From f3e44c390c0082e585aec83372cdcdde19d76016 Mon Sep 17 00:00:00 2001
From: Kai Blin <kai@samba.org>
Date: Mon, 3 Sep 2012 08:06:55 +0200
Subject: s4 dns: Verify incoming TSIG signatures

---
 source4/dns_server/dns_server.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'source4/dns_server/dns_server.c')

diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index cd121f9d8b..6b78b6d568 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -145,7 +145,13 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
 		NDR_PRINT_DEBUG(dns_name_packet, &state->in_packet);
 	}
 
-	ret = dns_verify_tsig(dns, &state->state, &state->in_packet);
+	ret = dns_verify_tsig(dns, state, &state->state, &state->in_packet);
+	if (!W_ERROR_IS_OK(ret)) {
+		DEBUG(0, ("Bailing out early!\n"));
+		state->dns_err = werr_to_dns_err(ret);
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
 
 	state->state.flags = state->in_packet.operation;
 	state->state.flags |= DNS_FLAG_REPLY;
-- 
cgit