[PATCH] DNS TKEY/TSIG handling, bug 11520

garming at catalyst.net.nz garming at catalyst.net.nz
Fri Jun 3 12:09:14 UTC 2016


I think that addresses everything on my end.

You can put my review on the last patch.

Cheers,

Garming

> Hi,
>
> On Thu, Jun 02, 2016 at 09:53:01AM +1200, Garming Sam wrote:
>> It looks like you've changed the MAC in the incorrect case, but didn't
>> update (or remove the comment) :-) .
>
> fixed.
>
>> One other thing is that the test, test_tkey_tsig should probably be
>> split into at least two separate tests, the good case with the
>> successful MAC and the bad cases.
>
> As you wish. :) Updated patchset attached. Indeed, code looks much
> better now that the tests are nicely seperated into individual test
> functions.
>
>> Apart from the last patch, I've looked at all the other changes.
>> Particularly what you've changed since your last branch update. I
>> noticed you referenced the RFC on "s4/dns_server: don't compute TSIG MAC
>> in TSIG error records" in the commit message as well. (I think Windows
>> is a little more cryptic (and non-conformant) about their errors and
>> don't seem to return TSIG error, but still send an overall refused and
>> still calculate the MAC.)
>
> I couldn't test the error cases against Windows, so I'm sticking to
> RFC behaviour.
>
>> So for everything but the last patch, count me as reviewed:
>> Reviewed-by: Garming Sam <garming at catalyst.net.nz>
>
> Updated patchset attached.
>
> Cheerio!
> -slow
>





More information about the samba-technical mailing list