diff options
author | Kai Blin <kai@samba.org> | 2012-09-05 08:34:49 +0200 |
---|---|---|
committer | Kai Blin <kai@samba.org> | 2012-09-05 19:02:17 +0200 |
commit | 53f602c3744c0952f3385a39d5984d5a47b9905c (patch) | |
tree | ed78b6251d3fc979cd493a5a3e3e3036e90f199e /source4/dns_server/dns_server.c | |
parent | 7fe5e2cdcb17cee06ebde2717439c0aa964ac026 (diff) | |
download | samba-53f602c3744c0952f3385a39d5984d5a47b9905c.tar.gz samba-53f602c3744c0952f3385a39d5984d5a47b9905c.tar.bz2 samba-53f602c3744c0952f3385a39d5984d5a47b9905c.zip |
s4 dns: Verify incoming TSIG signatures
Diffstat (limited to 'source4/dns_server/dns_server.c')
-rw-r--r-- | source4/dns_server/dns_server.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 795b7198aa..d9851b1566 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -145,6 +145,14 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, NDR_PRINT_DEBUG(dns_name_packet, &state->in_packet); } + ret = dns_verify_tsig(dns, state, &state->state, &state->in_packet, in); + if (!W_ERROR_IS_OK(ret)) { + DEBUG(0, ("Bailing out early!\n")); + state->dns_err = werr_to_dns_err(ret); + tevent_req_done(req); + return tevent_req_post(req, ev); + } + state->state.flags = state->in_packet.operation; state->state.flags |= DNS_FLAG_REPLY; |