s4 dns: Allow configuring signed updates

Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed Sep 5 20:42:46 CEST 2012 on sn-devel-104
author: Kai Blin <kai@samba.org> 2012-09-05 01:27:00 +0200
committer: Kai Blin <kai@samba.org> 2012-09-05 20:42:46 +0200
commit: 5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e (patch)
tree: 215eede137e01ba71685dd2e0f247cd32418f393 /source4/dns_server
parent: 2b17566e8902a326253257e1665b3b7a49e1aa26 (diff)
download: samba-5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e.tar.gz
samba-5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e.tar.bz2
samba-5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
index e7514acace..61850a1056 100644
--- a/source4/dns_server/dns_update.c
+++ b/source4/dns_server/dns_update.c
@@ -734,10 +734,15 @@ WERROR dns_server_process_update(struct dns_server *dns,
 	/* TODO: Check if update is allowed, we probably want "always",
 	 * key-based GSSAPI, key-based bind-style TSIG and "never" as
 	 * smb.conf options. */
-	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) != DNS_UPDATE_ON) {
+	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) {
 		DEBUG(0, ("Update not allowed.\n"));
 		return DNS_ERR(REFUSED);
 	}
+	if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_SIGNED &&
+	    state->authenticated == false ) {
+		DEBUG(0, ("Update not allowed for unsigned packet.\n"));
+		return DNS_ERR(REFUSED);
+	}
 
 	*update_count = in->nscount;
 	*updates = in->nsrecs;
author	Kai Blin <kai@samba.org>	2012-09-05 01:27:00 +0200
committer	Kai Blin <kai@samba.org>	2012-09-05 20:42:46 +0200
commit	5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e (patch)
tree	215eede137e01ba71685dd2e0f247cd32418f393 /source4/dns_server
parent	2b17566e8902a326253257e1665b3b7a49e1aa26 (diff)
download	samba-5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e.tar.gz samba-5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e.tar.bz2 samba-5e492f8d324d269c2eb0e12f6dca2cb8133c4b8e.zip