Hello,
This patch set allows you to change DNSSEC zone configuration at run-time.
--
Petr^2 Spacek
From 080f922b0920105def25f19c28da1d448406ccce Mon Sep 17 00:00:00 2001
From: Petr Spacek
Date: Wed, 4 Jun 2014 21:25:15 +0200
Subject: [PATCH] Delete old database & journal files during zone loading.
This prevents inline-signed zones from failing to receive updates from
LDAP mysteriously.
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Signed-off-by: Petr Spacek
---
src/ldap_helper.c | 17 -
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 2eb9c4d63d05486799b90ce4d23cf3fb26c6ca17..3a0ac6ddea237fcd74c146bad7400b516422ff27 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -782,12 +782,14 @@ delete_bind_zone(dns_zt_t *zt, dns_zone_t **zonep) {
return result;
}
-isc_result_t
+static isc_result_t ATTR_NONNULLS
cleanup_zone_files(dns_zone_t *zone) {
isc_result_t result;
isc_boolean_t failure = ISC_FALSE;
const char *filename = NULL;
dns_zone_t *raw = NULL;
+ int namelen;
+ char bck_filename[PATH_MAX];
dns_zone_getraw(zone, &raw);
if (raw != NULL) {
@@ -804,6 +806,17 @@ cleanup_zone_files(dns_zone_t *zone) {
result = fs_file_remove(filename);
failure = failure || (result != ISC_R_SUCCESS);
+ /* Taken from dns_journal_open() from bind-9.9.4-P2:
+ * Journal backup file name ends with ".jbk" instead of ".jnl". */
+ namelen = strlen(filename);
+ if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0)
+ namelen -= 4;
+ CHECK(isc_string_printf(bck_filename, sizeof(bck_filename),
+"%.*s.jbk", namelen, filename));
+ CHECK(fs_file_remove(bck_filename));
+
+cleanup:
+ failure = failure || (result != ISC_R_SUCCESS);
if (failure == ISC_TRUE)
dns_zone_log(zone, ISC_LOG_ERROR,
"unable to remove files, expect problems");
@@ -946,6 +959,7 @@ create_zone(ldap_instance_t * const inst, const char * const dn,
if (want_secure == ISC_FALSE) {
CHECK(dns_zonemgr_managezone(inst->zmgr, raw));
+ CHECK(cleanup_zone_files(raw));
} else {
CHECK(dns_zone_create(&secure, inst->mctx));
CHECK(dns_zone_setorigin(secure, name));
@@ -957,6 +971,7 @@ create_zone(ldap_instance_t * const inst, const char * const dn,
CHECK(dns_zone_link(secure, raw));
dns_zone_rekey(secure, ISC_TRUE);
CHECK(configure_paths(inst->mctx, inst, secure, ISC_TRUE));
+ CHECK(cleanup_zone_files(secure));
}
sync_state_get(inst->sctx, &sync_state);
--
1.9.3
From d89284fc0aafe001e5ce1599d04dac62f48ad108 Mon Sep 17 00:00:00 2001
From: Petr Spacek
Date: Wed, 4 Jun 2014 22:39:46 +0200
Subject: [PATCH] Support run-time changes in idnsSecInlineSigning attribute.
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Signed-off-by: Petr Spacek
---
src/ldap_helper.c | 92 +
src/zone_register.c | 24 --
src/zone_register.h | 7 ++--
3 files changed, 91 insertions(+), 32 deletions(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 3a0ac6ddea237fcd74c146bad7400b516422ff27..deda6955a215441a40857d78273fb8042275385e 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -293,6 +293,11 @@ static isc_result_t parse_rdata(isc_mem_t *mctx, ldap_entry_t *entry,
dns_name_t *origin, const char *rdata_text,
dns_rdata_t **rdatap) ATTR_NONNULLS ATTR_CHECKRESULT;
static isc_result_t
+ldap_parse_master_zoneentry(ldap_entry_t * const entry, dns_db_t * const olddb,
+ ldap_instance_t *const inst,
+ isc_task_t *const task)
+ ATTR_NONNULL(1,3,4) ATTR_CHECKRESULT;
+static isc_result_t
ldap_parse_rrentry(isc_mem_t *mctx, ldap_entry_t *entry, dns_name_t *origin,
const char *fake_mname, ldapdb_rdatalist_t *rdatalist) ATTR_NONNULLS ATTR_CHECKRESULT;
@@ -926,8 +931,9 @@ cleanup:
*/
static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT
create_zone(ldap_instance_t * const inst, const char * const dn,
- dns_name_t * const name, const isc_boolean_t want_secure,
- dns_zone_t ** const rawp, dns_zone_t ** const securep)
+ dns_name_t * const name, dns_db_t * const ldapdb,
+ const isc_boolean_t want_secure, dns_zone_t ** const rawp,
+ dns_zone_t ** const securep)
{
isc_result_t result;
dns_zone_t *raw = NULL;
@@ -987,7 +993,7 @@ create_zone(ldap_instance_t * const inst, const char * const dn,
}
}
- CHECK(zr_add_zone(inst->zone_register, raw, secure, dn));
+ CHECK(zr_add_zone(inst->zone_register, ldapdb, raw, secure, dn));
*rawp = raw;
*securep = secure;
@@ -2192,11 +2198,6 @@ zone_sync_apex(const ldap_instance_t * const inst,
* => do nothing. */
}
- /* New zone has to have at least SOA record and NS record. */
- if (new_zone == ISC_TRUE
- && (*data_changed == ISC_FALSE || soa_tuple == NULL))
- result = DNS_R_BADZONE;
-
cleanup:
if (soa_tuple_alloc == ISC_TRUE && soa_tuple != NULL)
dns_difftuple_free(&soa_tuple);
@@ -2208,10 +2209,54 @@ cleanup:
return result;
}
-/* Parse th