dns_message_signer update

06f9d648 · Brian Wellington · bf04258e · 06f9d648 · 06f9d648
Commit 06f9d648 authored Oct 28, 1999 by Brian Wellington
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 13 deletions

lib/dns/include/dns/message.h lib/dns/include/dns/message.h +8 -7

lib/dns/message.c lib/dns/message.c +11 -6

No files found.
--- a/lib/dns/include/dns/message.h
+++ b/lib/dns/include/dns/message.h
@@ -838,8 +838,9 @@ dns_message_takebuffer(dns_message_t *msg, isc_buffer_t **buffer);
 isc_result_t
 dns_message_signer(dns_message_t *msg, dns_name_t **signer);
 /*
- * If this response message was signed and the signature has been validated,
- * return the identity of the signer.
+ * If this response message was signed, return the identity of the signer.
+ * Unless ISC_R_NOTFOUND is returned, signer will reflect the name of the
+ * key that signed the message.
 *
 * Requires:
 *
@@ -854,16 +855,16 @@ dns_message_signer(dns_message_t *msg, dns_name_t **signer);
 *	ISC_R_NOTFOUND		- no TSIG record or key is present in the
 *				  message
 *
- *	DNS_R_KEYUNAUTHORIZED	- the message was signed and verified, but
- *				  the key has no identity since it was
- *				  generated by an unsigned TKEY process
- *				  (new error code?)
- *
 *	DNS_R_TSIGVERIFYFAILURE	- the message was signed, but the signature
 *				  failed to verify
 *
 *	DNS_R_TSIGERRORSET	- the message was signed and verified, but
 *				  the query was rejected by the server
+ *
+ *	DNS_R_KEYUNAUTHORIZED	- the message was signed and verified, but
+ *				  the key has no identity since it was
+ *				  generated by an unsigned TKEY process
+ *				  (new error code?)
 */

 ISC_LANG_ENDDECLS

--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1907,6 +1907,8 @@ dns_message_takebuffer(dns_message_t *msg, isc_buffer_t **buffer)

 isc_result_t
 dns_message_signer(dns_message_t *msg, dns_name_t **signer) {
+	isc_result_t result;
+
 	REQUIRE(DNS_MESSAGE_VALID(msg));
 	REQUIRE(signer != NULL);
 	REQUIRE(*signer == NULL);
@@ -1914,12 +1916,15 @@ dns_message_signer(dns_message_t *msg, dns_name_t **signer) {

 	if (msg->tsigkey == NULL || msg->tsig == NULL)
 		return (ISC_R_NOTFOUND);
-	if (msg->tsigkey->generated)
-		return (DNS_R_KEYUNAUTHORIZED);
+
 	if (msg->tsigstatus != dns_rcode_noerror)
-		return (DNS_R_TSIGVERIFYFAILURE);
-	if (msg->tsig->error != dns_rcode_noerror)
-		return (DNS_R_TSIGERRORSET);
+		result = DNS_R_TSIGVERIFYFAILURE;
+	else if (msg->tsig->error != dns_rcode_noerror)
+		result = DNS_R_TSIGERRORSET;
+	else if (msg->tsigkey->generated)
+		result = DNS_R_KEYUNAUTHORIZED;
+	else
+		result = ISC_R_SUCCESS;
 	*signer = &msg->tsigkey->name;
-	return (ISC_R_SUCCESS);
+	return (result);
 }