Hello,

replica-install: Compare domain names as DNS names and not strings

This fixes false possitive where user inputs "example.com" and "EXAMPLE.COM"
were not considered equivalent and installation was wrongly refused.

https://fedorahosted.org/freeipa/ticket/5976

-- 
Petr^2 Spacek
From 1eb9dddf141814e9b10aabf70d8970ae312db849 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Thu, 23 Jun 2016 18:30:39 +0200
Subject: [PATCH] replica-install: Compare domain names as DNS names and not
 strings

This fixes false possitive where user inputs "example.com" and "EXAMPLE.COM"
were not considered equivalent and installation was wrongly refused.

https://fedorahosted.org/freeipa/ticket/5976
---
 ipaserver/install/server/replicainstall.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 52b2ea5b0691cd99c6cb566af5a15af3b2dffb14..9b31f926e3be78017c7b178f099332910d34ba5c 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -6,7 +6,6 @@ from __future__ import print_function
 
 import collections
 import dns.exception as dnsexception
-import dns.name as dnsname
 import dns.resolver as dnsresolver
 import dns.reversename as dnsreversename
 import os
@@ -19,6 +18,7 @@ import six
 
 from ipapython import ipaldap, ipautil, sysrestore
 from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
 from ipapython.install.common import step
 from ipapython.install.core import Knob
 from ipapython.ipa_log_manager import root_logger
@@ -304,7 +304,7 @@ def check_dns_resolution(host_name, dns_servers):
                 address, host_name)
             no_errors = False
         else:
-            host_name_obj = dnsname.from_text(host_name)
+            host_name_obj = DNSName(host_name).make_absolute()
             if rrset:
                 names = [r.target.to_text() for r in rrset]
             else:
@@ -949,7 +949,8 @@ def promotion_check_ipa_domain(master_ldap_conn, basedn):
                 domains=u', '.join(entry['associatedDomain'])
             ))
 
-    if entry['associatedDomain'][0] != api.env.domain:
+    if (DNSName(entry['associatedDomain'][0])
+            != DNSName.from_text(api.env.domain)):
         raise RuntimeError(
             "Cannot promote this client to a replica. Local domain "
             "'{local}' does not match IPA domain '{ipadomain}'. ".format(
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to