On 01.07.2016 09:05, Petr Spacek wrote:
On 30.6.2016 21:23, Petr Spacek wrote:
Hello,

Fix internal errors in host-add and other commands caused by DNS resolution

Previously resolver was returning CheckedIPAddress objects. This
internal server error in cases where DNS actually returned reserved IP
addresses.

Now the resolver is returning UnsafeIPAddress objects which do syntactic
checks but do not filter IP addresses.

>From now on we can decide if some IP address should be accepted as-is or
if it needs to be contrained to some subset of IP addresses using
CheckedIPAddress class.

This regression was caused by changes for
https://fedorahosted.org/freeipa/ticket/5710



I've split parser and checks into separate classes. Attached script
CheckedIPAddressRefactoring.py uses python-hypothesis to compare results from
old and new implementations. It seems that all valid inputs return the very
same results. The new implementation is a bit stricter when it comes to
invalid inputs (parse_netmask=False & addr=IPNetwork instance) but as far as I
can tell this case could not happen in current IPA anyway.

ipa-server-install, ipa-client-install, ipa-replica-install, and
ipa-ca-install on replica seem to work. DNS records for ipa-ca were properly
updated after replica installation. Also installation on server without A/AAAA
record in DNS and subsequent ipa-dns-install worked just fine.

My bad, I forgot to attach cleanup patch 147 which is prerequisite for 146.
(Sorry for the numbering.)

ACK

master:
* ce1f9ca51bd91ed66233c1bac7eb05fac9c855c7 Remove unused is_local(), interface, and defaultnet from CheckedIPAddress * 5e78b54d7c532bec0ee5a4ce3f1b6d6c94d17c51 Fix internal errors in host-add and other commands caused by DNS resolution

I will review 4.3 later

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to