diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2017-03-01 14:19:50 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:27 +0200 |
| commit | 59ed188ede42a4bc6534f679fa89dd0fb7f8a3ae (patch) | |
| tree | bd8e20d3096cc326a3bde1ac03fe76f5a9c9b9fa | |
| parent | a0ab86dedca2471ca2e4bb222f272d4bd35c85df (diff) | |
| download | samba-59ed188ede42a4bc6534f679fa89dd0fb7f8a3ae.tar.gz | |
dns: Provide local and remote socket address to GENSEC
This can be used for logging and for Kerberos channel bindings
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
| -rw-r--r-- | source4/dns_server/dns_query.c | 22 | ||||
| -rw-r--r-- | source4/dns_server/dns_server.c | 14 | ||||
| -rw-r--r-- | source4/dns_server/dns_server.h | 2 |
3 files changed, 36 insertions, 2 deletions
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index c0ae19a4dd4..366696ddd01 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -702,6 +702,8 @@ static WERROR handle_authoritative_recv(struct tevent_req *req) static NTSTATUS create_tkey(struct dns_server *dns, const char* name, const char* algorithm, + const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, struct dns_server_tkey **tkey) { NTSTATUS status; @@ -738,6 +740,24 @@ static NTSTATUS create_tkey(struct dns_server *dns, gensec_want_feature(k->gensec, GENSEC_FEATURE_SIGN); + status = gensec_set_remote_address(k->gensec, + remote_address); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to set remote address into GENSEC: %s\n", + nt_errstr(status))); + *tkey = NULL; + return status; + } + + status = gensec_set_local_address(k->gensec, + local_address); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to set local address into GENSEC: %s\n", + nt_errstr(status))); + *tkey = NULL; + return status; + } + status = gensec_start_mech_by_oid(k->gensec, GENSEC_OID_SPNEGO); if (!NT_STATUS_IS_OK(status)) { @@ -861,6 +881,8 @@ static WERROR handle_tkey(struct dns_server *dns, if (tkey == NULL) { status = create_tkey(dns, in->questions[0].name, in_tkey->rdata.tkey_record.algorithm, + state->remote_address, + state->local_address, &tkey); if (!NT_STATUS_IS_OK(status)) { ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY; diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 830e0703336..86776b06335 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -117,6 +117,8 @@ static void dns_process_done(struct tevent_req *subreq); static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct dns_server *dns, + const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, DATA_BLOB *in) { struct tevent_req *req, *subreq; @@ -161,6 +163,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, state->state.flags = state->in_packet.operation; state->state.flags |= DNS_FLAG_REPLY; + state->state.local_address = local_address; + state->state.remote_address = remote_address; if (forwarder && *forwarder && **forwarder) { state->state.flags |= DNS_FLAG_RECURSION_AVAIL; @@ -168,7 +172,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, state->out_packet = state->in_packet; - ret = dns_verify_tsig(dns, state, &state->state, &state->out_packet, in); + ret = dns_verify_tsig(dns, state, &state->state, + &state->out_packet, in); if (!W_ERROR_IS_OK(ret)) { state->dns_err = werr_to_dns_err(ret); tevent_req_done(req); @@ -178,7 +183,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, switch (state->in_packet.operation & DNS_OPCODE) { case DNS_OPCODE_QUERY: subreq = dns_server_process_query_send( - state, ev, dns, &state->state, &state->in_packet); + state, ev, dns, + &state->state, &state->in_packet); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } @@ -333,6 +339,8 @@ static void dns_tcp_call_loop(struct tevent_req *subreq) call->in.length -= 2; subreq = dns_process_send(call, dns->task->event_ctx, dns, + dns_conn->conn->remote_address, + dns_conn->conn->local_address, &call->in); if (subreq == NULL) { dns_tcp_terminate_connection( @@ -534,6 +542,8 @@ static void dns_udp_call_loop(struct tevent_req *subreq) tsocket_address_string(call->src, call))); subreq = dns_process_send(call, dns->task->event_ctx, dns, + call->src, + sock->dns_socket->local_address, &call->in); if (subreq == NULL) { TALLOC_FREE(call); diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h index e623f972316..5395ff95161 100644 --- a/source4/dns_server/dns_server.h +++ b/source4/dns_server/dns_server.h @@ -61,6 +61,8 @@ struct dns_request_state { char *key_name; struct dns_res_rec *tsig; uint16_t tsig_error; + const struct tsocket_address *local_address; + const struct tsocket_address *remote_address; }; struct tevent_req *dns_server_process_query_send( |