From: Mark Andrews <marka@isc.org>
Date: Wed, 26 Jul 2023 22:34:45 +0000 (+1000)
Subject: Return REFUSED if GSSAPI is not configured
X-Git-Tag: v9.19.16~18^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b5076014b9fd3b6fac25f45c6599abd8c6577c52;p=thirdparty%2Fbind9.git

Return REFUSED if GSSAPI is not configured

Return REFUSED if neither a keytab nor a gssapi credential is
configured to GSSAPI/TKEY requests.
---

diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 0f98820edf3..8133d927a3c 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -194,7 +194,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
 	if (tctx->gsscred == NULL && tctx->gssapi_keytab == NULL) {
 		tkey_log("process_gsstkey(): no tkey-gssapi-credential "
 			 "or tkey-gssapi-keytab configured");
-		return (ISC_R_NOPERM);
+		return (DNS_R_REFUSED);
 	}
 
 	if (!dns_name_equal(&tkeyin->algorithm, DNS_TSIG_GSSAPI_NAME)) {