patches to make bind9 with TKEY/GSS updates easier to configure

Mark Andrews marka at isc.org
Thu Dec 2 02:45:46 UTC 2010 

In message <19702.50683.907478.426270 at samba.org>, tridge at samba.org writes:
> Hi Mark,
> 
>  > If you can send me a stack backtrace that would be useful, I suspect I
>  > missed something.
> 
> sure, the full backtrace is here:
> 
>   http://samba.org/tridge/bind9-patches/backtrace.txt

This is not what I would expect it the patch applied cleanly.  dstkey is
now dstkeyp (third arguement).

#5  0x00007ffff79119fc in dns_tsigkey_createfromkey (name=0x7ffff7f763e0, algorithm=0x7ffff7bc4220, dstkey=0x7ffff2d27740, generated=isc_boolean_false, creator=0x0, inception=1291240528, expire=1291240528, mctx=0x69a260, ring=0x0, key=0x7ffff2d27738) at tsig.c:337

>From the patch I sent.

Index: bind9/lib/dns/tsig.c
diff -u bind9/lib/dns/tsig.c:1.141 bind9/lib/dns/tsig.c:1.141.56.1
--- bind9/lib/dns/tsig.c:1.141  Fri Jul  9 05:13:15 2010
+++ bind9/lib/dns/tsig.c        Wed Nov 24 07:26:28 2010
@@ -287,7 +287,7 @@
 
 isc_result_t
 dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm,
-                         dst_key_t *dstkey, isc_boolean_t generated,
+                         dst_key_t **dstkeyp, isc_boolean_t generated,
                          dns_name_t *creator, isc_stdtime_t inception,
                          isc_stdtime_t expire, isc_mem_t *mctx,
                          dns_tsig_keyring_t *ring, dns_tsigkey_t **key)

> This is with current CVS, plus your patch. It is without any of my
> patches.
> 
> I launched it like this:
> 
> KRB5_KTNAME=dns.keytab KRB5_CONFIG=krb5.conf gdb --args /home/tridge/project/
> bind9/git/bin/named/.libs/named -m record,size,mctx  -c named.conf  -g -T cli
> enttest -n 1
> 
> The named.conf is here:
> 
>  http://samba.org/tridge/bind9-patches/named.conf
> 
> the rest of the contents of the tsiggss test directory are from this
> patch:
> 
>   http://samba.org/tridge/bind9-patches/0006-tkey-added-a-tkey-TSIG-GSS-tests
> uite.patch
> 
> Note that the named.conf is an adjustment to the tsiggss test to use
> the existing tkey-gssapi-credential and tkey-domain options, instead
> of the new tkey-gssapi-keytab option. Unfortunatey you have to run
> with KRB5_CONFIG set, plus either KRB5_KTNAME or KEYTAB_FILE set
> (depending on kerberos version). That is one of the things that the
> tkey-gssapi-keytab patch fixes.
> 
> I also had to make a trivial adjustment to your patch to fix the
> prototype for insert_trustedkey() in dighost.c
> 
> Cheers, Tridge
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-workers mailing list