summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/param/loadparm.c12
-rw-r--r--lib/param/param.h1
-rw-r--r--lib/param/param_enums.c8
-rw-r--r--source3/param/loadparm.c1
-rw-r--r--source4/dns_server/dns_update.c6
-rw-r--r--source4/dns_server/dns_update.h25
6 files changed, 51 insertions, 2 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 8ed9ced221..2c59a3ed69 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -65,6 +65,7 @@
#include "s3_param.h"
#include "lib/util/bitmap.h"
#include "libcli/smb/smb_constants.h"
+#include "source4/dns_server/dns_update.h"
#define standard_sub_basic talloc_strdup
@@ -1223,6 +1224,14 @@ static struct parm_struct parm_table[] = {
.special = NULL,
.enum_list = NULL
},
+ {
+ .label = "allow dns updates",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(allow_dns_updates),
+ .special = NULL,
+ .enum_list = enum_dns_update_settings
+ },
{NULL, P_BOOL, P_NONE, 0, NULL, NULL, 0}
};
@@ -1503,6 +1512,7 @@ FN_GLOBAL_INTEGER(srv_minprotocol, srv_minprotocol)
FN_GLOBAL_INTEGER(cli_maxprotocol, cli_maxprotocol)
FN_GLOBAL_INTEGER(cli_minprotocol, cli_minprotocol)
FN_GLOBAL_BOOL(paranoid_server_security, paranoid_server_security)
+FN_GLOBAL_INTEGER(allow_dns_updates, allow_dns_updates)
FN_GLOBAL_INTEGER(server_signing, server_signing)
FN_GLOBAL_INTEGER(client_signing, client_signing)
@@ -3362,6 +3372,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
+ lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "False");
+
for (i = 0; parm_table[i].label; i++) {
if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
lp_ctx->flags[i] |= FLAG_DEFAULT;
diff --git a/lib/param/param.h b/lib/param/param.h
index f6823859d8..079ef8b9a6 100644
--- a/lib/param/param.h
+++ b/lib/param/param.h
@@ -56,6 +56,7 @@ const char *lpcfg_realm(struct loadparm_context *);
const char *lpcfg_netbios_name(struct loadparm_context *);
const char *lpcfg_private_dir(struct loadparm_context *);
int lpcfg_server_role(struct loadparm_context *);
+int lpcfg_allow_dns_updates(struct loadparm_context *);
void reload_charcnv(struct loadparm_context *lp_ctx);
diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c
index 9307a0c650..d30458fa5d 100644
--- a/lib/param/param_enums.c
+++ b/lib/param/param_enums.c
@@ -107,3 +107,11 @@ static const struct enum_list enum_smb_signing_vals[] = {
{SMB_SIGNING_REQUIRED, "enforced"},
{-1, NULL}
};
+
+/* DNS update options. */
+static const struct enum_list enum_dns_update_settings[] = {
+ {DNS_UPDATE_OFF, "False"},
+ {DNS_UPDATE_ON, "True"},
+ {DNS_UPDATE_SIGNED, "signed"},
+ {-1, NULL}
+};
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index e0da6fdf1d..1bd2733858 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -68,6 +68,7 @@
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_rbt.h"
#include "../lib/util/bitmap.h"
+#include "../source4/dns_server/dns_update.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
index ccbeed9ff8..3fd612cfab 100644
--- a/source4/dns_server/dns_update.c
+++ b/source4/dns_server/dns_update.c
@@ -25,9 +25,12 @@
#include "librpc/gen_ndr/ndr_dns.h"
#include "librpc/gen_ndr/ndr_dnsp.h"
#include <ldb.h>
+#include "param/param.h"
#include "dsdb/samdb/samdb.h"
#include "dsdb/common/util.h"
+#include "smbd/service_task.h"
#include "dns_server/dns_server.h"
+#include "dns_server/dns_update.h"
static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
const struct dns_res_rec *rrec,
@@ -653,7 +656,6 @@ WERROR dns_server_process_update(struct dns_server *dns,
const struct dns_server_zone *z;
size_t host_part_len = 0;
WERROR werror = DNS_ERR(NOT_IMPLEMENTED);
- bool update_allowed = false;
if (in->qdcount != 1) {
return DNS_ERR(FORMAT_ERROR);
@@ -701,7 +703,7 @@ WERROR dns_server_process_update(struct dns_server *dns,
/* TODO: Check if update is allowed, we probably want "always",
* key-based GSSAPI, key-based bind-style TSIG and "never" as
* smb.conf options. */
- if (!update_allowed) {
+ if (lpcfg_allow_dns_updates(dns->task->lp_ctx) != DNS_UPDATE_ON) {
DEBUG(0, ("Update not allowed."));
return DNS_ERR(REFUSED);
}
diff --git a/source4/dns_server/dns_update.h b/source4/dns_server/dns_update.h
new file mode 100644
index 0000000000..71ff85eda1
--- /dev/null
+++ b/source4/dns_server/dns_update.h
@@ -0,0 +1,25 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ DNS update settings
+
+ Copyright (C) 2011 Kai Blin <kai@samba.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+enum dns_update_settings {
+ DNS_UPDATE_OFF=0,
+ DNS_UPDATE_ON=1,
+ DNS_UPDATE_SIGNED=2
+};