summaryrefslogtreecommitdiffstats
path: root/source4/dns_server/dns_query.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-20 04:07:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-20 04:07:27 +0000
commit19d0fde1ace012e366182b511c528f7ab6a0ed37 (patch)
tree4b7f31bfcae1f06f2a77dd154508460119172422 /source4/dns_server/dns_query.c
parentAdding debian version 2:4.20.1+dfsg-5. (diff)
downloadsamba-19d0fde1ace012e366182b511c528f7ab6a0ed37.tar.xz
samba-19d0fde1ace012e366182b511c528f7ab6a0ed37.zip
Merging upstream version 2:4.20.2+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source4/dns_server/dns_query.c')
-rw-r--r--source4/dns_server/dns_query.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 181beda..1f46ee0 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -663,8 +663,17 @@ static NTSTATUS create_tkey(struct dns_server *dns,
{
NTSTATUS status;
struct dns_server_tkey_store *store = dns->tkeys;
- struct dns_server_tkey *k = talloc_zero(store, struct dns_server_tkey);
+ struct dns_server_tkey *k = NULL;
+
+ if (strcmp(algorithm, "gss-tsig") == 0) {
+ /* ok */
+ } else if (strcmp(algorithm, "gss.microsoft.com") == 0) {
+ /* ok */
+ } else {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ k = talloc_zero(store, struct dns_server_tkey);
if (k == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -790,12 +799,22 @@ static WERROR handle_tkey(struct dns_server *dns,
{
struct dns_res_rec *in_tkey = NULL;
struct dns_res_rec *ret_tkey;
- uint16_t i;
- for (i = 0; i < in->arcount; i++) {
+ /*
+ * TKEY needs to we the last one in
+ * additional or answers
+ */
+ if (in->arcount >= 1) {
+ uint16_t i = in->arcount - 1;
if (in->additional[i].rr_type == DNS_QTYPE_TKEY) {
in_tkey = &in->additional[i];
- break;
+ }
+ } else if (in->nscount >= 1) {
+ /* no lookup */
+ } else if (in->ancount >= 1) {
+ uint16_t i = in->ancount - 1;
+ if (in->answers[i].rr_type == DNS_QTYPE_TKEY) {
+ in_tkey = &in->answers[i];
}
}