<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 05/09/2013 05:23 PM, Petr Spacek
      wrote:<br>
    </div>
    <blockquote cite="mid:518BBF75.3060004@redhat.com" type="cite">On
      9.5.2013 14:53, Petr Spacek wrote:
      <br>
      <blockquote type="cite">On 9.5.2013 10:59, Tomas Hozza wrote:
        <br>
        <blockquote type="cite">On 04/16/2013 12:45 PM, Petr Spacek
          wrote:
          <br>
          <blockquote type="cite">Hello,
            <br>
            <br>
            Explicitly return SERVFAIL if PTR synchronization is
            misconfigured.
            <br>
            <br>
            SERVFAIL will be returned if PTR synchronization is enabled
            <br>
            in forward zone but reverse zone has dynamic updates
            disabled.
            <br>
            <br>
          </blockquote>
          <br>
          What the patch does little bit differs from what the commit
          <br>
          message says. Explanation follows:
          <br>
          <br>
          Snip from ldap_helper.c (starting line 2959):
          <br>
          <br>
          /* Get attribute "idnsAllowDynUpdate" for reverse zone or use
          default. */
          <br>
          dns_name_free(&zone_name, mctx);
          <br>
          dns_name_init(&zone_name, NULL);
          <br>
          CHECK(dn_to_dnsname(mctx, owner_zone_dn_ptr, &zone_name,
          NULL));
          <br>
          <br>
          zone_settings = NULL;
          <br>
          result = zr_get_zone_settings(ldap_inst->zone_register,
          &zone_name,
          <br>
                                    &zone_settings);
          <br>
          if (result != ISC_R_SUCCESS) {
          <br>
              if (result == ISC_R_NOTFOUND)
          <br>
                  log_debug(3, "active zone '%s' not found", zone_dn);
          <br>
              goto cleanup;
          <br>
              ^
          <br>
              You replaced this goto with "CLEANUP_WITH(DNS_R_SERVFAIL)"
          but
          <br>
              the check if dynamic updates in reverse zone are enabled
          <br>
              is done in the following IF statement
          <br>
          }
          <br>
          <br>
          CHECK(setting_get_bool("dyn_update", zone_settings,
          &zone_dyn_update));
          <br>
          if (!zone_dyn_update) {
          <br>
              log_debug(3, "dynamic update is not allowed in zone "
          <br>
                       "'%s'", zone_dn);
          <br>
              CLEANUP_WITH(ISC_R_NOPERM);
          <br>
          }
          <br>
          <br>
          <br>
          The patch modifies the plugin to explicitly return SERVFAIL if
          there was
          <br>
          some error while getting settings of PTR zone (the zone does
          not exist,
          <br>
          etc).
          <br>
          <br>
          Maybe it would be good to explicitly return SERVFAIL also if
          dynamic
          <br>
          updates in PTR zone are disabled and modify the commit message
          to
          <br>
          better express what this patch does.
          <br>
        </blockquote>
        <br>
        You are right. Revised patch is attached.
        <br>
      </blockquote>
      <br>
      I sent a bad patch by mistake...
      <br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
    </blockquote>
    I tested the patch. Works ok, ACK.<br>
    <br>
    Tomas<br>
  </body>
</html>