librpc/dns: don't compress strings in TKEY and TSIG responses

Certain DNS clients fail TSIG record MAC validation if the TSIG record
contains compressed strings.

Windows DNS server behaviour seems to be to not send compressed names in
TKEY and TSIG records.

This patch ensures we conform to this behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

1 files changed, 13 insertions, 0 deletions

diff --git a/librpc/ndr/ndr_dns.c b/librpc/ndr/ndr_dns.c
index fcc1315f8e0..7e6286a9f8e 100644
--- a/librpc/ndr/ndr_dns.c
+++ b/librpc/ndr/ndr_dns.c
@@ -268,8 +268,21 @@ _PUBLIC_ enum ndr_err_code ndr_push_dns_res_rec(struct ndr_push *ndr,
 	ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX |
 				   LIBNDR_FLAG_NOALIGN);
 	if (ndr_flags & NDR_SCALARS) {
+		uint32_t _flags_save_name = ndr->flags;
+
 		NDR_CHECK(ndr_push_align(ndr, 4));
+
+		switch (r->rr_type) {
+		case DNS_QTYPE_TKEY:
+		case DNS_QTYPE_TSIG:
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NO_COMPRESSION);
+			break;
+		default:
+			break;
+		}
 		NDR_CHECK(ndr_push_dns_string(ndr, NDR_SCALARS, r->name));
+		ndr->flags = _flags_save_name;
+
 		NDR_CHECK(ndr_push_dns_qtype(ndr, NDR_SCALARS, r->rr_type));
 		NDR_CHECK(ndr_push_dns_qclass(ndr, NDR_SCALARS, r->rr_class));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->ttl));