[PATCH] DNS TKEY/TSIG handling, bug 11520

Garming Sam garming at catalyst.net.nz
Wed Jun 1 21:53:01 UTC 2016


Hi,

It looks like you've changed the MAC in the incorrect case, but didn't
update (or remove the comment) :-) .

One other thing is that the test, test_tkey_tsig should probably be
split into at least two separate tests, the good case with the
successful MAC and the bad cases.

Apart from the last patch, I've looked at all the other changes.
Particularly what you've changed since your last branch update. I
noticed you referenced the RFC on "s4/dns_server: don't compute TSIG MAC
in TSIG error records" in the commit message as well. (I think Windows
is a little more cryptic (and non-conformant) about their errors and
don't seem to return TSIG error, but still send an overall refused and
still calculate the MAC.)

So for everything but the last patch, count me as reviewed:
Reviewed-by: Garming Sam <garming at catalyst.net.nz>


Cheers,

Garming

On 02/06/16 02:47, Ralph Boehme wrote:
> Hi!
>
> Attached is a patchset that fixes bug 11520 and related issues in our
> handling of DNS TKEY/TSIG stuff.
>
> Please review & comment, but please *don't* push yet as I'm awaiting
> final confirmation from MS dochelp (cf the thread on the cifs-protocol
> mailing list if you missed it) that the patch is complete wrt to DNS
> name compression.
>
> Cheerio!
> -slow





More information about the samba-technical mailing list