From fc9de264972ba46cfd9e8fc67e25aa7ee1fd51a2 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 2 Sep 2012 21:43:52 +0200 Subject: s4 dns: Handle GSS-TSIG signatures --- source4/dns_server/dns_server.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source4/dns_server/dns_server.c') diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 887fc8ee1d..cd121f9d8b 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -98,6 +98,7 @@ static void dns_tcp_send(struct stream_connection *conn, uint16_t flags) struct dns_process_state { DATA_BLOB *in; + struct dns_server *dns; struct dns_name_packet in_packet; struct dns_request_state state; uint16_t dns_err; @@ -123,6 +124,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, } state->in = in; + state->dns = dns; + if (in->length < 12) { tevent_req_werror(req, WERR_INVALID_PARAM); return tevent_req_post(req, ev); @@ -142,6 +145,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, NDR_PRINT_DEBUG(dns_name_packet, &state->in_packet); } + ret = dns_verify_tsig(dns, &state->state, &state->in_packet); + state->state.flags = state->in_packet.operation; state->state.flags |= DNS_FLAG_REPLY; @@ -215,6 +220,15 @@ static WERROR dns_process_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, } state->out_packet.operation |= state->state.flags; + if (state->state.sign) { + ret = dns_sign_tsig(state->dns, mem_ctx, &state->state, + &state->out_packet, 0); + if (!W_ERROR_IS_OK(ret)) { + state->dns_err = DNS_RCODE_SERVFAIL; + goto drop; + } + } + ndr_err = ndr_push_struct_blob( out, mem_ctx, &state->out_packet, (ndr_push_flags_fn_t)ndr_push_dns_name_packet); -- cgit