summaryrefslogtreecommitdiff
path: root/source4/dns_server/dns_crypto.c
Commit message (Collapse)AuthorAgeFilesLines
* werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in ↵Günther Deschner2016-09-281-2/+2
| | | | | | | | | source4/dns_server/ Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/dns_server/Günther Deschner2016-09-281-16/+16
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4: dns: Correctly check for talloc failure.Jeremy Allison2016-06-161-0/+3
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jun 16 16:55:15 CEST 2016 on sn-devel-144
* s4/dns_server: don't compute TSIG MAC in TSIG error recordsRalph Boehme2016-06-161-12/+15
| | | | | | | | | See RFC 2845 "4.3. TSIG on TSIG Error returns". Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4/dns_server: error codes for failing MAC verification in TSIG requestsRalph Boehme2016-06-161-1/+2
| | | | | | | | | | According to RFC 2845 "4.5.3. MAC check and error handling" we must return NOTAUTH and DNS_RCODE_BADSIG when MAC verification fails. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4/dns_server: ensure we store the key name in error code pathsRalph Boehme2016-06-161-4/+17
| | | | | | | | | We need the TKEY name when adding TSIG records to error responses. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4/dns_server: not finding the key here is a fatal errorRalph Boehme2016-06-161-2/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4/dns_server: split out function that does the MAC computationRalph Boehme2016-06-161-27/+48
| | | | | | | | | | | | | | | | Split out function that does the MAC computation from the TSIG record creating function. This will later simplify the code when creating error responsed to TSIG requests with bad MACs where we have to add the TSIG record with an empty MAC. No functional behaviour change besides hard coding "gss-tsig" algorithm name: later when sending a TSIG error response for a TKEY request with a bad keyname, we won't have a tkey to fetch the algorithm name from. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4/dns_server: include request MAC in TSIG response MAC calculationRalph Boehme2016-06-161-3/+34
| | | | | | | | | | According to RFC 2845 "4.2 TSIG on Answers", when the request is signed, the request MAC must be included in the response MAC calculation. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* librpc/dns: remove original_id from dns_fake_tsig_recRalph Boehme2016-06-161-3/+0
| | | | | | | | | | | Cf RFC2845, 3.4.2. "TSIG Variables", the request id (original_id) is not used in the MAC calculation. This also explains the mysterious 2 bytes padding. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:dns_server: allocate substructures of struct dns_request_state on the ↵Stefan Metzmacher2014-11-181-2/+2
| | | | | | | correct TALLOC_CTX Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* dns: Use new DNS debugclass in DNS serverKai Blin2013-05-161-0/+3
| | | | | Signed-off-by: Kai Blin <kai@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com>
* s4 dns: Make debug output less noisyKai Blin2012-09-071-2/+2
| | | | | Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Fri Sep 7 00:31:56 CEST 2012 on sn-devel-104
* s4 dns: Make sure to remember incoming tkey nameKai Blin2012-09-051-0/+4
|
* s4 dns: Verify incoming TSIG signaturesKai Blin2012-09-051-0/+174
|
* s4 dns: Handle GSS-TSIG signature creationKai Blin2012-09-051-0/+127
|
* s4 dns: Move dns_find_tkey to an extra fileKai Blin2012-09-051-0/+54
|
* s4 dns: Revert erroneous push from wrong branchKai Blin2012-09-051-359/+0
| | | | | | | I've pushed the wrong branch for this, sorry about that. Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed Sep 5 14:10:54 CEST 2012 on sn-devel-104
* s4 dns: Make sure to remember incoming tkey nameKai Blin2012-09-051-0/+4
|
* more tsig_verify stuffKai Blin2012-09-051-10/+20
|
* hack: dns_sign_tsig correct memcpyKai Blin2012-09-051-1/+1
|
* HACK remove debug statementKai Blin2012-09-051-1/+0
|
* s4 dns: Verify incoming TSIG signaturesKai Blin2012-09-051-8/+85
|
* s4 dns: Handle GSS-TSIG signaturesKai Blin2012-09-051-0/+269
View Lorry Controller Status