s4 dns: Allow configuring signed updates

Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed Sep 5 10:45:22 CEST 2012 on sn-devel-104
author: Kai Blin <kai@samba.org> 2012-09-05 01:27:00 +0200
committer: Kai Blin <kai@samba.org> 2012-09-05 10:45:22 +0200
commit: 2311a2c9f5fdcb6f8336dbdb972963a35890a200 (patch)
tree: e58d63683b0289cff7645efe56a7e3f7e4aaf124 /source4/dns_server
parent: b5dd26cc694230ce9526369eb2ac4175a2d90abb (diff)
download: samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.gz
samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.bz2
samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
index e7514acace..61850a1056 100644
--- a/source4/dns_server/dns_update.c
+++ b/source4/dns_server/dns_update.c
@@ -734,10 +734,15 @@ WERROR dns_server_process_update(struct dns_server *dns,
 	/* TODO: Check if update is allowed, we probably want "always",
 	 * key-based GSSAPI, key-based bind-style TSIG and "never" as
 	 * smb.conf options. */
-	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) != DNS_UPDATE_ON) {
+	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) {
 		DEBUG(0, ("Update not allowed.\n"));
 		return DNS_ERR(REFUSED);
 	}
+	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_SIGNED &&
+	    state->authenticated == false ) {
+		DEBUG(0, ("Update not allowed for unsigned packet.\n"));
+		return DNS_ERR(REFUSED);
+	}
 
 	*update_count = in->nscount;
 	*updates = in->nsrecs;
author	Kai Blin <kai@samba.org>	2012-09-05 01:27:00 +0200
committer	Kai Blin <kai@samba.org>	2012-09-05 10:45:22 +0200
commit	2311a2c9f5fdcb6f8336dbdb972963a35890a200 (patch)
tree	e58d63683b0289cff7645efe56a7e3f7e4aaf124 /source4/dns_server
parent	b5dd26cc694230ce9526369eb2ac4175a2d90abb (diff)
download	samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.gz samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.tar.bz2 samba-2311a2c9f5fdcb6f8336dbdb972963a35890a200.zip