<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/09/2013 05:23 PM, Petr Spacek
wrote:<br>
</div>
<blockquote cite="mid:518BBF75.3060004@redhat.com" type="cite">On
9.5.2013 14:53, Petr Spacek wrote:
<br>
<blockquote type="cite">On 9.5.2013 10:59, Tomas Hozza wrote:
<br>
<blockquote type="cite">On 04/16/2013 12:45 PM, Petr Spacek
wrote:
<br>
<blockquote type="cite">Hello,
<br>
<br>
Explicitly return SERVFAIL if PTR synchronization is
misconfigured.
<br>
<br>
SERVFAIL will be returned if PTR synchronization is enabled
<br>
in forward zone but reverse zone has dynamic updates
disabled.
<br>
<br>
</blockquote>
<br>
What the patch does little bit differs from what the commit
<br>
message says. Explanation follows:
<br>
<br>
Snip from ldap_helper.c (starting line 2959):
<br>
<br>
/* Get attribute "idnsAllowDynUpdate" for reverse zone or use
default. */
<br>
dns_name_free(&zone_name, mctx);
<br>
dns_name_init(&zone_name, NULL);
<br>
CHECK(dn_to_dnsname(mctx, owner_zone_dn_ptr, &zone_name,
NULL));
<br>
<br>
zone_settings = NULL;
<br>
result = zr_get_zone_settings(ldap_inst->zone_register,
&zone_name,
<br>
&zone_settings);
<br>
if (result != ISC_R_SUCCESS) {
<br>
if (result == ISC_R_NOTFOUND)
<br>
log_debug(3, "active zone '%s' not found", zone_dn);
<br>
goto cleanup;
<br>
^
<br>
You replaced this goto with "CLEANUP_WITH(DNS_R_SERVFAIL)"
but
<br>
the check if dynamic updates in reverse zone are enabled
<br>
is done in the following IF statement
<br>
}
<br>
<br>
CHECK(setting_get_bool("dyn_update", zone_settings,
&zone_dyn_update));
<br>
if (!zone_dyn_update) {
<br>
log_debug(3, "dynamic update is not allowed in zone "
<br>
"'%s'", zone_dn);
<br>
CLEANUP_WITH(ISC_R_NOPERM);
<br>
}
<br>
<br>
<br>
The patch modifies the plugin to explicitly return SERVFAIL if
there was
<br>
some error while getting settings of PTR zone (the zone does
not exist,
<br>
etc).
<br>
<br>
Maybe it would be good to explicitly return SERVFAIL also if
dynamic
<br>
updates in PTR zone are disabled and modify the commit message
to
<br>
better express what this patch does.
<br>
</blockquote>
<br>
You are right. Revised patch is attached.
<br>
</blockquote>
<br>
I sent a bad patch by mistake...
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
I tested the patch. Works ok, ACK.<br>
<br>
Tomas<br>
</body>
</html>