[SCM] Samba Shared Repository - branch v4-3-test updated

Karolin Seeger kseeger at samba.org
Thu Jun 23 13:36:04 UTC 2016 

The branch, v4-3-test has been updated
       via  f5bb81a s4/dns_server: disable signing of DNS-TKEY responses
      from  c20c7bf s3: docs: Fix "strict rename" doc to match code.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test


- Log -----------------------------------------------------------------
commit f5bb81a920b5a2504ea77c7c931d214fb0bfaf76
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed May 11 17:53:36 2016 +0200

    s4/dns_server: disable signing of DNS-TKEY responses
    
    DNS packet signing is broken in 4.3 and older. Fixes are available in
    master and 4.4. Backporting the complete patchset turned out to be too
    difficult, so we use this hack to get authenticated DDNS updates working
    again.
    
    By simply NOT signing out DNS-TKEY response, the client won't get a
    broken DNS-TSIG record which caused the client to not start the
    authenticated DDNS update.
    
    DNS RFCs do require signing TKEY responses, but luckily real world
    clients are forgiving and accept unsigned TKEY responses. This was
    tested with Windows 7.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(v4-3-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-3-test): Thu Jun 23 15:35:39 CEST 2016 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source4/dns_server/dns_query.c | 1 -
 1 file changed, 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 9e30b71..2795dd2 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -525,7 +525,6 @@ static WERROR handle_tkey(struct dns_server *dns,
 			ret_tkey->rdata.tkey_record.key_data = talloc_memdup(ret_tkey,
 								reply.data,
 								reply.length);
-			state->sign = true;
 			state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
 			if (state->key_name == NULL) {
 				return WERR_NOMEM;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list