s4:dns_server: use tkey->algorithm if available in dns_sign_tsig()

author Stefan Metzmacher <metze@samba.org>

Fri, 31 May 2024 06:38:24 +0000 (08:38 +0200)

committer Jule Anger <janger@samba.org>

Wed, 3 Jul 2024 08:48:12 +0000 (08:48 +0000)
author Stefan Metzmacher <metze@samba.org>
Fri, 31 May 2024 06:38:24 +0000 (08:38 +0200)
committer Jule Anger <janger@samba.org>
Wed, 3 Jul 2024 08:48:12 +0000 (08:48 +0000)
diff --git a/selftest/knownfail.d/dns_tkey b/selftest/knownfail.d/dns_tkey

index edb6e0b21152ba4c20e5c802c00221b88cce96aa..8ce60f8507c5276ca046340b22754a307accd667 100644 (file)
--- a/selftest/knownfail.d/dns_tkey
+++ b/selftest/knownfail.d/dns_tkey
@@ -1,12 +1,9 @@
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_keyname.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_mac.fl2008r2dc
-^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_tkey_gss_microsoft_com.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_tsig_tkey_req_answers.fl2008r2dc
-^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_microsoft_com_tkey_req_additional.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_microsoft_com_tkey_req_answers.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_algorithm.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_changed_algorithm1.fl2008r2dc
-^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_changed_algorithm2.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_tsig_tkey_req_additional.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_windows.fl2008r2dc
  ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_wo_tsig.fl2008r2dc
diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c

index 9d44512b1cad7ffafbe9a340e546e232a3397896..19d6b0dad14b8d34382f2f13fdd63c19021511e8 100644 (file)
--- a/source4/dns_server/dns_crypto.c
+++ b/source4/dns_server/dns_crypto.c
@@ -382,6 +382,7 @@ WERROR dns_sign_tsig(struct dns_server *dns,
                 .data = NULL,
                 .length = 0
         };
+       const char *algorithm = "gss-tsig";
  
         tsig = talloc_zero(mem_ctx, struct dns_res_rec);
         if (tsig == NULL) {
@@ -402,6 +403,8 @@ WERROR dns_sign_tsig(struct dns_server *dns,
                 if (!W_ERROR_IS_OK(werror)) {
                         return werror;
                 }
+
+               algorithm = tkey->algorithm;
         }
  
         tsig->name = talloc_strdup(tsig, state->key_name);
@@ -412,7 +415,7 @@ WERROR dns_sign_tsig(struct dns_server *dns,
         tsig->rr_type = DNS_QTYPE_TSIG;
         tsig->ttl = 0;
         tsig->length = UINT16_MAX;
-       tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig, "gss-tsig");
+       tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig, algorithm);
         if (tsig->rdata.tsig_record.algorithm_name == NULL) {
                 return WERR_NOT_ENOUGH_MEMORY;
         }
author	Stefan Metzmacher <metze@samba.org>
	Fri, 31 May 2024 06:38:24 +0000 (08:38 +0200)
committer	Jule Anger <janger@samba.org>
	Wed, 3 Jul 2024 08:48:12 +0000 (08:48 +0000)
selftest/knownfail.d/dns_tkey		patch \| blob \| blame \| history
source4/dns_server/dns_crypto.c		patch \| blob \| blame \| history