diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-05-29 15:06:31 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-06-01 12:26:57 +0200 |
commit | 895203c47780033b010cd1e0e9ccb21db835ea16 (patch) | |
tree | d9efeed12b940bc50b0b54b38400bfa4546809e9 /ipalib/plugins | |
parent | 6ff5f28142c46bf5f08fef74c261f75e1baa9f66 (diff) | |
download | freeipa-895203c47780033b010cd1e0e9ccb21db835ea16.tar.gz freeipa-895203c47780033b010cd1e0e9ccb21db835ea16.tar.xz freeipa-895203c47780033b010cd1e0e9ccb21db835ea16.zip |
Allow relative DNS name in NS validator
Precallback validator was failing when a zone-relative name was
used as a NS record (for example record "ns" in a zone "example.com").
However, this is valid in BIND and we should allow it as well.
Imports in dns module had to be switched to absolute imports
(available from Python 2.5) to deal with a conflict of IPA dns
module and dnspython module.
https://fedorahosted.org/freeipa/ticket/2630
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/dns.py | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 192cc051c..1bf754272 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -18,9 +18,12 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +from __future__ import absolute_import + import netaddr import time import re +import dns.name from ipalib.request import context from ipalib import api, errors, output @@ -1488,7 +1491,11 @@ def zone_is_reverse(zone_name): return False -def check_ns_rec_resolvable(name): +def check_ns_rec_resolvable(zone, name): + if not name.endswith('.'): + # this is a DNS name relative to the zone + zone = dns.name.from_text(zone) + name = unicode(dns.name.from_text(name, origin=zone)) try: return api.Command['dns_resolve'](name) except errors.NotFound: @@ -1707,12 +1714,12 @@ class dnszone_add(LDAPCreate): raise errors.ValidationError(name='name-server', error=unicode(_("Nameserver address is not a fully qualified domain name"))) - if not 'ip_address' in options and not options['force']: - check_ns_rec_resolvable(nameserver) - if nameserver[-1] != '.': nameserver += '.' + if not 'ip_address' in options and not options['force']: + check_ns_rec_resolvable(keys[0], nameserver) + entry_attrs['nsrecord'] = nameserver entry_attrs['idnssoamname'] = nameserver return dn @@ -1878,7 +1885,8 @@ class dnsrecord(LDAPObject): nsrecords = entry_attrs.get('nsrecord') if options.get('force', False) or nsrecords is None: return - map(check_ns_rec_resolvable, nsrecords) + for nsrecord in nsrecords: + check_ns_rec_resolvable(keys[0], nsrecord) def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options): ptrrecords = entry_attrs.get('ptrrecord') |