diff options
author | Kai Blin <kai@samba.org> | 2012-09-05 01:27:00 +0200 |
---|---|---|
committer | Kai Blin <kai@samba.org> | 2012-09-05 10:45:22 +0200 |
commit | 2311a2c9f5fdcb6f8336dbdb972963a35890a200 (patch) | |
tree | e58d63683b0289cff7645efe56a7e3f7e4aaf124 /source4/dns_server | |
parent | b5dd26cc694230ce9526369eb2ac4175a2d90abb (diff) | |
download | samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.gz samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.bz2 samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.zip |
s4 dns: Allow configuring signed updates
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep 5 10:45:22 CEST 2012 on sn-devel-104
Diffstat (limited to 'source4/dns_server')
-rw-r--r-- | source4/dns_server/dns_update.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c index e7514acace..61850a1056 100644 --- a/source4/dns_server/dns_update.c +++ b/source4/dns_server/dns_update.c @@ -734,10 +734,15 @@ WERROR dns_server_process_update(struct dns_server *dns, /* TODO: Check if update is allowed, we probably want "always", * key-based GSSAPI, key-based bind-style TSIG and "never" as * smb.conf options. */ - if (lpcfg_allow_dns_updates(dns->task->lp_ctx) != DNS_UPDATE_ON) { + if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) { DEBUG(0, ("Update not allowed.\n")); return DNS_ERR(REFUSED); } + if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_SIGNED && + state->authenticated == false ) { + DEBUG(0, ("Update not allowed for unsigned packet.\n")); + return DNS_ERR(REFUSED); + } *update_count = in->nscount; *updates = in->nsrecs; |