IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow relative DNS name in NS validator

Browse Source 
Precallback validator was failing when a zone-relative name was
used as a NS record (for example record "ns" in a zone "example.com").
However, this is valid in BIND and we should allow it as well.

Imports in dns module had to be switched to absolute imports
(available from Python 2.5) to deal with a conflict of IPA dns
module and dnspython module.

https://fedorahosted.org/freeipa/ticket/2630
This commit is contained in:
Martin Kosek 2012-05-29 15:06:31 +02:00
parent 6ff5f28142
commit 895203c477
2 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ipalib/plugins/dns.py
View File

@ -18,9 +18,12 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import
import netaddr import netaddr
import time import time
import re import re
import dns.name
from ipalib.request import context from ipalib.request import context
from ipalib import api, errors, output from ipalib import api, errors, output
@ -1488,7 +1491,11 @@ def zone_is_reverse(zone_name):
return False return False
def check_ns_rec_resolvable(name): def check_ns_rec_resolvable(zone, name):
if not name.endswith('.'):
# this is a DNS name relative to the zone
zone = dns.name.from_text(zone)
name = unicode(dns.name.from_text(name, origin=zone))
try: try:
return api.Command['dns_resolve'](name) return api.Command['dns_resolve'](name)
except errors.NotFound: except errors.NotFound:
@ -1707,12 +1714,12 @@ class dnszone_add(LDAPCreate):
raise errors.ValidationError(name='name-server', raise errors.ValidationError(name='name-server',
error=unicode(_("Nameserver address is not a fully qualified domain name"))) error=unicode(_("Nameserver address is not a fully qualified domain name")))
if not 'ip_address' in options and not options['force']:
check_ns_rec_resolvable(nameserver)
if nameserver[-1] != '.': if nameserver[-1] != '.':
nameserver += '.' nameserver += '.'
if not 'ip_address' in options and not options['force']:
check_ns_rec_resolvable(keys[0], nameserver)
entry_attrs['nsrecord'] = nameserver entry_attrs['nsrecord'] = nameserver
entry_attrs['idnssoamname'] = nameserver entry_attrs['idnssoamname'] = nameserver
return dn return dn
@ -1878,7 +1885,8 @@ class dnsrecord(LDAPObject):
nsrecords = entry_attrs.get('nsrecord') nsrecords = entry_attrs.get('nsrecord')
if options.get('force', False) or nsrecords is None: if options.get('force', False) or nsrecords is None:
return return
map(check_ns_rec_resolvable, nsrecords) for nsrecord in nsrecords:
check_ns_rec_resolvable(keys[0], nsrecord)
def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options): def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
ptrrecords = entry_attrs.get('ptrrecord') ptrrecords = entry_attrs.get('ptrrecord')

16
tests/test_xmlrpc/test_dns_plugin.py
View File

@ -820,14 +820,20 @@ class test_dns(Declarative):
), ),
dict( dict(
desc='Try to add unresolvable NS record to %r using dnsrecord_add' % (dnsres1), desc='Try to add unresolvable absolute NS record to %r using dnsrecord_add' % (dnsres1),
command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist.'}),
expected=errors.NotFound(reason=u"Nameserver 'does.not.exist.' does not have a corresponding A/AAAA record"),
),
dict(
desc='Try to add unresolvable relative NS record to %r using dnsrecord_add' % (dnsres1),
command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist'}), command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist'}),
expected=errors.NotFound(reason=u"Nameserver 'does.not.exist' does not have a corresponding A/AAAA record"), expected=errors.NotFound(reason=u"Nameserver 'does.not.exist.%s.' does not have a corresponding A/AAAA record" % dnszone1),
), ),
dict( dict(
desc='Add unresolvable NS record with --force to %r using dnsrecord_add' % (dnsres1), desc='Add unresolvable NS record with --force to %r using dnsrecord_add' % (dnsres1),
command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist', command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist.',
'force' : True}), 'force' : True}),
expected={ expected={
'value': dnsres1, 'value': dnsres1,
@ -841,7 +847,7 @@ class test_dns(Declarative):
'kxrecord': [u'1 foo-1'], 'kxrecord': [u'1 foo-1'],
'txtrecord': [u'foo bar'], 'txtrecord': [u'foo bar'],
'nsecrecord': [dnszone1 + u' TXT A'], 'nsecrecord': [dnszone1 + u' TXT A'],
'nsrecord': [u'does.not.exist'], 'nsrecord': [u'does.not.exist.'],
}, },
}, },
), ),
@ -866,7 +872,7 @@ class test_dns(Declarative):
'kxrecord': [u'1 foo-1'], 'kxrecord': [u'1 foo-1'],
'txtrecord': [u'foo bar'], 'txtrecord': [u'foo bar'],
'nsecrecord': [dnszone1 + u' TXT A'], 'nsecrecord': [dnszone1 + u' TXT A'],
'nsrecord': [u'does.not.exist'], 'nsrecord': [u'does.not.exist.'],
}, },
}, },
), ),