s4/dns_server: enable sending of TSIG error records

This final patch enables sending TSIG error records by adding DNS_RCODE_NOTAUTH to the set of error conditions that are allowed to trigger sending a full generated response. See RFC 2845 "4.5.1. KEY check and error handling" and "4.5.3. MAC check and error handling". Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
author: Ralph Boehme <slow@samba.org> 2016-05-30 16:44:00 +0200
committer: Garming Sam <garming@samba.org> 2016-06-16 00:06:28 +0200
commit: 88700e7d890c017e2d360fe4385e196f4016db4a (patch)
tree: b61ca9901d35f7a7303ffd8d2f552f8738c25e71 /source4/dns_server/dns_server.c
parent: ba683d459e1b1550d0a4de3a0f576c857ee595c8 (diff)
download: samba-88700e7d890c017e2d360fe4385e196f4016db4a.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index c943b7e0c35..347cdb7f7d4 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -235,7 +235,9 @@ static WERROR dns_process_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 		return ret;
 	}
 	if ((state->dns_err != DNS_RCODE_OK) &&
-	    (state->dns_err != DNS_RCODE_NXDOMAIN)) {
+	    (state->dns_err != DNS_RCODE_NXDOMAIN) &&
+	    (state->dns_err != DNS_RCODE_NOTAUTH))
+	{
 		goto drop;
 	}
 	if (state->dns_err != DNS_RCODE_OK) {
author	Ralph Boehme <slow@samba.org>	2016-05-30 16:44:00 +0200
committer	Garming Sam <garming@samba.org>	2016-06-16 00:06:28 +0200
commit	88700e7d890c017e2d360fe4385e196f4016db4a (patch)
tree	b61ca9901d35f7a7303ffd8d2f552f8738c25e71 /source4/dns_server/dns_server.c
parent	ba683d459e1b1550d0a4de3a0f576c857ee595c8 (diff)
download	samba-88700e7d890c017e2d360fe4385e196f4016db4a.tar.gz