diff options
author | Ralph Boehme <slow@samba.org> | 2016-05-30 16:44:00 +0200 |
---|---|---|
committer | Garming Sam <garming@samba.org> | 2016-06-16 00:06:28 +0200 |
commit | 88700e7d890c017e2d360fe4385e196f4016db4a (patch) | |
tree | b61ca9901d35f7a7303ffd8d2f552f8738c25e71 /source4/dns_server/dns_server.c | |
parent | ba683d459e1b1550d0a4de3a0f576c857ee595c8 (diff) | |
download | samba-88700e7d890c017e2d360fe4385e196f4016db4a.tar.gz |
s4/dns_server: enable sending of TSIG error records
This final patch enables sending TSIG error records by adding
DNS_RCODE_NOTAUTH to the set of error conditions that are allowed to
trigger sending a full generated response.
See RFC 2845 "4.5.1. KEY check and error handling" and "4.5.3. MAC check
and error handling".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'source4/dns_server/dns_server.c')
-rw-r--r-- | source4/dns_server/dns_server.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index c943b7e0c35..347cdb7f7d4 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -235,7 +235,9 @@ static WERROR dns_process_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, return ret; } if ((state->dns_err != DNS_RCODE_OK) && - (state->dns_err != DNS_RCODE_NXDOMAIN)) { + (state->dns_err != DNS_RCODE_NXDOMAIN) && + (state->dns_err != DNS_RCODE_NOTAUTH)) + { goto drop; } if (state->dns_err != DNS_RCODE_OK) { |