From d879aa8f3617b256a16889d04a39a25b27f5bb39 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 14 Dec 2006 16:27:45 +0000
Subject: r20170: Fix secure DNS updates to work against Wnidows 2000 DNS which
 expects the TKEY payload to be in the answer section and not in the
 additional set of records (like Windows 2003 and the RFC). (This used to be
 commit a3b6734fdad5fd92dbec075ebcd8d7044aac45c2)

---
 source3/utils/net_dns.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'source3/utils/net_dns.c')

diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
index d372211a5f..81d7dd596a 100644
--- a/source3/utils/net_dns.c
+++ b/source3/utils/net_dns.c
@@ -118,8 +118,18 @@ DNS_ERROR DoDNSUpdate(ADS_STRUCT *ads, char *pszServerName,
 		}
 
 		err = dns_negotiate_sec_ctx( pszDomainName, pszServerName,
-					     keyname, &gss_context );
-		if (!ERR_DNS_IS_OK(err)) goto error;
+					     keyname, &gss_context, DNS_SRV_ANY );
+
+		/* retry using the Windows 2000 DNS hack */
+		if (!ERR_DNS_IS_OK(err)) {
+			err = dns_negotiate_sec_ctx( pszDomainName, pszServerName,
+						     keyname, &gss_context, 
+						     DNS_SRV_WIN2000 );
+		}
+		
+		if (!ERR_DNS_IS_OK(err))
+			goto error;
+		
 
 		err = dns_sign_update(req, gss_context, keyname,
 				      "gss.microsoft.com", time(NULL), 3600);
-- 
cgit