summaryrefslogtreecommitdiff
path: root/source4/dns_server
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2012-09-05 01:27:00 +0200
committerKai Blin <kai@samba.org>2012-09-05 10:45:22 +0200
commit2311a2c9f5fdcb6f8336dbdb972963a35890a200 (patch)
treee58d63683b0289cff7645efe56a7e3f7e4aaf124 /source4/dns_server
parentb5dd26cc694230ce9526369eb2ac4175a2d90abb (diff)
downloadsamba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.gz
samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.bz2
samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.zip
s4 dns: Allow configuring signed updates
Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed Sep 5 10:45:22 CEST 2012 on sn-devel-104
Diffstat (limited to 'source4/dns_server')
-rw-r--r--source4/dns_server/dns_update.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
index e7514acace..61850a1056 100644
--- a/source4/dns_server/dns_update.c
+++ b/source4/dns_server/dns_update.c
@@ -734,10 +734,15 @@ WERROR dns_server_process_update(struct dns_server *dns,
/* TODO: Check if update is allowed, we probably want "always",
* key-based GSSAPI, key-based bind-style TSIG and "never" as
* smb.conf options. */
- if (lpcfg_allow_dns_updates(dns->task->lp_ctx) != DNS_UPDATE_ON) {
+ if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) {
DEBUG(0, ("Update not allowed.\n"));
return DNS_ERR(REFUSED);
}
+ if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_SIGNED &&
+ state->authenticated == false ) {
+ DEBUG(0, ("Update not allowed for unsigned packet.\n"));
+ return DNS_ERR(REFUSED);
+ }
*update_count = in->nscount;
*updates = in->nsrecs;