From e81d026576cd1df9eb406c8ef0b0f27b7188b8ea Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Wed, 5 Sep 2012 08:27:28 +0200 Subject: s4 dns: TKEY record needs to remember incoming algorithm Samba3 (and older windows versions) use gss.microsoft.com, win7 (and the RFC) use gss-tsig --- source4/dns_server/dns_query.c | 10 +++++++++- source4/dns_server/dns_server.h | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'source4/dns_server') diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index 00feec0a83..3c919ee0a9 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -322,6 +322,7 @@ static WERROR handle_question(struct dns_server *dns, static NTSTATUS create_tkey(struct dns_server *dns, const char* name, + const char* algorithm, struct dns_server_tkey **tkey) { NTSTATUS status; @@ -338,6 +339,11 @@ static NTSTATUS create_tkey(struct dns_server *dns, return NT_STATUS_NO_MEMORY; } + k->algorithm = talloc_strdup(k, algorithm); + if (k->algorithm == NULL) { + return NT_STATUS_NO_MEMORY; + } + status = samba_server_gensec_start(k, dns->task->event_ctx, dns->task->msg_ctx, @@ -442,7 +448,8 @@ static WERROR handle_tkey(struct dns_server *dns, ret_tkey->rr_class = DNS_QCLASS_ANY; ret_tkey->length = UINT16_MAX; - ret_tkey->rdata.tkey_record.algorithm = talloc_strdup(ret_tkey, ret_tkey->name); + ret_tkey->rdata.tkey_record.algorithm = talloc_strdup(ret_tkey, + in_tkey->rdata.tkey_record.algorithm); if (ret_tkey->rdata.tkey_record.algorithm == NULL) { return WERR_NOMEM; } @@ -473,6 +480,7 @@ static WERROR handle_tkey(struct dns_server *dns, if (tkey == NULL) { status = create_tkey(dns, in->questions[0].name, + in_tkey->rdata.tkey_record.algorithm, &tkey); if (!NT_STATUS_IS_OK(status)) { ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY; diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h index 74a1ded6f2..994e7bfbbc 100644 --- a/source4/dns_server/dns_server.h +++ b/source4/dns_server/dns_server.h @@ -36,6 +36,7 @@ struct dns_server_zone { struct dns_server_tkey { const char *name; enum dns_tkey_mode mode; + const char *algorithm; struct auth_session_info *session_info; struct gensec_security *gensec; bool complete; -- cgit