Re: [Freeipa-devel] [PATCH] 304 Allow localhost in zone ACIs
On 09/10/2012 09:12 PM, Endi Sukma Dewata wrote: On 9/6/2012 7:00 AM, Martin Kosek wrote: On 09/06/2012 01:35 PM, Petr Vobornik wrote: On 09/06/2012 11:51 AM, Martin Kosek wrote: Loopback address, localhost and localnets ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our validators. Martin's patch works and looks good - ACK. Attaching patch for Web UI part. Web UI validator works fine too, ACK. Pushed both patches to master, ipa-3-0. Martin Looks like there's a problem in DNS zone details page. The idnssoaserial's maxvalue is an empty string so the validation fails even if you are just opening an existing DNS zone. So either the server should not return maxvalue or the UI should check for possible empty string. I fixed the problem on both sides in patches 212, 213. 212 is fixing Web UI to be able to work with empty strings. 213 is fixing python part: serialization of long -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 304 Allow localhost in zone ACIs
Loopback address, localhost and localnets ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our validators. -- Martin Kosek mko...@redhat.com Senior Software Engineer - Identity Management Team Red Hat Inc. From 74dcac478622c502bab7aef9ba7bade0bd9a704f Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 6 Sep 2012 11:34:02 +0200 Subject: [PATCH] Allow localhost in zone ACIs Loopback address, localhost and localnets ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our validators. --- ipalib/plugins/dns.py | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 3987001f06dba1bcc5a311243e4f1fdcf83091c7..e9f8b0cc0103706c5bbf933b14c372c369ff86b2 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -299,18 +299,15 @@ def _validate_bind_aci(ugettext, bind_acis): bind_acis.pop(-1) for bind_aci in bind_acis: -if bind_aci in (any, none): +if bind_aci in (any, none, localhost, localnets): continue -if bind_aci in (localhost, localnets): -return _('ACL name %s is not supported') % bind_aci - if bind_aci.startswith('!'): bind_aci = bind_aci[1:] try: ip = CheckedIPAddress(bind_aci, parse_netmask=True, - allow_network=True) + allow_network=True, allow_loopback=True) except (netaddr.AddrFormatError, ValueError), e: return unicode(e) except UnboundLocalError: @@ -335,7 +332,7 @@ def _normalize_bind_aci(bind_acis): try: ip = CheckedIPAddress(bind_aci, parse_netmask=True, - allow_network=True) + allow_network=True, allow_loopback=True) if '/' in bind_aci:# addr with netmask netmask = /%s % ip.prefixlen else: -- 1.7.11.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 304 Allow localhost in zone ACIs
On 09/06/2012 11:51 AM, Martin Kosek wrote: Loopback address, localhost and localnets ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our validators. Martin's patch works and looks good - ACK. Attaching patch for Web UI part. -- Petr Vobornik From 6777b81c95d0e34f216954a59341679471a8d134 Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Thu, 6 Sep 2012 13:22:21 +0200 Subject: [PATCH] Allow localhost in zone ACIs - Web UI Loopback address, localhost and localnets ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our Web UI validators as well. --- install/ui/dns.js | 10 ++ 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/install/ui/dns.js b/install/ui/dns.js index 33db481b84c0518ec1b326f8b016a8e487e3120b..43703e03f3e6dc4061f52d1f865db85b0e9c8502 100644 --- a/install/ui/dns.js +++ b/install/ui/dns.js @@ -168,11 +168,8 @@ IPA.dns.zone_entity = function(spec) { type: 'netaddr', name: 'idnsallowquery', validators: [ -IPA.unsupported_validator({ -unsupported: ['localhost', 'localnets'] -}), IPA.network_validator({ -specials: ['any', 'none'], +specials: ['any', 'none', 'localhost', 'localnets'], allow_negation: true, allow_host_address: true })] @@ -181,11 +178,8 @@ IPA.dns.zone_entity = function(spec) { type: 'netaddr', name: 'idnsallowtransfer', validators: [ -IPA.unsupported_validator({ -unsupported: ['localhost', 'localnets'] -}), IPA.network_validator({ -specials: ['any', 'none'], +specials: ['any', 'none', 'localhost', 'localnets'], allow_negation: true, allow_host_address: true })] -- 1.7.11.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 304 Allow localhost in zone ACIs
On 09/06/2012 01:35 PM, Petr Vobornik wrote: On 09/06/2012 11:51 AM, Martin Kosek wrote: Loopback address, localhost and localnets ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our validators. Martin's patch works and looks good - ACK. Attaching patch for Web UI part. Web UI validator works fine too, ACK. Pushed both patches to master, ipa-3-0. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel