From d2ab8d34e2d76885ed89d7930c96092e65624b66 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sat, 14 May 2016 19:08:51 +0200 Subject: [PATCH] librpc/dns: remove original_id from dns_fake_tsig_rec Cf RFC2845, 3.4.2. "TSIG Variables", the request id (original_id) is not used in the MAC calculation. This also explains the mysterious 2 bytes padding. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme Reviewed-by: Garming Sam (cherry picked from commit bea4aec521576576b8dc55065f11c6c5025d9c4f) --- librpc/idl/dns.idl | 1 - source4/dns_server/dns_crypto.c | 3 --- 2 files changed, 4 deletions(-) diff --git a/librpc/idl/dns.idl b/librpc/idl/dns.idl index 13dd53bfcd3..aebb106b053 100644 --- a/librpc/idl/dns.idl +++ b/librpc/idl/dns.idl @@ -212,7 +212,6 @@ interface dns uint16 time_prefix; /* 0 until February 2106*/ uint32 time; uint16 fudge; - uint16 original_id; uint16 error; uint16 other_size; uint8 other_data[other_size]; diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c index 3f199de3344..502887fec88 100644 --- a/source4/dns_server/dns_crypto.c +++ b/source4/dns_server/dns_crypto.c @@ -207,9 +207,6 @@ WERROR dns_verify_tsig(struct dns_server *dns, return WERR_NOMEM; } - /*FIXME: Why is there too much padding? */ - buffer_len -= 2; - /* Now we also need to count down the additional record counter */ arcount = RSVAL(buffer, 10); RSSVAL(buffer, 10, arcount-1);