client-side gss-tsig packet
Dimitris Gravanis
dimgrav at gmail.com
Thu Jul 20 18:30:37 UTC 2017
Hi,
I followed Stefan's steps below:
Basically the signature generation needs to use the original
dns packet and:
- remove the bytes from dns_tsig_record
- count down the arcount field in the buffer
- construct a blob using dns_fake_tsig_rec and append that
- pass the constructed buffer to gensec_sign_packet()
- rebuild the dns packet buffer with the signature (MAC) field of
dns_tsig_record filled with the signature from gensec_sign_packet().
I came up with what you can see in the attached files client_crypto.c
and libcli_crypto.h.
I think I've used tsocket, tevent, talloc and gensec correctly, based
everything on PIDL, dns_server/dns_crypto.c, as well as all pre-existing
work in libcli/dns and every relevant lib in Samba that I could find
(the online guide
<https://www.samba.org/samba/docs/man/Samba-Developers-Guide/internals.html#id2557664>
for internals helped a lot as well).
I'll be writing a test to check my code, but I'd need your feedback
first, in case there's something immensely wrong that has to be fixed
right away.
You can always check the project's temporary GitHub repo
<https://github.com/dimgrav/Samba-GSOC2017> for every update I make daily.
Cheers,
Dimitris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client_crypto.c
Type: text/x-csrc
Size: 6344 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170720/578ceba7/client_crypto.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libcli_crypto.h
Type: text/x-chdr
Size: 2675 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170720/578ceba7/libcli_crypto.h>
More information about the samba-technical
mailing list