diff options
Diffstat (limited to 'source3/libaddns/dnsgss.c')
-rw-r--r-- | source3/libaddns/dnsgss.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/source3/libaddns/dnsgss.c b/source3/libaddns/dnsgss.c index 3d1a038363..5be13a3b77 100644 --- a/source3/libaddns/dnsgss.c +++ b/source3/libaddns/dnsgss.c @@ -45,6 +45,7 @@ static int strupr( char *szDomainName ) return ( 0 ); } +#if 0 /********************************************************************* *********************************************************************/ @@ -76,12 +77,14 @@ void display_status( const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat ) display_status_1( msg, maj_stat, GSS_C_GSS_CODE ); display_status_1( msg, min_stat, GSS_C_MECH_CODE ); } +#endif static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, struct dns_connection *conn, const char *keyname, const gss_name_t target_name, - gss_ctx_id_t *ctx ) + gss_ctx_id_t *ctx, + enum dns_ServerType srv_type ) { struct gss_buffer_desc_struct input_desc, *input_ptr, output_desc; OM_uint32 major, minor; @@ -123,11 +126,21 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, req, keyname, "gss.microsoft.com", t, t + 86400, DNS_TKEY_MODE_GSSAPI, 0, output_desc.length, (uint8 *)output_desc.value, - &rec); + &rec ); if (!ERR_DNS_IS_OK(err)) goto error; - err = dns_add_rrec(req, rec, &req->num_additionals, - &req->additionals); + /* Windows 2000 DNS is broken and requires the + TKEY payload in the Answer section instead + of the Additional seciton like Windows 2003 */ + + if ( srv_type == DNS_SRV_WIN2000 ) { + err = dns_add_rrec(req, rec, &req->num_answers, + &req->answers); + } else { + err = dns_add_rrec(req, rec, &req->num_additionals, + &req->additionals); + } + if (!ERR_DNS_IS_OK(err)) goto error; err = dns_marshall_request(req, req, &buf); @@ -163,6 +176,7 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, */ if ((resp->num_additionals != 1) || + (resp->num_answers == 0) || (resp->answers[0]->type != QTYPE_TKEY)) { err = ERROR_DNS_INVALID_MESSAGE; goto error; @@ -194,7 +208,8 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, DNS_ERROR dns_negotiate_sec_ctx( const char *target_realm, const char *servername, const char *keyname, - gss_ctx_id_t *gss_ctx ) + gss_ctx_id_t *gss_ctx, + enum dns_ServerType srv_type ) { OM_uint32 major, minor; @@ -250,12 +265,12 @@ DNS_ERROR dns_negotiate_sec_ctx( const char *target_realm, goto error; } - err = dns_negotiate_gss_ctx_int(mem_ctx, conn, keyname, targ_name, - gss_ctx); + err = dns_negotiate_gss_ctx_int(mem_ctx, conn, keyname, + targ_name, gss_ctx, srv_type ); + gss_release_name( &minor, &targ_name ); krb5_free_principal( krb_ctx, host_principal ); krb5_free_context( krb_ctx ); - gss_release_name( &minor, &targ_name ); error: TALLOC_FREE(mem_ctx); |