The Samba-Bugzilla – Attachment 12198 Details for
Bug 11520
Dns secure updates not working
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.3
v43-hack-dns-tsig.patch (text/plain), 1.47 KB, created by
Ralph Böhme
on 2016-06-22 08:55:17 UTC
(
hide
)
Description:
Patch for 4.3
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2016-06-22 08:55:17 UTC
Size:
1.47 KB
patch
obsolete
>From 91975b847ad7a59b4151443eb9f5e3a573c14258 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 11 May 2016 17:53:36 +0200 >Subject: [PATCH] s4/dns_server: disable signing of DNS-TKEY responses > >DNS packet signing is broken in 4.3 and older. Fixes are available in >master and 4.4. Backporting the complete patchset turned out to be too >difficult, so we use this hack to get authenticated DDNS updates working >again. > >By simply NOT signing out DNS-TKEY response, the client won't get a >broken DNS-TSIG record which caused the client to not start the >authenticated DDNS update. > >DNS RFCs do require signing TKEY responses, but luckily real world >clients are forgiving and accept unsigned TKEY responses. This was >tested with Windows 7. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source4/dns_server/dns_query.c | 1 - > 1 file changed, 1 deletion(-) > >diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c >index 9e30b71..2795dd2 100644 >--- a/source4/dns_server/dns_query.c >+++ b/source4/dns_server/dns_query.c >@@ -525,7 +525,6 @@ static WERROR handle_tkey(struct dns_server *dns, > ret_tkey->rdata.tkey_record.key_data = talloc_memdup(ret_tkey, > reply.data, > reply.length); >- state->sign = true; > state->key_name = talloc_strdup(state->mem_ctx, tkey->name); > if (state->key_name == NULL) { > return WERR_NOMEM; >-- >2.5.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 11520
:
12103
|
12187
|
12197
| 12198