When dnsrecord-del pre_callback detects that the record does not contain any records, it set a flag to connection context and deletes the record object later. However, when more dnsrecord-del share the same context (and this is the case of "ipa-replica-manage del $MASTER" DNS cleanup), it may reuse a positive flag from previous dnsrecord-del command and delete the root DNS zone record and thus effectively delete the zone.
This patch makes sure that this flag is always initialized to sane value in dnsrecord-del pre_callback to make sure that the DNS zone is not deleted. It also fixes pre_callback function definition to prevent adding attrs_list to "keys" parameter and thus confuse developers. https://fedorahosted.org/freeipa/ticket/2503
>From de493ca8ff05dace13f96137b8237325f1c2473c Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 8 Mar 2012 14:46:48 +0100 Subject: [PATCH] Avoid deleting DNS zone when a context is reused When dnsrecord-del pre_callback detects that the record does not contain any records, it set a flag to connection context and deletes the record object later. However, when more dnsrecord-del share the same context (and this is the case of "ipa-replica-manage del $MASTER" DNS cleanup), it may reuse a positive flag from previous dnsrecord-del command and delete the root DNS zone record and thus effectively delete the zone. This patch makes sure that this flag is always initialized to sane value in dnsrecord-del pre_callback to make sure that the DNS zone is not deleted. It also fixes pre_callback function definition to prevent adding attrs_list to "keys" parameter and thus confuse developers. https://fedorahosted.org/freeipa/ticket/2503 --- ipalib/plugins/dns.py | 15 +++++++++------ 1 files changed, 9 insertions(+), 6 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index a10960a2c20b8915b199ed82462a844ce8f5915c..d02528907d195370cf3c0d080bad57ddede4df08 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -2213,7 +2213,7 @@ class dnsrecord_mod(LDAPUpdate): self.obj.has_cli_options(options, self.no_option_msg, True) return super(dnsrecord_mod, self).args_options_2_entry(*keys, **options) - def pre_callback(self, ldap, dn, entry_attrs, *keys, **options): + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): for rtype in options: rtype_cb = '_%s_pre_callback' % rtype if options[rtype] is None and rtype in _record_attributes: @@ -2385,7 +2385,7 @@ class dnsrecord_del(LDAPUpdate): continue yield option - def pre_callback(self, ldap, dn, entry_attrs, *keys, **options): + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): try: (dn_, old_entry) = ldap.get_entry( dn, _record_attributes, @@ -2414,13 +2414,15 @@ class dnsrecord_del(LDAPUpdate): value=val) entry_attrs[attr] = list(set(old_entry[attr])) + del_all = False if not self.obj.is_pkey_zone_record(*keys): - del_all = True + record_found = False for attr in old_entry: if old_entry[attr]: - del_all = False + record_found = True break - setattr(context, 'del_all', del_all) + del_all = not record_found + setattr(context, 'del_all', del_all) return dn @@ -2436,7 +2438,8 @@ class dnsrecord_del(LDAPUpdate): result = super(dnsrecord_del, self).execute(*keys, **options) - if getattr(context, 'del_all', False): + if getattr(context, 'del_all', False) and not \ + self.obj.is_pkey_zone_record(*keys): return self.obj.methods.delentry(*keys) return result -- 1.7.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel