[Freeipa-devel] [PATCH 0266] (aka 257.5) Fix zone reloading for in-line signed zones

Tue, 17 Jun 2014 01:17:30 -0700 

Hello,

I forgot to send one patch between no. 257 and 258, so here it is :-)

Fix zone reloading for in-line signed zones.

A invalid secure zone (e.g. without NS records) is now automatically
reloaded when data inside the zone are changed.

https://fedorahosted.org/bind-dyndb-ldap/ticket/56

--
Petr^2 Spacek

From 7e2c632043dc771e0a53758dea43243728027fe2 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Tue, 27 May 2014 16:34:59 +0200
Subject: [PATCH] Fix zone reloading for in-line signed zones.

A invalid secure zone (e.g. without NS records) is now automatically
reloaded when data inside the zone are changed.

https://fedorahosted.org/bind-dyndb-ldap/ticket/56

Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
 src/ldap_helper.c | 49 +++++++++++++++++++++++++------------------------
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 70c9755bdeec8502c66007630519e629a98d9b45..1e2d9a983504d5bc29f577c5bfbdbde407ebc380 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -992,6 +992,9 @@ cleanup:
 	return result;
 }
 
+/**
+ * @warning Never call this on raw part of in-line secure zone.
+ */
 static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT
 load_zone(dns_zone_t *zone) {
 	isc_result_t result;
@@ -2333,7 +2336,7 @@ ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
 
 	/* Do zone load only if the initial LDAP synchronization is done. */
 	if (sync_state == sync_finished && data_changed == ISC_TRUE)
-		CHECK(load_zone(raw));
+		CHECK(load_zone(secure));
 
 cleanup:
 	dns_diff_clear(&diff);
@@ -4266,7 +4269,8 @@ update_record(isc_task_t *task, isc_event_t *event)
 	isc_result_t result;
 	ldap_instance_t *inst = NULL;
 	isc_mem_t *mctx;
-	dns_zone_t *zone_raw = NULL;
+	dns_zone_t *raw = NULL;
+	dns_zone_t *secure = NULL;
 	isc_boolean_t zone_found = ISC_FALSE;
 	isc_boolean_t zone_reloaded = ISC_FALSE;
 	isc_uint32_t serial;
@@ -4309,7 +4313,7 @@ update_record(isc_task_t *task, isc_event_t *event)
 
 	CHECK(manager_get_ldap_instance(pevent->dbname, &inst));
 	CHECK(dn_to_dnsname(mctx, pevent->dn, &name, &origin));
-	CHECK(zr_get_zone_ptr(inst->zone_register, &origin, &zone_raw, NULL));
+	CHECK(zr_get_zone_ptr(inst->zone_register, &origin, &raw, &secure));
 	zone_found = ISC_TRUE;
 
 update_restart:
@@ -4391,12 +4395,12 @@ update_restart:
 						    DNS_DIFFOP_ADD, &soa_tuple));
 			CHECK(update_soa_serial(dns_updatemethod_unixtime,
 						soa_tuple, &serial));
-			dns_zone_log(zone_raw, ISC_LOG_DEBUG(5),
+			dns_zone_log(raw, ISC_LOG_DEBUG(5),
 				     "writing new zone serial %u to LDAP",
 				     serial);
 			result = ldap_replace_serial(inst, &origin, serial);
 			if (result != ISC_R_SUCCESS)
-				dns_zone_log(zone_raw, ISC_LOG_ERROR,
+				dns_zone_log(raw, ISC_LOG_ERROR,
 					     "serial (%u) write back to LDAP failed",
 					     serial);
 			dns_diff_append(&diff, &soa_tuple);
@@ -4409,21 +4413,21 @@ update_restart:
 #endif
 		if (sync_state == sync_finished) {
 			/* write the transaction to journal */
-			journal_filename = dns_zone_getjournal(zone_raw);
+			journal_filename = dns_zone_getjournal(raw);
 			CHECK(dns_journal_open(mctx, journal_filename,
 					       DNS_JOURNAL_CREATE, &journal));
 			CHECK(dns_journal_write_transaction(journal, &diff));
 		}
 		/* commit */
 		CHECK(dns_diff_apply(&diff, rbtdb, version));
 		dns_db_closeversion(ldapdb, &version, ISC_TRUE);
-		dns_zone_markdirty(zone_raw);
+		dns_zone_markdirty(raw);
 	}
 
 	/* Check if the zone is loaded or not.
 	 * No other function above returns DNS_R_NOTLOADED. */
 	if (sync_state == sync_finished)
-		result = dns_zone_getserial2(zone_raw, &serial);
+		result = dns_zone_getserial2(raw, &serial);
 
 cleanup:
 #ifdef RBTDB_DEBUG
@@ -4449,30 +4453,25 @@ cleanup:
 		dns_db_detach(&ldapdb);
 	if (result != ISC_R_SUCCESS && zone_found && !zone_reloaded &&
 	   (result == DNS_R_NOTLOADED || result == DNS_R_BADZONE)) {
-		log_debug(1, "reloading invalid zone after a change; "
+		dns_zone_log(raw, ISC_LOG_DEBUG(1),
+			     "reloading invalid zone after a change; "
 			     "reload triggered by change in '%s'",
 			     pevent->dn);
-
-		if (zone_raw != NULL)
-			result = dns_zone_load(zone_raw);
+		if (secure != NULL)
+			result = load_zone(secure);
+		else if (raw != NULL)
+			result = load_zone(raw);
 		if (result == ISC_R_SUCCESS || result == DNS_R_UPTODATE ||
 		    result == DNS_R_DYNAMIC || result == DNS_R_CONTINUE) {
 			/* zone reload succeeded, fire current event again */
 			log_debug(1, "restarting update_record after zone reload "
 				     "caused by change in '%s'", pevent->dn);
 			zone_reloaded = ISC_TRUE;
-			result = dns_zone_getserial2(zone_raw, &serial);
-			if (result == ISC_R_SUCCESS) {
-				dns_zone_log(zone_raw, ISC_LOG_INFO,
-					     "reloaded serial %u", serial);
+			result = dns_zone_getserial2(raw, &serial);
+			if (result == ISC_R_SUCCESS)
 				goto update_restart;
-			} else {
-				dns_zone_log(zone_raw, ISC_LOG_ERROR,
-					     "could not get serial after "
-					     "reload");
-			}
 		} else {
-			dns_zone_log(zone_raw, ISC_LOG_ERROR,
+			dns_zone_log(raw, ISC_LOG_ERROR,
 				    "unable to reload invalid zone; "
 				    "reload triggered by change in '%s':%s",
 				    pevent->dn, dns_result_totext(result));
@@ -4496,8 +4495,10 @@ cleanup:
 		if (dns_name_dynamic(&prevorigin))
 			dns_name_free(&prevorigin, inst->mctx);
 	}
-	if (zone_raw != NULL)
-		dns_zone_detach(&zone_raw);
+	if (raw != NULL)
+		dns_zone_detach(&raw);
+	if (secure != NULL)
+		dns_zone_detach(&secure);
 	ldapdb_rdatalist_destroy(mctx, &rdatalist);
 	isc_mem_free(mctx, pevent->dbname);
 	if (pevent->prevdn != NULL)
-- 
1.9.3


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to