TSIG in libcli/dns

Kai Blin kai at samba.org
Tue Jul 4 13:04:51 UTC 2017


On 2017-07-04 01:52, David Disseldorp wrote:

Hi Dimitris,

> 
> You'll have to match the wire format in the protocol definitions, to
> ensure that Samba remains compatible with other implementations. For
> this I'd suggest digging deeper into the corresponding specs. E.g.
> 
> The RDATA algorithm_name field has a Data Type of "domain-name", which
> is defined in rfc1035 3.1. Name space definitions:
>    Domain names in messages are expressed in terms of a sequence of
>    labels.
>    Each label is represented as a one octet length field followed by that
>    number of octets.  Since every domain name ends with the null label of
>    the root, a domain name is terminated by a length byte of zero.  The
>    high order two bits of every length octet must be zero, and the
>    remaining six bits of the length field limit the label to 63 octets or
>    less.
> 
> At this point it's probably worth getting acquainted with PIDL[1], which
> is used within Samba for simplified data structure marshalling and
> unmarshalling. PIDL allows a developer to define a wire format (e.g.
> struct srv_copychunk_copy in librpc/idl/ioctl.idl) and have it generate
> code for marshalling (e.g. ndr_push_srv_copychunk_copy()), unmarshalling
> (e.g. ndr_pull_srv_copychunk_copy()) and debugging (e.g.
> ndr_print_srv_copychunk_copy()).

We already have a PIDL definition for this, I believe, check out

https://git.samba.org/?p=samba.git;a=blob;f=librpc/idl/dns.idl;h=aebb106b053d4a4a9baf429d0b362426feb70038;hb=HEAD#l182

We also use it in our server-side implementation already:
https://git.samba.org/?p=samba.git;a=blob;f=source4/dns_server/dns_crypto.c;h=0be9b8209aa2f85926609e7bc7a2b71a2ad12527;hb=HEAD

This just doesn't have tests at the moment, as we don't have client side 
code to test it with, so I wouldn't be surprised if it's broken somewhat. :)

Cheers,
Kai

-- 
Kai Blin
Samba Developer http://samba.team



More information about the samba-technical mailing list