On 12.3.2013 10:40, Martin Kosek wrote:
On 03/11/2013 04:58 PM, Petr Spacek wrote:
Hello list!
My first patch for FreeIPA is attached :-)
I managed to add new 389 DS plugin to build system, but the LDAP magic in
installer and updater is too much for my brain.
Could somebody show me how installer and updater should add new object to
cn=config ? Plugin configuration is static (example is in comments in
ipa_dns.c).
This patch implements minimal necessary support for idnsSOASerial replication.
I investigating more advanced techniques, but I still see problems with locking
and so on.
Anyway, this patch should be sufficient for now.
Commit message:
Add 389 DS plugin for special idnsSOASerial attribute handling
Default value "1" is added to replicated idnsZone objects
if idnsSOASerial attribute is missing.
https://fedorahosted.org/freeipa/ticket/3347
I did not review the actual plugin yet, I just added a code to configure this
plugin during new install and upgrade. Patch attached.
Just in daemons/ipa-slapi-plugins/ipa-dns/Makefile.am I noticed some copy&paste
errors:
+libipa_uuid_la_LIBADD = \ <<< libipa_uuid??
+ $(LDAP_LIBS) \
+ $(UUID_LIBS) \
+ $(NULL)
+
+EXTRA_DIST = \
+ $(app_DATA) \ <<< not defined, not needed (I will add it
in my patch)
+ $(NULL)
+
Fixed version is attached.
--
Petr^2 Spacek
From dfded6bffd8a4ee66fff120cd81865755f6432b3 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Fri, 8 Mar 2013 18:54:58 +0100
Subject: [PATCH] Add 389 DS plugin for special idnsSOASerial attribute
handling
Default value "1" is added to replicated idnsZone objects
if idnsSOASerial attribute is missing.
https://fedorahosted.org/freeipa/ticket/3347
Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
daemons/configure.ac | 1 +
daemons/ipa-slapi-plugins/Makefile.am | 1 +
daemons/ipa-slapi-plugins/ipa-dns/Makefile.am | 40 +++++
daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c | 211 ++++++++++++++++++++++++++
freeipa.spec.in | 2 +
5 files changed, 255 insertions(+)
create mode 100644 daemons/ipa-slapi-plugins/ipa-dns/Makefile.am
create mode 100644 daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c
diff --git a/daemons/configure.ac b/daemons/configure.ac
index ebf625ebffd8a92e0a3b050955b9376e002ed6c9..2f6cfd5e2683167aa27625c39d2c6f0d99ca2769 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -334,6 +334,7 @@ AC_CONFIG_FILES([
ipa-sam/Makefile
ipa-slapi-plugins/Makefile
ipa-slapi-plugins/ipa-cldap/Makefile
+ ipa-slapi-plugins/ipa-dns/Makefile
ipa-slapi-plugins/ipa-enrollment/Makefile
ipa-slapi-plugins/ipa-lockout/Makefile
ipa-slapi-plugins/ipa-pwd-extop/Makefile
diff --git a/daemons/ipa-slapi-plugins/Makefile.am b/daemons/ipa-slapi-plugins/Makefile.am
index c79e68db112c9d21bcbffba3d00442d2fd20ab3a..08c7558c812effc00ae940661e448779077fb409 100644
--- a/daemons/ipa-slapi-plugins/Makefile.am
+++ b/daemons/ipa-slapi-plugins/Makefile.am
@@ -2,6 +2,7 @@ NULL =
SUBDIRS = \
ipa-cldap \
+ ipa-dns \
ipa-enrollment \
ipa-lockout \
ipa-modrdn \
diff --git a/daemons/ipa-slapi-plugins/ipa-dns/Makefile.am b/daemons/ipa-slapi-plugins/ipa-dns/Makefile.am
new file mode 100644
index 0000000000000000000000000000000000000000..319c6676e9df1434feee468fa3861910a28f86dc
--- /dev/null
+++ b/daemons/ipa-slapi-plugins/ipa-dns/Makefile.am
@@ -0,0 +1,40 @@
+NULL =
+
+PLUGIN_COMMON_DIR=../common
+
+INCLUDES = \
+ -I. \
+ -I$(srcdir) \
+ -I$(PLUGIN_COMMON_DIR) \
+ -I/usr/include/dirsrv \
+ -DPREFIX=\""$(prefix)"\" \
+ -DBINDIR=\""$(bindir)"\" \
+ -DLIBDIR=\""$(libdir)"\" \
+ -DLIBEXECDIR=\""$(libexecdir)"\" \
+ -DDATADIR=\""$(datadir)"\" \
+ $(AM_CFLAGS) \
+ $(LDAP_CFLAGS) \
+ $(WARN_CFLAGS) \
+ $(NULL)
+
+plugindir = $(libdir)/dirsrv/plugins
+plugin_LTLIBRARIES = \
+ libipa_dns.la \
+ $(NULL)
+
+libipa_dns_la_SOURCES = \
+ ipa_dns.c \
+ $(NULL)
+
+libipa_dns_la_LDFLAGS = -avoid-version
+
+libipa_dns_la_LIBADD = \
+ $(LDAP_LIBS) \
+ $(NULL)
+
+EXTRA_DIST = \
+ $(NULL)
+
+MAINTAINERCLEANFILES = \
+ *~ \
+ Makefile.in
diff --git a/daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c b/daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c
new file mode 100644
index 0000000000000000000000000000000000000000..0769a54aadc54a49909474cf86f8ebc0d228e759
--- /dev/null
+++ b/daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c
@@ -0,0 +1,211 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+ * Copyright (C) 2013 Red Hat, Inc.
+ *
+ * Authors:
+ * original authors of 389 example ldap/servers/slapd/test-plugins/testpreop.c
+ * Petr Spacek <pspa...@redhat.com>
+ *
+ * All rights reserved.
+ *
+ * END COPYRIGHT BLOCK **/
+
+/*
+ * This is 389 DS plug-in with supporting functions for IPA-integrated DNS.
+ *
+ * To test this plug-in, stop the server, edit the dse.ldif file
+ * (in the <server_root>/slapd-<server_id>/config directory)
+ * and add the following lines before restarting the server:
+ *
+ * dn: cn=IPA DNS,cn=plugins,cn=config
+ * objectClass: top
+ * objectClass: nsslapdPlugin
+ * objectClass: extensibleObject
+ * cn: IPA DNS
+ * nsslapd-pluginDescription: IPA DNS support plugin
+ * nsslapd-pluginEnabled: on
+ * nsslapd-pluginId: ipa_dns
+ * nsslapd-pluginInitfunc: ipadns_init
+ * nsslapd-pluginPath: libipa_dns.so
+ * nsslapd-pluginType: preoperation
+ * nsslapd-pluginVendor: Red Hat, Inc.
+ * nsslapd-pluginVersion: 1.0
+ * nsslapd-plugin-depends-on-type: database
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include "slapi-plugin.h"
+#include "util.h"
+
+#define IPA_PLUGIN_NAME "ipa_dns"
+#define IPADNS_CLASS_ZONE "idnsZone"
+#define IPADNS_ATTR_SERIAL "idnsSOASerial"
+#define IPADNS_DEFAULT_SERIAL "1"
+
+#define EFALSE 0
+#define ETRUE 1
+
+Slapi_PluginDesc ipadns_desc = { IPA_PLUGIN_NAME, "Red Hat, Inc.", "1.0",
+ "IPA DNS support plugin" };
+
+/* Global variable with "constant" = IPADNS_ZONE_SERIAL. */
+Slapi_Value *value_zone = NULL;
+
+/**
+ * Determine if given entry represents IPA DNS zone.
+ *
+ * \return \c 0 when objectClass idnsZone is not present in the entry.
+ * \return \c 1 when objectClass idnsZone is present in the entry.
+ * \return \c -1 when some error occurred.
+ */
+int
+ipadns_entry_iszone( Slapi_Entry *entry ) {
+ Slapi_Attr *obj_class = NULL;
+ Slapi_Value *value = NULL;
+ char *dn = NULL;
+ int hint = 0;
+
+ dn = slapi_entry_get_dn( entry );
+
+ if ( slapi_entry_attr_find( entry, SLAPI_ATTR_OBJECTCLASS, &obj_class )
+ != 0) {
+ LOG( "Object without objectClass encountered: entry '%s'\n",
+ dn );
+ return EFAIL;
+ }
+
+ if ( slapi_attr_first_value( obj_class, &value ) != 0 ) {
+ LOG( "Cannot iterate over objectClass values in entry '%s'\n",
+ dn );
+ return EOK;
+ }
+
+ do {
+ if ( slapi_value_compare( obj_class, value, value_zone ) == 0 )
+ return ETRUE; /* Entry is a DNS zone */
+
+ hint = slapi_attr_next_value( obj_class, hint, &value );
+ } while ( hint != -1 );
+
+ return EFALSE; /* Entry is not a DNS zone */
+}
+
+/**
+ * The server calls this plug-in function before executing LDAP ADD operation.
+ *
+ * ipadns_add function adds default value to idnsSOAserial attribute
+ * in idnsZone objects if the the attribute is not present.
+ *
+ * Default value is added only to objects coming from other servers
+ * via replication.
+ */
+int
+ipadns_add( Slapi_PBlock *pb )
+{
+ Slapi_Entry *e = NULL;
+ Slapi_Attr *a = NULL;
+ char *dn = NULL;
+ int cnt;
+ int ret;
+ int is_repl_op;
+
+ if ( slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION,
+ &is_repl_op ) != 0 ) {
+ LOG_FATAL( "slapi_pblock_get SLAPI_IS_REPLICATED_OPERATION "
+ "failed!?\n" );
+ return EFAIL;
+ }
+
+ /* Mangle only ADDs coming from replication. */
+ if ( !is_repl_op )
+ return EOK;
+
+ /* Get the entry that is about to be added. */
+ if ( slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e ) != 0 ) {
+ LOG( "Could not get entry\n" );
+ return EFAIL;
+ }
+ dn = slapi_entry_get_dn( e );
+
+ /* Do nothing if entry doesn't represent IPA DNS zone. */
+ ret = ipadns_entry_iszone( e );
+ if ( ret == EFALSE )
+ return EOK;
+ else if ( ret == EFAIL ) {
+ LOG( "Could not check objectClasses in entry '%s'\n", dn );
+ return EFAIL; /* TODO: Should I return OK to not block DS? */
+ }
+
+ /* Do nothing if the entry already has idnsSOASerial attribute set
+ * and a value is present. */
+ if ( slapi_entry_attr_find( e, IPADNS_ATTR_SERIAL, &a ) == 0 ) {
+ if ( slapi_attr_get_numvalues( a, &cnt ) != 0 ) {
+ LOG( "Could not get value count for attribute '%s' "
+ "in entry '%s'\n", IPADNS_ATTR_SERIAL, dn );
+ return EFAIL;
+ } else if ( cnt != 0 ) {
+ return EOK;
+ }
+ }
+
+ if ( slapi_entry_add_string( e, IPADNS_ATTR_SERIAL,
+ IPADNS_DEFAULT_SERIAL ) != 0 ) {
+ LOG( "Could not add default SOA serial to entry '%s'\n", dn );
+ return EFAIL;
+ }
+
+ return EOK; /* allow the operation to continue */
+}
+
+static int
+ipadns_close( Slapi_PBlock *pb )
+{
+ ( void ) pb;
+ if ( value_zone )
+ slapi_value_free( &value_zone );
+
+ return EOK;
+}
+
+/* Initialization function. */
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+int
+ipadns_init( Slapi_PBlock *pb )
+{
+ /* Register the two pre-operation plug-in functions,
+ and specify the server plug-in version. */
+ if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
+ SLAPI_PLUGIN_VERSION_03 ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
+ (void *)&ipadns_desc ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN,
+ (void *) ipadns_close ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_ADD_FN,
+ (void *) ipadns_add ) != 0 ) {
+ LOG_FATAL( "Failed to set version and function\n" );
+ return EFAIL;
+ }
+
+ value_zone = slapi_value_new_string( IPADNS_CLASS_ZONE );
+
+ return EOK;
+}
diff --git a/freeipa.spec.in b/freeipa.spec.in
index ee0327fd2156e7bc2d2cb2c81ec6a0017ed605e3..54f19a1a234fb9db250e37291c185ad174307e06 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -349,6 +349,7 @@ rm %{buildroot}/%{plugin_dir}/libipa_uuid.la
rm %{buildroot}/%{plugin_dir}/libipa_modrdn.la
rm %{buildroot}/%{plugin_dir}/libipa_lockout.la
rm %{buildroot}/%{plugin_dir}/libipa_cldap.la
+rm %{buildroot}/%{plugin_dir}/libipa_dns.la
rm %{buildroot}/%{plugin_dir}/libipa_sidgen.la
rm %{buildroot}/%{plugin_dir}/libipa_sidgen_task.la
rm %{buildroot}/%{plugin_dir}/libipa_extdom_extop.la
@@ -668,6 +669,7 @@ fi
%attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
%attr(755,root,root) %{plugin_dir}/libipa_lockout.so
%attr(755,root,root) %{plugin_dir}/libipa_cldap.so
+%attr(755,root,root) %{plugin_dir}/libipa_dns.so
%attr(755,root,root) %{plugin_dir}/libipa_range_check.so
%dir %{_localstatedir}/lib/ipa
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
--
1.7.11.7
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
