Hello,
Fix run-time zone addition for invalid secure zones.
It is important *not* to delete invalid zones to prevent
ldap_parse_master_zoneentry() from entering infinite cycle.
Zone addition in ldap_parse_master_zoneentry() enforces serial
write-back to LDAP. This write generates LDAP modify event which
again triggers ldap_parse_master_zoneentry() and so on.
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
--
Petr^2 Spacek
From 5a7b999d6e504ede87311a3b8a43f31751f58185 Mon Sep 17 00:00:00 2001
From: Petr Spacek
Date: Tue, 3 Jun 2014 13:05:51 +0200
Subject: [PATCH] Fix run-time zone addition for invalid secure zones.
It is important *not* to delete invalid zones to prevent
ldap_parse_master_zoneentry() from entering infinite cycle.
Zone addition in ldap_parse_master_zoneentry() enforces serial
write-back to LDAP. This write generates LDAP modify event which
again triggers ldap_parse_master_zoneentry() and so on.
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
---
src/ldap_helper.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 0b4f37678eda0961d17dfced92b89642047737f6..7b8ea86b3f8fccdbcebc6ee50aaad8438ebb984b 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2218,6 +2218,7 @@ ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
isc_boolean_t unlock = ISC_FALSE;
isc_boolean_t new_zone = ISC_FALSE;
isc_boolean_t want_secure = ISC_FALSE;
+ isc_boolean_t configured = ISC_FALSE;
settings_set_t *zone_settings = NULL;
isc_boolean_t ldap_writeback;
isc_boolean_t data_changed = ISC_FALSE; /* GCC */
@@ -2337,6 +2338,7 @@ ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
if (new_zone == ISC_TRUE) {
toview = (want_secure == ISC_TRUE) ? secure : raw;
CHECK(publish_zone(task, inst, toview));
+ configured = ISC_TRUE;
}
if (data_changed == ISC_TRUE)
CHECK(load_zone(secure));
@@ -2352,7 +2354,8 @@ cleanup:
dns_journal_destroy(&journal);
if (ldapdb != NULL)
dns_db_detach(&ldapdb);
- if (new_zone && result != ISC_R_SUCCESS) {
+ if (new_zone == ISC_TRUE && configured == ISC_FALSE &&
+ result != ISC_R_SUCCESS) {
/* Failure in ACL parsing or so. */
log_error_r("zone '%s': publishing failed, rolling back due to",
entry->dn);
--
1.9.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel