sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s4/dns_server: ensure we store the key name in error code paths

Browse Source 
We need the TKEY name when adding TSIG records to error responses.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
Ralph Boehme 2016-05-30 16:37:32 +02:00 committed by Garming Sam
parent c1fca8fa39
commit 77c5bfdce4
1 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
source4/dns_server/dns_crypto.c
View File

@ -146,10 +146,27 @@ WERROR dns_verify_tsig(struct dns_server *dns,
tkey = dns_find_tkey(dns->tkeys, state->tsig->name);
if (tkey == NULL) {
/*
* We must save the name for use in the TSIG error
* response and have no choice here but to save the
* keyname from the TSIG request.
*/
state->key_name = talloc_strdup(state->mem_ctx,
state->tsig->name);
state->tsig_error = DNS_RCODE_BADKEY;
return DNS_ERR(NOTAUTH);
}
/*
* Remember the keyname that found an existing tkey, used
* later to fetch the key with dns_find_tkey() when signing
* and adding a TSIG record with MAC.
*/
state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
if (state->key_name == NULL) {
return WERR_NOMEM;
}
/* FIXME: check TSIG here */
if (check_rec == NULL) {
return WERR_NOMEM;
@ -223,10 +240,6 @@ WERROR dns_verify_tsig(struct dns_server *dns,
}
state->authenticated = true;
state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
if (state->key_name == NULL) {
return WERR_NOMEM;
}
return WERR_OK;
}