IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,449 Commits 11 Branches 60 Tags
896783bae817ef16ca1cb31a0c434fe863287cc3
Commit Graph

205 Commits

Author SHA1 Message Date
Petr Viktorin
b8c46f2a32 Modernize number literals 
Use Python-3 compatible syntax, without breaking compatibility with py 2.7

- Octals literals start with 0o to prevent confusion
- The "L" at the end of large int literals is not required as they use
  long on Python 2 automatically.
- Using 'int' instead of 'long' for small numbers is OK in all cases except
  strict type checking checking, e.g. type(0).

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-31 15:22:19 +02:00
Martin Basti
5ea41abe98 DNS: Consolidate DNS RR types in API and schema 
* Remove NSEC3, DNSKEY, TSIG, TKEY, TA records from API:
    These records never worked, they dont have attributes in schema.
    TSIG and TKEY are meta-RR should not be in LDAP
    TA is not supported by BIND
    NSEC3, DNSKEY are DNSSEC records generated by BIND, should not be
    in LDAP.
    *! SIG, NSEC are already defined in schema, must stay in API.

* Add HINFO, MINFO, MD, NXT records to API as unsupported records
    These records are already defined in LDAP schema

* Add schema for RP, APL, IPSEC, DHCID, HIP, SPF records
    These records were defined in IPA API as unsupported, but schema definition was
    missing. This causes that ACI cannot be created for these records
    and dnszone-find failed. (#5055)

https://fedorahosted.org/freeipa/ticket/4934
https://fedorahosted.org/freeipa/ticket/5055

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-07-21 17:18:29 +02:00
Martin Basti
96c23659fc DNS: Do not traceback if DNS is not installed 
Instead of internal error show 'DNS is not configured' message, when a
dns* command is executed.

https://fedorahosted.org/freeipa/ticket/5017

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 20:19:01 +02:00
Martin Basti
3ababb763b DNS: add UnknownRecord to schema 
defintion of UnknownRecord attributetype

https://fedorahosted.org/freeipa/ticket/4939

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-06-18 14:37:28 +02:00
Martin Basti
f8c8c360f1 DNSSEC: validate forward zone forwarders 
Show warning messages if DNSSEC validation is failing for particular FW
zone or if the specified forwarders do not work

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-06-11 13:12:31 +02:00
Martin Basti
9aa6124b39 DNSSEC: Improve global forwarders validation 
Validation now provides more detailed information and less false
positives failures.

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-06-11 13:12:31 +02:00
Martin Basti
f26220b9b3 DNS: remove NSEC3PARAM from records 
NSEC3PARAM is configurable only from zone commands. This patch removes
this record type from DNS records.

Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-03-09 15:21:04 +01:00
Martin Basti
63c497a1fb DNS fix: do not show part options for unsupported records 
Do not show parts options in help output, if record is marked as unsupported.

Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-03-09 15:21:04 +01:00
Martin Basti
0c3bf595f3 DNS fix: do not traceback if unsupported records are in LDAP 
Show records which are unsupported, if they are in LDAP.
Those records are not editable, and web UI doesnt show them.

Fixes traceback caused by --structured option

Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-03-09 15:21:04 +01:00
Martin Basti
af0a2409f9 Always return absolute idnsname in dnszone commands 
Ticket: https://fedorahosted.org/freeipa/ticket/4722
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-01-26 07:07:44 +00:00
Martin Basti
95371bd736 Detect and warn about invalid DNS forward zone configuration 
Shows warning if forward and parent authoritative zone do not have
proper NS record delegation, which can cause the forward zone will be
ineffective and forwarding will not work.

Ticket: https://fedorahosted.org/freeipa/ticket/4721
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-01-15 13:20:12 +01:00
Martin Basti
b5ff0b941e Show SSHFP record containing space in fingerprint 
SSHFP records added by nsupdate contains extra space (valid), framework
couldn't handle it.

Ticket: https://fedorahosted.org/freeipa/ticket/4790
Ticket: https://fedorahosted.org/freeipa/ticket/4789
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-12-10 18:35:45 +00:00
Martin Basti
310e46452c Fix warning message should not contain CLI commands 
Message is now universal for both CLI and WebUI

Ticket: https://fedorahosted.org/freeipa/ticket/4647
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-11-19 15:20:55 +01:00
Martin Basti
5e1172f560 fix forwarder validation errors 
Fix tests, validation in dnsconfig mod, wuser warning

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-10-21 15:55:09 +02:00
Martin Basti
10725033c6 DNSSEC: change link to ipa page 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
5556b7f50e DNSSEC: ACI 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
ca030a089f DNSSEC: validate forwarders 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
3f8cfdab26 Remove --ip-address, --name-server otpions from DNS help 
Ticket: https://fedorahosted.org/freeipa/ticket/4149
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-26 10:26:52 +02:00
Martin Basti
239adf9de4 DNS: autofill admin email 
Admins email (SOA RNAME) is autofilled with value 'hostmaster'. Bind
will automaticaly append zone part.

Part of ticket: https://fedorahosted.org/freeipa/ticket/4149

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 16:38:02 +02:00
Martin Basti
7bc17bb852 Deprecation of --name-server and --ip-address option in DNS 
Option --name-server is changing only SOA MNAME, this option has no more
effect to NS records

Option --ip-addres is just ignored

A warning message is sent after use these options

Part of ticket: https://fedorahosted.org/freeipa/ticket/4149

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 16:38:02 +02:00
Martin Basti
f846e0d1ef Fix DNS plugin to allow to add root zone 
Ticket: https://fedorahosted.org/freeipa/ticket/4149
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 16:38:02 +02:00
Martin Basti
7325983a48 DNS: remove --class option 
This option haven't been working, it is time to remove it.

Ticket: https://fedorahosted.org/freeipa/ticket/3414
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-25 12:08:22 +02:00
Martin Basti
2f1f122170 dnszone-remove-permission should raise error 
dnszone-remove-permission should raise NotFound error if permission was
not found (regression of 21c829ff).

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-25 09:58:47 +02:00
Martin Basti
16ecbb1507 FIX DNS wildcard records (RFC4592) 
Make validation more strict

* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name

Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-05 12:29:29 +02:00
Martin Basti
d0130195a9 DNS fix NS record coexistence validator 
NS can coexistent only with A, AAAA, DS, NS record

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-05 12:11:39 +02:00
Martin Basti
3be8ff6c46 DNSSEC: fix DS record validation 
Part of: https://fedorahosted.org/freeipa/ticket/3801

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-05 12:11:39 +02:00
Martin Basti
62a2559493 Fix dnsrecord-mod raise error if last record attr is removed 
Removing last record attribute causes output type validation error

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 10:34:11 +02:00
Gabe
9a0aae0133 Fix typos in dns.py 
https://fedorahosted.org/freeipa/ticket/4429

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
 2014-07-18 10:05:25 +02:00
Martin Basti
29951ada9f Non IDNA zonename should be normalized to lowercase 
Before IDNA support zone was normalized.

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-07-04 09:26:49 +02:00
Martin Basti
21c829ffa5 Fix incompatible permission name *zone-del 
Fixes ticket: https://fedorahosted.org/freeipa/ticket/4383

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-07-03 14:04:57 +02:00
Martin Basti
1c5fa1c28d Split dns docstring 
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-07-03 10:32:09 +02:00
Martin Basti
d22d971575 Help for forward zones 
Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-07-03 10:32:09 +02:00
Martin Basti
d18eea4578 Use documentation addresses in dns help 
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-07-03 10:32:09 +02:00
Martin Basti
70224597a8 Add DNSSEC experimental support warning message 
Ticket: https://fedorahosted.org/freeipa/ticket/4408
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-07-03 10:32:09 +02:00
Martin Basti
33cf958b98 Add warning about semantic change for zones 
--forwarder have different semantic since
forward zones support.
Add warning if zone contains forwarders.

Ticket: https://fedorahosted.org/freeipa/ticket/3210#comment:16
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-07-03 10:32:08 +02:00
Martin Basti
30551a8aa3 Add NSEC3PARAM to zone settings 
Ticket: https://fedorahosted.org/freeipa/ticket/4413
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-07-02 14:54:41 +02:00
Martin Basti
ff7b44e3b0 Remove NSEC3PARAM record 
Revert 5b95be802c

Ticket: https://fedorahosted.org/freeipa/ticket/4413
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-07-02 14:54:41 +02:00
Martin Basti
c655aa2832 Fix ACI in DNS 
Added ACI for idnssecinlinesigning, dlvrecord, nsec3paramrecord,
tlsarecord

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-07-01 12:43:55 +02:00
Martin Basti
12cb31575c DNSSEC: add TLSA record type 
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-07-01 12:37:08 +02:00
Martin Basti
816007bdd9 Fix incompatible DNS permission 
dns(forward)zone-add/remove-permission can work with permissions with
relative zone name

Ticket:https://fedorahosted.org/freeipa/ticket/4383

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-06-25 18:31:27 +02:00
Martin Basti
2229e89bbb Digest part in DLV/DS records allows only heaxadecimal characters 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-20 16:46:03 +02:00
Martin Basti
7cdc4178b0 DNSSEC: DLVRecord type added 
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-20 16:46:02 +02:00
Martin Basti
5b95be802c DNSSEC: added NSEC3PARAM record type 
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-20 15:41:40 +02:00
Martin Basti
48865aed5f DNSSEC: remove unsuported records 
Removed SIG, NSEC, KEy, RRSIG records

Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-20 15:41:39 +02:00
Martin Basti
727f5f3373 Create BASE zone class 
Zones and forward zones have a lot of common code,
this patch remove duplications by creating a DNSBase
class and its subclasses

design: http://www.freeipa.org/page/V4/Forward_zones

Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-20 13:14:45 +02:00
Martin Basti
266015c3e2 Prevent commands to modify different type of a zone 
Commands dnsforwardzone-* can modify only forward zones
Commands dnszone-* can modify only (master) zones
Commands dnsrecord-* can work only with master zones

design: http://www.freeipa.org/page/V4/Forward_zones

Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-20 13:14:45 +02:00
Martin Basti
49068ade92 Separate master and forward DNS zones 
Forward zones are stored in idnsforwadzone objectclasses.

design: http://www.freeipa.org/page/V4/Forward_zones

Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-20 13:14:45 +02:00
Petr Viktorin
853b6ef4ce Convert DNS default permissions to managed 
Convert the existing default permissions.

The Read permission is split between Read DNS Entries and Read
DNS Configuration.

Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-06-18 14:45:50 +02:00
Petr Spacek
91d3d4d7b2 Fix --ttl description for DNS zones 
TTL specified in idnsZone object class affects all records at zone apex,
not only SOA record.

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
 2014-06-12 09:57:58 +02:00
Nathaniel McCallum
255cbb4976 Update all remaining plugins to the new Registry API 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-06-11 09:24:22 +02:00