On Mon, 2014-06-30 at 18:07 +0200, Petr Vobornik wrote:
> On 27.6.2014 14:55, Martin Basti wrote:
> > On Thu, 2014-06-26 at 13:57 +0200, Petr Vobornik wrote:
> >> On 25.6.2014 14:35, Martin Basti wrote:
> >>> On Wed, 2014-06-25 at 14:31 +0200, Martin Basti wrote:
> >>>> Ticket https://fedorahosted.org/freeipa/ticket/4328#comment:12
> >>>> Patches attached.
> >>>>
> >>>> Note: ACI will be updated in another patch which fix ACIs in DNS plugin
> >>>
> >>> Patches are here
> >>>
> >> What are patch 0078's dependencies? I'm missing necessary blobs..
> >> (current master). Also it requires rebase because of today's pushes to
> >> master (VERSION conflict).
> >
> > Rebased patch attached
> >
>
> Patch 0078-2:
>
> Just nitpicks.
>
> 1. The LDAP attribute type description should be changed to something
> more meaningful. the "DNS-Based Authentication of Named Entities -
> Transport Layer Security Protocol, RFC 6698" is the complete effort. It
> does not say anything about the TLSA record itself. I suggest: "TLSA
> certificate association, RFC 6698" which is used in chapter 2 of RFC 6698.
This is synced with bind-dyndb-ldap, I use the same description.
> 2. Nitpick: Not a proper alphabetic order ;)
> - u'TSIG', u'TXT',
> + u'TSIG', u'TLSA', u'TXT',
Fixed
>
> Patch 0079:
>
> 3. A js-lint warning:
>
> /dns.js(1140): lint warning: extra comma is not recommended in array
> initializers
> ]
> ............^
>
> Just remove the comma on line 1139. To check it, run:
>
> `jsl -nofilelisting -nologo -nosummary -conf jsl.conf`
>
> in install/ui directory
Fixed
Updated patches attached.
--
Martin^2 Basti
>From cd3c3bd992175422596d75ff7fe3b63a25877f1a Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 25 Jun 2014 12:36:59 +0200
Subject: [PATCH 1/2] DNSSEC: add TLSA record type
Ticket: https://fedorahosted.org/freeipa/ticket/4328
---
ACI.txt | 4 +--
API.txt | 20 ++++++++++++---
VERSION | 4 +--
install/share/60ipadns.ldif | 3 ++-
ipalib/plugins/dns.py | 59 +++++++++++++++++++++++++++++++++------------
5 files changed, 66 insertions(+), 24 deletions(-)
diff --git a/ACI.txt b/ACI.txt
index 22b10e3dd9f22ca76a757506f6a0851b18030549..d75f6ea4f9994a1b38cae492161cccb65f4b3191 100644
--- a/ACI.txt
+++ b/ACI.txt
@@ -39,11 +39,11 @@ aci: (targetattr = "idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || i
dn: cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example
aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example";)(version 3.0;acl "permission:System: Add DNS Entries";allow (add) groupdn = "ldap:///cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example
-aci: (targetattr = "a6record || aaaarecord || afsdbrecord || arecord || certrecord || cn || cnamerecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rrsigrecord || sigrecord || srvrecord || sshfprecord || txtrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example";)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
+aci: (targetattr = "a6record || aaaarecord || afsdbrecord || arecord || certrecord || cn || cnamerecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rrsigrecord || sigrecord || srvrecord || sshfprecord || tlsarecord || txtrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example";)(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example
aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example";)(version 3.0;acl "permission:System: Remove DNS Entries";allow (delete) groupdn = "ldap:///cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example
-aci: (targetattr = "a6record || aaaarecord || afsdbrecord || arecord || certrecord || cn || cnamerecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || ptrrecord || rrsigrecord || sigrecord || srvrecord || sshfprecord || txtrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example";)(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
+aci: (targetattr = "a6record || aaaarecord || afsdbrecord || arecord || certrecord || cn || cnamerecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || ptrrecord || rrsigrecord || sigrecord || srvrecord || sshfprecord || tlsarecord || txtrecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example";)(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=System: Add Groups,cn=permissions,cn=pbac,dc=ipa,dc=example
aci: (targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Add Groups";allow (add) groupdn = "ldap:///cn=System: Add Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=System: Modify Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example
diff --git a/API.txt b/API.txt
index 69ca2277e68261b8af48bea04997b59e059337de..dedc80edb5afdfea343e1d912c947e501dffd098 100644
--- a/API.txt
+++ b/API.txt
@@ -799,7 +799,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
command: dnsrecord_add
-args: 2,100,3
+args: 2,105,3
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
option: Str('a6_part_data', attribute=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False)
@@ -898,6 +898,11 @@ option: SSHFPRecord('sshfprecord', attribute=True, cli_name='sshfp_rec', csv=Tru
option: Flag('structured', autofill=True, default=False)
option: TARecord('tarecord', attribute=True, cli_name='ta_rec', csv=True, multivalue=True, option_group=u'TA Record', required=False)
option: TKEYRecord('tkeyrecord', attribute=True, cli_name='tkey_rec', csv=True, multivalue=True, option_group=u'TKEY Record', required=False)
+option: Str('tlsa_part_cert_association_data', attribute=False, cli_name='tlsa_cert_association_data', multivalue=False, option_group=u'TLSA Record', required=False)
+option: Int('tlsa_part_cert_usage', attribute=False, cli_name='tlsa_cert_usage', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
+option: Int('tlsa_part_matching_type', attribute=False, cli_name='tlsa_matching_type', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
+option: Int('tlsa_part_selector', attribute=False, cli_name='tlsa_selector', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
+option: TLSARecord('tlsarecord', attribute=True, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=u'TLSA Record', required=False)
option: TSIGRecord('tsigrecord', attribute=True, cli_name='tsig_rec', csv=True, multivalue=True, option_group=u'TSIG Record', required=False)
option: Str('txt_part_data', attribute=False, cli_name='txt_data', multivalue=False, option_group=u'TXT Record', required=False)
option: TXTRecord('txtrecord', attribute=True, cli_name='txt_rec', csv=True, multivalue=True, option_group=u'TXT Record', required=False)
@@ -906,7 +911,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
command: dnsrecord_del
-args: 2,39,3
+args: 2,40,3
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: A6Record('a6record', attribute=True, autofill=False, cli_name='a6_rec', csv=True, multivalue=True, option_group=None, required=False)
@@ -945,6 +950,7 @@ option: SSHFPRecord('sshfprecord', attribute=True, autofill=False, cli_name='ssh
option: Flag('structured', autofill=True, default=False)
option: TARecord('tarecord', attribute=True, autofill=False, cli_name='ta_rec', csv=True, multivalue=True, option_group=None, required=False)
option: TKEYRecord('tkeyrecord', attribute=True, autofill=False, cli_name='tkey_rec', csv=True, multivalue=True, option_group=None, required=False)
+option: TLSARecord('tlsarecord', attribute=True, autofill=False, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=None, required=False)
option: TSIGRecord('tsigrecord', attribute=True, autofill=False, cli_name='tsig_rec', csv=True, multivalue=True, option_group=None, required=False)
option: TXTRecord('txtrecord', attribute=True, autofill=False, cli_name='txt_rec', csv=True, multivalue=True, option_group=None, required=False)
option: Str('version?', exclude='webui')
@@ -961,7 +967,7 @@ output: Output('result', <type 'dict'>, None)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: ListOfPrimaryKeys('value', None, None)
command: dnsrecord_find
-args: 2,44,4
+args: 2,45,4
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
arg: Str('criteria?', noextrawhitespace=False)
option: A6Record('a6record', attribute=True, autofill=False, cli_name='a6_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
@@ -1005,6 +1011,7 @@ option: Flag('structured', autofill=True, default=False)
option: TARecord('tarecord', attribute=True, autofill=False, cli_name='ta_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
option: Int('timelimit?', autofill=False, minvalue=0)
option: TKEYRecord('tkeyrecord', attribute=True, autofill=False, cli_name='tkey_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
+option: TLSARecord('tlsarecord', attribute=True, autofill=False, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
option: TSIGRecord('tsigrecord', attribute=True, autofill=False, cli_name='tsig_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
option: TXTRecord('txtrecord', attribute=True, autofill=False, cli_name='txt_rec', csv=True, multivalue=True, option_group=None, query=True, required=False)
option: Str('version?', exclude='webui')
@@ -1013,7 +1020,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('truncated', <type 'bool'>, None)
command: dnsrecord_mod
-args: 2,100,3
+args: 2,105,3
arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True)
arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: Str('a6_part_data', attribute=False, autofill=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False)
@@ -1112,6 +1119,11 @@ option: SSHFPRecord('sshfprecord', attribute=True, autofill=False, cli_name='ssh
option: Flag('structured', autofill=True, default=False)
option: TARecord('tarecord', attribute=True, autofill=False, cli_name='ta_rec', csv=True, multivalue=True, option_group=u'TA Record', required=False)
option: TKEYRecord('tkeyrecord', attribute=True, autofill=False, cli_name='tkey_rec', csv=True, multivalue=True, option_group=u'TKEY Record', required=False)
+option: Str('tlsa_part_cert_association_data', attribute=False, autofill=False, cli_name='tlsa_cert_association_data', multivalue=False, option_group=u'TLSA Record', required=False)
+option: Int('tlsa_part_cert_usage', attribute=False, autofill=False, cli_name='tlsa_cert_usage', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
+option: Int('tlsa_part_matching_type', attribute=False, autofill=False, cli_name='tlsa_matching_type', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
+option: Int('tlsa_part_selector', attribute=False, autofill=False, cli_name='tlsa_selector', maxvalue=255, minvalue=0, multivalue=False, option_group=u'TLSA Record', required=False)
+option: TLSARecord('tlsarecord', attribute=True, autofill=False, cli_name='tlsa_rec', csv=True, multivalue=True, option_group=u'TLSA Record', required=False)
option: TSIGRecord('tsigrecord', attribute=True, autofill=False, cli_name='tsig_rec', csv=True, multivalue=True, option_group=u'TSIG Record', required=False)
option: Str('txt_part_data', attribute=False, autofill=False, cli_name='txt_data', multivalue=False, option_group=u'TXT Record', required=False)
option: TXTRecord('txtrecord', attribute=True, autofill=False, cli_name='txt_rec', csv=True, multivalue=True, option_group=u'TXT Record', required=False)
diff --git a/VERSION b/VERSION
index 84e648f4da6cac5bb770280d047145e9759cc6d6..4a3cfa63ebb6c7f758374f224a111703c2b159c1 100644
--- a/VERSION
+++ b/VERSION
@@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=96
-# Last change: npmaccallum - otptoken-sync
+IPA_API_VERSION_MINOR=97
+# Last change: mbasti - New record type added: TLSA
diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif
index fbad68018734151792e9ead5f06cb07b85f3effe..ac9a50a6baf7aeea8fdd132de69b3f36a04f75ef 100644
--- a/install/share/60ipadns.ldif
+++ b/install/share/60ipadns.ldif
@@ -27,6 +27,7 @@ attributeTypes: (1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Finge
attributeTypes: (1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.51 NAME 'nSEC3PARAMRecord' DESC 'RFC 5155' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+attributeTypes: (1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord' DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.32769 NAME 'DLVRecord' DESC 'DNSSEC Lookaside Validation, RFC 4431' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
@@ -52,7 +53,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'list of
attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zone refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DESC 'allow persistent searches' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: ( 2.16.840.1.113730.3.8.5.18 NAME 'idnsSecInlineSigning' DESC 'allow inline DNSSEC signing' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4' )
-objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ nSEC3PARAMRecord $ DLVRecord ) )
+objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ nSEC3PARAMRecord $ DLVRecord $ TLSARecord ) )
objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning ) )
objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) )
objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXILIARY MUST idnsName MAY managedBy X-ORIGIN 'IPA v3' )
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 890d2cceb01faf0e8933a884d812aa2af9f08ab9..3fa2c0b6a01f13960bb28936eeffc6c2559f3d3c 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -238,7 +238,7 @@ _record_types = (
u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC',
u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR',
u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY',
- u'TSIG', u'TXT',
+ u'TLSA', u'TSIG', u'TXT',
)
# DNS zone record identificator
@@ -1384,6 +1384,32 @@ class TARecord(DNSRecord):
rrtype = 'TA'
supported = False
+
+class TLSARecord(DNSRecord):
+ rrtype = 'TLSA'
+ rfc = 6698
+ parts = (
+ Int('cert_usage',
+ label=_('Certificate Usage'),
+ minvalue=0,
+ maxvalue=255,
+ ),
+ Int('selector',
+ label=_('Selector'),
+ minvalue=0,
+ maxvalue=255,
+ ),
+ Int('matching_type',
+ label=_('Matching Type'),
+ minvalue=0,
+ maxvalue=255,
+ ),
+ Str('cert_association_data',
+ label=_('Certificate Association Data'),
+ ),
+ )
+
+
class TKEYRecord(DNSRecord):
rrtype = 'TKEY'
supported = False
@@ -1437,6 +1463,7 @@ _dns_records = (
SRVRecord(),
SSHFPRecord(),
TARecord(),
+ TLSARecord(),
TKEYRecord(),
TSIGRecord(),
TXTRecord(),
@@ -2118,13 +2145,14 @@ class dnszone(DNSZoneBase):
'dnsclass', 'dnsttl', 'dsrecord', 'hinforecord',
'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr',
'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy',
- 'idnsname', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname',
- 'idnssoarefresh', 'idnssoaretry', 'idnssoarname',
- 'idnssoaserial', 'idnsupdatepolicy', 'idnszoneactive',
- 'keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord',
- 'minforecord', 'mxrecord', 'naptrrecord', 'nsecrecord',
- 'nsec3paramrecord', 'nsrecord', 'nxtrecord', 'ptrrecord',
- 'rrsigrecord', 'sigrecord', 'srvrecord', 'sshfprecord',
+ 'idnsname', 'idnssoaexpire',
+ 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh',
+ 'idnssoaretry', 'idnssoarname', 'idnssoaserial',
+ 'idnsupdatepolicy', 'idnszoneactive', 'keyrecord', 'kxrecord',
+ 'locrecord', 'managedby', 'mdrecord', 'minforecord',
+ 'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',
+ 'nsrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord',
+ 'sigrecord', 'srvrecord', 'sshfprecord', 'tlsarecord',
'txtrecord',
},
'replaces_system': ['Read DNS Entries'],
@@ -2151,13 +2179,14 @@ class dnszone(DNSZoneBase):
'dnsclass', 'dnsttl', 'dsrecord', 'hinforecord',
'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr',
'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy',
- 'idnsname', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname',
- 'idnssoarefresh', 'idnssoaretry', 'idnssoarname',
- 'idnssoaserial', 'idnsupdatepolicy', 'idnszoneactive',
- 'keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord',
- 'minforecord', 'mxrecord', 'naptrrecord', 'nsecrecord',
- 'nsec3paramrecord', 'nsrecord', 'nxtrecord', 'ptrrecord',
- 'rrsigrecord', 'sigrecord', 'srvrecord', 'sshfprecord',
+ 'idnsname', 'idnssoaexpire',
+ 'idnssoaminimum', 'idnssoamname', 'idnssoarefresh',
+ 'idnssoaretry', 'idnssoarname', 'idnssoaserial',
+ 'idnsupdatepolicy', 'idnszoneactive', 'keyrecord', 'kxrecord',
+ 'locrecord', 'managedby', 'mdrecord', 'minforecord',
+ 'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',
+ 'nsrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord',
+ 'sigrecord', 'srvrecord', 'sshfprecord', 'tlsarecord',
'txtrecord',
},
'replaces': [
--
1.8.3.1
>From ef15f930a8634278a1b8bd2b3cd08ed3c0ffeec3 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 25 Jun 2014 12:53:12 +0200
Subject: [PATCH 2/2] DNSSEC: WebUI: add TLSA record
---
install/ui/src/freeipa/dns.js | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/install/ui/src/freeipa/dns.js b/install/ui/src/freeipa/dns.js
index 260b6f8720c8f725426be249c0a72bd72055d4e5..c7143ca91fef9bbc372654080fe899be1ae8367f 100644
--- a/install/ui/src/freeipa/dns.js
+++ b/install/ui/src/freeipa/dns.js
@@ -1123,6 +1123,23 @@ IPA.dns.get_record_metadata = function() {
columns: ['sshfp_part_algorithm', 'sshfp_part_fp_type']
},
{
+ name: 'tlsarecord',
+ attributes: [
+ 'tlsa_part_cert_usage',
+ 'tlsa_part_selector',
+ 'tlsa_part_matching_type',
+ {
+ name: 'tlsa_part_cert_association_data',
+ $type: 'textarea'
+ }
+ ],
+ adder_attributes: [],
+ columns: [
+ 'tlsa_part_cert_usage', 'tlsa_part_selector',
+ 'tlsa_part_matching_type'
+ ]
+ },
+ {
name: 'txtrecord',
attributes: [
'txt_part_data'
@@ -1507,7 +1524,7 @@ IPA.dns_record_types = function() {
//only supported
var attrs = ['A', 'AAAA', 'A6', 'AFSDB', 'CERT', 'CNAME', 'DNAME',
'DS', 'DLV', 'KX', 'LOC', 'MX', 'NAPTR', 'NS',
- 'NSEC3PARAM', 'PTR', 'SRV', 'SSHFP', 'TXT'];
+ 'NSEC3PARAM', 'PTR', 'SRV', 'SSHFP', 'TLSA', 'TXT'];
var record_types = [];
for (var i=0; i<attrs.length; i++) {
var attr = attrs[i];
--
1.8.3.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
