Precallback validator was failing when a zone-relative name was used as a NS record (for example record "ns" in a zone "example.com"). However, this is valid in BIND and we should allow it as well.
Imports in dns module had to be switched to absolute imports (available from Python 2.5) to deal with a conflict of IPA dns module and dnspython module. https://fedorahosted.org/freeipa/ticket/2630
>From 346b8d22ae5f14e618ef237974e027a3aca930f4 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Tue, 29 May 2012 15:06:31 +0200 Subject: [PATCH] Allow relative DNS name in NS validator Precallback validator was failing when a zone-relative name was used as a NS record (for example record "ns" in a zone "example.com"). However, this is valid in BIND and we should allow it as well. Imports in dns module had to be switched to absolute imports (available from Python 2.5) to deal with a conflict of IPA dns module and dnspython module. https://fedorahosted.org/freeipa/ticket/2630 --- ipalib/plugins/dns.py | 18 +++++++++++++----- 1 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index e26332d46832622ad0321ef3083aec4eef3db1b3..eef938dce5ac1a5a098495ad9e619d1c562cc342 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -18,9 +18,12 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +from __future__ import absolute_import + import netaddr import time import re +import dns.name from ipalib.request import context from ipalib import api, errors, output @@ -1488,7 +1491,11 @@ def zone_is_reverse(zone_name): return False -def check_ns_rec_resolvable(name): +def check_ns_rec_resolvable(zone, name): + if not name.endswith('.'): + # this is a DNS name relative to the zone + zone = dns.name.from_text(zone) + name = unicode(dns.name.from_text(name, origin=zone)) try: return api.Command['dns_resolve'](name) except errors.NotFound: @@ -1707,12 +1714,12 @@ class dnszone_add(LDAPCreate): raise errors.ValidationError(name='name-server', error=unicode(_("Nameserver address is not a fully qualified domain name"))) - if not 'ip_address' in options and not options['force']: - check_ns_rec_resolvable(nameserver) - if nameserver[-1] != '.': nameserver += '.' + if not 'ip_address' in options and not options['force']: + check_ns_rec_resolvable(keys[0], nameserver) + entry_attrs['nsrecord'] = nameserver entry_attrs['idnssoamname'] = nameserver return dn @@ -1877,7 +1884,8 @@ class dnsrecord(LDAPObject): nsrecords = entry_attrs.get('nsrecord') if options.get('force', False) or nsrecords is None: return - map(check_ns_rec_resolvable, nsrecords) + for nsrecord in nsrecords: + check_ns_rec_resolvable(keys[0], nsrecord) def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options): ptrrecords = entry_attrs.get('ptrrecord') -- 1.7.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel