diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-09-06 11:34:02 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-09-06 13:58:36 +0200 |
| commit | 47ff46d042fd4803f03ee8854fd07984bd03a3f5 (patch) | |
| tree | 5b75acc015b8be670e7f7ed93d4a4becfddafb15 /ipalib/plugins | |
| parent | 22b7d7e7d952d5c4928bfcc4b3d88fec9a1cdd31 (diff) | |
| download | freeipa-47ff46d042fd4803f03ee8854fd07984bd03a3f5.tar.gz freeipa-47ff46d042fd4803f03ee8854fd07984bd03a3f5.tar.xz freeipa-47ff46d042fd4803f03ee8854fd07984bd03a3f5.zip | |
Allow localhost in zone ACIs
Loopback address, "localhost" and "localnets" ACIs are no longer
an issue for bind-dyndb-ldap. Allow them in our validators.
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/dns.py | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 3987001f0..e9f8b0cc0 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -299,18 +299,15 @@ def _validate_bind_aci(ugettext, bind_acis): bind_acis.pop(-1) for bind_aci in bind_acis: - if bind_aci in ("any", "none"): + if bind_aci in ("any", "none", "localhost", "localnets"): continue - if bind_aci in ("localhost", "localnets"): - return _('ACL name "%s" is not supported') % bind_aci - if bind_aci.startswith('!'): bind_aci = bind_aci[1:] try: ip = CheckedIPAddress(bind_aci, parse_netmask=True, - allow_network=True) + allow_network=True, allow_loopback=True) except (netaddr.AddrFormatError, ValueError), e: return unicode(e) except UnboundLocalError: @@ -335,7 +332,7 @@ def _normalize_bind_aci(bind_acis): try: ip = CheckedIPAddress(bind_aci, parse_netmask=True, - allow_network=True) + allow_network=True, allow_loopback=True) if '/' in bind_aci: # addr with netmask netmask = "/%s" % ip.prefixlen else: |