examples/bind9-patches/0005-windows-doesn-t-return-valid-GSSAPI-sequence-numbers.patch

   1 From 0f6a49d9fb4a3b9f917ee9caed3a94e44db045a5 Mon Sep 17 00:00:00 2001
   2 From: Andrew Tridgell <tridge@samba.org>
   3 Date: Wed, 17 Feb 2010 15:28:51 +1100
   4 Subject: [PATCH 5/5] windows doesn't return valid GSSAPI sequence numbers on its
   5  TSIG-GSS DNS update replies
   6
   7 ---
   8  lib/dns/gssapictx.c |    5 ++++-
   9  1 files changed, 4 insertions(+), 1 deletions(-)
  10
  11 diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
  12 index 879393c..69b66c5 100644
  13 --- a/lib/dns/gssapictx.c
  14 +++ b/lib/dns/gssapictx.c
  15 @@ -536,8 +536,11 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
  16                 gintokenp = NULL;
  17         }
  18
  19 +       /* note that we don't set GSS_C_SEQUENCE_FLAG as Windows DNS
  20 +        * servers don't like it
  21 +        */
  22         flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG |
  23 -               GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG;
  24 +               GSS_C_INTEG_FLAG;
  25
  26         gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx,
  27                                     gname, GSS_SPNEGO_MECHANISM, flags,
  28 --
  29 1.6.3.3
  30