On 3.9.2014 16:42, Martin Basti wrote:
On 02/09/14 17:16, Petr Spacek wrote:
On 20.8.2014 19:26, Martin Basti wrote:
Part of DNSSEC
Patches attached.


NACK

# ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS
record (RFC 4529, section 4.6)

RFC number is incorrect. IMHO it should also reference 'RFC 4035 section 2.4'.

Also, there is one hole:
Current code allows you to add DS RR to existing NS and then to remove NS.

Let me know if adding a check to -del is too hard, maybe we can live without
it...

dnsrecord-del validation added

Updated patch attached

Required in ipa 4.1 but this could be pushed to 4.0.x  too

It almost works ... almost. I'm not sure if the problem is in your patch or in existing code:

[root@vm-035 git]# ipa dnsrecord-add ipa.example ds --ds-rec='1 2 3 4'
  Record name: ds
  DS record: 1 2 3 4
  NS record: vm-035.idm.lab.eng.brq.redhat.com.

[root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC 4035 section 2.4)

[root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ds-rec=
  Record name: ds
  NS record: vm-035.idm.lab.eng.brq.redhat.com.

[root@vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
ipa: ERROR: an internal error has occurred

# tail /var/log/httpd/error_log

ipa: ERROR: non-public: TypeError: dnsrecord_mod.validate_output() => PrimaryKey.validate(): output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type 'list'>: [<DNS name ds>]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348, in wsgi_execute
    result = self.Command[name](*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 451, in __call__
    self.validate_output(ret, options['version'])
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 944, in validate_output
    o.validate(self, value, version)
  File "/usr/lib/python2.7/site-packages/ipalib/output.py", line 126, in 
validate
    types[0], type(value), value))
TypeError: dnsrecord_mod.validate_output() => PrimaryKey.validate():
output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type 'list'>: [<DNS name ds>] ipa: INFO: [jsonserver_session] admin@IPA.EXAMPLE: dnsrecord_mod(<DNS name ipa.example.>, <DNS name ds>, nsrecord=None, rights=False, structured=False, all=False, raw=False, version=u'2.102'): TypeError

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to