IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-27 16:46:42 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use custom zonemgr for reverse zones

Browse Source 
When DNS is being installed during ipa-{server,dns,replica}-install,
forward and reverse zone is created. However, reverse zone was always
created with default zonemgr even when a custom zonemgr was passed
to the installer as this functionality was missing in function
creating reverse zone.

Consolidate functions creating forward and reverse zones to avoid
code duplication and errors like this one. Reverse zones are now
created with custom zonemgr (when entered by user).

https://fedorahosted.org/freeipa/ticket/2790
This commit is contained in:
Martin Kosek 2012-09-25 10:36:01 +02:00
parent ba5248135c
commit c49bc80494
4 changed files with 33 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/tools/ipa-replica-prepare
View File

@ -28,7 +28,7 @@ import krbV
from ipapython import ipautil
from ipaserver.install import bindinstance, dsinstance, installutils, certs
from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_container_exists
from ipaserver.install.bindinstance import add_zone, add_fwd_rr, add_ptr_rr, dns_container_exists
from ipaserver.install.replication import enable_replication_version_checking
from ipaserver.install.installutils import resolve_host, BadHostError, HostLookupError
from ipaserver.plugins.ldap2 import ldap2
@ -466,7 +466,7 @@ def main():
if reverse_zone is not None:
print "Using reverse zone %s" % reverse_zone
add_reverse_zone(reverse_zone)
add_zone(reverse_zone)
add_ptr_rr(reverse_zone, ip_address, replica_fqdn)
try:

25
ipalib/plugins/dns.py
View File

@ -34,7 +34,7 @@ from ipalib import _, ngettext
from ipalib.util import (validate_zonemgr, normalize_zonemgr,
validate_hostname, validate_dns_label, validate_domain_name,
get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy,
get_reverse_zone_default)
get_reverse_zone_default, zone_is_reverse, REVERSE_DNS_ZONES)
from ipapython.ipautil import valid_ip, CheckedIPAddress, is_host_resolvable
__doc__ = _("""
@ -1499,19 +1499,6 @@ _dns_record_options = tuple(__dns_record_options_iter())
_dns_supported_record_types = tuple(record.rrtype for record in _dns_records \
if record.supported)
# dictionary of valid reverse zone -> number of address components
_valid_reverse_zones = {
'.in-addr.arpa.' : 4,
'.ip6.arpa.' : 32,
}
def zone_is_reverse(zone_name):
for rev_zone_name in _valid_reverse_zones.keys():
if zone_name.endswith(rev_zone_name):
return True
return False
def check_ns_rec_resolvable(zone, name):
if not name.endswith('.'):
# this is a DNS name relative to the zone
@ -1842,7 +1829,7 @@ class dnszone_find(LDAPSearch):
assert isinstance(base_dn, DN)
if options.get('forward_only', False):
search_kw = {}
search_kw['idnsname'] = _valid_reverse_zones.keys()
search_kw['idnsname'] = REVERSE_DNS_ZONES.keys()
rev_zone_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE, exact=False,
trailing_wildcard=False)
filter = ldap.combine_filters((rev_zone_filter, filter), rules=ldap.MATCH_ALL)
@ -2027,14 +2014,14 @@ class dnsrecord(LDAPObject):
else:
addr = keys[-1]
zone_len = 0
for valid_zone in _valid_reverse_zones:
if zone.find(valid_zone) != -1:
for valid_zone in REVERSE_DNS_ZONES:
if zone.endswith(valid_zone):
zone = zone.replace(valid_zone,'')
zone_name = valid_zone
zone_len = _valid_reverse_zones[valid_zone]
zone_len = REVERSE_DNS_ZONES[valid_zone]
if not zone_len:
allowed_zones = ', '.join(_valid_reverse_zones)
allowed_zones = ', '.join(REVERSE_DNS_ZONES)
raise errors.ValidationError(name='ptrrecord',
error=unicode(_('Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: %s') % allowed_zones))

13
ipalib/util.py
View File

@ -494,6 +494,19 @@ def get_dns_reverse_zone_update_policy(realm, reverse_zone, rrtypes=('PTR',)):
return policy
# dictionary of valid reverse zone -> number of address components
REVERSE_DNS_ZONES = {
'.in-addr.arpa.' : 4,
'.ip6.arpa.' : 32,
}
def zone_is_reverse(zone_name):
zone_name = normalize_zone(zone_name)
if any(zone_name.endswith(name) for name in REVERSE_DNS_ZONES):
return True
return False
def get_reverse_zone_default(ip_address):
ip = netaddr.IPAddress(ip_address)
items = ip.reverse_dns.split('.')

61
ipaserver/install/bindinstance.py
View File

@ -34,7 +34,7 @@ from ipapython import ipautil
from ipalib.parameters import IA5Str
from ipalib.util import (validate_zonemgr, normalize_zonemgr,
get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy,
normalize_zone, get_reverse_zone_default)
normalize_zone, get_reverse_zone_default, zone_is_reverse)
from ipapython.ipa_log_manager import *
from ipalib.text import _
@ -252,8 +252,15 @@ def read_reverse_zone(default, ip_address):
def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None,
update_policy=None):
if zone_is_reverse(name):
# always normalize reverse zones
name = normalize_zone(name)
if update_policy is None:
update_policy = get_dns_forward_zone_update_policy(api.env.realm)
if zone_is_reverse(name):
update_policy = get_dns_reverse_zone_update_policy(api.env.realm, name)
else:
update_policy = get_dns_forward_zone_update_policy(api.env.realm)
if zonemgr is None:
zonemgr = 'hostmaster.%s' % name
@ -276,13 +283,14 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
else:
ns_main = ns_hostname
ns_replicas = []
ns_main = normalize_zone(ns_main)
if ns_ip_address is not None:
ns_ip_address = unicode(ns_ip_address)
try:
api.Command.dnszone_add(unicode(name),
idnssoamname=unicode(ns_main+'.'),
idnssoamname=unicode(ns_main),
idnssoarname=unicode(zonemgr),
ip_address=ns_ip_address,
idnsallowdynupdate=True,
@ -296,51 +304,6 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
for hostname in nameservers:
add_ns_rr(name, hostname, dns_backup=None, force=True)
def add_reverse_zone(zone, ns_hostname=None, ns_ip_address=None,
ns_replicas=[], update_policy=None, dns_backup=None):
zone = normalize_zone(zone)
if update_policy is None:
update_policy = get_dns_reverse_zone_update_policy(api.env.realm, zone)
if ns_hostname is None:
# automatically retrieve list of DNS masters
dns_masters = api.Object.dnsrecord.get_dns_masters()
if not dns_masters:
raise installutils.ScriptError(
"No IPA server with DNS support found!")
ns_main = dns_masters.pop(0)
ns_replicas = dns_masters
addresses = resolve_host(ns_main)
if len(addresses) > 0:
# use the first address
ns_ip_address = addresses[0]
else:
ns_ip_address = None
else:
ns_main = ns_hostname
ns_replicas = []
if ns_ip_address is not None:
ns_ip_address = unicode(ns_ip_address)
try:
api.Command.dnszone_add(unicode(zone),
idnssoamname=unicode(ns_main+'.'),
idnsallowdynupdate=True,
ip_address=ns_ip_address,
idnsupdatepolicy=unicode(update_policy),
idnsallowquery=u'any',
idnsallowtransfer=u'none',)
except (errors.DuplicateEntry, errors.EmptyModlist):
pass
nameservers = ns_replicas + [ns_main]
for hostname in nameservers:
add_ns_rr(zone, hostname, dns_backup=None, force=True)
def add_rr(zone, name, type, rdata, dns_backup=None, **kwargs):
addkw = { '%srecord' % str(type.lower()) : unicode(rdata) }
addkw.update(kwargs)
@ -639,7 +602,7 @@ class BindInstance(service.Service):
add_ptr_rr(self.reverse_zone, self.ip_address, self.fqdn)
def __setup_reverse_zone(self):
add_reverse_zone(self.reverse_zone, ns_hostname=api.env.host,
add_zone(self.reverse_zone, self.zonemgr, ns_hostname=api.env.host,
ns_ip_address=self.ip_address, dns_backup=self.dns_backup)
def __setup_principal(self):