On Thu, 2012-05-31 at 13:42 +0200, Petr Viktorin wrote:
> On 05/29/2012 03:11 PM, Martin Kosek wrote:
> > Precallback validator was failing when a zone-relative name was
> > used as a NS record (for example record "ns" in a zone "example.com").
> > However, this is valid in BIND and we should allow it as well.
> >
> > Imports in dns module had to be switched to absolute imports
> > (available from Python 2.5) to deal with a conflict of IPA dns
> > module and dnspython module.
> >
> > https://fedorahosted.org/freeipa/ticket/2630
> >
> 
> This works fine, but it breaks a test:
> 
> ======================================================================
> FAIL: test_dns[48]: dnsrecord_add: Try to add unresolvable NS record to 
> u'testdnsres' using dnsrecord_add
> ----------------------------------------------------------------------
> [...]
> 
>    expected = u"Nameserver 'does.not.exist' does not have a 
> corresponding A/AAAA record"
>    got = u"Nameserver 'does.not.exist.dnszone.test.' does not have a 
> corresponding A/AAAA record"
>    path = ()
> 

I updated the tests to use an absolute DNS record. All DNS tests should
now succeed.

Martin
>From 1dd80e27270e902215b8fd02869346edb707be1a Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Tue, 29 May 2012 15:06:31 +0200
Subject: [PATCH] Allow relative DNS name in NS validator

Precallback validator was failing when a zone-relative name was
used as a NS record (for example record "ns" in a zone "example.com").
However, this is valid in BIND and we should allow it as well.

Imports in dns module had to be switched to absolute imports
(available from Python 2.5) to deal with a conflict of IPA dns
module and dnspython module.

https://fedorahosted.org/freeipa/ticket/2630
---
 ipalib/plugins/dns.py                |   18 +++++++++++++-----
 tests/test_xmlrpc/test_dns_plugin.py |   10 +++++-----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 192cc051c77725067292772014c15c608fb8c4d2..1bf75427245e7435364ad5695e35426f5fd67be8 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -18,9 +18,12 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from __future__ import absolute_import
+
 import netaddr
 import time
 import re
+import dns.name
 
 from ipalib.request import context
 from ipalib import api, errors, output
@@ -1488,7 +1491,11 @@ def zone_is_reverse(zone_name):
 
     return False
 
-def check_ns_rec_resolvable(name):
+def check_ns_rec_resolvable(zone, name):
+    if not name.endswith('.'):
+        # this is a DNS name relative to the zone
+        zone = dns.name.from_text(zone)
+        name = unicode(dns.name.from_text(name, origin=zone))
     try:
         return api.Command['dns_resolve'](name)
     except errors.NotFound:
@@ -1707,12 +1714,12 @@ class dnszone_add(LDAPCreate):
             raise errors.ValidationError(name='name-server',
                     error=unicode(_("Nameserver address is not a fully qualified domain name")))
 
-        if not 'ip_address' in options and not options['force']:
-            check_ns_rec_resolvable(nameserver)
-
         if nameserver[-1] != '.':
             nameserver += '.'
 
+        if not 'ip_address' in options and not options['force']:
+            check_ns_rec_resolvable(keys[0], nameserver)
+
         entry_attrs['nsrecord'] = nameserver
         entry_attrs['idnssoamname'] = nameserver
         return dn
@@ -1878,7 +1885,8 @@ class dnsrecord(LDAPObject):
         nsrecords = entry_attrs.get('nsrecord')
         if options.get('force', False) or nsrecords is None:
             return
-        map(check_ns_rec_resolvable, nsrecords)
+        for nsrecord in nsrecords:
+            check_ns_rec_resolvable(keys[0], nsrecord)
 
     def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
         ptrrecords = entry_attrs.get('ptrrecord')
diff --git a/tests/test_xmlrpc/test_dns_plugin.py b/tests/test_xmlrpc/test_dns_plugin.py
index b18ca90817fafdd9c8709d101ba191d5e970450e..59f92161c562213b72d527aadbbe694874c37e8f 100644
--- a/tests/test_xmlrpc/test_dns_plugin.py
+++ b/tests/test_xmlrpc/test_dns_plugin.py
@@ -821,13 +821,13 @@ class test_dns(Declarative):
 
         dict(
             desc='Try to add unresolvable NS record to %r using dnsrecord_add' % (dnsres1),
-            command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist'}),
-            expected=errors.NotFound(reason=u"Nameserver 'does.not.exist' does not have a corresponding A/AAAA record"),
+            command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist.'}),
+            expected=errors.NotFound(reason=u"Nameserver 'does.not.exist.' does not have a corresponding A/AAAA record"),
         ),
 
         dict(
             desc='Add unresolvable NS record with --force to %r using dnsrecord_add' % (dnsres1),
-            command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist',
+            command=('dnsrecord_add', [dnszone1, dnsres1], {'nsrecord': u'does.not.exist.',
                                                             'force' : True}),
             expected={
                 'value': dnsres1,
@@ -841,7 +841,7 @@ class test_dns(Declarative):
                     'kxrecord': [u'1 foo-1'],
                     'txtrecord': [u'foo bar'],
                     'nsecrecord': [dnszone1 + u' TXT A'],
-                    'nsrecord': [u'does.not.exist'],
+                    'nsrecord': [u'does.not.exist.'],
                 },
             },
         ),
@@ -866,7 +866,7 @@ class test_dns(Declarative):
                     'kxrecord': [u'1 foo-1'],
                     'txtrecord': [u'foo bar'],
                     'nsecrecord': [dnszone1 + u' TXT A'],
-                    'nsrecord': [u'does.not.exist'],
+                    'nsrecord': [u'does.not.exist.'],
                 },
             },
         ),
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to