diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-10-12 17:26:03 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-10-15 14:58:01 -0400 |
commit | 78f276657ee8abb1a1b9e84337c6fb7050710d15 (patch) | |
tree | 41bac8cdb6de5d7b380fc275af2eb9a330e64b7c /ipaserver | |
parent | b18af8de3c37d8eb4c8b7576733d8ae737ed3371 (diff) | |
download | freeipa-78f276657ee8abb1a1b9e84337c6fb7050710d15.tar.gz freeipa-78f276657ee8abb1a1b9e84337c6fb7050710d15.tar.xz freeipa-78f276657ee8abb1a1b9e84337c6fb7050710d15.zip |
Compare resolver IP address with DNS IP address
We check the resolver against the resolver and DNS against DNS but not
the resolver against DNS so if something is wrong in /etc/hosts we don't
catch it and nasty connection messages occur.
Also fix a problem where a bogus error message was being displayed because
we were trying to close an unconnected LDAP connection.
ticket 327
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/dsinstance.py | 2 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index ca04457a9..85f0e7f8b 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -133,7 +133,7 @@ def has_managed_entries(host_name, dm_password): logging.critical("Could not connect to the Directory Server on %s" % host_name) raise e finally: - if conn: + if conn.isconnected(): conn.disconnect() diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 93d9f79b4..7863f11a7 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -59,6 +59,7 @@ def verify_fqdn(host_name,no_host_dns=False): if a[4][0] == '127.0.0.1' or a[4][0] == '::1': raise RuntimeError("The IPA Server hostname cannot resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (a[4][0], host_name, a[4][0])) try: + revaddr = a[4][0] revname = socket.gethostbyaddr(a[4][0])[0] except: raise RuntimeError("Unable to resolve the reverse ip address, check /etc/hosts or DNS name resolution") @@ -97,6 +98,8 @@ def verify_fqdn(host_name,no_host_dns=False): addr = socket.inet_ntoa(struct.pack('<L',rec.rdata.address)) ipaddr = socket.inet_ntoa(struct.pack('!L',rec.rdata.address)) + if revaddr != ipaddr: + raise RuntimeError("The network address %s does not match the reverse lookup %s. Check /etc/hosts and ensure that %s is the IP address for %s" % (ipaddr, revaddr, ipaddr, host_name)) addr = addr + ".in-addr.arpa." rs = dnsclient.query(addr, dnsclient.DNS_C_IN, dnsclient.DNS_T_PTR) |