diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-05-11 14:38:09 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-05-24 13:55:56 +0200 |
| commit | f1ed123caddd7525a0081c4a9de931cabdfda43f (patch) | |
| tree | f615dabc3535203fbd2777166dbe150f6d31197e /ipalib | |
| parent | 6bb462e26a814e683b3ec5b39d2ff9a1db8fa4ec (diff) | |
| download | freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.tar.gz freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.tar.xz freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.zip | |
Replace DNS client based on acutil with python-dns
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/dns.py | 14 | ||||
| -rw-r--r-- | ipalib/rpc.py | 21 | ||||
| -rw-r--r-- | ipalib/util.py | 16 |
3 files changed, 26 insertions, 25 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index b0e65ab94..e26332d46 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -30,8 +30,7 @@ from ipalib.plugins.baseldap import * from ipalib import _, ngettext from ipalib.util import (validate_zonemgr, normalize_zonemgr, validate_hostname, validate_dns_label, validate_domain_name) -from ipapython import dnsclient -from ipapython.ipautil import valid_ip, CheckedIPAddress +from ipapython.ipautil import valid_ip, CheckedIPAddress, is_host_resolvable from ldap import explode_dn __doc__ = _(""" @@ -2610,17 +2609,8 @@ class dns_resolve(Command): query = '%s.%s.' % (query, api.env.domain) if query[-1] != '.': query = query + '.' - reca = dnsclient.query(query, dnsclient.DNS_C_IN, dnsclient.DNS_T_A) - rec6 = dnsclient.query(query, dnsclient.DNS_C_IN, dnsclient.DNS_T_AAAA) - records = reca + rec6 - found = False - for rec in records: - if rec.dns_type == dnsclient.DNS_T_A or \ - rec.dns_type == dnsclient.DNS_T_AAAA: - found = True - break - if not found: + if not is_host_resolvable(query): raise errors.NotFound( reason=_('Host \'%(host)s\' not found') % {'host': query} ) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 04a3f3e35..bd18b6bbf 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -39,11 +39,15 @@ import errno import locale from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError import kerberos +from dns import resolver, rdatatype +from dns.exception import DNSException + from ipalib.backend import Connectible from ipalib.errors import public_errors, PublicError, UnknownError, NetworkError, KerberosError, XMLRPCMarshallError from ipalib import errors from ipalib.request import context, Connection -from ipapython import ipautil, dnsclient +from ipapython import ipautil + import httplib import socket from ipapython.nsslib import NSSHTTPS, NSSConnection @@ -349,11 +353,16 @@ class xmlclient(Connectible): (scheme, netloc, path, params, query, fragment) = urlparse.urlparse(self.env.xmlrpc_uri) servers = [] name = '_ldap._tcp.%s.' % self.env.domain - rs = dnsclient.query(name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV) - for r in rs: - if r.dns_type == dnsclient.DNS_T_SRV: - rsrv = r.rdata.server.rstrip('.') - servers.append('https://%s%s' % (ipautil.format_netloc(rsrv), path)) + + try: + answers = resolver.query(name, rdatatype.SRV) + except DNSException, e: + answers = [] + + for answer in answers: + server = str(answer.target).rstrip(".") + servers.append('https://%s%s' % (ipautil.format_netloc(server), path)) + servers = list(set(servers)) # the list/set conversion won't preserve order so stick in the # local config file version here. diff --git a/ipalib/util.py b/ipalib/util.py index 64ac6b2cf..50da74327 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -28,11 +28,12 @@ import socket import re from types import NoneType from weakref import WeakKeyDictionary +from dns import resolver, rdatatype +from dns.exception import DNSException from ipalib import errors from ipalib.text import _ from ipalib.dn import DN, RDN -from ipapython import dnsclient from ipapython.ipautil import decode_ssh_pubkey @@ -88,16 +89,17 @@ def validate_host_dns(log, fqdn): """ See if the hostname has a DNS A record. """ - rs = dnsclient.query(fqdn + '.', dnsclient.DNS_C_IN, dnsclient.DNS_T_A) - if len(rs) == 0: + try: + answers = resolver.query(fqdn, rdatatype.A) log.debug( - 'IPA: DNS A record lookup failed for %s' % fqdn + 'IPA: found %d records for %s: %s' % (len(answers), fqdn, + ' '.join(str(answer) for answer in answers)) ) - raise errors.DNSNotARecordError() - else: + except DNSException, e: log.debug( - 'IPA: found %d records for %s' % (len(rs), fqdn) + 'IPA: DNS A record lookup failed for %s' % fqdn ) + raise errors.DNSNotARecordError() def isvalid_base64(data): """ |