From 6438249cf1e52375c343f61dce8100cba614997e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 29 May 2024 14:15:45 +0200
Subject: [PATCH] python:tests/dns_tkey: let us have
 test_update_gss_tsig_tkey_req_{additional,answers}()

Also test using the additional record in the answers section.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3c7cb85eaf8371be55a371601cc354440dab7a94)
---
 python/samba/tests/dns_base.py |  8 ++++++++
 python/samba/tests/dns_tkey.py | 30 ++++++++++++++++++++++++++++--
 selftest/knownfail.d/dns_tkey  |  1 +
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/python/samba/tests/dns_base.py b/python/samba/tests/dns_base.py
index 44d30d97906..f1c2d3da926 100644
--- a/python/samba/tests/dns_base.py
+++ b/python/samba/tests/dns_base.py
@@ -161,6 +161,10 @@ class DNSTest(TestCaseInTempDir):
             response = ndr.ndr_unpack(dns.name_packet, recv_packet_p,
                                       allow_remaining=allow_remaining)
             return (response, recv_packet)
+        except RuntimeError as re:
+            if s is not None:
+                s.close()
+            raise AssertionError(re)
         finally:
             if s is not None:
                 s.close()
@@ -198,6 +202,10 @@ class DNSTest(TestCaseInTempDir):
                 print(self.hexdump(recv_packet))
             response = ndr.ndr_unpack(dns.name_packet, recv_packet[2:])
 
+        except RuntimeError as re:
+            if s is not None:
+                s.close()
+            raise AssertionError(re)
         finally:
             if s is not None:
                 s.close()
diff --git a/python/samba/tests/dns_tkey.py b/python/samba/tests/dns_tkey.py
index 00661b2501e..b758d61d7f9 100644
--- a/python/samba/tests/dns_tkey.py
+++ b/python/samba/tests/dns_tkey.py
@@ -113,8 +113,8 @@ class TestDNSUpdates(DNSTKeyTest):
         rcode = self.search_record(self.newrecname)
         self.assert_rcode_equals(rcode, dns.DNS_RCODE_NXDOMAIN)
 
-    def test_update_tsig(self):
-        "test DNS update with correct TSIG record"
+    def test_update_gss_tsig_tkey_req_additional(self):
+        "test DNS update with correct gss-tsig record tkey req in additional"
 
         self.tkey_trans()
 
@@ -139,6 +139,32 @@ class TestDNSUpdates(DNSTKeyTest):
         rcode = self.search_record(self.newrecname)
         self.assert_rcode_equals(rcode, dns.DNS_RCODE_NXDOMAIN)
 
+    def test_update_gss_tsig_tkey_req_answers(self):
+        "test DNS update with correct gss-tsig record tsig req in answers"
+
+        self.tkey_trans(tkey_req_in_answers=True)
+
+        p = self.make_update_request()
+        mac = self.sign_packet(p, self.tkey['name'])
+        (response, response_p) = self.dns_transaction_udp(p, self.server_ip)
+        self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+        self.verify_packet(response, response_p, mac)
+
+        # Check the record is around
+        rcode = self.search_record(self.newrecname)
+        self.assert_rcode_equals(rcode, dns.DNS_RCODE_OK)
+
+        # Now delete the record
+        p = self.make_update_request(delete=True)
+        mac = self.sign_packet(p, self.tkey['name'])
+        (response, response_p) = self.dns_transaction_udp(p, self.server_ip)
+        self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+        self.verify_packet(response, response_p, mac)
+
+        # check it's gone
+        rcode = self.search_record(self.newrecname)
+        self.assert_rcode_equals(rcode, dns.DNS_RCODE_NXDOMAIN)
+
     def test_update_tsig_windows(self):
         "test DNS update with correct TSIG record (follow Windows pattern)"
 
diff --git a/selftest/knownfail.d/dns_tkey b/selftest/knownfail.d/dns_tkey
index fb0fca9ec58..141a3a405e3 100644
--- a/selftest/knownfail.d/dns_tkey
+++ b/selftest/knownfail.d/dns_tkey
@@ -3,3 +3,4 @@
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_tkey_gss_microsoft_com.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_tkey_invalid_gss_MICROSOFT_com.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_tkey_invalid_gss_TSIG.fl2008r2dc
+^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_tsig_tkey_req_answers.fl2008r2dc