Hello,
this patch set enables DNS updates to secure zones and also propagates changes
made in LDAP to secure zones.
NSEC3 doesn't work for some reason so don't waste time messing with NSEC3PARAM
:-)
--
Petr^2 Spacek
From 88b3ab38ab9685db2a829b79e302c2cb223c624e Mon Sep 17 00:00:00 2001
From: Petr Spacek <[email protected]>
Date: Wed, 23 Apr 2014 18:09:57 +0200
Subject: [PATCH] Rename zone variables in update_record().
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Signed-off-by: Petr Spacek <[email protected]>
---
src/ldap_helper.c | 34 +++++++++++++++-------------------
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 2b4ba1936e3b9c934cb64259f199c62ef6a2e496..1941bcd6c2181fda4167d674aeda90a9588da200 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -4172,7 +4172,6 @@ update_record(isc_task_t *task, isc_event_t *event)
isc_result_t result;
ldap_instance_t *inst = NULL;
isc_mem_t *mctx;
- dns_zone_t *zone_ptr = NULL;
dns_zone_t *zone_raw = NULL;
isc_boolean_t zone_found = ISC_FALSE;
isc_boolean_t zone_reloaded = ISC_FALSE;
@@ -4216,7 +4215,7 @@ update_record(isc_task_t *task, isc_event_t *event)
CHECK(manager_get_ldap_instance(pevent->dbname, &inst));
CHECK(dn_to_dnsname(mctx, pevent->dn, &name, &origin));
- CHECK(zr_get_zone_ptr(inst->zone_register, &origin, &zone_ptr, NULL));
+ CHECK(zr_get_zone_ptr(inst->zone_register, &origin, &zone_raw, NULL));
zone_found = ISC_TRUE;
update_restart:
@@ -4298,11 +4297,12 @@ update_restart:
DNS_DIFFOP_ADD, &soa_tuple));
CHECK(update_soa_serial(dns_updatemethod_unixtime,
soa_tuple, &serial));
- dns_zone_log(zone_ptr, ISC_LOG_DEBUG(5),
- "writing new zone serial %u to LDAP", serial);
+ dns_zone_log(zone_raw, ISC_LOG_DEBUG(5),
+ "writing new zone serial %u to LDAP",
+ serial);
result = ldap_replace_serial(inst, &origin, serial);
if (result != ISC_R_SUCCESS)
- dns_zone_log(zone_ptr, ISC_LOG_ERROR,
+ dns_zone_log(zone_raw, ISC_LOG_ERROR,
"serial (%u) write back to LDAP failed",
serial);
dns_diff_append(&diff, &soa_tuple);
@@ -4315,11 +4315,7 @@ update_restart:
#endif
if (sync_state == sync_finished) {
/* write the transaction to journal */
- dns_zone_getraw(zone_ptr, &zone_raw);
- if (zone_raw == NULL)
- journal_filename = dns_zone_getjournal(zone_ptr);
- else
- journal_filename = dns_zone_getjournal(zone_raw);
+ journal_filename = dns_zone_getjournal(zone_raw);
CHECK(dns_journal_open(mctx, journal_filename,
DNS_JOURNAL_CREATE, &journal));
CHECK(dns_journal_write_transaction(journal, &diff));
@@ -4332,7 +4328,7 @@ update_restart:
/* Check if the zone is loaded or not.
* No other function above returns DNS_R_NOTLOADED. */
if (sync_state == sync_finished)
- result = dns_zone_getserial2(zone_ptr, &serial);
+ result = dns_zone_getserial2(zone_raw, &serial);
cleanup:
#ifdef RBTDB_DEBUG
@@ -4362,26 +4358,26 @@ cleanup:
"reload triggered by change in '%s'",
pevent->dn);
- if (zone_ptr != NULL)
- result = dns_zone_load(zone_ptr);
+ if (zone_raw != NULL)
+ result = dns_zone_load(zone_raw);
if (result == ISC_R_SUCCESS || result == DNS_R_UPTODATE ||
result == DNS_R_DYNAMIC || result == DNS_R_CONTINUE) {
/* zone reload succeeded, fire current event again */
log_debug(1, "restarting update_record after zone reload "
"caused by change in '%s'", pevent->dn);
zone_reloaded = ISC_TRUE;
- result = dns_zone_getserial2(zone_ptr, &serial);
+ result = dns_zone_getserial2(zone_raw, &serial);
if (result == ISC_R_SUCCESS) {
- dns_zone_log(zone_ptr, ISC_LOG_INFO,
+ dns_zone_log(zone_raw, ISC_LOG_INFO,
"reloaded serial %u", serial);
goto update_restart;
} else {
- dns_zone_log(zone_ptr, ISC_LOG_ERROR,
+ dns_zone_log(zone_raw, ISC_LOG_ERROR,
"could not get serial after "
"reload");
}
} else {
- dns_zone_log(zone_ptr, ISC_LOG_ERROR,
+ dns_zone_log(zone_raw, ISC_LOG_ERROR,
"unable to reload invalid zone; "
"reload triggered by change in '%s':%s",
pevent->dn, dns_result_totext(result));
@@ -4405,8 +4401,8 @@ cleanup:
if (dns_name_dynamic(&prevorigin))
dns_name_free(&prevorigin, inst->mctx);
}
- if (zone_ptr != NULL)
- dns_zone_detach(&zone_ptr);
+ if (zone_raw != NULL)
+ dns_zone_detach(&zone_raw);
ldapdb_rdatalist_destroy(mctx, &rdatalist);
isc_mem_free(mctx, pevent->dbname);
if (pevent->prevdn != NULL)
--
1.9.0
From a860cd669a194350d20e876b90838aac6d203b8a Mon Sep 17 00:00:00 2001
From: Petr Spacek <[email protected]>
Date: Wed, 23 Apr 2014 18:11:05 +0200
Subject: [PATCH] Propagate DNS updates & changes from LDAP to signed version
of the zone.
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Signed-off-by: Petr Spacek <[email protected]>
---
src/ldap_helper.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 1941bcd6c2181fda4167d674aeda90a9588da200..9654589684f54c59cc6bc50f68857a5951fef4c4 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2235,6 +2235,7 @@ ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
/* commit */
CHECK(dns_diff_apply(&diff, rbtdb, version));
dns_db_closeversion(ldapdb, &version, ISC_TRUE);
+ dns_zone_markdirty(raw);
}
/* Do zone load only if the initial LDAP synchronization is done. */
@@ -4323,6 +4324,7 @@ update_restart:
/* commit */
CHECK(dns_diff_apply(&diff, rbtdb, version));
dns_db_closeversion(ldapdb, &version, ISC_TRUE);
+ dns_zone_markdirty(zone_raw);
}
/* Check if the zone is loaded or not.
--
1.9.0
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
