diff options
| author | Kai Blin <kai@samba.org> | 2012-09-05 08:29:38 +0200 |
|---|---|---|
| committer | Kai Blin <kai@samba.org> | 2012-09-05 19:02:17 +0200 |
| commit | 956f41bddf946d5e1e35f06632f40e7ac71b6588 (patch) | |
| tree | 039100bebc84536afe94da9e41e0459c8734467f /source4/dns_server | |
| parent | e81d026576cd1df9eb406c8ef0b0f27b7188b8ea (diff) | |
| download | samba-956f41bddf946d5e1e35f06632f40e7ac71b6588.tar.gz samba-956f41bddf946d5e1e35f06632f40e7ac71b6588.tar.bz2 samba-956f41bddf946d5e1e35f06632f40e7ac71b6588.zip | |
s4 dns: When we got a TKEY, we need to remember which key to use for signing
Diffstat (limited to 'source4/dns_server')
| -rw-r--r-- | source4/dns_server/dns_query.c | 14 | ||||
| -rw-r--r-- | source4/dns_server/dns_server.h | 5 |
2 files changed, 17 insertions, 2 deletions
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index 3c919ee0a9..98ebc63d97 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -413,6 +413,7 @@ static NTSTATUS accept_gss_ticket(TALLOC_CTX *mem_ctx, static WERROR handle_tkey(struct dns_server *dns, TALLOC_CTX *mem_ctx, const struct dns_name_packet *in, + struct dns_request_state *state, struct dns_res_rec **answers, uint16_t *ancount) { @@ -498,6 +499,15 @@ static WERROR handle_tkey(struct dns_server *dns, ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY; } else if (NT_STATUS_IS_OK(status)) { DEBUG(1, ("Tkey handshake completed\n")); + ret_tkey->rdata.tkey_record.key_size = reply.length; + ret_tkey->rdata.tkey_record.key_data = talloc_memdup(ret_tkey, + reply.data, + reply.length); + state->sign = true; + state->key_name = talloc_strdup(mem_ctx, tkey->name); + if (state->key_name == NULL) { + return WERR_NOMEM; + } } else { DEBUG(0, ("GSS key negotiation returned %s\n", nt_errstr(status))); ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY; @@ -566,8 +576,8 @@ struct tevent_req *dns_server_process_query_send( if (in->questions[0].question_type == DNS_QTYPE_TKEY) { WERROR err; - err = handle_tkey(dns, state, in, &state->answers, - &state->ancount); + err = handle_tkey(dns, state, in, req_state, + &state->answers, &state->ancount); if (tevent_req_werror(req, err)) { return tevent_req_post(req, ev); } diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h index 994e7bfbbc..8007bcbc08 100644 --- a/source4/dns_server/dns_server.h +++ b/source4/dns_server/dns_server.h @@ -60,6 +60,11 @@ struct dns_server { struct dns_request_state { uint16_t flags; + bool authenticated; + bool sign; + char *key_name; + struct dns_res_rec *tsig; + uint16_t tsig_error; }; struct tevent_req *dns_server_process_query_send( |