static NTSTATUS create_tkey(struct dns_server *dns,
const char* name,
const char* algorithm,
+ const struct tsocket_address *remote_address,
+ const struct tsocket_address *local_address,
struct dns_server_tkey **tkey)
{
NTSTATUS status;
gensec_want_feature(k->gensec, GENSEC_FEATURE_SIGN);
+ status = gensec_set_remote_address(k->gensec,
+ remote_address);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set remote address into GENSEC: %s\n",
+ nt_errstr(status)));
+ *tkey = NULL;
+ return status;
+ }
+
+ status = gensec_set_local_address(k->gensec,
+ local_address);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set local address into GENSEC: %s\n",
+ nt_errstr(status)));
+ *tkey = NULL;
+ return status;
+ }
+
status = gensec_start_mech_by_oid(k->gensec, GENSEC_OID_SPNEGO);
if (!NT_STATUS_IS_OK(status)) {
if (tkey == NULL) {
status = create_tkey(dns, in->questions[0].name,
in_tkey->rdata.tkey_record.algorithm,
+ state->remote_address,
+ state->local_address,
&tkey);
if (!NT_STATUS_IS_OK(status)) {
ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct dns_server *dns,
+ const struct tsocket_address *remote_address,
+ const struct tsocket_address *local_address,
DATA_BLOB *in)
{
struct tevent_req *req, *subreq;
state->state.flags = state->in_packet.operation;
state->state.flags |= DNS_FLAG_REPLY;
+ state->state.local_address = local_address;
+ state->state.remote_address = remote_address;
if (forwarder && *forwarder && **forwarder) {
state->state.flags |= DNS_FLAG_RECURSION_AVAIL;
state->out_packet = state->in_packet;
- ret = dns_verify_tsig(dns, state, &state->state, &state->out_packet, in);
+ ret = dns_verify_tsig(dns, state, &state->state,
+ &state->out_packet, in);
if (!W_ERROR_IS_OK(ret)) {
state->dns_err = werr_to_dns_err(ret);
tevent_req_done(req);
switch (state->in_packet.operation & DNS_OPCODE) {
case DNS_OPCODE_QUERY:
subreq = dns_server_process_query_send(
- state, ev, dns, &state->state, &state->in_packet);
+ state, ev, dns,
+ &state->state, &state->in_packet);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
call->in.length -= 2;
subreq = dns_process_send(call, dns->task->event_ctx, dns,
+ dns_conn->conn->remote_address,
+ dns_conn->conn->local_address,
&call->in);
if (subreq == NULL) {
dns_tcp_terminate_connection(
tsocket_address_string(call->src, call)));
subreq = dns_process_send(call, dns->task->event_ctx, dns,
+ call->src,
+ sock->dns_socket->local_address,
&call->in);
if (subreq == NULL) {
TALLOC_FREE(call);