Hello,

Remove support for zone_refresh mode and options cache_ttl and psearch.

All three options are ignored and persistent search is always enabled.

--
Petr^2 Spacek
From b67eaac136186916e0b6dcb293388447e25d821c Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Wed, 17 Jul 2013 11:55:28 +0200
Subject: [PATCH] Remove support for zone_refresh mode and options cache_ttl
 and psearch.

All three options are ignored and persistent search is always enabled.

Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
 src/cache.c         |  55 +-------
 src/cache.h         |   8 +-
 src/ldap_helper.c   | 388 ++++++----------------------------------------------
 src/ldap_helper.h   |   2 -
 src/settings.c      |   6 +-
 src/zone_manager.c  |  63 ---------
 src/zone_register.c |   2 +-
 7 files changed, 56 insertions(+), 468 deletions(-)

diff --git a/src/cache.c b/src/cache.c
index 857e5c9c9d87f709a7afe8a27c40924158e32c82..c7eab201b507d375c9dc6a4b7656e76c2206f6bb 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -41,9 +41,6 @@ struct ldap_cache {
 	isc_mutex_t	mutex; /* TODO: RWLOCK? */
 	isc_mem_t	*mctx;
 	dns_rbt_t	*rbt;
-	/* Values for "fast path" - copied from settings_set_t structure. */
-	isc_interval_t	cache_ttl;
-	isc_boolean_t	psearch;
 };
 
 typedef struct {
@@ -78,10 +75,6 @@ cache_node_create(ldap_cache_t *cache, cache_node_t **nodep)
 	ZERO_PTR(node);
 	isc_mem_attach(cache->mctx, &node->mctx);
 	ZERO_PTR(&node->rdatalist);
-	/* Do not set the ttl when psearch is enabled. */
-	if (cache->psearch == ISC_FALSE)
-		CHECK(isc_time_nowplusinterval(&node->valid_until,
-					       &cache->cache_ttl));
 
 	*nodep = node;
 	return ISC_R_SUCCESS;
@@ -93,26 +86,20 @@ cleanup:
 }
 
 isc_result_t
-new_ldap_cache(isc_mem_t *mctx, settings_set_t *set, ldap_cache_t **cachep)
+new_ldap_cache(isc_mem_t *mctx, ldap_cache_t **cachep)
 {
 	isc_result_t result;
 	ldap_cache_t *cache = NULL;
-	isc_uint32_t cache_ttl_int;
 
 	REQUIRE(cachep != NULL && *cachep == NULL);
 
 	CHECKED_MEM_GET_PTR(mctx, cache);
 	ZERO_PTR(cache);
 	isc_mem_attach(mctx, &cache->mctx);
 
-	CHECK(setting_get_bool("psearch", set, &cache->psearch));
-	CHECK(setting_get_uint("cache_ttl", set, &cache_ttl_int));
-	isc_interval_set(&cache->cache_ttl, cache_ttl_int, 0);
-	if (cache_ttl_int) {
-		CHECK(dns_rbt_create(mctx, cache_node_deleter, NULL,
-				     &cache->rbt));
-		CHECK(isc_mutex_init(&cache->mutex));
-	}
+	CHECK(dns_rbt_create(mctx, cache_node_deleter, NULL,
+			     &cache->rbt));
+	CHECK(isc_mutex_init(&cache->mutex));
 
 	*cachep = cache;
 	return ISC_R_SUCCESS;
@@ -167,28 +154,13 @@ ldap_cache_getrdatalist(isc_mem_t *mctx, ldap_cache_t *cache,
 	isc_result_t result;
 	ldapdb_rdatalist_t rdlist;
 	cache_node_t *node = NULL;
-	isc_time_t now;
 
 	REQUIRE(cache != NULL);
 
-	/* Return NOTFOUND if caching is disabled */
-	if (!ldap_cache_enabled(cache))
-		return ISC_R_NOTFOUND;
-
 	LOCK(&cache->mutex);
 	result = dns_rbt_findname(cache->rbt, name, 0, NULL, (void *)&node);
 	switch (result) {
 	case ISC_R_SUCCESS:
-		/* Check cache TTL only when psearch is disabled. */
-		if (!cache->psearch) {
-			CHECK(isc_time_now(&now));
-			if (isc_time_compare(&now, &node->valid_until) > 0) {
-				/* Delete expired records and treat them as NOTFOUND */
-				CHECK(dns_rbt_deletename(cache->rbt, name, ISC_FALSE));
-				result = ISC_R_NOTFOUND;
-				goto cleanup;
-			}
-		}
 		rdlist = node->rdatalist;
 		CHECK(ldap_rdatalist_copy(mctx, rdlist, rdatalist));
 		INSIST(!EMPTY(*rdatalist)); /* Empty rdatalist indicates a bug */
@@ -216,12 +188,6 @@ cleanup:
 	return result;
 }
 
-isc_boolean_t
-ldap_cache_enabled(ldap_cache_t *cache)
-{
-	return (cache->rbt != NULL) ? ISC_TRUE : ISC_FALSE;
-}
-
 /**
 * @brief Insert rdatalist to the cache.
 *
@@ -246,9 +212,6 @@ ldap_cache_addrdatalist(ldap_cache_t *cache, dns_name_t *name,
 	REQUIRE(cache != NULL);
 	REQUIRE(rdatalist != NULL && !EMPTY(*rdatalist));
 
-	if (!ldap_cache_enabled(cache))
-		return ISC_R_SUCCESS; /* Caching is disabled */
-
 	CHECK(cache_node_create(cache, &node));
 	CHECK(ldap_rdatalist_copy(cache->mctx, *rdatalist, &node->rdatalist));
 	free_rdlist = ISC_TRUE;
@@ -309,13 +272,9 @@ flush_ldap_cache(ldap_cache_t *cache)
 	REQUIRE(cache != NULL);
 
 	LOCK(&cache->mutex);
-	if (!ldap_cache_enabled(cache)) {
-		result = ISC_R_SUCCESS;
-	} else {
-		dns_rbt_destroy(&cache->rbt);
-		CHECK(dns_rbt_create(cache->mctx, cache_node_deleter, NULL,
-				&cache->rbt));
-	}
+	dns_rbt_destroy(&cache->rbt);
+	CHECK(dns_rbt_create(cache->mctx, cache_node_deleter, NULL,
+			&cache->rbt));
 
 cleanup:
 	if (result != ISC_R_SUCCESS)
diff --git a/src/cache.h b/src/cache.h
index f1e449957bcd2939cdc6ff9b17b52520d9bb7bfc..c0fa04fef1ba8f9fd2e09142df91100db571c77c 100644
--- a/src/cache.h
+++ b/src/cache.h
@@ -31,7 +31,7 @@ typedef struct ldap_cache ldap_cache_t;
  * Create a new cache.
  */
 isc_result_t
-new_ldap_cache(isc_mem_t *mctx, settings_set_t *set, ldap_cache_t **cachep) ATTR_NONNULLS;
+new_ldap_cache(isc_mem_t *mctx, ldap_cache_t **cachep) ATTR_NONNULLS;
 
 /*
  * Free all resources used up by the cache.
@@ -66,12 +66,6 @@ isc_result_t
 ldap_cache_deletename(ldap_cache_t *cache, dns_name_t *name) ATTR_NONNULLS;
 
 /*
- * Returns ISC_TRUE when cache is enabled.
- */
-isc_boolean_t
-ldap_cache_enabled(ldap_cache_t *cache) ATTR_NONNULLS;
-
-/*
  * Discard 'name' from the cache. If caching is not really turned on or 'name'
  * is not cached, this function will still return ISC_R_SUCCESS.
  */
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 0b1c67cdd6ae71ae291d145f222846825181bfb3..6a04d2b7da3977e3517fd7f449b7d218be6e1e93 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -242,7 +242,7 @@ static const setting_t settings_local_default[] = {
 	{ "connections",		no_default_uint		},
 	{ "reconnect_interval",		no_default_uint		},
 	{ "timeout",			no_default_uint		},
-	{ "cache_ttl",			no_default_uint		},
+	{ "cache_ttl",			no_default_string	}, /* No longer supported */
 	{ "base",			no_default_string	},
 	{ "auth_method",		no_default_string	},
 	{ "auth_method_enum",		no_default_uint		},
@@ -256,8 +256,8 @@ static const setting_t settings_local_default[] = {
 	{ "sasl_password",		no_default_string	},
 	{ "krb5_keytab",		no_default_string	},
 	{ "fake_mname",			no_default_string	},
-	{ "zone_refresh",		no_default_uint		},
-	{ "psearch",			no_default_boolean	},
+	{ "zone_refresh",		no_default_string	}, /* No longer supported */
+	{ "psearch",			no_default_string	}, /* No longer supported */
 	{ "ldap_hostname",		no_default_string	},
 	{ "sync_ptr",			no_default_boolean	},
 	{ "dyn_update",			no_default_boolean	},
@@ -270,8 +270,6 @@ static const setting_t settings_local_default[] = {
 static setting_t settings_global_default[] = {
 	{ "dyn_update",		no_default_boolean	},
 	{ "sync_ptr",		no_default_boolean	},
-	{ "zone_refresh",	no_default_uint		},
-/*	{ "psearch",		no_default_boolean	}, unsupported */
 	end_of_settings
 };
 
@@ -357,8 +355,6 @@ isc_result_t
 validate_local_instance_settings(ldap_instance_t *inst, settings_set_t *set) {
 	isc_result_t result;
 
-	isc_boolean_t psearch;
-	isc_boolean_t serial_autoincrement;
 	isc_uint32_t uint;
 	const char *sasl_mech = NULL;
 	const char *sasl_user = NULL;
@@ -369,50 +365,26 @@ validate_local_instance_settings(ldap_instance_t *inst, settings_set_t *set) {
 	const char *password = NULL;
 	ld_string_t *buff = NULL;
 
+	/* handle cache_ttl, psearch and zone_refresh in special way */
+	const char *obsolete_value = NULL;
+	char *obsolete_options[] = {"cache_ttl", "psearch", "zone_refresh",
+				    NULL};
+
 	char print_buff[PRINT_BUFF_SIZE];
 	const char *auth_method_str = NULL;
 	ldap_auth_t auth_method_enum = AUTH_INVALID;
 
 	/* Set timer for deadlock detection inside semaphore_wait_timed . */
 	CHECK(setting_get_uint("timeout", set, &uint));
 	if (semaphore_wait_timeout.seconds < uint*SEM_WAIT_TIMEOUT_MUL)
 		semaphore_wait_timeout.seconds = uint*SEM_WAIT_TIMEOUT_MUL;
 
-	CHECK(setting_get_bool("psearch", set, &psearch));
 	CHECK(setting_get_uint("connections", set, &uint));
-	if (!psearch && uint < 1) {
-		log_error("zone refresh mode requires one connection at least");
-		CLEANUP_WITH(ISC_R_RANGE);
-	}
-	else if (psearch && uint < 2) {
-		log_error("persistent search mode requires two connections "
-			  "at least");
+	if (uint < 2) {
+		log_error("at least two connections are required");
 		/* watcher needs one and update_*() requests second connection */
 		CLEANUP_WITH(ISC_R_RANGE);
 	}
-	if (!psearch)
-		log_info("configuration without persistent search is deprecated "
-			 "and the support for zone_refresh will be removed "
-			 "in the future");
-	else
-		log_info("persistent search will be replaced with RFC 4533 "
-			 "and options cache_ttl, psearch and zone_refresh will "
-			 "be removed in the future; please prepare your LDAP "
-			 "server");
-
-	CHECK(setting_get_bool("serial_autoincrement", set, &serial_autoincrement));
-	if (serial_autoincrement && !psearch) {
-		log_error("SOA serial number auto-increment feature requires "
-			  "persistent search");
-		CLEANUP_WITH(ISC_R_FAILURE);
-	}
-
-	CHECK(setting_get_uint("zone_refresh", set, &uint));
-	if (uint != 0 && psearch) {
-		log_error("zone refresh and persistent search "
-			  "cannot be enabled at same time");
-		CLEANUP_WITH(ISC_R_FAILURE);
-	}
 
 	/* Select authentication method. */
 	CHECK(setting_get_str("auth_method", set, &auth_method_str));
@@ -499,6 +471,12 @@ validate_local_instance_settings(ldap_instance_t *inst, settings_set_t *set) {
 			 "are untested; expect problems");
 	}
 
+	for (char **option = obsolete_options; *option != NULL; option++) {
+		CHECK(setting_get_str(*option, set, &obsolete_value));
+		if (memcmp("", obsolete_value, 1) != 0)
+			log_error("option '%s' is not supported, ignoring", *option);
+	}
+
 	if (settings_set_isfilled(set) != ISC_TRUE)
 		result = ISC_R_FAILURE;
 
@@ -521,7 +499,6 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
 	ldap_instance_t *ldap_inst;
 	dns_view_t *view = NULL;
 	dns_forwarders_t *orig_global_forwarders = NULL;
-	isc_boolean_t psearch;
 	isc_uint32_t connections;
 	char settings_name[PRINT_BUFF_SIZE];
 
@@ -558,7 +535,6 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
 	if (settings_set_isfilled(ldap_inst->global_settings) != ISC_TRUE)
 		CLEANUP_WITH(ISC_R_FAILURE);
 
-	CHECK(setting_get_bool("psearch", ldap_inst->local_settings, &psearch));
 	CHECK(setting_get_uint("connections", ldap_inst->local_settings, &connections));
 
 	CHECK(zr_create(mctx, ldap_inst, ldap_inst->global_settings,
@@ -596,14 +572,12 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
 	CHECK(ldap_pool_create(mctx, connections, &ldap_inst->pool));
 	CHECK(ldap_pool_connect(ldap_inst->pool, ldap_inst));
 
-	if (psearch) {
-		/* Start the watcher thread */
-		result = isc_thread_create(ldap_psearch_watcher, ldap_inst,
-					   &ldap_inst->watcher);
-		if (result != ISC_R_SUCCESS) {
-			log_error("Failed to create psearch watcher thread");
-			goto cleanup;
-		}
+	/* Start the watcher thread */
+	result = isc_thread_create(ldap_psearch_watcher, ldap_inst,
+				   &ldap_inst->watcher);
+	if (result != ISC_R_SUCCESS) {
+		log_error("Failed to create psearch watcher thread");
+		goto cleanup;
 	}
 
 cleanup:
@@ -1294,10 +1268,6 @@ static isc_result_t ATTR_NONNULLS
 ldap_parse_configentry(ldap_entry_t *entry, ldap_instance_t *inst)
 {
 	isc_result_t result;
-	isc_timer_t *timer_inst;
-	isc_interval_t timer_interval;
-	isc_uint32_t interval_sec;
-	isc_timertype_t timer_type;
 
 	/* BIND functions are thread safe, ldap instance 'inst' is locked
 	 * inside setting* functions. */
@@ -1324,28 +1294,6 @@ ldap_parse_configentry(ldap_entry_t *entry, ldap_instance_t *inst)
 	if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
 		goto cleanup;
 
-	result = setting_update_from_ldap_entry("zone_refresh",
-						inst->global_settings,
-						"idnsZoneRefresh",
-						entry, inst->task);
-	if (result == ISC_R_SUCCESS) {
-		RUNTIME_CHECK(manager_get_db_timer(inst->db_name, &timer_inst)
-			      == ISC_R_SUCCESS);
-		CHECK(setting_get_uint("zone_refresh", inst->global_settings,
-				       &interval_sec));
-		isc_interval_set(&timer_interval, interval_sec, 0);
-		/* update interval only, not timer type */
-		timer_type = isc_timer_gettype(timer_inst);
-		result = isc_timer_reset(timer_inst, timer_type, NULL,
-				&timer_interval, ISC_TRUE);
-		if (result != ISC_R_SUCCESS) {
-			log_error_r("could not adjust ZoneRefresh timer");
-			goto cleanup;
-		}
-	} else if (result != ISC_R_IGNORE) {
-		goto cleanup;
-	}
-
 cleanup:
 	/* Configuration errors are not fatal. */
 	/* TODO: log something? */
@@ -1614,221 +1562,6 @@ cleanup:
 	return result;
 }
 
-/*
- * Search in LDAP for zones.
- *
- * @param delete_only Do LDAP vs. zone register cross-check and delete zones
- *                    which aren't in LDAP, but do not load new zones.
- *
- * Returns ISC_R_SUCCESS if we found and successfully added at least one zone.
- * Returns ISC_R_FAILURE otherwise.
- */
-isc_result_t
-refresh_zones_from_ldap(ldap_instance_t *ldap_inst, isc_boolean_t delete_only)
-{
-	isc_result_t result = ISC_R_SUCCESS;
-	ldap_connection_t *ldap_conn = NULL;
-	ldap_qresult_t *ldap_config_qresult = NULL;
-	ldap_qresult_t *ldap_zones_qresult = NULL;
-	int zone_count = 0;
-	ldap_entryclass_t zone_class;
-	ldap_entry_t *entry;
-	dns_rbt_t *master_rbt = NULL;  /** < Master zones only */
-	dns_rbt_t *forward_rbt = NULL; /** < Forward zones only */
-	isc_boolean_t psearch;
-	const char *base = NULL;
-	rbt_iterator_t *iter = NULL;
-	char *config_attrs[] = {
-		"idnsForwardPolicy", "idnsForwarders", 
-		"idnsAllowSyncPTR", "idnsZoneRefresh",
-		"idnsPersistentSearch", NULL
-	};
-	char *zone_attrs[] = {
-		"idnsName", "idnsUpdatePolicy", "idnsAllowQuery",
-		"idnsAllowTransfer", "idnsForwardPolicy", "idnsForwarders",
-		"idnsAllowDynUpdate", "idnsAllowSyncPTR", "objectClass", NULL
-	};
-
-	REQUIRE(ldap_inst != NULL);
-
-	CHECK(setting_get_bool("psearch", ldap_inst->global_settings,
-			       &psearch));
-	if (psearch && !delete_only) {
-		/* Watcher does the work for us, but deletion is allowed. */
-		return ISC_R_SUCCESS;
-	}
-
-	log_debug(2, "refreshing list of zones for %s", ldap_inst->db_name);
-
-	/* Query for configuration and zones from LDAP and release LDAP connection
-	 * before processing them. It prevents deadlock in situations where
-	 * ldap_parse_zoneentry() requests another connection. */
-	CHECK(setting_get_str("base", ldap_inst->global_settings, &base));
-	CHECK(ldap_pool_getconnection(ldap_inst->pool, &ldap_conn));
-	CHECK(ldap_query(ldap_inst, ldap_conn, &ldap_zones_qresult, base,
-			 LDAP_SCOPE_SUBTREE, zone_attrs, 0,
-			 "(&(idnsZoneActive=TRUE)"
-			 "(|(objectClass=idnsZone)(objectClass=idnsForwardZone)))"));
-
-	/* Do not touch configuration from psearch watcher thread, otherwise
-	 * BIND will crash. The problem is that isc_task_beginexclusive()
-	 * is called before task associated with psearch watcher thread
-	 * is fully initialized. */
-	if (!delete_only)
-		CHECK(ldap_query(ldap_inst, ldap_conn, &ldap_config_qresult,
-				base, LDAP_SCOPE_SUBTREE,
-				config_attrs, 0, "(objectClass=idnsConfigObject)"));
-
-	ldap_pool_putconnection(ldap_inst->pool, &ldap_conn);
-
-	if (!delete_only) {
-		for (entry = HEAD(ldap_config_qresult->ldap_entries);
-		     entry != NULL;
-		     entry = NEXT(entry, link))
-			CHECK(ldap_parse_configentry(entry, ldap_inst));
-	}
-
-	/*
-	 * Create RB-trees with all master and forward zones stored in LDAP
-	 * for cross check with zones registered in plugin.
-	 */
-	CHECK(dns_rbt_create(ldap_inst->mctx, NULL, NULL, &master_rbt));
-	CHECK(dns_rbt_create(ldap_inst->mctx, NULL, NULL, &forward_rbt));
-
-	for (entry = HEAD(ldap_zones_qresult->ldap_entries);
-	     entry != NULL;
-	     entry = NEXT(entry, link)) {
-		if (ldap_entry_getclass(entry, &zone_class) != ISC_R_SUCCESS)
-			continue;
-
-		/* Derive the dns name of the zone from the DN. */
-		dns_name_t name;
-		dns_name_init(&name, NULL);
-		result = dn_to_dnsname(ldap_inst->mctx, entry->dn, &name, NULL);
-		if (result == ISC_R_SUCCESS) {
-			log_debug(5, "Refresh %s", entry->dn);
-			/* Add found zone to RB-tree for later check. */
-			if (zone_class & LDAP_ENTRYCLASS_MASTER)
-				result = dns_rbt_addname(master_rbt, &name, NULL);
-			else if (zone_class & LDAP_ENTRYCLASS_FORWARD)
-				result = dns_rbt_addname(forward_rbt, &name, NULL);
-		}
-		if (dns_name_dynamic(&name))
-			dns_name_free(&name, ldap_inst->mctx);
-
-		if (result != ISC_R_SUCCESS) {
-			log_error("Could not parse zone %s", entry->dn);
-			continue;
-		}
-
-		if (!delete_only) {
-			if (zone_class & LDAP_ENTRYCLASS_MASTER)
-				result = ldap_parse_master_zoneentry(entry, ldap_inst);
-			else if (zone_class & LDAP_ENTRYCLASS_FORWARD)
-				result = ldap_parse_fwd_zoneentry(entry, ldap_inst);
-		}
-		if (result == ISC_R_SUCCESS)
-			zone_count++;
-		else
-			log_error_r("error parsing zone '%s'", entry->dn);
-	}
-
-	/* Walk through master zone register and remove all zones which
-	 * disappeared from LDAP. */
-	char name_txt[DNS_NAME_FORMATSIZE];
-	DECLARE_BUFFERED_NAME(registered_name);
-	DECLARE_BUFFERED_NAME(ldap_name);
-
-	INIT_BUFFERED_NAME(registered_name);
-	result = zr_rbt_iter_init(ldap_inst->zone_register, &iter, &registered_name);
-	while (result == ISC_R_SUCCESS) {
-		void *data = NULL;
-		INIT_BUFFERED_NAME(ldap_name);
-
-		result = dns_rbt_findname(master_rbt, &registered_name,
-					  DNS_RBTFIND_EMPTYDATA,
-					  &ldap_name, &data);
-		if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
-			rbt_iter_stop(&iter);
-			dns_name_format(&registered_name, name_txt, DNS_NAME_FORMATSIZE);
-			log_debug(1, "master zone '%s' is being removed", name_txt);
-			result = ldap_delete_zone2(ldap_inst, &registered_name,
-						   ISC_FALSE, ISC_FALSE);
-			if (result != ISC_R_SUCCESS) {
-				log_error_r("unable to delete master zone '%s'", name_txt);
-			} else {
-				/* Deletion invalidated the chain, restart iteration. */
-				result = zr_rbt_iter_init(ldap_inst->zone_register,
-							  &iter, &registered_name);
-				continue;
-			}
-		} else if (result != ISC_R_SUCCESS) {
-			break;
-		}
-		result = rbt_iter_next(&iter, &registered_name);
-	}
-	if (result != ISC_R_NOTFOUND && result != ISC_R_NOMORE)
-		goto cleanup;
-
-	/* Walk through forward zone register and remove all zones which
-	 * disappeared from LDAP. */
-	INIT_BUFFERED_NAME(registered_name);
-	iter = NULL;
-	result = fwdr_rbt_iter_init(ldap_inst->fwd_register, &iter, &registered_name);
-	while (result == ISC_R_SUCCESS) {
-		void *data = NULL;
-		INIT_BUFFERED_NAME(ldap_name);
-
-		result = dns_rbt_findname(forward_rbt, &registered_name,
-					  DNS_RBTFIND_EMPTYDATA,
-					  &ldap_name, &data);
-		if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
-			rbt_iter_stop(&iter);
-			dns_name_format(&registered_name, name_txt, DNS_NAME_FORMATSIZE);
-			log_debug(1, "forward zone '%s' is being removed", name_txt);
-			result = delete_forwarding_table(ldap_inst, &registered_name,
-							 "forward zone", name_txt);
-			if (result != ISC_R_SUCCESS) {
-				log_error_r("could not remove forwarding for zone '%s': "
-					    "forward register mismatch", name_txt);
-			}
-			result = fwdr_del_zone(ldap_inst->fwd_register, &registered_name);
-			if (result == ISC_R_SUCCESS) {
-				/* Deletion invalidated the chain, restart iteration. */
-				result = fwdr_rbt_iter_init(ldap_inst->fwd_register,
-							    &iter, &registered_name);
-				continue;
-			} else {
-				log_error_r("unable to delete forward zone '%s' "
-					    "from forwarding register", name_txt);
-			}
-		} else if (result != ISC_R_SUCCESS) {
-			break;
-		}
-		result = rbt_iter_next(&iter, &registered_name);
-	}
-	if (result == ISC_R_NOTFOUND || result == ISC_R_NOMORE)
-		goto cleanup;
-
-cleanup:
-	rbt_iter_stop(&iter);
-	if (master_rbt != NULL)
-		dns_rbt_destroy(&master_rbt);
-	if (forward_rbt != NULL)
-		dns_rbt_destroy(&forward_rbt);
-
-	ldap_query_free(ISC_FALSE, &ldap_config_qresult);
-	ldap_query_free(ISC_FALSE, &ldap_zones_qresult);
-	ldap_pool_putconnection(ldap_inst->pool, &ldap_conn);
-
-	log_debug(2, "finished refreshing list of zones");
-
-	if (zone_count > 0)
-		return ISC_R_SUCCESS;
-	else
-		return ISC_R_FAILURE;
-}
-
 static isc_result_t
 findrdatatype_or_create(isc_mem_t *mctx, ldapdb_rdatalist_t *rdatalist,
 			dns_rdataclass_t rdclass, dns_rdatatype_t rdtype,
@@ -4271,8 +4004,6 @@ ldap_psearch_watcher(isc_threadarg_t arg)
 	int ret, cnt;
 	isc_result_t result;
 	sigset_t sigset;
-	isc_boolean_t flush_required;
-	isc_boolean_t psearch;
 	isc_uint32_t reconnect_interval;
 	const char *base = NULL;
 
@@ -4317,33 +4048,29 @@ ldap_psearch_watcher(isc_threadarg_t arg)
 restart:
 	/* Perform initial lookup */
 	ldap_query_free(ISC_TRUE, &ldap_qresult);
-	flush_required = ISC_TRUE;
 	CHECK(setting_get_str("base", inst->global_settings, &base));
-	CHECK(setting_get_bool("psearch", inst->global_settings, &psearch));
-	if (psearch) {
-		log_debug(1, "Sending initial psearch lookup");
-		ret = ldap_search_ext(conn->handle,
-				      base,
-				      LDAP_SCOPE_SUBTREE,
-				      /*    class = record
-				       * OR class = config
-				       * OR class = zone
-				       * OR class = forward
-				       *
-				       * Inactive zones are handled
-				       * in update_zone. */
-				      "(|"
-				      "(objectClass=idnsRecord)"
-				      "(objectClass=idnsConfigObject)"
-				      "(objectClass=idnsZone)"
-				      "(objectClass=idnsForwardZone))",
-				      NULL, 0, conn->serverctrls, NULL, NULL,
-				      LDAP_NO_LIMIT, &conn->msgid);
-		if (ret != LDAP_SUCCESS) {
-			log_error("failed to send initial psearch request");
-			ldap_unbind_ext_s(conn->handle, NULL, NULL);
-			goto cleanup;
-		}
+	log_debug(1, "Sending initial psearch lookup");
+	ret = ldap_search_ext(conn->handle,
+			      base,
+			      LDAP_SCOPE_SUBTREE,
+			      /*    class = record
+			       * OR class = config
+			       * OR class = zone
+			       * OR class = forward
+			       *
+			       * Inactive zones are handled
+			       * in update_zone. */
+			      "(|"
+			      "(objectClass=idnsRecord)"
+			      "(objectClass=idnsConfigObject)"
+			      "(objectClass=idnsZone)"
+			      "(objectClass=idnsForwardZone))",
+			      NULL, 0, conn->serverctrls, NULL, NULL,
+			      LDAP_NO_LIMIT, &conn->msgid);
+	if (ret != LDAP_SUCCESS) {
+		log_error("failed to send initial psearch request");
+		ldap_unbind_ext_s(conn->handle, NULL, NULL);
+		goto cleanup;
 	}
 
 	while (!inst->exiting) {
@@ -4365,33 +4092,6 @@ restart:
 					goto cleanup;
 			}
 			goto restart;
-		} else if (flush_required == ISC_TRUE) {
-			isc_boolean_t restart_needed = ISC_FALSE;
-			/* First LDAP result after (re)start was received successfully:
-			 * Unload old zones and flush record cache.
-			 * We want to save cache in case of search timeout during restart.
-			 */
-			if ((result = refresh_zones_from_ldap(inst, ISC_TRUE))
-			     != ISC_R_SUCCESS) {
-				log_error_r("zone refresh after initial psearch lookup failed");
-				restart_needed = ISC_TRUE;
-			} else if ((result = zr_flush_all_caches(inst->zone_register))
-				    != ISC_R_SUCCESS) {
-				log_error_r("cache flush after initial psearch lookup failed");
-				restart_needed = ISC_TRUE;
-			}
-
-			if (restart_needed) {
-				CHECK(setting_get_uint("reconnect_interval",
-						       inst->global_settings,
-						       &reconnect_interval));
-				if (!sane_sleep(inst, reconnect_interval))
-					goto cleanup;
-
-				goto restart;
-			}
-
-			flush_required = ISC_FALSE;
 		}
 
 		switch (ret) {
diff --git a/src/ldap_helper.h b/src/ldap_helper.h
index e18c2e96334c641cd14e5cab71c74c38fde42d9a..ae4db15a41551ebc9d1b9fca09920e16a1ad42db 100644
--- a/src/ldap_helper.h
+++ b/src/ldap_helper.h
@@ -82,8 +82,6 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
 		  const char * const *argv, dns_dyndb_arguments_t *dyndb_args,
 		  isc_task_t *task, ldap_instance_t **ldap_instp) ATTR_NONNULLS;
 void destroy_ldap_instance(ldap_instance_t **ldap_inst) ATTR_NONNULLS;
-isc_result_t
-refresh_zones_from_ldap(ldap_instance_t *ldap_inst, isc_boolean_t delete_only) ATTR_NONNULLS;
 
 isc_result_t
 ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock,
diff --git a/src/settings.c b/src/settings.c
index 5a5ab76910a68501d166bab6bf572d643a101bb9..ceb525e5a949086a9486b4c70882f11c5ebe2030 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -47,9 +47,9 @@ static const setting_t settings_default[] = {
 	{ "uri",			no_default_string		}, /* User have to set this */
 	{ "connections",		default_uint(2)			},
 	{ "reconnect_interval",		default_uint(60)		},
-	{ "zone_refresh",		default_uint(0)			},
+	{ "zone_refresh",		default_string("")		}, /* No longer supported */
 	{ "timeout",			default_uint(10)		},
-	{ "cache_ttl",			default_uint(120)		},
+	{ "cache_ttl",			default_string("")		}, /* No longer supported */
 	{ "timeout",			default_uint(10)		},
 	{ "base",	 		no_default_string		}, /* User have to set this */
 	{ "auth_method",		default_string("none")		},
@@ -63,7 +63,7 @@ static const setting_t settings_default[] = {
 	{ "sasl_password",		default_string("")		},
 	{ "krb5_keytab",		default_string("")		},
 	{ "fake_mname",			default_string("")		},
-	{ "psearch",			default_boolean(ISC_TRUE)	},
+	{ "psearch",			default_string("")		}, /* No longer supported */
 	{ "ldap_hostname",		default_string("")		},
 	{ "sync_ptr",			default_boolean(ISC_FALSE)	},
 	{ "dyn_update",			default_boolean(ISC_FALSE)	},
diff --git a/src/zone_manager.c b/src/zone_manager.c
index 841086ebd633cfeeea990be67fcec2824aeac04c..0fbee74abfeafe327b0320e2097ed53b4e1d8591 100644
--- a/src/zone_manager.c
+++ b/src/zone_manager.c
@@ -108,20 +108,13 @@ destroy_db_instance(db_instance_t **db_instp)
 	*db_instp = NULL;
 }
 
-static void refresh_zones_action(isc_task_t *task, isc_event_t *event);
-
 isc_result_t
 manager_create_db_instance(isc_mem_t *mctx, const char *name,
 			   const char * const *argv,
 			   dns_dyndb_arguments_t *dyndb_args)
 {
 	isc_result_t result;
 	db_instance_t *db_inst = NULL;
-	isc_uint32_t zone_refresh;
-	isc_boolean_t psearch;
-	isc_timermgr_t *timer_mgr;
-	isc_interval_t interval;
-	isc_timertype_t timer_type = isc_timertype_inactive;
 	isc_task_t *task;
 	settings_set_t *local_settings = NULL;
 
@@ -146,79 +139,23 @@ manager_create_db_instance(isc_mem_t *mctx, const char *name,
 	CHECK(new_ldap_instance(mctx, db_inst->name, argv, dyndb_args, task,
 				&db_inst->ldap_inst));
 
-	/* Add a timer to periodically refresh the zones. Create inactive timer if
-	 * zone refresh is disabled. (For simplifying configuration change.)
-	 *
-	 * Timer must exist before refresh_zones_from_ldap() is called. */
-	timer_mgr = dns_dyndb_get_timermgr(dyndb_args);
-
 	local_settings = ldap_instance_getsettings_local(db_inst->ldap_inst);
-	CHECK(setting_get_uint("zone_refresh", local_settings, &zone_refresh));
-	CHECK(setting_get_bool("psearch", local_settings, &psearch));
 	CHECK(setting_get_bool("verbose_checks", local_settings, &verbose_checks));
 
-	isc_interval_set(&interval, zone_refresh, 0);
-
-	if (zone_refresh && !psearch) {
-		timer_type = isc_timertype_ticker;
-	} else {
-		timer_type = isc_timertype_inactive;
-	}
-
-	CHECK(isc_timer_create(timer_mgr, timer_type, NULL,
-					   &interval, task, refresh_zones_action,
-					   db_inst, &db_inst->timer));
-
 	/* instance must be in list while calling refresh_zones_from_ldap() */
 	LOCK(&instance_list_lock);
 	APPEND(instance_list, db_inst, link);
 	UNLOCK(&instance_list_lock);
 
-	result = refresh_zones_from_ldap(db_inst->ldap_inst, ISC_FALSE);
-	if (result != ISC_R_SUCCESS) {
-		/* In case we don't find any zones, we at least return
-		 * ISC_R_SUCCESS so BIND won't exit because of this. */
-		log_error_r("no valid zones found in LDAP");
-		/*
-		 * Do not jump to cleanup. Rather start timer for zone refresh.
-		 * This is just a workaround when the LDAP server is not available
-		 * during the initialization process.
-		 *
-		 * If no period is set (i.e. refresh is disabled in config), use 30 sec.
-		 * Timer is already started for cases where period != 0.
-		 */
-		if (!zone_refresh) { /* Enforce zone refresh in emergency situation. */
-			isc_interval_set(&interval, 30, 0);
-			result = isc_timer_reset(db_inst->timer, isc_timertype_ticker, NULL,
-						&interval, ISC_TRUE);
-			if (result != ISC_R_SUCCESS) {
-					log_error("Could not adjust ZoneRefresh timer while init");
-					goto cleanup;
-			}
-		}
-	}
-
 	return ISC_R_SUCCESS;
 
 cleanup:
 	if (db_inst != NULL)
 		destroy_db_instance(&db_inst);
 
 	return result;
 }
 
-static void ATTR_NONNULL(2)
-refresh_zones_action(isc_task_t *task, isc_event_t *event)
-{
-	db_instance_t *db_inst = event->ev_arg;
-
-	UNUSED(task);
-
-	refresh_zones_from_ldap(db_inst->ldap_inst, ISC_FALSE);
-
-	isc_event_free(&event);
-}
-
 isc_result_t
 manager_get_ldap_instance(const char *name, ldap_instance_t **ldap_inst)
 {
diff --git a/src/zone_register.c b/src/zone_register.c
index 9aaf909408ff4ca91b9ba182767d13cbbf77ce5b..ab94bbe7ebacad49952023e8b0573c45e02c38c3 100644
--- a/src/zone_register.c
+++ b/src/zone_register.c
@@ -211,7 +211,7 @@ create_zone_info(isc_mem_t *mctx, dns_zone_t *zone, const char *dn,
 	CHECKED_MEM_GET_PTR(mctx, zinfo);
 	ZERO_PTR(zinfo);
 	CHECKED_MEM_STRDUP(mctx, dn, zinfo->dn);
-	CHECK(new_ldap_cache(mctx, global_settings, &zinfo->cache));
+	CHECK(new_ldap_cache(mctx, &zinfo->cache));
 	dns_zone_attach(zone, &zinfo->zone);
 	zinfo->settings = NULL;
 	isc_string_printf_truncate(settings_name, PRINT_BUFF_SIZE,
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to