Projet

Général

Profil

DLZ-bind-zone-transfer-restriction.patch

Benjamin Bohard, 07/05/2020 14:53

Télécharger (3,02 ko)

Voir les différences:

docs-xml/smbdotconf/domain/dnszonetransferclients.xml
1 
<samba:parameter name="dns zone transfer clients"
2 
                 context="G"
3 
                 type="cmdlist"
4 
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
5 
<description>
6 
       <para>This option specifies the list IPs authorized to ask for dns zone
7 
           transfer.
8 
       </para>
9 

  		




  
  10
  
    
       <para>The content is a comma-separated list of IP addresses.

  		




  
  11
  
    
       </para>

  		




  
  12
  
    

  		




  
  13
  
    
       <para>Default is "none", meaning no transfer will be authorized.

  		




  
  14
  
    
       </para>

  		




  
  15
  
    
</description>

  		




  
  16
  
    

  		




  
  17
  
    
<value type="default">none</value>

  		




  
  18
  
    
<value type="example">192.168.0.1</value>

  		




  
  19
  
    
</samba:parameter>

  		












  

    
      source4/dns_server/dlz_bind9.c
    
  





  938
  938
  
    
	/* just say yes for all our zones for now */

  		




  939
  939
  
    
	struct dlz_bind9_data *state = talloc_get_type(

  		




  940
  940
  
    
		dbdata, struct dlz_bind9_data);

  		




  941
  
  
    
	return b9_find_zone_dn(state, name, NULL, NULL);

  		




  
  941
  
    
        isc_result_t ret ;

  		




  
  942
  
    
        const char **authorized_clients ;

  		




  
  943
  
    
        unsigned int i ;

  		




  
  944
  
    
 

  		




  
  945
  
    
        /* check that the zone is known */

  		




  
  946
  
    
        ret = b9_find_zone_dn(state, name, NULL, NULL);

  		




  
  947
  
    
        if (ret == ISC_R_SUCCESS) {

  		




  
  948
  
    
                authorized_clients = lpcfg_dns_zone_transfer_clients(state->lp) ;

  		




  
  949
  
    
                if (authorized_clients) {

  		




  
  950
  
    
                        state->log(ISC_LOG_INFO, "samba_dlz: checking if client is authorized for zone transfer") ;

  		




  
  951
  
    
 

  		




  
  952
  
    
                        /* if the option is not set, default is to accept all transfers

  		




  
  953
  
    
                           if the option is set, default is to accept only the selected IPs */

  		




  
  954
  
    
                        ret = ISC_R_NOPERM ;

  		




  
  955
  
    
                        for (i = 0; authorized_clients && authorized_clients[i] ; i++) {

  		




  
  956
  
    
                                state->log(ISC_LOG_INFO, "samba_dlz: comparing to %s", authorized_clients[i]) ;

  		




  
  957
  
    
                                if (strcmp(authorized_clients[i], client) == 0) {

  		




  
  958
  
    
                                        state->log(ISC_LOG_INFO, "samba_dlz: accepting IP %s", client) ;

  		




  
  959
  
    
                                        ret = ISC_R_SUCCESS ;

  		




  
  960
  
    
                                        break ;

  		




  
  961
  
    
                                }

  		




  
  962
  
    
                        }

  		




  
  963
  
    
                }

  		




  
  964
  
    
        }

  		




  
  965
  
    
        return ret ;

  		




  942
  966
  
    
}

  		




  943
  967
  
    

  		




  944
  968
  
    
/*