diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-10-07 14:23:20 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-10-13 00:56:13 -0400 |
| commit | 93feb5293236a5d0e22ae15eee35e7b9eb93e6e4 (patch) | |
| tree | 64287ec813a57e4ecca6fde30a03938ae14fc000 | |
| parent | edd334c67acf1f797103276c6e6a8978d9ff72e9 (diff) | |
| download | freeipa-93feb5293236a5d0e22ae15eee35e7b9eb93e6e4.tar.gz freeipa-93feb5293236a5d0e22ae15eee35e7b9eb93e6e4.tar.xz freeipa-93feb5293236a5d0e22ae15eee35e7b9eb93e6e4.zip | |
Check hostname resolution sanity
Always check (even with --setup-dns or --no-host-dns) that if the
host name or ip address resolves, it resolves to sane value. Otherwise
report an error. Misconfigured /etc/hosts causing these errors could
harm the installation later.
https://fedorahosted.org/freeipa/ticket/1923
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 2 | ||||
| -rw-r--r-- | ipaserver/install/installutils.py | 14 |
2 files changed, 12 insertions, 4 deletions
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 6b7130be9..74c6d0929 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -269,7 +269,7 @@ def main(): sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) try: - installutils.verify_fqdn(replica_fqdn, system_name_check=False) + installutils.verify_fqdn(replica_fqdn, local_hostname=False) except BadHostError, e: msg = str(e) if isinstance(e, HostLookupError): diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 64d212282..a924e771a 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -129,7 +129,7 @@ def verify_dns_records(host_name, responses, resaddr, family): raise RuntimeError("The DNS forward record %s does not match the reverse address %s" % (rec.dns_name, rev.rdata.ptrdname)) -def verify_fqdn(host_name, no_host_dns=False, system_name_check=True): +def verify_fqdn(host_name, no_host_dns=False, local_hostname=True): """ Run fqdn checks for given host: - test hostname format @@ -140,7 +140,7 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True): :param host_name: The host name to verify. :param no_host_dns: If true, skip DNS resolution tests of the host name. - :param system_name_check: If true, check if the host name matches the system host name. + :param local_hostname: If true, run additional checks for local hostnames """ if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain": raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name) @@ -151,7 +151,15 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True): if ipautil.valid_ip(host_name): raise BadHostError("IP address not allowed as a hostname") - if system_name_check: + if local_hostname: + try: + ex_name = socket.gethostbyaddr(host_name) + if host_name != ex_name[0]: + raise HostLookupError("The host name %s does not match the primary host name %s. "\ + "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) + except socket.gaierror: + pass + system_host_name = socket.gethostname() if not (host_name + '.').startswith(system_host_name + '.'): print "Warning: The host name '%s' does not match the system host name '%s'." % (host_name, system_host_name) |