diff options
author | Kai Blin <kai@samba.org> | 2012-09-02 21:43:52 +0200 |
---|---|---|
committer | Kai Blin <kai@samba.org> | 2012-09-05 08:41:23 +0200 |
commit | fc9de264972ba46cfd9e8fc67e25aa7ee1fd51a2 (patch) | |
tree | 3c16f8803b069c135466f43bef6abd5296d9c9de /source4/dns_server/dns_server.c | |
parent | 15e3991b39d2e9496d01d18479db2804804a39f6 (diff) | |
download | samba-fc9de264972ba46cfd9e8fc67e25aa7ee1fd51a2.tar.gz |
s4 dns: Handle GSS-TSIG signatures
Diffstat (limited to 'source4/dns_server/dns_server.c')
-rw-r--r-- | source4/dns_server/dns_server.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 887fc8ee1d6..cd121f9d8b2 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -98,6 +98,7 @@ static void dns_tcp_send(struct stream_connection *conn, uint16_t flags) struct dns_process_state { DATA_BLOB *in; + struct dns_server *dns; struct dns_name_packet in_packet; struct dns_request_state state; uint16_t dns_err; @@ -123,6 +124,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, } state->in = in; + state->dns = dns; + if (in->length < 12) { tevent_req_werror(req, WERR_INVALID_PARAM); return tevent_req_post(req, ev); @@ -142,6 +145,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, NDR_PRINT_DEBUG(dns_name_packet, &state->in_packet); } + ret = dns_verify_tsig(dns, &state->state, &state->in_packet); + state->state.flags = state->in_packet.operation; state->state.flags |= DNS_FLAG_REPLY; @@ -215,6 +220,15 @@ static WERROR dns_process_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, } state->out_packet.operation |= state->state.flags; + if (state->state.sign) { + ret = dns_sign_tsig(state->dns, mem_ctx, &state->state, + &state->out_packet, 0); + if (!W_ERROR_IS_OK(ret)) { + state->dns_err = DNS_RCODE_SERVFAIL; + goto drop; + } + } + ndr_err = ndr_push_struct_blob( out, mem_ctx, &state->out_packet, (ndr_push_flags_fn_t)ndr_push_dns_name_packet); |