TSIG in libcli/dns
Kai Blin
kai at samba.org
Tue Jul 4 13:04:51 UTC 2017
On 2017-07-04 01:52, David Disseldorp wrote:
Hi Dimitris,
>
> You'll have to match the wire format in the protocol definitions, to
> ensure that Samba remains compatible with other implementations. For
> this I'd suggest digging deeper into the corresponding specs. E.g.
>
> The RDATA algorithm_name field has a Data Type of "domain-name", which
> is defined in rfc1035 3.1. Name space definitions:
> Domain names in messages are expressed in terms of a sequence of
> labels.
> Each label is represented as a one octet length field followed by that
> number of octets. Since every domain name ends with the null label of
> the root, a domain name is terminated by a length byte of zero. The
> high order two bits of every length octet must be zero, and the
> remaining six bits of the length field limit the label to 63 octets or
> less.
>
> At this point it's probably worth getting acquainted with PIDL[1], which
> is used within Samba for simplified data structure marshalling and
> unmarshalling. PIDL allows a developer to define a wire format (e.g.
> struct srv_copychunk_copy in librpc/idl/ioctl.idl) and have it generate
> code for marshalling (e.g. ndr_push_srv_copychunk_copy()), unmarshalling
> (e.g. ndr_pull_srv_copychunk_copy()) and debugging (e.g.
> ndr_print_srv_copychunk_copy()).
We already have a PIDL definition for this, I believe, check out
https://git.samba.org/?p=samba.git;a=blob;f=librpc/idl/dns.idl;h=aebb106b053d4a4a9baf429d0b362426feb70038;hb=HEAD#l182
We also use it in our server-side implementation already:
https://git.samba.org/?p=samba.git;a=blob;f=source4/dns_server/dns_crypto.c;h=0be9b8209aa2f85926609e7bc7a2b71a2ad12527;hb=HEAD
This just doesn't have tests at the moment, as we don't have client side
code to test it with, so I wouldn't be surprised if it's broken somewhat. :)
Cheers,
Kai
--
Kai Blin
Samba Developer http://samba.team
More information about the samba-technical
mailing list