On Thu, 2012-03-08 at 14:57 +0100, Martin Kosek wrote:
> When dnsrecord-del pre_callback detects that the record does
> not contain any records, it set a flag to connection context
> and deletes the record object later. However, when more
> dnsrecord-del share the same context (and this is the case of
> "ipa-replica-manage del $MASTER" DNS cleanup), it may reuse
> a positive flag from previous dnsrecord-del command and delete
> the root DNS zone record and thus effectively delete the zone.
> 
> This patch makes sure that this flag is always initialized to
> sane value in dnsrecord-del pre_callback to make sure that the DNS
> zone is not deleted. It also fixes pre_callback function definition
> to prevent adding attrs_list to "keys" parameter and thus confuse
> developers.
> 
> https://fedorahosted.org/freeipa/ticket/2503

Sending a rebased patch which applies to current ipa-2-2.

Martin
>From 7d357d05efc6e8cca5f8e3ba6956dc19d8207c23 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Fri, 23 Mar 2012 10:29:30 +0100
Subject: [PATCH] Avoid deleting DNS zone when a context is reused

When dnsrecord-del pre_callback detects that the record does
not contain any records, it sets a flag to connection context
and deletes the record object later. However, when more
dnsrecord-del commands share the same context (and this is
the case of "ipa-replica-manage del $MASTER" DNS cleanup), it
may reuse a positive flag from previous dnsrecord-del command
and delete the root DNS zone record and thus effectively delete
the zone.

This patch makes sure that this flag is always initialized to a
sane value in dnsrecord-del pre_callback to make sure that the DNS
zone is not deleted. It also fixes pre_callback function definition
to prevent adding attrs_list to "keys" parameter and thus confuse
developers.

https://fedorahosted.org/freeipa/ticket/2503
---
 ipalib/plugins/dns.py |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index eef6ab1de3ec6bc87b2b3329180cd805be1d0c2b..ce34c15a163712ebd07849a47b764a439589ee0c 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2414,7 +2414,7 @@ class dnsrecord_del(LDAPUpdate):
                 continue
             yield option
 
-    def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
+    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         try:
             (dn_, old_entry) = ldap.get_entry(
                     dn, _record_attributes,
@@ -2443,13 +2443,15 @@ class dnsrecord_del(LDAPUpdate):
                                                    value=val)
             entry_attrs[attr] = list(set(old_entry[attr]))
 
+        del_all = False
         if not self.obj.is_pkey_zone_record(*keys):
-            del_all = True
+            record_found = False
             for attr in old_entry:
                 if old_entry[attr]:
-                    del_all = False
+                    record_found = True
                     break
-            setattr(context, 'del_all', del_all)
+            del_all = not record_found
+        setattr(context, 'del_all', del_all)
 
         return dn
 
@@ -2465,7 +2467,8 @@ class dnsrecord_del(LDAPUpdate):
 
         result = super(dnsrecord_del, self).execute(*keys, **options)
 
-        if getattr(context, 'del_all', False):
+        if getattr(context, 'del_all', False) and not \
+                self.obj.is_pkey_zone_record(*keys):
             return self.obj.methods.delentry(*keys)
         return result
 
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to