Change DNS server to write entries as the correct user
Michael Adam
obnox at samba.org
Tue Sep 11 11:55:47 MDT 2012
Hi Andrew,
A heads up:
I have set up a test env with your patch, or rather a
modification that Metze did, and I will test in 1-2 hours.
Cheers - Michael
On 2012-09-11 at 21:03 +1000, Andrew Bartlett wrote:
> The attached UNTESTED patch is what I've been thinking we need to finish
> to TSIG code.
>
> This should mean we write new DNS names as the correct user. The only
> catch I can think of is our old friend the nested event loop. Is is
> possible to start processing one DNS packet while another is in the ldb
> stack?
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
>
> >From fa792124d1673249964dbd1e64aff16b9143847a Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Tue, 11 Sep 2012 20:59:51 +1000
> Subject: [PATCH] dns_server: Attempt to SET and UNSET the sessionInfo to
> match the incoming user
>
> This avoids re-opening the DB as the correct user, but applies all the right ACLs
> and resulting owner.
>
> UNTESTED
>
> Andrew Bartlett
> ---
> source4/dns_server/dns_update.c | 24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
> diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
> index 2df0b58..981efcf 100644
> --- a/source4/dns_server/dns_update.c
> +++ b/source4/dns_server/dns_update.c
> @@ -672,6 +672,13 @@ static WERROR handle_updates(struct dns_server *dns,
> return DNS_ERR(SERVER_FAILURE);
> }
>
> + if (tkey != NULL) {
> + ret = ldb_set_opaque(dns->samdb, "sessionInfo", tkey->session_info);
> + if (ret != LDB_SUCCESS) {
> + DEBUG(1, ("unable to set session info\n"));
> + return DNS_ERR(SERVER_FAILURE);
> + }
> + }
> werror = check_prerequisites(dns, tmp_ctx, zone, prereqs, pcount);
> W_ERROR_NOT_OK_GOTO(werror, failed);
>
> @@ -685,9 +692,26 @@ static WERROR handle_updates(struct dns_server *dns,
>
> ldb_transaction_commit(dns->samdb);
> TALLOC_FREE(tmp_ctx);
> +
> + if (tkey != NULL) {
> + ldb_set_opaque(dns->samdb, "sessionInfo", system_session(dns->task->lp_ctx));
> + if (ret != LDB_SUCCESS) {
> + DEBUG(1, ("unable to unset session info\n"));
> + return DNS_ERR(SERVER_FAILURE);
> + }
> + }
> +
> return WERR_OK;
>
> failed:
> + if (tkey != NULL) {
> + ldb_set_opaque(dns->samdb, "sessionInfo", system_session(dns->task->lp_ctx));
> + if (ret != LDB_SUCCESS) {
> + DEBUG(1, ("unable to unset session info\n"));
> + return DNS_ERR(SERVER_FAILURE);
> + }
> + }
> +
> ldb_transaction_cancel(dns->samdb);
> TALLOC_FREE(tmp_ctx);
> return werror;
> --
> 1.7.11.4
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120911/c5a49e7f/attachment.pgp>
More information about the samba-technical
mailing list