https://fedorahosted.org/freeipa/ticket/5675
Patches attached.
From b013cce6bdfb7dbe703a4781e0dde407e1153c43 Mon Sep 17 00:00:00 2001 From: Martin Basti <[email protected]> Date: Wed, 2 Mar 2016 13:44:22 +0100 Subject: [PATCH 1/6] host_del: fix removal of host records Originally only the first A/AAAA record is removed, and one other record. This commit fixes it and all records are removed. https://fedorahosted.org/freeipa/ticket/5675 --- ipalib/plugins/host.py | 31 ++++++++++--------------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 6ff751ca88187bb37ac64ca291234eed56e26e6f..97c9e158851158c1ce96b5e3bc566a1135534942 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -35,7 +35,7 @@ from ipalib.plugins.service import (split_principal, validate_certificate, set_certificate_attrs, ticket_flags_params, update_krbticketflags, set_kerberos_attrs, rename_ipaallowedtoperform_from_ldap, rename_ipaallowedtoperform_to_ldap, revoke_certs) -from ipalib.plugins.dns import (dns_container_exists, _record_types, +from ipalib.plugins.dns import (dns_container_exists, _record_attributes, add_records_for_host_validation, add_records_for_host, get_reverse_zone) from ipalib import _, ngettext @@ -772,26 +772,15 @@ class host_del(LDAPDelete): # Get all forward resources for this host records = api.Command['dnsrecord_find'](domain, idnsname=parts[0])['result'] for record in records: - if 'arecord' in record: - remove_fwd_ptr(record['arecord'][0], parts[0], - domain, 'arecord') - if 'aaaarecord' in record: - remove_fwd_ptr(record['aaaarecord'][0], parts[0], - domain, 'aaaarecord') - else: - # Try to delete all other record types too - _attribute_types = [str('%srecord' % t.lower()) - for t in _record_types] - for attr in _attribute_types: - if attr not in ['arecord', 'aaaarecord'] and attr in record: - for val in record[attr]: - if (val.endswith(parts[0]) or - val.endswith(fqdn + '.')): - delkw = {unicode(attr): val} - api.Command['dnsrecord_del'](domain, - record['idnsname'][0], - **delkw) - break + for attr in _record_attributes: + for val in record.get(attr, []): + if attr in ('arecord', 'aaaarecord'): + remove_fwd_ptr(val, parts[0], domain, attr) + elif (val.endswith(parts[0]) or + val.endswith(fqdn + '.')): + delkw = {unicode(attr): val} + api.Command['dnsrecord_del']( + domain, record['idnsname'][0], **delkw) if self.api.Command.ca_is_enabled()['result']: try: -- 2.5.5
From 32f35058dc86a1913fb4f515ef90ac0ae25a29fe Mon Sep 17 00:00:00 2001 From: Martin Basti <[email protected]> Date: Wed, 2 Mar 2016 15:53:27 +0100 Subject: [PATCH 2/6] host_del: replace dns-record find command with show Due the configuration of dnsrecord_find, it works as dnsrecord-show, thus it can be replaced. https://fedorahosted.org/freeipa/ticket/5675 --- ipalib/plugins/host.py | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 97c9e158851158c1ce96b5e3bc566a1135534942..ef0738041e4fb72780b67f880028bf857c3f9485 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -769,18 +769,23 @@ class host_del(LDAPDelete): domain = result['idnsname'][0] except errors.NotFound: self.obj.handle_not_found(*keys) - # Get all forward resources for this host - records = api.Command['dnsrecord_find'](domain, idnsname=parts[0])['result'] - for record in records: - for attr in _record_attributes: - for val in record.get(attr, []): - if attr in ('arecord', 'aaaarecord'): - remove_fwd_ptr(val, parts[0], domain, attr) - elif (val.endswith(parts[0]) or - val.endswith(fqdn + '.')): - delkw = {unicode(attr): val} - api.Command['dnsrecord_del']( - domain, record['idnsname'][0], **delkw) + else: + # Get all forward resources for this host + try: + record = api.Command['dnsrecord_show']( + domain, parts[0])['result'] + except errors.NotFound: + pass + else: + for attr in _record_attributes: + for val in record.get(attr, []): + if attr in ('arecord', 'aaaarecord'): + remove_fwd_ptr(val, parts[0], domain, attr) + elif (val.endswith(parts[0]) or + val.endswith(fqdn + '.')): + delkw = {unicode(attr): val} + api.Command['dnsrecord_del']( + domain, record['idnsname'][0], **delkw) if self.api.Command.ca_is_enabled()['result']: try: -- 2.5.5
From 02d3dd437013dd0b5eded5cdec566f5b04c6fdc5 Mon Sep 17 00:00:00 2001 From: Martin Basti <[email protected]> Date: Thu, 3 Mar 2016 11:26:15 +0100 Subject: [PATCH 3/6] host_del: remove unneeded dnszone-show command call This command has no effect in that block of code, dnsrecord_show is enough for detection if records exists. https://fedorahosted.org/freeipa/ticket/5675 --- ipalib/plugins/host.py | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index ef0738041e4fb72780b67f880028bf857c3f9485..b22768aa05c79628df3505aeb6eaf820f493750f 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -764,28 +764,22 @@ class host_del(LDAPDelete): # Remove DNS entries parts = fqdn.split('.') domain = unicode('.'.join(parts[1:])) + # Get all forward resources for this host try: - result = api.Command['dnszone_show'](domain)['result'] - domain = result['idnsname'][0] + record = api.Command['dnsrecord_show']( + domain, parts[0])['result'] except errors.NotFound: self.obj.handle_not_found(*keys) else: - # Get all forward resources for this host - try: - record = api.Command['dnsrecord_show']( - domain, parts[0])['result'] - except errors.NotFound: - pass - else: - for attr in _record_attributes: - for val in record.get(attr, []): - if attr in ('arecord', 'aaaarecord'): - remove_fwd_ptr(val, parts[0], domain, attr) - elif (val.endswith(parts[0]) or - val.endswith(fqdn + '.')): - delkw = {unicode(attr): val} - api.Command['dnsrecord_del']( - domain, record['idnsname'][0], **delkw) + for attr in _record_attributes: + for val in record.get(attr, []): + if attr in ('arecord', 'aaaarecord'): + remove_fwd_ptr(val, parts[0], domain, attr) + elif (val.endswith(parts[0]) or + val.endswith(fqdn + '.')): + delkw = {unicode(attr): val} + api.Command['dnsrecord_del']( + domain, record['idnsname'][0], **delkw) if self.api.Command.ca_is_enabled()['result']: try: -- 2.5.5
From 5c497f72339350ce8d367037e0ee9cc09af55084 Mon Sep 17 00:00:00 2001 From: Martin Basti <[email protected]> Date: Thu, 3 Mar 2016 13:28:19 +0100 Subject: [PATCH 4/6] host_del: split removing A/AAAA and PTR records to separate functions This change is needed because A/AAAA and PTR record will be handled separately. https://fedorahosted.org/freeipa/ticket/5675 --- ipalib/plugins/host.py | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index b22768aa05c79628df3505aeb6eaf820f493750f..5a85b95ae7754d20cb40cc2b8ec72114a9efcfd2 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -121,8 +121,17 @@ register = Registry() host_pwd_chars = string.digits + string.ascii_letters + '_,.@+-=' -def remove_fwd_ptr(ipaddr, host, domain, recordtype): - api.log.debug('deleting ipaddr %s' % ipaddr) +def remove_fwd_rec(ipaddr, host, domain, recordtype): + api.log.debug('deleting ipaddr %s', ipaddr) + try: + delkw = {recordtype: ipaddr} + api.Command['dnsrecord_del'](domain, host, **delkw) + except errors.NotFound: + api.log.debug('ipaddr %s not found', ipaddr) + + +def remove_ptr_rec(ipaddr, host, domain): + api.log.debug('deleting PTR record of ipaddr %s', ipaddr) try: revzone, revname = get_reverse_zone(ipaddr) @@ -133,13 +142,7 @@ def remove_fwd_ptr(ipaddr, host, domain, recordtype): api.Command['dnsrecord_del'](revzone, revname, **delkw) except errors.NotFound: - pass - - try: - delkw = {recordtype: ipaddr} - api.Command['dnsrecord_del'](domain, host, **delkw) - except errors.NotFound: - pass + api.log.debug('PTR record of ipaddr %s not found', ipaddr) def update_sshfp_record(zone, record, entry_attrs): @@ -774,7 +777,8 @@ class host_del(LDAPDelete): for attr in _record_attributes: for val in record.get(attr, []): if attr in ('arecord', 'aaaarecord'): - remove_fwd_ptr(val, parts[0], domain, attr) + remove_fwd_rec(val, parts[0], domain, attr) + remove_ptr_rec(val, parts[0], domain) elif (val.endswith(parts[0]) or val.endswith(fqdn + '.')): delkw = {unicode(attr): val} -- 2.5.5
From 4abb780d872a63fa2d53cda579350b6a95ca6e18 Mon Sep 17 00:00:00 2001 From: Martin Basti <[email protected]> Date: Fri, 1 Apr 2016 12:45:57 +0200 Subject: [PATCH 5/6] host_del: remove only A, AAAA, SSHFP, PTR records only A, AAAA, SSHPF and PTR records are managed by IPA. The other records should be removed by user. https://fedorahosted.org/freeipa/ticket/5675 --- ipalib/plugins/host.py | 38 +++++++++++++++++--------------------- 1 file changed, 17 insertions(+), 21 deletions(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 5a85b95ae7754d20cb40cc2b8ec72114a9efcfd2..ceb5afff26a164c8f42c3a0f969d6e6a5ef8ddd5 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -35,7 +35,7 @@ from ipalib.plugins.service import (split_principal, validate_certificate, set_certificate_attrs, ticket_flags_params, update_krbticketflags, set_kerberos_attrs, rename_ipaallowedtoperform_from_ldap, rename_ipaallowedtoperform_to_ldap, revoke_certs) -from ipalib.plugins.dns import (dns_container_exists, _record_attributes, +from ipalib.plugins.dns import (dns_container_exists, add_records_for_host_validation, add_records_for_host, get_reverse_zone) from ipalib import _, ngettext @@ -121,15 +121,6 @@ register = Registry() host_pwd_chars = string.digits + string.ascii_letters + '_,.@+-=' -def remove_fwd_rec(ipaddr, host, domain, recordtype): - api.log.debug('deleting ipaddr %s', ipaddr) - try: - delkw = {recordtype: ipaddr} - api.Command['dnsrecord_del'](domain, host, **delkw) - except errors.NotFound: - api.log.debug('ipaddr %s not found', ipaddr) - - def remove_ptr_rec(ipaddr, host, domain): api.log.debug('deleting PTR record of ipaddr %s', ipaddr) try: @@ -764,26 +755,31 @@ class host_del(LDAPDelete): updatedns = False if updatedns: - # Remove DNS entries + # Remove A, AAAA, SSHFP and PTR records of the host parts = fqdn.split('.') domain = unicode('.'.join(parts[1:])) - # Get all forward resources for this host + # Get all resources for this host try: record = api.Command['dnsrecord_show']( domain, parts[0])['result'] except errors.NotFound: self.obj.handle_not_found(*keys) else: - for attr in _record_attributes: + # remove PTR records first + for attr in ('arecord', 'aaaarecord'): for val in record.get(attr, []): - if attr in ('arecord', 'aaaarecord'): - remove_fwd_rec(val, parts[0], domain, attr) - remove_ptr_rec(val, parts[0], domain) - elif (val.endswith(parts[0]) or - val.endswith(fqdn + '.')): - delkw = {unicode(attr): val} - api.Command['dnsrecord_del']( - domain, record['idnsname'][0], **delkw) + remove_ptr_rec(val, parts[0], domain) + try: + # remove all A, AAAA, SSHFP records of the host + api.Command['dnsrecord_mod']( + domain, + record['idnsname'][0], + arecord=[], + aaaarecord=[], + sshfprecord=[] + ) + except errors.EmptyModlist: + pass if self.api.Command.ca_is_enabled()['result']: try: -- 2.5.5
From 955134d559de51fb6ad973c19c876ea1cbe13743 Mon Sep 17 00:00:00 2001 From: Martin Basti <[email protected]> Date: Fri, 1 Apr 2016 12:02:11 +0200 Subject: [PATCH 6/6] host_del: update help for --updatedns option Clarify that dns removes only A, AAAA, PTR, SSHFP records of the host(s) managed by IPA DNS. https://fedorahosted.org/freeipa/ticket/5675 --- ipalib/plugins/host.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index ceb5afff26a164c8f42c3a0f969d6e6a5ef8ddd5..20b5776dd9b7fba231155237231d9f5f505e1297 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -718,7 +718,8 @@ class host_del(LDAPDelete): takes_options = LDAPDelete.takes_options + ( Flag('updatedns?', - doc=_('Remove entries from DNS'), + doc=_('Remove A, AAAA, SSHFP and PTR records of the host(s) ' + 'managed by IPA DNS'), default=False, ), ) -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
