CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()

[samba.git] / source4 / dns_server / dns_crypto.c

diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
index 14dc4ca69b5c95d8db108237b2114f03eda05661..3f199de3344ac4429bfe136a92cc16cbc97ffcae 100644 (file)
--- a/source4/dns_server/dns_crypto.c
+++ b/source4/dns_server/dns_crypto.c
@@ -29,6 +29,9 @@
 #include "auth/auth.h"
 #include "auth/gensec/gensec.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+
 static WERROR dns_copy_tsig(TALLOC_CTX *mem_ctx,
                            struct dns_res_rec *old,
                            struct dns_res_rec *new_rec)
@@ -121,14 +124,14 @@ WERROR dns_verify_tsig(struct dns_server *dns,
 
        /* The TSIG record needs to be the last additional record */
        if (found_tsig && i + 1 != packet->arcount) {
-               DEBUG(0, ("TSIG record not the last additional record!\n"));
+               DEBUG(1, ("TSIG record not the last additional record!\n"));
                return DNS_ERR(FORMAT_ERROR);
        }
 
        /* We got a TSIG, so we need to sign our reply */
        state->sign = true;
 
-       state->tsig = talloc_zero(mem_ctx, struct dns_res_rec);
+       state->tsig = talloc_zero(state->mem_ctx, struct dns_res_rec);
        if (state->tsig == NULL) {
                return WERR_NOMEM;
        }
@@ -218,11 +221,15 @@ WERROR dns_verify_tsig(struct dns_server *dns,
        }
 
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("Verifying tsig failed: %s\n", nt_errstr(status)));
+               DEBUG(1, ("Verifying tsig failed: %s\n", nt_errstr(status)));
                return ntstatus_to_werror(status);
        }
 
        state->authenticated = true;
+       state->key_name = talloc_strdup(state->mem_ctx, tkey->name);
+       if (state->key_name == NULL) {
+               return WERR_NOMEM;
+       }
 
        return WERR_OK;
 }