From c7188e1746422ea97c316a130c61962e9b187e7b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 30 May 2024 14:41:21 +0200 Subject: [PATCH] s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 5906ed94f2c5c68e83c63e7c201534eeb323cfe7) --- selftest/knownfail.d/dns_tkey | 1 - source4/dns_server/dns_query.c | 16 +++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/selftest/knownfail.d/dns_tkey b/selftest/knownfail.d/dns_tkey index 8ce60f8507c..12c38d83b97 100644 --- a/selftest/knownfail.d/dns_tkey +++ b/selftest/knownfail.d/dns_tkey @@ -1,7 +1,6 @@ ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_keyname.fl2008r2dc ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_mac.fl2008r2dc ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_tsig_tkey_req_answers.fl2008r2dc -^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_microsoft_com_tkey_req_answers.fl2008r2dc ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_algorithm.fl2008r2dc ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_changed_algorithm1.fl2008r2dc ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_tsig_tkey_req_additional.fl2008r2dc diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index 3ac3cd4b2b1..1f46ee0aa19 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -799,12 +799,22 @@ static WERROR handle_tkey(struct dns_server *dns, { struct dns_res_rec *in_tkey = NULL; struct dns_res_rec *ret_tkey; - uint16_t i; - for (i = 0; i < in->arcount; i++) { + /* + * TKEY needs to we the last one in + * additional or answers + */ + if (in->arcount >= 1) { + uint16_t i = in->arcount - 1; if (in->additional[i].rr_type == DNS_QTYPE_TKEY) { in_tkey = &in->additional[i]; - break; + } + } else if (in->nscount >= 1) { + /* no lookup */ + } else if (in->ancount >= 1) { + uint16_t i = in->ancount - 1; + if (in->answers[i].rr_type == DNS_QTYPE_TKEY) { + in_tkey = &in->answers[i]; } } -- 2.47.2