On 12.5.2011 14:47, Jan Cholasta wrote:


Rewrote host.py so that it doesn't use get_reverse_zone from
ipaserver.bindinstance (which fixes the pylint errors).

Honza


Patch updated. Requires patch 18.1.

--
Jan Cholasta
>From e2014a486af0a8bdfb4f660e06680a0d969c71db Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Fri, 20 May 2011 20:24:01 +0200
Subject: [PATCH] Honor netmask in DNS reverse zone setup.

ticket 910
---
 install/tools/ipa-dns-install     |    3 +-
 install/tools/ipa-replica-install |    3 +-
 install/tools/ipa-replica-prepare |    9 ++++---
 install/tools/ipa-server-install  |    3 +-
 ipalib/plugins/host.py            |   31 +++++++++++++++++++----
 ipaserver/install/bindinstance.py |   49 ++++++++++++++++++++++++-------------
 6 files changed, 68 insertions(+), 30 deletions(-)

diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 491585b..d41a476 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -138,6 +138,7 @@ def main():
             sys.exit("Unable to resolve IP address for host name")
         else:
             ip_address = read_ip_address(api.env.host, fstore)
+    ip_prefixlen = ip_address.prefixlen
     ip_address = str(ip_address)
     logging.debug("will use ip_address: %s\n", ip_address)
 
@@ -183,7 +184,7 @@ def main():
         create_reverse = not options.no_reverse
     elif not options.no_reverse:
         create_reverse = bindinstance.create_reverse()
-    bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
+    bind.setup(api.env.host, ip_address, ip_prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
 
     if bind.dm_password:
         api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2b7c8ca..6aace12 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -287,6 +287,7 @@ def install_bind(config, options):
         sys.exit("Unable to resolve IP address for host name")
     ip = installutils.parse_ip_address(ip_address)
     ip_address = str(ip)
+    ip_prefixlen = ip.prefixlen
 
     create_reverse = True
     if options.unattended:
@@ -300,7 +301,7 @@ def install_bind(config, options):
             # specified, ask the user
             create_reverse = bindinstance.create_reverse()
 
-    bind.setup(config.host_name, ip_address, config.realm_name,
+    bind.setup(config.host_name, ip_address, ip_prefixlen, config.realm_name,
                config.domain_name, forwarders, options.conf_ntp, create_reverse)
     bind.create_instance()
 
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 04a6478..efc89f5 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -28,7 +28,7 @@ from optparse import OptionParser
 
 from ipapython import ipautil
 from ipaserver.install import bindinstance, dsinstance, installutils, certs
-from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr
+from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr
 from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking
 from ipaserver.plugins.ldap2 import ldap2
 from ipapython import version
@@ -426,10 +426,11 @@ def main():
         domain = ".".join(domain)
 
         ip_address = str(options.ip_address)
+        ip_prefixlen = options.ip_address.prefixlen
         zone = add_zone(domain, nsaddr=ip_address)
-        add_rr(zone, name, "A", ip_address)
-        add_reverse_zone(ip_address)
-        add_ptr_rr(ip_address, replica_fqdn)
+        add_fwd_rr(zone, name, ip_address)
+        add_reverse_zone(ip_address, ip_prefixlen)
+        add_ptr_rr(ip_address, ip_prefixlen, replica_fqdn)
 
 try:
     if not os.geteuid()==0:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 4a93802..5a09d40 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -644,6 +644,7 @@ def main():
         ip = read_ip_address(host_name, fstore)
         logging.debug("read ip_address: %s\n" % str(ip))
     ip_address = str(ip)
+    ip_prefixlen = ip.prefixlen
 
     print "The IPA Master Server will be configured with"
     print "Hostname:    " + host_name
@@ -914,7 +915,7 @@ def main():
                 # specified, ask the user
                 create_reverse = bindinstance.create_reverse()
 
-    bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp, create_reverse, zonemgr=options.zonemgr)
+    bind.setup(host_name, ip_address, ip_prefixlen, realm_name, domain_name, dns_forwarders, options.conf_ntp, create_reverse, zonemgr=options.zonemgr)
     if options.setup_dns:
         api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
 
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 52830de..82cb07a 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -91,8 +91,6 @@ from ipalib import _, ngettext
 from ipalib import x509
 from ipapython.ipautil import ipa_generate_password
 from ipalib.request import context
-if api.env.context in ['lite', 'server']:
-    from ipaserver.install.bindinstance import get_reverse_zone
 import base64
 import nss.nss as nss
 import netaddr
@@ -111,16 +109,37 @@ def is_forward_record(zone, str_address):
     if addr.version == 4:
         result = api.Command['dnsrecord_find'](zone, arecord=str_address)
     elif addr.version == 6:
-        result = api.Command['dnsrecord_find'](zone, aaarecord=str_address)
+        result = api.Command['dnsrecord_find'](zone, aaaarecord=str_address)
     else:
         raise ValueError('Invalid address family')
 
     return result['count'] > 0
 
+def find_reverse_zone(ipaddr):
+    ip = netaddr.IPAddress(ipaddr)
+    revdns = unicode(ip.reverse_dns)
+
+    revzone = u''
+
+    result = api.Command['dnszone_find']()['result']
+    for zone in result:
+        zonename = zone['idnsname'][0]
+        if revdns.endswith(zonename) and len(zonename) > len(revzone):
+            revzone = zonename
+
+    if len(revzone) == 0:
+        raise errors.NotFound(
+            reason=_('DNS reverse zone for IP address %(addr) not found') % dict(addr=ipaddr)
+        )
+
+    revname = revdns[:-len(revzone)-1]
+
+    return revzone, revname
+
 def remove_fwd_ptr(ipaddr, host, domain, recordtype):
     api.log.debug('deleting ipaddr %s' % ipaddr)
-    revzone, revname = get_reverse_zone(ipaddr)
     try:
+        revzone, revname = find_reverse_zone(ipaddr)
         delkw = { 'ptrrecord' : "%s.%s." % (host, domain) }
         api.Command['dnsrecord_del'](revzone, revname, **delkw)
     except errors.NotFound:
@@ -322,7 +341,7 @@ class host_add(LDAPCreate):
                 )
             if not options.get('no_reverse', False):
                 # we prefer lookup of the IP through the reverse zone
-                revzone, revname = get_reverse_zone(options['ip_address'])
+                revzone, revname = find_reverse_zone(options['ip_address'])
                 # Verify that our reverse zone exists
                 match = False
                 for zone in result:
@@ -381,7 +400,7 @@ class host_add(LDAPCreate):
                 add_forward_record(domain, parts[0], options['ip_address'])
 
                 if not options.get('no_reverse', False):
-                    revzone, revname = get_reverse_zone(options['ip_address'])
+                    revzone, revname = find_reverse_zone(options['ip_address'])
                     try:
                         addkw = { 'ptrrecord' : keys[-1]+'.' }
                         api.Command['dnsrecord_add'](revzone, revname, **addkw)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 3208688..817ff7f 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -98,16 +98,20 @@ def dns_container_exists(fqdn, suffix):
 
     return ret
 
-def get_reverse_zone(ip_address_str):
+def get_reverse_zone(ip_address_str, ip_prefix_len):
     ip = netaddr.IPAddress(ip_address_str)
+    items = ip.reverse_dns.split('.')
+
     if ip.version == 4:
-        name, dot, zone = ip.reverse_dns.partition('.')
+        pos = 4 - ip_prefix_len / 8
     elif ip.version == 6:
-        name = '.'.join(ip.reverse_dns.split('.')[:8])
-        zone = '.'.join(ip.reverse_dns.split('.')[8:])
+        pos = 32 - ip_prefix_len / 4
     else:
         raise ValueError('Bad address format?')
 
+    name = '.'.join(items[:pos])
+    zone = '.'.join(items[pos:])
+
     return unicode(zone), unicode(name)
 
 def dns_zone_exists(name):
@@ -138,8 +142,8 @@ def add_zone(name, zonemgr=None, dns_backup=None, nsaddr=None, update_policy=Non
     add_rr(name, "@", "NS", api.env.host+'.', dns_backup, force=True)
     return name
 
-def add_reverse_zone(ip_address, update_policy=None, dns_backup=None):
-    zone, name = get_reverse_zone(ip_address)
+def add_reverse_zone(ip_address, ip_prefix_len, update_policy=None, dns_backup=None):
+    zone, name = get_reverse_zone(ip_address, ip_prefix_len)
     if not update_policy:
         update_policy = "grant %s krb5-subdomain %s. PTR;" % (api.env.realm, zone)
     try:
@@ -172,8 +176,8 @@ def add_fwd_rr(zone, host, ip_address):
     elif addr.version == 6:
         add_rr(zone, host, "AAAA", ip_address)
 
-def add_ptr_rr(ip_address, fqdn, dns_backup=None):
-    zone, name = get_reverse_zone(ip_address)
+def add_ptr_rr(ip_address, ip_prefix_len, fqdn, dns_backup=None):
+    zone, name = get_reverse_zone(ip_address, ip_prefix_len)
     add_rr(zone, name, "PTR", fqdn+".", dns_backup)
 
 def del_rr(zone, name, type, rdata):
@@ -249,6 +253,7 @@ class BindInstance(service.Service):
         self.domain = None
         self.host = None
         self.ip_address = None
+        self.ip_prefix_len = None
         self.realm = None
         self.forwarders = None
         self.sub_dict = None
@@ -259,10 +264,11 @@ class BindInstance(service.Service):
         else:
             self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
 
-    def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, create_reverse, named_user="named", zonemgr=None):
+    def setup(self, fqdn, ip_address, ip_prefix_len, realm_name, domain_name, forwarders, ntp, create_reverse, named_user="named", zonemgr=None):
         self.named_user = named_user
         self.fqdn = fqdn
         self.ip_address = ip_address
+        self.ip_prefix_len = ip_prefix_len
         self.realm = realm_name
         self.domain = domain_name
         self.forwarders = forwarders
@@ -390,11 +396,11 @@ class BindInstance(service.Service):
 
         # Add forward and reverse records to self
         add_fwd_rr(zone, self.host, self.ip_address)
-        if dns_zone_exists(get_reverse_zone(self.ip_address)[0]):
-            add_ptr_rr(self.ip_address, self.fqdn)
+        if dns_zone_exists(get_reverse_zone(self.ip_address, self.ip_prefix_len)[0]):
+            add_ptr_rr(self.ip_address, self.ip_prefix_len, self.fqdn)
 
     def __setup_reverse_zone(self):
-        add_reverse_zone(self.ip_address, dns_backup=self.dns_backup)
+        add_reverse_zone(self.ip_address, self.ip_prefix_len, dns_backup=self.dns_backup)
 
     def __setup_principal(self):
         dns_principal = "DNS/" + self.fqdn + "@" + self.realm
@@ -482,16 +488,25 @@ class BindInstance(service.Service):
         for (record, type, rdata) in resource_records:
             del_rr(zone, record, type, rdata)
 
-        areclist = get_rr(zone, host, "A")
-        if len(areclist) != 0:
-            for rdata in areclist:
-                del_rr(zone, host, "A", rdata)
+        areclist = [("A", x) for x in get_rr(zone, host, "A")] + [("AAAA", x) for x in get_rr(zone, host, "AAAA")]
+        for (type, rdata) in areclist:
+            del_rr(zone, host, type, rdata)
+
+            ip = netaddr.IPAddress(rdata)
+            rzone = ip.reverse_dns
+            record = ''
+
+            while True:
+                part, dot, rzone = rzone.partition('.')
+                if len(rzone) == 0:
+                    break
+                record = (record + '.' + part).lstrip('.')
 
-                rzone, record = get_reverse_zone(rdata)
                 if dns_zone_exists(rzone):
                     del_rr(rzone, record, "PTR", fqdn+".")
                     # remove also master NS record from the reverse zone
                     del_rr(rzone, "@", "NS", fqdn+".")
+                    break
 
 
     def uninstall(self):
-- 
1.7.4.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to