From 57b887fac8978a85e9c866af7dc654886c9b4c04 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 9 Nov 2012 08:55:40 +0100 Subject: [PATCH 1/3] lib/addns: remove pointless check for resp->num_additionals != 1 We never use resp->additionals, so there's no reason to check. This fixes dns updates against BIND9 (used in a Samba4 domain). Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit b59c5db5f74f56c0536635a41ae51c389109ceb5) --- lib/addns/dnsgss.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/addns/dnsgss.c b/lib/addns/dnsgss.c index 64a7d85..c221734 100644 --- a/lib/addns/dnsgss.c +++ b/lib/addns/dnsgss.c @@ -175,8 +175,7 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, * TODO: Compare id and keyname */ - if ((resp->num_additionals != 1) || - (resp->num_answers == 0) || + if ((resp->num_answers == 0) || (resp->answers[0]->type != QTYPE_TKEY)) { err = ERROR_DNS_INVALID_MESSAGE; goto error; -- 1.7.9.5 From 0cc79a46cac97ae95da9fa90e55f0efed74f03ff Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 9 Nov 2012 08:59:36 +0100 Subject: [PATCH 2/3] lib/addns: don't depend on the order in resp->answers[] Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit eecc1d294256210ee8c2f6ab79d21b835258a6d4) --- lib/addns/dnsgss.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/addns/dnsgss.c b/lib/addns/dnsgss.c index c221734..52f1298 100644 --- a/lib/addns/dnsgss.c +++ b/lib/addns/dnsgss.c @@ -164,6 +164,8 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, struct dns_request *resp; struct dns_buffer *buf; struct dns_tkey_record *tkey; + struct dns_rrec *tkey_answer = NULL; + uint16_t i; err = dns_receive(mem_ctx, conn, &buf); if (!ERR_DNS_IS_OK(err)) goto error; @@ -174,9 +176,16 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, /* * TODO: Compare id and keyname */ - - if ((resp->num_answers == 0) || - (resp->answers[0]->type != QTYPE_TKEY)) { + + for (i=0; i < resp->num_answers; i++) { + if (resp->answers[i]->type != QTYPE_TKEY) { + continue; + } + + tkey_answer = resp->answers[i]; + } + + if (tkey_answer == NULL) { err = ERROR_DNS_INVALID_MESSAGE; goto error; } -- 1.7.9.5 From 1e89d100db9dea44619952f842a47477ed9f97a8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 9 Nov 2012 09:08:51 +0100 Subject: [PATCH 3/3] lib/addns: remove compiler warnings Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 1ecc76b2480c884a66e598ff6b1f9000bb0931c0) --- lib/addns/dnsgss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/addns/dnsgss.c b/lib/addns/dnsgss.c index 52f1298..f7ed1d1 100644 --- a/lib/addns/dnsgss.c +++ b/lib/addns/dnsgss.c @@ -92,7 +92,7 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, DNS_ERROR err; gss_OID_desc krb5_oid_desc = - { 9, (const char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; + { 9, discard_const("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; *ctx = GSS_C_NO_CONTEXT; input_ptr = NULL; @@ -230,7 +230,7 @@ DNS_ERROR dns_negotiate_sec_ctx( const char *target_realm, gss_name_t targ_name; gss_OID_desc nt_host_oid_desc = - {10, (const char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; + {10, discard_const("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")}; TALLOC_CTX *mem_ctx; -- 1.7.9.5