| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Resolves ticket #25
|
| |
|
|
| |
Resolves ticket #26
|
| |
|
|
|
|
|
|
| |
The fake_mname option is optional and will cause the LDAP driver to
ignore idnsSOAmName LDAP attribute and use the value of this option
instead.
Resolves ticket #17
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We only did a new ldap bind with the old ldap handle, which didn't work.
We fix this by getting rid of the old handle and do a brand new init and
bind.
Resolves ticket #20
|
| |
|
|
|
| |
When destroying an ldap instance we didn't destroy the sasl_realm
setting string.
|
| |
|
|
|
|
| |
The search filter for active zones used value "True" for attribute
"idnsZoneActive". This is incorrect according to section 6.4 of RFC 2252
which states that boolean syntax is either "TRUE" or "FALSE".
|
| |
|
|
|
| |
Allow publishing the code under GPL version 2 or later. Before that, we
only allowed to use version 2.
|
| | |
|
| |
|
|
|
|
|
|
| |
* Change the default authentication method to GSSAPI
* Add "sasl_auth_name" setting for SASL_CB_AUTHNAME
* Add "sasl_password" setting for SASL_CB_PASS to be used instead of
ordinary password, which will now be only used for simple
authentication
|
| |
|
|
| |
Mostly adding logging statements and removing some olds stuff.
|
| |
|
|
|
|
|
|
| |
If the initial search fails to find any zones, destroy the database
instance, but return ISC_R_SUCCESS to BIND, since this is not
technically a fault because of which BIND should abort. We do this
because there is no point in refreshing zones if there are not any and
it is not possible to add them later.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original intent was to add and remove zones periodically, based on
changes in the LDAP database. It seems, however, that this is not
possible with the way BIND views are working. Each view can have zones
added during the configuration phase, but not after that. Luckily, we
can at least change their SSU table without the need to reload named.
This commit also has some changes to the function interfaces and makes
the whole thing a lot simpler. Creation of the ldap instances and cache
instances is now left on the zone manager. Additionally, we now put view
and zonemgr pointers right into into the ldap instance. This makes the
API for refresh_zones_from_ldap() and create_zone() much more simpler.
|
| |
|
|
|
|
|
|
|
|
|
| |
Moving the zone registration into a separate file will make the code
more modular and easier to read and change. Also, we are preparing the
refresh_zones_from_ldap() function for it's intended purpose of being
able to add zones and later modify them if something has changed.
Unfortunately, we will only be able to change some of the zone
attributes (for now the update policy). We will not be able to create
new zones as they are added to LDAP because that requires a reload of
the name server.
|
| |
|
|
|
|
|
| |
The CHECK_NEXT() macro behaves exactly as the CHECK() macro, with the
difference that it jumps to the 'next' label. This is useful if we need
to cleanup after every loop cycle, but don't want to abort the whole
function if error is found.
|
| |
|
|
|
|
|
|
|
| |
Zone register is used for storing pointers to zones and their
corresponding LDAP distinguished names. These can then be accessed by
dns name of the zone. The data is needed for conversion of a dns name to
DN and to get a pointer of a zone when we need to make changes to it. We
could use dns_view_findzone() for this, but that way we would not have
any assurance that the found zone is really managed by us.
|
| |
|
|
|
|
|
| |
The log_bug() is to be used when a condition that should never happen
occurs. The log_error_r() will also log the reason of failure, which it
will derive from variable 'result' that must be defined and of type
isc_result_t.
|
| |
|
|
|
|
|
| |
The LOG_AS_ERROR conditional macro can be defined when compiling the
sources to make log_debug() behave in the same way as log_error(). This
is helpful for debugging, as specifying a debug level will introduce a
lot of unwanted log messages.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The FOR_EACH() macro will simply traverse the given list. Usage:
FOR_EACH(element, list)
do_something(element);
The FOR_EACH_UNLINK() macro will traverse the list and unlink each
element. Useful when destroying a whole list. Usage:
FOR_EACH_UNLINK(element, list) {
destroy(&element);
} END_FOR_EACH_UNLINK(element);
All these macros assume that 'link' is used to connect list elements, as
used in standard ISC list macros.
|
| |
|
|
|
|
|
|
|
| |
Since the SOA record is special for us, as we store it in multiple LDAP
attributes, it was ignored until now. This is now fixed, but we only
allow changes to the numeric attributes: serial, refresh, retry, expire
and minimum.
Resolves ticket #5
|
| | |
|
| |
|
|
|
| |
The idnsUpdatePolicy attribute was in the schema, but not in the zone
object class.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Until now, we only used ldap_modify_ext_s() when adding a new record.
This is not right, because the label might have not existed before. We
solve this now by checking for LDAP_NO_SUCH_OBJECT error and using
ldap_add_ext_s() if needed.
Partially resolves ticket #1
|
| |
|
|
|
|
|
|
|
|
| |
If the create argument was set to ISC_TRUE and nothing was found by
cached_ldap_rdatalist_get(), the rdatalist variable was left
uninitialized. This later caused crash in
ldapdb_rdatalist_findrdatatype(), when trying to access memory that
rdatalist pointed to.
Resolves ticket #18
|
| |
|
|
|
|
| |
The ISC_FORMAT_PRINTF() macro will make sure that gcc checks if these
functions are used correctly. Also fix bugs that were found along the
way.
|
| | |
|
| |
|
|
|
| |
We didn't use them at too many places, so using the code directly will
make it easier to read.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Equivalent to:
s/new_ldap_db/new_ldap_instance/
s/destroy_ldap_db/destroy_ldap_instance/
s/manager_get_ldap_db_and_cache/manager_get_ldap_instance_and_cache/
s/ldap_db_t/ldap_instance_t/
s/ldap_db/ldap_db/
|
| |
|
|
|
|
|
|
|
| |
Equivalent to:
s/ldap_instance/ldap_connection
s/ldap_inst/ldap_conn
This commit starts a series of larger code refactoring effort. More
changes and renames will follow.
|
| |
|
|
|
|
| |
Using the test [ -n "$docdir" ] was actually the opposite of what we
really wanted. Also, autoconf 2.59 doesn't know datarootdir, but only
datadir, so change that as well.
|
| |
|
|
|
| |
Don't use the -pedantic flags and include forgotten string.h header file
needed in zone_manager.c for strcmp().
|
| |
|
|
|
|
|
| |
This will now compile and work fairly well on a RHEL5 system with
the newest BIND (9.3.6-2.P1, some stuff is back-ported here). We added
a compat.h header file which contains a replacement for two functions.
We also did some ifdef-ing in acl.c.
|
| | |
|
| |
|
|
|
| |
Use mutex to serialize kinit.
Reuse existing valid creedentials if any.
|
| |
|
|
|
|
|
| |
We failed to delete the cache after a remove operation.
This made a DNS Update against a cached entry fail (we would remove
the attributes from ldap but never readd them back if they were
unchanged).
|
| |
|
|
| |
A bit hackish, but it does the job.
|
| | |
|
| |
|
|
|
|
| |
Still requires a manual kinit as the named user.
also requires to set the sasl user in named.conf
ex: arg "sasl_user DNS/ipaserver.example.com";
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
