#include "dns_server/dns_server.h"
#include "auth/auth.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DNS
+
static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
const struct dns_res_rec *rrec,
struct dnsp_DnssrvRpcRecord *r);
uint16_t i;
WERROR werror;
bool needs_add = false;
- uint32_t access_mask = 0;
DEBUG(2, ("Looking at record: \n"));
if (DEBUGLVL(2)) {
rcount = 0;
needs_add = true;
werror = WERR_OK;
- access_mask = SEC_ADS_CREATE_CHILD;
}
W_ERROR_NOT_OK_RETURN(werror);
- access_mask = SEC_STD_REQUIRED | SEC_ADS_SELF_WRITE;
-
- if (tkey != NULL) {
- int ldb_ret;
- ldb_ret = dsdb_check_access_on_dn(dns->samdb, mem_ctx, dn,
- tkey->session_info->security_token,
- access_mask, NULL);
- if (ldb_ret != LDB_SUCCESS) {
- DEBUG(0, ("Disallowing update: %s\n", ldb_strerror(ldb_ret)));
- return DNS_ERR(REFUSED);
- }
- DEBUG(0, ("Allowing signed update\n"));
- }
-
if (update->rr_class == zone->question_class) {
if (update->rr_type == DNS_QTYPE_CNAME) {
/*
*/
for (i = 0; i < rcount; i++) {
if (recs[i].wType != DNS_TYPE_CNAME) {
- DEBUG(0, ("Skipping update\n"));
+ DEBUG(5, ("Skipping update\n"));
return WERR_OK;
}
break;
*/
for (i = 0; i < rcount; i++) {
if (recs[i].wType == DNS_TYPE_CNAME) {
- DEBUG(0, ("Skipping update\n"));
+ DEBUG(5, ("Skipping update\n"));
return WERR_OK;
}
}
* logic for RFC2136
*/
if (n <= o) {
- DEBUG(0, ("Skipping update\n"));
+ DEBUG(5, ("Skipping update\n"));
return WERR_OK;
}
found = true;
}
}
if (!found) {
- DEBUG(0, ("Skipping update\n"));
+ DEBUG(5, ("Skipping update\n"));
return WERR_OK;
}
uint16_t ri;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ if (tkey != NULL) {
+ ret = ldb_set_opaque(dns->samdb, "sessionInfo", tkey->session_info);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(1, ("unable to set session info\n"));
+ werror = DNS_ERR(SERVER_FAILURE);
+ goto failed;
+ }
+ }
+
werror = dns_name2dn(dns, tmp_ctx, zone->name, &zone_dn);
- W_ERROR_NOT_OK_RETURN(werror);
+ W_ERROR_NOT_OK_GOTO(werror, failed);
ret = ldb_transaction_start(dns->samdb);
if (ret != LDB_SUCCESS) {
- return DNS_ERR(SERVER_FAILURE);
+ werror = DNS_ERR(SERVER_FAILURE);
+ goto failed;
}
werror = check_prerequisites(dns, tmp_ctx, zone, prereqs, pcount);
W_ERROR_NOT_OK_GOTO(werror, failed);
- DEBUG(0, ("update count is %u\n", upd_count));
+ DEBUG(1, ("update count is %u\n", upd_count));
for (ri = 0; ri < upd_count; ri++) {
werror = handle_one_update(dns, tmp_ctx, zone,
ldb_transaction_commit(dns->samdb);
TALLOC_FREE(tmp_ctx);
+
+ if (tkey != NULL) {
+ ldb_set_opaque(dns->samdb, "sessionInfo",
+ system_session(dns->task->lp_ctx));
+ }
+
return WERR_OK;
failed:
ldb_transaction_cancel(dns->samdb);
+
+ if (tkey != NULL) {
+ ldb_set_opaque(dns->samdb, "sessionInfo",
+ system_session(dns->task->lp_ctx));
+ }
+
TALLOC_FREE(tmp_ctx);
return werror;
struct dns_server_tkey **tkey)
{
if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_ON) {
- DEBUG(0, ("All updates allowed.\n"));
+ DEBUG(2, ("All updates allowed.\n"));
return WERR_OK;
}
if (lpcfg_allow_dns_updates(dns->task->lp_ctx) == DNS_UPDATE_OFF) {
- DEBUG(0, ("Updates disabled.\n"));
+ DEBUG(2, ("Updates disabled.\n"));
return DNS_ERR(REFUSED);
}
if (state->authenticated == false ) {
- DEBUG(0, ("Update not allowed for unsigned packet.\n"));
+ DEBUG(2, ("Update not allowed for unsigned packet.\n"));
return DNS_ERR(REFUSED);
}
}
if (z == NULL) {
- DEBUG(0, ("We're not authoritative for this zone\n"));
+ DEBUG(1, ("We're not authoritative for this zone\n"));
return DNS_ERR(NOTAUTH);
}
if (host_part_len != 0) {
/* TODO: We need to delegate this one */
- DEBUG(0, ("Would have to delegate zones.\n"));
+ DEBUG(1, ("Would have to delegate zone '%s'.\n", zone->name));
return DNS_ERR(NOT_IMPLEMENTED);
}