diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-10-07 14:23:20 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-10-13 00:54:37 -0400 |
commit | 9bff6cb8a955c3f4b167e05856b40f6e2ee5dca8 (patch) | |
tree | f09336f8e074eaae81015fffca5cf56b55ce11e5 /ipaserver/install/installutils.py | |
parent | 93ddfd008af6cd720c6f8c6902e8d24b06d59e72 (diff) | |
download | freeipa-9bff6cb8a955c3f4b167e05856b40f6e2ee5dca8.tar.gz freeipa-9bff6cb8a955c3f4b167e05856b40f6e2ee5dca8.tar.xz freeipa-9bff6cb8a955c3f4b167e05856b40f6e2ee5dca8.zip |
Check hostname resolution sanity
Always check (even with --setup-dns or --no-host-dns) that if the
host name or ip address resolves, it resolves to sane value. Otherwise
report an error. Misconfigured /etc/hosts causing these errors could
harm the installation later.
https://fedorahosted.org/freeipa/ticket/1923
Diffstat (limited to 'ipaserver/install/installutils.py')
-rw-r--r-- | ipaserver/install/installutils.py | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index bc68ffaf..14c43fef 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -129,7 +129,7 @@ def verify_dns_records(host_name, responses, resaddr, family): raise RuntimeError("The DNS forward record %s does not match the reverse address %s" % (rec.dns_name, rev.rdata.ptrdname)) -def verify_fqdn(host_name, no_host_dns=False, system_name_check=True): +def verify_fqdn(host_name, no_host_dns=False, local_hostname=True): """ Run fqdn checks for given host: - test hostname format @@ -140,7 +140,7 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True): :param host_name: The host name to verify. :param no_host_dns: If true, skip DNS resolution tests of the host name. - :param system_name_check: If true, check if the host name matches the system host name. + :param local_hostname: If true, run additional checks for local hostnames """ if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain": raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name) @@ -151,7 +151,15 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True): if ipautil.valid_ip(host_name): raise BadHostError("IP address not allowed as a hostname") - if system_name_check: + if local_hostname: + try: + ex_name = socket.gethostbyaddr(host_name) + if host_name != ex_name[0]: + raise HostLookupError("The host name %s does not match the primary host name %s. "\ + "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) + except socket.gaierror: + pass + system_host_name = socket.gethostname() if not (host_name + '.').startswith(system_host_name + '.'): print "Warning: The host name '%s' does not match the system host name '%s'." % (host_name, system_host_name) |