Bug 15063 - add OpenAclOnProxyUpdates flag support for DnsUpdateProxy permissions
Summary: add OpenAclOnProxyUpdates flag support for DnsUpdateProxy permissions
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server (internal) (show other bugs)
Version: 4.16.0
Hardware: All All
: P5 enhancement (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-10 11:37 UTC by Björn Jacke
Modified: 2022-05-10 11:37 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2022-05-10 11:37:51 UTC 
this windows command:

dnscmd dcname /config /OpenAclOnProxyUpdates 1

triggers setting the OpenACLOnProxyUpdates flag, this is not implemented in Samba though, the value is fixed to "0" currently:

[2022/05/10 09:33:25.513818,  0, pid=2752430, effective(0, 0), real(0, 0)] ../../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1230(dnsserver_operate_server)
  dnsserver: server operation 'ResetDwordProperty' not implemented     DnssrvOperation2: struct DnssrvOperation2
          in: struct DnssrvOperation2
              dwClientVersion          : DNS_CLIENT_VERSION_LONGHORN (458752)
              dwSettingFlags           : 0x00000000 (0)
              pwszServerName           : *
                  pwszServerName           : 'dc3'
              pszZone                  : NULL
              dwContext                : 0x00000000 (0)
              pszOperation             : *
                  pszOperation             : 'ResetDwordProperty'
              dwTypeId                 : DNSSRV_TYPEID_NAME_AND_PARAM (15)
              pData                    : union DNSSRV_RPC_UNION(case 15)
              NameAndParam             : *
                  NameAndParam: struct DNS_RPC_NAME_AND_PARAM
                      dwParam                  : 0x00000001 (1)
                      pszNodeName              : *
                          pszNodeName              : 'OpenACLOnProxyUpdates'
[2022/05/10 09:33:25.514925,  1, pid=2752430, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:484(ndr_print_function_debug)
       DnssrvOperation2: struct DnssrvOperation2
          out: struct DnssrvOperation2
              result                   : WERR_CALL_NOT_IMPLEMENTED

The flag is documented here:

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/8903e50a-9183-4a7d-9640-53f6f5a91481#Appendix_A_Target_188

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd334715(v=ws.10)