IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Check hostname resolution sanity

Browse Source 
Always check (even with --setup-dns or --no-host-dns) that if the
host name or ip address resolves, it resolves to sane value. Otherwise
report an error. Misconfigured /etc/hosts causing these errors could
harm the installation later.

https://fedorahosted.org/freeipa/ticket/1923
This commit is contained in:
Martin Kosek 2011-10-07 14:23:20 +02:00 committed by Rob Crittenden
parent edd334c67a
commit 93feb52932
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
install/tools/ipa-replica-prepare
View File

@ -269,7 +269,7 @@ def main():
sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
try: try:
installutils.verify_fqdn(replica_fqdn, system_name_check=False) installutils.verify_fqdn(replica_fqdn, local_hostname=False)
except BadHostError, e: except BadHostError, e:
msg = str(e) msg = str(e)
if isinstance(e, HostLookupError): if isinstance(e, HostLookupError):

14
ipaserver/install/installutils.py
View File

@ -129,7 +129,7 @@ def verify_dns_records(host_name, responses, resaddr, family):
raise RuntimeError("The DNS forward record %s does not match the reverse address %s" % (rec.dns_name, rev.rdata.ptrdname)) raise RuntimeError("The DNS forward record %s does not match the reverse address %s" % (rec.dns_name, rev.rdata.ptrdname))
def verify_fqdn(host_name, no_host_dns=False, system_name_check=True): def verify_fqdn(host_name, no_host_dns=False, local_hostname=True):
""" """
Run fqdn checks for given host: Run fqdn checks for given host:
- test hostname format - test hostname format
@ -140,7 +140,7 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True):
:param host_name: The host name to verify. :param host_name: The host name to verify.
:param no_host_dns: If true, skip DNS resolution tests of the host name. :param no_host_dns: If true, skip DNS resolution tests of the host name.
:param system_name_check: If true, check if the host name matches the system host name. :param local_hostname: If true, run additional checks for local hostnames
""" """
if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain": if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain":
raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name) raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name)
@ -151,7 +151,15 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True):
if ipautil.valid_ip(host_name): if ipautil.valid_ip(host_name):
raise BadHostError("IP address not allowed as a hostname") raise BadHostError("IP address not allowed as a hostname")
if system_name_check: if local_hostname:
try:
ex_name = socket.gethostbyaddr(host_name)
if host_name != ex_name[0]:
raise HostLookupError("The host name %s does not match the primary host name %s. "\
"Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0]))
except socket.gaierror:
pass
system_host_name = socket.gethostname() system_host_name = socket.gethostname()
if not (host_name + '.').startswith(system_host_name + '.'): if not (host_name + '.').startswith(system_host_name + '.'):
print "Warning: The host name '%s' does not match the system host name '%s'." % (host_name, system_host_name) print "Warning: The host name '%s' does not match the system host name '%s'." % (host_name, system_host_name)