[Freeipa-devel] [PATCH 0148] Explicitly return SERVFAIL if PTR synchronization is misconfigured.
Petr Spacek
pspacek at redhat.com
Thu May 9 12:53:10 UTC 2013
On 9.5.2013 10:59, Tomas Hozza wrote:
> On 04/16/2013 12:45 PM, Petr Spacek wrote:
>> Hello,
>>
>> Explicitly return SERVFAIL if PTR synchronization is misconfigured.
>>
>> SERVFAIL will be returned if PTR synchronization is enabled
>> in forward zone but reverse zone has dynamic updates disabled.
>>
>
> What the patch does little bit differs from what the commit
> message says. Explanation follows:
>
> Snip from ldap_helper.c (starting line 2959):
>
> /* Get attribute "idnsAllowDynUpdate" for reverse zone or use default. */
> dns_name_free(&zone_name, mctx);
> dns_name_init(&zone_name, NULL);
> CHECK(dn_to_dnsname(mctx, owner_zone_dn_ptr, &zone_name, NULL));
>
> zone_settings = NULL;
> result = zr_get_zone_settings(ldap_inst->zone_register, &zone_name,
> &zone_settings);
> if (result != ISC_R_SUCCESS) {
> if (result == ISC_R_NOTFOUND)
> log_debug(3, "active zone '%s' not found", zone_dn);
> goto cleanup;
> ^
> You replaced this goto with "CLEANUP_WITH(DNS_R_SERVFAIL)" but
> the check if dynamic updates in reverse zone are enabled
> is done in the following IF statement
> }
>
> CHECK(setting_get_bool("dyn_update", zone_settings, &zone_dyn_update));
> if (!zone_dyn_update) {
> log_debug(3, "dynamic update is not allowed in zone "
> "'%s'", zone_dn);
> CLEANUP_WITH(ISC_R_NOPERM);
> }
>
>
> The patch modifies the plugin to explicitly return SERVFAIL if there was
> some error while getting settings of PTR zone (the zone does not exist,
> etc).
>
> Maybe it would be good to explicitly return SERVFAIL also if dynamic
> updates in PTR zone are disabled and modify the commit message to
> better express what this patch does.
You are right. Revised patch is attached.
--
Petr^2 Spacek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bind-dyndb-ldap-pspacek-0148-2-Explicitly-return-SERVFAIL-if-PTR-synchronization-is.patch
Type: text/x-patch
Size: 19015 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130509/24d3d5a9/attachment.bin>
More information about the Freeipa-devel
mailing list