We need the TKEY name when adding TSIG records to error responses.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
tkey = dns_find_tkey(dns->tkeys, state->tsig->name);
if (tkey == NULL) {
tkey = dns_find_tkey(dns->tkeys, state->tsig->name);
if (tkey == NULL) {
+ /*
+ * We must save the name for use in the TSIG error
+ * response and have no choice here but to save the
+ * keyname from the TSIG request.
+ */
+ state->key_name = talloc_strdup(state->mem_ctx,
+ state->tsig->name);
state->tsig_error = DNS_RCODE_BADKEY;
return DNS_ERR(NOTAUTH);
}
state->tsig_error = DNS_RCODE_BADKEY;
return DNS_ERR(NOTAUTH);
}
+ /*
+ * Remember the keyname that found an existing tkey, used
+ * later to fetch the key with dns_find_tkey() when signing
+ * and adding a TSIG record with MAC.
+ */
+ state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
+ if (state->key_name == NULL) {
+ return WERR_NOMEM;
+ }
+
/* FIXME: check TSIG here */
if (check_rec == NULL) {
return WERR_NOMEM;
/* FIXME: check TSIG here */
if (check_rec == NULL) {
return WERR_NOMEM;
}
state->authenticated = true;
}
state->authenticated = true;
- state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
- if (state->key_name == NULL) {
- return WERR_NOMEM;
- }