On 17.4.2014 20:00, Petr Spacek wrote:
Hello,
This patch set attempts to move ldap_parse_master_zoneentry() a little bit
closer to sane code.
It is preparation for
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
bind-dyndb-ldap-pspacek-0242-2-Refactor-master-zone-configuration.patch fixes
zone loading for zones without idnsAllowTransfer attribute in LDAP.
Previously, the plugin refused to load such zones with error ISC_R_NOTFOUND -
missing attribute was treated as fatal error.
--
Petr^2 Spacek
From 94961066af9720a11c62e655a34ce9b38d6ba5ff Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Thu, 17 Apr 2014 14:49:48 +0200
Subject: [PATCH] Refactor master zone configuration.
ldap_parse_master_zoneentry() is way too long and unmanageable.
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
src/ldap_helper.c | 141 ++++++++++++++++++++++++++++++++----------------------
1 file changed, 84 insertions(+), 57 deletions(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index f6f4daa28bcebb134d734765133806f6e1e7f619..d94bb57fdd6e5e0e43a978d7aaba471c62014eb9 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -1813,21 +1813,102 @@ cleanup:
#undef MAX_SERIAL_LENGTH
}
+/**
+ * Reconfigure master zone according to configuration in LDAP object.
+ *
+ * @param[in] raw Raw zone backed by LDAP database. In-line secure zone
+ * will be reconfigured as necessary.
+ */
+static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT
+zone_master_reconfigure(ldap_entry_t *entry, settings_set_t *zone_settings,
+ dns_zone_t *raw, isc_task_t *task) {
+ isc_result_t result;
+ const char *dn = NULL;
+ ldap_valuelist_t values;
+ isc_mem_t *mctx = NULL;
+ isc_boolean_t ssu_changed;
+
+ REQUIRE(entry != NULL);
+ REQUIRE(zone_settings != NULL);
+ REQUIRE(raw != NULL);
+ REQUIRE(task != NULL);
+
+ dn = entry->dn;
+ mctx = dns_zone_getmctx(raw);
+
+ result = setting_update_from_ldap_entry("dyn_update", zone_settings,
+ "idnsAllowDynUpdate", entry, task);
+ if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
+ goto cleanup;
+ ssu_changed = (result == ISC_R_SUCCESS);
+
+ result = setting_update_from_ldap_entry("sync_ptr", zone_settings,
+ "idnsAllowSyncPTR", entry, task);
+ if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
+ goto cleanup;
+
+ result = setting_update_from_ldap_entry("update_policy", zone_settings,
+ "idnsUpdatePolicy", entry, task);
+ if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
+ goto cleanup;
+
+ if (result == ISC_R_SUCCESS || ssu_changed) {
+ isc_boolean_t ssu_enabled;
+ const char *ssu_policy = NULL;
+
+ log_debug(2, "Setting SSU table for %p: %s", raw, dn);
+ CHECK(setting_get_bool("dyn_update", zone_settings, &ssu_enabled));
+ if (ssu_enabled) {
+ /* Get the update policy and update the zone with it. */
+ CHECK(setting_get_str("update_policy", zone_settings,
+ &ssu_policy));
+ CHECK(configure_zone_ssutable(raw, ssu_policy));
+ } else {
+ /* Empty policy will prevent the update from reaching
+ * LDAP driver and error will be logged. */
+ CHECK(configure_zone_ssutable(raw, ""));
+ }
+ }
+
+ /* Fetch allow-query and allow-transfer ACLs */
+ log_debug(2, "Setting allow-query for %p: %s", raw, dn);
+ result = ldap_entry_getvalues(entry, "idnsAllowQuery", &values);
+ if (result == ISC_R_SUCCESS) {
+ CHECK(configure_zone_acl(mctx, raw, &dns_zone_setqueryacl,
+ HEAD(values)->value, acl_type_query));
+ } else {
+ log_debug(2, "allow-query not set");
+ dns_zone_clearqueryacl(raw);
+ }
+
+ log_debug(2, "Setting allow-transfer for %p: %s", raw, dn);
+ result = ldap_entry_getvalues(entry, "idnsAllowTransfer", &values);
+ if (result == ISC_R_SUCCESS) {
+ CHECK(configure_zone_acl(mctx, raw, &dns_zone_setxfracl,
+ HEAD(values)->value, acl_type_transfer));
+ } else {
+ log_debug(2, "allow-transfer not set");
+ dns_zone_clearxfracl(raw);
+ result = ISC_R_SUCCESS;
+ }
+
+cleanup:
+ return result;
+}
+
/* Parse the master zone entry */
static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT
ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
isc_task_t *task)
{
const char *dn;
- ldap_valuelist_t values;
dns_name_t name;
dns_zone_t *raw = NULL;
dns_zone_t *zone_raw = NULL;
isc_result_t result;
isc_boolean_t unlock = ISC_FALSE;
isc_boolean_t new_zone = ISC_FALSE;
isc_boolean_t configured = ISC_FALSE;
- isc_boolean_t ssu_changed;
ldapdb_rdatalist_t rdatalist;
settings_set_t *zone_settings = NULL;
const char *fake_mname = NULL;
@@ -1900,61 +1981,7 @@ ldap_parse_master_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst,
goto cleanup;
CHECK(zr_get_zone_settings(inst->zone_register, &name, &zone_settings));
-
- result = setting_update_from_ldap_entry("dyn_update", zone_settings,
- "idnsAllowDynUpdate", entry, inst->task);
- if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
- goto cleanup;
- ssu_changed = (result == ISC_R_SUCCESS);
-
- result = setting_update_from_ldap_entry("sync_ptr", zone_settings,
- "idnsAllowSyncPTR", entry, inst->task);
- if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
- goto cleanup;
-
- result = setting_update_from_ldap_entry("update_policy", zone_settings,
- "idnsUpdatePolicy", entry, inst->task);
- if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE)
- goto cleanup;
-
- if (result == ISC_R_SUCCESS || ssu_changed) {
- isc_boolean_t ssu_enabled;
- const char *ssu_policy = NULL;
-
- log_debug(2, "Setting SSU table for %p: %s", raw, dn);
- CHECK(setting_get_bool("dyn_update", zone_settings, &ssu_enabled));
- if (ssu_enabled) {
- /* Get the update policy and update the zone with it. */
- CHECK(setting_get_str("update_policy", zone_settings,
- &ssu_policy));
- CHECK(configure_zone_ssutable(raw, ssu_policy));
- } else {
- /* Empty policy will prevent the update from reaching
- * LDAP driver and error will be logged. */
- CHECK(configure_zone_ssutable(raw, ""));
- }
- }
-
- /* Fetch allow-query and allow-transfer ACLs */
- log_debug(2, "Setting allow-query for %p: %s", raw, dn);
- result = ldap_entry_getvalues(entry, "idnsAllowQuery", &values);
- if (result == ISC_R_SUCCESS) {
- CHECK(configure_zone_acl(inst->mctx, raw, &dns_zone_setqueryacl,
- HEAD(values)->value, acl_type_query));
- } else {
- log_debug(2, "allow-query not set");
- dns_zone_clearqueryacl(raw);
- }
-
- log_debug(2, "Setting allow-transfer for %p: %s", raw, dn);
- result = ldap_entry_getvalues(entry, "idnsAllowTransfer", &values);
- if (result == ISC_R_SUCCESS) {
- CHECK(configure_zone_acl(inst->mctx, raw, &dns_zone_setxfracl,
- HEAD(values)->value, acl_type_transfer));
- } else {
- log_debug(2, "allow-transfer not set");
- dns_zone_clearxfracl(raw);
- }
+ CHECK(zone_master_reconfigure(entry, zone_settings, raw, task));
sync_state_get(inst->sctx, &sync_state);
if (new_zone == ISC_TRUE && sync_state == sync_finished)
--
1.9.0
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel