diff options
Diffstat (limited to 'ipalib/util.py')
-rw-r--r-- | ipalib/util.py | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/ipalib/util.py b/ipalib/util.py index 50da74327..039ffb06d 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -427,11 +427,11 @@ def parse_time_duration(value): return duration -def gen_dns_update_policy(realm, rrtypes=('A', 'AAAA', 'SSHFP')): +def get_dns_forward_zone_update_policy(realm, rrtypes=('A', 'AAAA', 'SSHFP')): """ - Generate update policy for a DNS zone (idnsUpdatePolicy attribute). Bind - uses this policy to grant/reject access for client machines trying to - dynamically update their records. + Generate update policy for a forward DNS zone (idnsUpdatePolicy + attribute). Bind uses this policy to grant/reject access for client + machines trying to dynamically update their records. :param realm: A realm of the of the client :param rrtypes: A list of resource records types that client shall be @@ -445,6 +445,27 @@ def gen_dns_update_policy(realm, rrtypes=('A', 'AAAA', 'SSHFP')): return policy +def get_dns_reverse_zone_update_policy(realm, reverse_zone, rrtypes=('PTR',)): + """ + Generate update policy for a reverse DNS zone (idnsUpdatePolicy + attribute). Bind uses this policy to grant/reject access for client + machines trying to dynamically update their records. + + :param realm: A realm of the of the client + :param reverse_zone: Name of the actual zone. All clients with IPs in this + sub-domain will be allowed to perform changes + :param rrtypes: A list of resource records types that client shall be + allowed to update + """ + policy_element = "grant %(realm)s krb5-subdomain %(zone)s %(rrtype)s" + policies = [ policy_element \ + % dict(realm=realm, zone=reverse_zone, rrtype=rrtype) \ + for rrtype in rrtypes ] + policy = "; ".join(policies) + policy += ";" + + return policy + def validate_rdn_param(ugettext, value): try: rdn = RDN(value) |