER_IP'), dump=False): + def dns_transaction_udp(self, packet, host=server_ip, + dump=False): "send a DNS query and read the reply" s = None try: @@ -103,7 +153,8 @@ class DNSTest(TestCase): if s is not None: s.close() - def dns_transaction_tcp(self, packet, host=os.getenv('SERVER_IP'), dump=False): + def dns_transaction_tcp(self, packet, host=server_ip, + dump=False): "send a DNS query and read the reply" s = None try: @@ -133,6 +184,47 @@ class DNSTest(TestCase): N+=length return result + def make_txt_update(self, prefix, txt_array): + p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) + updates = [] + + name = self.get_dns_domain() + u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN) + updates.append(u) + self.finish_name_packet(p, updates) + + updates = [] + r = dns.res_rec() + r.name = "%s.%s" % (prefix, self.get_dns_domain()) + r.rr_type = dns.DNS_QTYPE_TXT + r.rr_class = dns.DNS_QCLASS_IN + r.ttl = 900 + r.length = 0xffff + rdata = make_txt_record(txt_array) + r.rdata = rdata + updates.append(r) + p.nscount = len(updates) + p.nsrecs = updates + + return p + + def check_query_txt(self, prefix, txt_array): + name = "%s.%s" % (prefix, self.get_dns_domain()) + p = self.make_name_packet(dns.DNS_OPCODE_QUERY) + questions = [] + + q = self.make_name_question(name, dns.DNS_QTYPE_TXT, dns.DNS_QCLASS_IN) + questions.append(q) + + self.finish_name_packet(p, questions) -- Samba Shared Repository