Return REFUSED if GSSAPI is not configured

Return REFUSED if neither a keytab nor a gssapi credential is
configured to GSSAPI/TKEY requests.

diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 0f98820edf3580dd72b79f29c5ac477c152401c6..8133d927a3c86690ac0713bdfa828aee87bf7d90 100644 (file)
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -194,7 +194,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
        if (tctx->gsscred == NULL && tctx->gssapi_keytab == NULL) {
                tkey_log("process_gsstkey(): no tkey-gssapi-credential "
                         "or tkey-gssapi-keytab configured");
-               return (ISC_R_NOPERM);
+               return (DNS_R_REFUSED);
        }
 
        if (!dns_name_equal(&tkeyin->algorithm, DNS_TSIG_GSSAPI_NAME)) {