[Freeipa-devel] [PATCH 0259] Fix run-time zone addition for invalid secure zones

Tue, 03 Jun 2014 04:12:20 -0700 

Hello,

Fix run-time zone addition for invalid secure zones.

It is important *not* to delete invalid zones to prevent
ldap_parse_master_zoneentry() from entering infinite cycle.

Zone addition in ldap_parse_master_zoneentry() enforces serial
write-back to LDAP. This write generates LDAP modify event which
again triggers ldap_parse_master_zoneentry() and so on.

https://fedorahosted.org/bind-dyndb-ldap/ticket/56

--
Petr^2 Spacek

From 5a7b999d6e504ede87311a3b8a43f31751f58185 Mon Sep 17 00:00:00 2001
From: Petr Spacek <[email protected]>
Date: Tue, 3 Jun 2014 13:05:51 +0200
Subject: [PATCH] Fix run-time zone addition for invalid secure zones.

It is important *not* to delete invalid zones to prevent
ldap_parse_master_zoneentry() from entering infinite cycle.

Zone addition in ldap_parse_master_zoneentry() enforces serial
write-back to LDAP. This write generates LDAP modify event which
again triggers ldap_parse_master_zoneentry() and so on.

https://fedorahosted.org/bind-dyndb-ldap/ticket/56
---
 src/ldap_helper.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 0b4f37678eda0961d17dfced92b89642047737f6..7b8ea86b3f8fccdbcebc6ee50aaad8438ebb984b 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2218,6 +2218,7 @@ ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
 	isc_boolean_t unlock = ISC_FALSE;
 	isc_boolean_t new_zone = ISC_FALSE;
 	isc_boolean_t want_secure = ISC_FALSE;
+	isc_boolean_t configured = ISC_FALSE;
 	settings_set_t *zone_settings = NULL;
 	isc_boolean_t ldap_writeback;
 	isc_boolean_t data_changed = ISC_FALSE; /* GCC */
@@ -2337,6 +2338,7 @@ ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
 		if (new_zone == ISC_TRUE) {
 			toview = (want_secure == ISC_TRUE) ? secure : raw;
 			CHECK(publish_zone(task, inst, toview));
+			configured = ISC_TRUE;
 		}
 		if (data_changed == ISC_TRUE)
 			CHECK(load_zone(secure));
@@ -2352,7 +2354,8 @@ cleanup:
 		dns_journal_destroy(&journal);
 	if (ldapdb != NULL)
 		dns_db_detach(&ldapdb);
-	if (new_zone && result != ISC_R_SUCCESS) {
+	if (new_zone == ISC_TRUE && configured == ISC_FALSE &&
+	    result != ISC_R_SUCCESS) {
 		/* Failure in ACL parsing or so. */
 		log_error_r("zone '%s': publishing failed, rolling back due to",
 			    entry->dn);
-- 
1.9.3


_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to