dns: Provide local and remote socket address to GENSEC

author Andrew Bartlett <abartlet@samba.org>

Wed, 1 Mar 2017 01:19:50 +0000 (14:19 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Wed, 29 Mar 2017 00:37:27 +0000 (02:37 +0200)
author Andrew Bartlett <abartlet@samba.org>
Wed, 1 Mar 2017 01:19:50 +0000 (14:19 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Wed, 29 Mar 2017 00:37:27 +0000 (02:37 +0200)
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c

index c0ae19a4dd4f9be0aa7b210729bb6518b5d8b6dc..366696ddd01cdcf6b59ff69689c8515fbc8ca967 100644 (file)
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -702,6 +702,8 @@ static WERROR handle_authoritative_recv(struct tevent_req *req)
  static NTSTATUS create_tkey(struct dns_server *dns,
                             const char* name,
                             const char* algorithm,
+                           const struct tsocket_address *remote_address,
+                           const struct tsocket_address *local_address,
                             struct dns_server_tkey **tkey)
  {
         NTSTATUS status;
@@ -738,6 +740,24 @@ static NTSTATUS create_tkey(struct dns_server *dns,
  
         gensec_want_feature(k->gensec, GENSEC_FEATURE_SIGN);
  
+       status = gensec_set_remote_address(k->gensec,
+                                          remote_address);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(1, ("Failed to set remote address into GENSEC: %s\n",
+                         nt_errstr(status)));
+               *tkey = NULL;
+               return status;
+       }
+
+       status = gensec_set_local_address(k->gensec,
+                                         local_address);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(1, ("Failed to set local address into GENSEC: %s\n",
+                         nt_errstr(status)));
+               *tkey = NULL;
+               return status;
+       }
+
         status = gensec_start_mech_by_oid(k->gensec, GENSEC_OID_SPNEGO);
  
         if (!NT_STATUS_IS_OK(status)) {
@@ -861,6 +881,8 @@ static WERROR handle_tkey(struct dns_server *dns,
                 if (tkey == NULL) {
                         status  = create_tkey(dns, in->questions[0].name,
                                               in_tkey->rdata.tkey_record.algorithm,
+                                             state->remote_address,
+                                             state->local_address,
                                               &tkey);
                         if (!NT_STATUS_IS_OK(status)) {
                                 ret_tkey->rdata.tkey_record.error = DNS_RCODE_BADKEY;
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c

index 830e0703336548f1abd7405f789c206a2314a868..86776b063355a3f31b6738736cdf768597e255f6 100644 (file)
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -117,6 +117,8 @@ static void dns_process_done(struct tevent_req *subreq);
  static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
                                            struct tevent_context *ev,
                                            struct dns_server *dns,
+                                          const struct tsocket_address *remote_address,
+                                          const struct tsocket_address *local_address,
                                            DATA_BLOB *in)
  {
         struct tevent_req *req, *subreq;
@@ -161,6 +163,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
         state->state.flags = state->in_packet.operation;
         state->state.flags |= DNS_FLAG_REPLY;
  
+       state->state.local_address = local_address;
+       state->state.remote_address = remote_address;
  
         if (forwarder && *forwarder && **forwarder) {
                 state->state.flags |= DNS_FLAG_RECURSION_AVAIL;
@@ -168,7 +172,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
  
         state->out_packet = state->in_packet;
  
-       ret = dns_verify_tsig(dns, state, &state->state, &state->out_packet, in);
+       ret = dns_verify_tsig(dns, state, &state->state,
+                             &state->out_packet, in);
         if (!W_ERROR_IS_OK(ret)) {
                 state->dns_err = werr_to_dns_err(ret);
                 tevent_req_done(req);
@@ -178,7 +183,8 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
         switch (state->in_packet.operation & DNS_OPCODE) {
         case DNS_OPCODE_QUERY:
                 subreq = dns_server_process_query_send(
-                       state, ev, dns, &state->state, &state->in_packet);
+                       state, ev, dns,
+                       &state->state, &state->in_packet);
                 if (tevent_req_nomem(subreq, req)) {
                         return tevent_req_post(req, ev);
                 }
@@ -333,6 +339,8 @@ static void dns_tcp_call_loop(struct tevent_req *subreq)
         call->in.length -= 2;
  
         subreq = dns_process_send(call, dns->task->event_ctx, dns,
+                                 dns_conn->conn->remote_address,
+                                 dns_conn->conn->local_address,
                                   &call->in);
         if (subreq == NULL) {
                 dns_tcp_terminate_connection(
@@ -534,6 +542,8 @@ static void dns_udp_call_loop(struct tevent_req *subreq)
                  tsocket_address_string(call->src, call)));
  
         subreq = dns_process_send(call, dns->task->event_ctx, dns,
+                                 call->src,
+                                 sock->dns_socket->local_address,
                                   &call->in);
         if (subreq == NULL) {
                 TALLOC_FREE(call);
diff --git a/source4/dns_server/dns_server.h b/source4/dns_server/dns_server.h

index e623f97231618213e9eba84b32f275d2342d3726..5395ff95161a3fb43a7106319aceb74025ad1076 100644 (file)
--- a/source4/dns_server/dns_server.h
+++ b/source4/dns_server/dns_server.h
@@ -61,6 +61,8 @@ struct dns_request_state {
         char *key_name;
         struct dns_res_rec *tsig;
         uint16_t tsig_error;
+       const struct tsocket_address *local_address;
+       const struct tsocket_address *remote_address;
  };
  
  struct tevent_req *dns_server_process_query_send(
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 1 Mar 2017 01:19:50 +0000 (14:19 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 29 Mar 2017 00:37:27 +0000 (02:37 +0200)
source4/dns_server/dns_query.c		patch \| blob \| history
source4/dns_server/dns_server.c		patch \| blob \| history
source4/dns_server/dns_server.h		patch \| blob \| history