s4 dns: Handle GSS-TSIG signature creation

1 files changed, 12 insertions, 0 deletions

diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 887fc8ee1d..795b7198aa 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -98,6 +98,7 @@ static void dns_tcp_send(struct stream_connection *conn, uint16_t flags)
 
 struct dns_process_state {
 	DATA_BLOB *in;
+	struct dns_server *dns;
 	struct dns_name_packet in_packet;
 	struct dns_request_state state;
 	uint16_t dns_err;
@@ -123,6 +124,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
 	}
 	state->in = in;
 
+	state->dns = dns;
+
 	if (in->length < 12) {
 		tevent_req_werror(req, WERR_INVALID_PARAM);
 		return tevent_req_post(req, ev);
@@ -215,6 +218,15 @@ static WERROR dns_process_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 	}
 	state->out_packet.operation |= state->state.flags;
 
+	if (state->state.sign) {
+		ret = dns_sign_tsig(state->dns, mem_ctx, &state->state,
+				    &state->out_packet, 0);
+		if (!W_ERROR_IS_OK(ret)) {
+			state->dns_err = DNS_RCODE_SERVFAIL;
+			goto drop;
+		}
+	}
+
 	ndr_err = ndr_push_struct_blob(
 		out, mem_ctx, &state->out_packet,
 		(ndr_push_flags_fn_t)ndr_push_dns_name_packet);