IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

cert-request: handle missing zone

Browse Source 
SAN IP address validation, while determining the zone for a DNS name
or IP address, does not handle missing zones.  The resulting
dns.resolver.NoNameservers exception is not caught.  As a result,
InternalError is returned to client.

Update cert-request IP address name validation to handle this case.

Part of: https://pagure.io/freeipa/issue/7451
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Fraser Tweedale
2019-03-07 15:58:41 +11:00
parent f6489117f3
commit 8327e11b6b
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ipaserver/plugins/cert.py
View File

@@ -1173,8 +1173,12 @@ def _san_ip_update_reachable(reachable, dnsname, cname_depth):
"""
fqdn = dnsutil.DNSName(dnsname).make_absolute()
zone = dnsutil.DNSName(resolver.zone_for_name(fqdn))
try:
zone = dnsutil.DNSName(resolver.zone_for_name(fqdn))
except resolver.NoNameservers:
return # if there's no zone, there are no records
name = fqdn.relativize(zone)
try:
result = api.Command['dnsrecord_show'](zone, name)['result']
except errors.NotFound as nf:
@@ -1203,10 +1207,12 @@ def _ip_ptr_records(ip):
"""
rname = dnsutil.DNSName(reversename.from_address(ip))
zone = dnsutil.DNSName(resolver.zone_for_name(rname))
name = rname.relativize(zone)
try:
zone = dnsutil.DNSName(resolver.zone_for_name(rname))
name = rname.relativize(zone)
result = api.Command['dnsrecord_show'](zone, name)['result']
except resolver.NoNameservers:
ptrs = set() # if there's no zone, there are no records
except errors.NotFound:
ptrs = set()
else: