s4 dns: Verify incoming TSIG signatures

author: Kai Blin <kai@samba.org> 2012-09-03 08:06:55 +0200
committer: Kai Blin <kai@samba.org> 2012-09-05 08:41:23 +0200
commit: f3e44c390c0082e585aec83372cdcdde19d76016 (patch)
tree: e1beb9e2c3792fad555f8934e10ac7b623b10736 /source4/dns_server/dns_server.c
parent: fc9de264972ba46cfd9e8fc67e25aa7ee1fd51a2 (diff)
download: samba-f3e44c390c0082e585aec83372cdcdde19d76016.tar.gz
samba-f3e44c390c0082e585aec83372cdcdde19d76016.tar.bz2
samba-f3e44c390c0082e585aec83372cdcdde19d76016.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index cd121f9d8b..6b78b6d568 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -145,7 +145,13 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
 		NDR_PRINT_DEBUG(dns_name_packet, &state->in_packet);
 	}
 
-	ret = dns_verify_tsig(dns, &state->state, &state->in_packet);
+	ret = dns_verify_tsig(dns, state, &state->state, &state->in_packet);
+	if (!W_ERROR_IS_OK(ret)) {
+		DEBUG(0, ("Bailing out early!\n"));
+		state->dns_err = werr_to_dns_err(ret);
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
 
 	state->state.flags = state->in_packet.operation;
 	state->state.flags |= DNS_FLAG_REPLY;
author	Kai Blin <kai@samba.org>	2012-09-03 08:06:55 +0200
committer	Kai Blin <kai@samba.org>	2012-09-05 08:41:23 +0200
commit	f3e44c390c0082e585aec83372cdcdde19d76016 (patch)
tree	e1beb9e2c3792fad555f8934e10ac7b623b10736 /source4/dns_server/dns_server.c
parent	fc9de264972ba46cfd9e8fc67e25aa7ee1fd51a2 (diff)
download	samba-f3e44c390c0082e585aec83372cdcdde19d76016.tar.gz samba-f3e44c390c0082e585aec83372cdcdde19d76016.tar.bz2 samba-f3e44c390c0082e585aec83372cdcdde19d76016.zip