summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2012-09-05 08:27:28 +0200
committerKai Blin <kai@samba.org>2012-09-05 19:02:17 +0200
commite81d026576cd1df9eb406c8ef0b0f27b7188b8ea (patch)
tree4126647c22c9e4a9aceb7e16dc1253545e15416f
parentc0e6a4b1b07c7aff49f19c4d8cf3de1ff020afab (diff)
downloadsamba-e81d026576cd1df9eb406c8ef0b0f27b7188b8ea.tar.gz
samba-e81d026576cd1df9eb406c8ef0b0f27b7188b8ea.tar.bz2
samba-e81d026576cd1df9eb406c8ef0b0f27b7188b8ea.zip
s4 dns: TKEY record needs to remember incoming algorithm
Samba3 (and older windows versions) use gss.microsoft.com, win7 (and the RFC) use gss-tsig
-rw-r--r--source4/dns_server/dns_query.c10
-rw-r--r--source4/dns_server/dns_server.h1
2 files changed, 10 insertions, 1 deletions
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 00feec0a83..3c919ee0a9 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -322,6 +322,7 @@ static WERROR handle_question(struct dns_server *dns,
static NTSTATUS create_tkey(struct dns_server *dns,
const char* name,
+ const char* algorithm,
struct dns_server_tkey **tkey)
{
NTSTATUS status;
@@ -338,6 +339,11 @@ static NTSTATUS create_tkey(struct dns_server *dns,
return NT_STATUS_NO_MEMORY;
}
+ k->algorithm = talloc_strdup(k, algorithm);
+ if (k->algorithm == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
status = samba_server_gensec_start(k,
dns->task->event_ctx,
dns->task->msg_ctx,
@@ -442,7 +448,8 @@ static WERROR handle_tkey(struct dns_server *dns,
ret_tkey->rr_class = DNS_QCLASS_ANY;
ret_tkey->length = UINT16_MAX;
- ret_tkey->rdata.tkey_record.algorithm = talloc_strdup(ret_tkey, ret_tkey->name);
+ ret_tkey->rdata.tkey_record.algorithm = talloc_strdup(ret_tkey,
+ in_tkey->rdata.tkey_record.algorithm);
if (ret_tkey->rdata.tkey_record.algorithm == NULL) {
return WERR_NOMEM;
}
@@ -473,6 +480,7 @@ static WERROR handle_tkey(struct dns_server *dns,
if (tkey == NULL) {
status = create_tkey(dns, in->questions[0].name,
+ in_tkey->rdata.tkey_record.algorithm,
&tkey);
if (!NT_STATUS_IS_OK(status)) {
ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h
index 74a1ded6f2..994e7bfbbc 100644
--- a/source4/dns_server/dns_server.h
+++ b/source4/dns_server/dns_server.h
@@ -36,6 +36,7 @@ struct dns_server_zone {
struct dns_server_tkey {
const char *name;
enum dns_tkey_mode mode;
+ const char *algorithm;
struct auth_session_info *session_info;
struct gensec_security *gensec;
bool complete;