s4 dns: Allow configuring signed updates

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep  5 20:42:46 CEST 2012 on sn-devel-104

diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
index e7514acace0268377934c0343b8c5a58f5875b5e..61850a10564ebabb8265d9442752d865b4e0413b 100644 (file)
--- a/source4/dns_server/dns_update.c
+++ b/source4/dns_server/dns_update.c
@@ -734,10 +734,15 @@ WERROR dns_server_process_update(struct dns_server *dns,
        /* TODO: Check if update is allowed, we probably want "always",
         * key-based GSSAPI, key-based bind-style TSIG and "never" as
         * smb.conf options. */
-       if (lpcfg_allow_dns_updates(dns->task->lp_ctx) != DNS_UPDATE_ON) {
+       if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) {
                DEBUG(0, ("Update not allowed.\n"));
                return DNS_ERR(REFUSED);
        }
+       if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_SIGNED &&
+           state->authenticated == false ) {
+               DEBUG(0, ("Update not allowed for unsigned packet.\n"));
+               return DNS_ERR(REFUSED);
+       }
 
        *update_count = in->nscount;
        *updates = in->nsrecs;