1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored

If the client does not have permissions to update the record,
but the record already has the data the update tries to apply,
it's a no-op that should result in success instead of failing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun  6 03:18:16 UTC 2024 on atb-devel-224
This commit is contained in:
Stefan Metzmacher 2024-05-30 14:52:22 +02:00 committed by Andrew Bartlett
parent 76fec2668e
commit ed61c57e02
2 changed files with 11 additions and 3 deletions

View File

@ -1,3 +0,0 @@
^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_windows.fl2008r2dc
^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_wo_tsig.fl2008r2dc
^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_record_access_denied.fl2008r2dc

View File

@ -570,6 +570,8 @@ static WERROR handle_one_update(struct dns_server *dns,
W_ERROR_NOT_OK_RETURN(werror); W_ERROR_NOT_OK_RETURN(werror);
for (i = first; i < rcount; i++) { for (i = first; i < rcount; i++) {
struct dnsp_DnssrvRpcRecord orig_rec = recs[i];
if (!dns_record_match(&recs[i], &recs[rcount])) { if (!dns_record_match(&recs[i], &recs[rcount])) {
continue; continue;
} }
@ -583,6 +585,15 @@ static WERROR handle_one_update(struct dns_server *dns,
werror = dns_replace_records(dns, mem_ctx, dn, werror = dns_replace_records(dns, mem_ctx, dn,
needs_add, recs, rcount); needs_add, recs, rcount);
DBG_DEBUG("dns_replace_records(REPLACE): %s\n", win_errstr(werror)); DBG_DEBUG("dns_replace_records(REPLACE): %s\n", win_errstr(werror));
if (W_ERROR_EQUAL(werror, WERR_ACCESS_DENIED) &&
!needs_add &&
orig_rec.dwTtlSeconds == recs[i].dwTtlSeconds)
{
DBG_NOTICE("dns_replace_records(REPLACE): %s "
"=> skip no-op\n",
win_errstr(werror));
werror = WERR_OK;
}
W_ERROR_NOT_OK_RETURN(werror); W_ERROR_NOT_OK_RETURN(werror);
return WERR_OK; return WERR_OK;