IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow localhost in zone ACIs

Browse Source 
Loopback address, "localhost" and "localnets" ACIs are no longer
an issue for bind-dyndb-ldap. Allow them in our validators.
This commit is contained in:
Martin Kosek 2012-09-06 11:34:02 +02:00
parent 22b7d7e7d9
commit 47ff46d042
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ipalib/plugins/dns.py
View File

@ -299,18 +299,15 @@ def _validate_bind_aci(ugettext, bind_acis):
bind_acis.pop(-1)
for bind_aci in bind_acis:
if bind_aci in ("any", "none"):
if bind_aci in ("any", "none", "localhost", "localnets"):
continue
if bind_aci in ("localhost", "localnets"):
return _('ACL name "%s" is not supported') % bind_aci
if bind_aci.startswith('!'):
bind_aci = bind_aci[1:]
try:
ip = CheckedIPAddress(bind_aci, parse_netmask=True,
allow_network=True)
allow_network=True, allow_loopback=True)
except (netaddr.AddrFormatError, ValueError), e:
return unicode(e)
except UnboundLocalError:
@ -335,7 +332,7 @@ def _normalize_bind_aci(bind_acis):
try:
ip = CheckedIPAddress(bind_aci, parse_netmask=True,
allow_network=True)
allow_network=True, allow_loopback=True)
if '/' in bind_aci: # addr with netmask
netmask = "/%s" % ip.prefixlen
else: