diff options
| author | Ralph Boehme <slow@samba.org> | 2016-05-17 14:34:52 +0200 |
|---|---|---|
| committer | Garming Sam <garming@samba.org> | 2016-06-16 00:06:27 +0200 |
| commit | a51f9989564c28aeece50b56a59e9bb60d41340b (patch) | |
| tree | 45f5395bad4dc14c633d3f15675f6e0ffe2d2e33 /librpc | |
| parent | df079962ef708de96e54ded13da04b6e12ac00d0 (diff) | |
| download | samba-a51f9989564c28aeece50b56a59e9bb60d41340b.tar.gz | |
librpc/dns: don't compress strings in TKEY and TSIG responses
Certain DNS clients fail TSIG record MAC validation if the TSIG record
contains compressed strings.
Windows DNS server behaviour seems to be to not send compressed names in
TKEY and TSIG records.
This patch ensures we conform to this behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'librpc')
| -rw-r--r-- | librpc/idl/dns.idl | 6 | ||||
| -rw-r--r-- | librpc/ndr/ndr_dns.c | 13 |
2 files changed, 16 insertions, 3 deletions
diff --git a/librpc/idl/dns.idl b/librpc/idl/dns.idl index 5435fcf38e6..13dd53bfcd3 100644 --- a/librpc/idl/dns.idl +++ b/librpc/idl/dns.idl @@ -179,7 +179,7 @@ interface dns uint8 option_data[option_length]; } dns_opt_record; - typedef [public] struct { + typedef [flag(NDR_NO_COMP),public] struct { dns_string algorithm; uint32 inception; uint32 expiration; @@ -191,7 +191,7 @@ interface dns uint8 other_data[other_size]; } dns_tkey_record; - typedef [public] struct { + typedef [flag(NDR_NO_COMP),public] struct { dns_string algorithm_name; uint16 time_prefix; /* 0 until February 2106*/ uint32 time; @@ -204,7 +204,7 @@ interface dns uint8 other_data[other_size]; } dns_tsig_record; - typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { + typedef [flag(NDR_NO_COMP|NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct { dns_string name; dns_qclass rr_class; uint32 ttl; diff --git a/librpc/ndr/ndr_dns.c b/librpc/ndr/ndr_dns.c index fcc1315f8e0..7e6286a9f8e 100644 --- a/librpc/ndr/ndr_dns.c +++ b/librpc/ndr/ndr_dns.c @@ -268,8 +268,21 @@ _PUBLIC_ enum ndr_err_code ndr_push_dns_res_rec(struct ndr_push *ndr, ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX | LIBNDR_FLAG_NOALIGN); if (ndr_flags & NDR_SCALARS) { + uint32_t _flags_save_name = ndr->flags; + NDR_CHECK(ndr_push_align(ndr, 4)); + + switch (r->rr_type) { + case DNS_QTYPE_TKEY: + case DNS_QTYPE_TSIG: + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_NO_COMPRESSION); + break; + default: + break; + } NDR_CHECK(ndr_push_dns_string(ndr, NDR_SCALARS, r->name)); + ndr->flags = _flags_save_name; + NDR_CHECK(ndr_push_dns_qtype(ndr, NDR_SCALARS, r->rr_type)); NDR_CHECK(ndr_push_dns_qclass(ndr, NDR_SCALARS, r->rr_class)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->ttl)); |