From 48865aed5f15ae94db664c4cebed125ef8f223cc Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 2 Jun 2014 15:23:00 +0200 Subject: DNSSEC: remove unsuported records Removed SIG, NSEC, KEy, RRSIG records Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik --- API.txt | 52 +------------------------- VERSION | 4 +- ipalib/plugins/dns.py | 101 ++------------------------------------------------ 3 files changed, 8 insertions(+), 149 deletions(-) diff --git a/API.txt b/API.txt index 858908878..2af0a824a 100644 --- a/API.txt +++ b/API.txt @@ -799,7 +799,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) command: dnsrecord_add -args: 2,116,3 +args: 2,92,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True) arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) option: Str('a6_part_data', attribute=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False) @@ -838,10 +838,6 @@ option: DSRecord('dsrecord', attribute=True, cli_name='ds_rec', csv=True, multiv option: Flag('force', autofill=True, default=False) option: HIPRecord('hiprecord', attribute=True, cli_name='hip_rec', csv=True, multivalue=True, option_group=u'HIP Record', required=False) option: IPSECKEYRecord('ipseckeyrecord', attribute=True, cli_name='ipseckey_rec', csv=True, multivalue=True, option_group=u'IPSECKEY Record', required=False) -option: Int('key_part_algorithm', attribute=False, cli_name='key_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'KEY Record', required=False) -option: Int('key_part_flags', attribute=False, cli_name='key_flags', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'KEY Record', required=False) -option: Int('key_part_protocol', attribute=False, cli_name='key_protocol', maxvalue=255, minvalue=0, multivalue=False, option_group=u'KEY Record', required=False) -option: Str('key_part_public_key', attribute=False, cli_name='key_public_key', multivalue=False, option_group=u'KEY Record', required=False) option: KEYRecord('keyrecord', attribute=True, cli_name='key_rec', csv=True, multivalue=True, option_group=u'KEY Record', required=False) option: DNSNameParam('kx_part_exchanger', attribute=False, cli_name='kx_exchanger', multivalue=False, option_group=u'KX Record', required=False) option: Int('kx_part_preference', attribute=False, cli_name='kx_preference', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'KX Record', required=False) @@ -872,34 +868,14 @@ option: NAPTRRecord('naptrrecord', attribute=True, cli_name='naptr_rec', csv=Tru option: DNSNameParam('ns_part_hostname', attribute=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False) option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=u'NSEC3PARAM Record', required=False) option: NSEC3Record('nsec3record', attribute=True, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False) -option: DNSNameParam('nsec_part_next', attribute=False, cli_name='nsec_next', multivalue=False, option_group=u'NSEC Record', required=False) -option: StrEnum('nsec_part_types', attribute=False, cli_name='nsec_types', csv=True, multivalue=True, option_group=u'NSEC Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')) option: NSECRecord('nsecrecord', attribute=True, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False) option: NSRecord('nsrecord', attribute=True, cli_name='ns_rec', csv=True, multivalue=True, option_group=u'NS Record', required=False) option: DNSNameParam('ptr_part_hostname', attribute=False, cli_name='ptr_hostname', multivalue=False, option_group=u'PTR Record', required=False) option: PTRRecord('ptrrecord', attribute=True, cli_name='ptr_rec', csv=True, multivalue=True, option_group=u'PTR Record', required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: RPRecord('rprecord', attribute=True, cli_name='rp_rec', csv=True, multivalue=True, option_group=u'RP Record', required=False) -option: Int('rrsig_part_algorithm', attribute=False, cli_name='rrsig_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Int('rrsig_part_key_tag', attribute=False, cli_name='rrsig_key_tag', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Int('rrsig_part_labels', attribute=False, cli_name='rrsig_labels', maxvalue=255, minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Int('rrsig_part_original_ttl', attribute=False, cli_name='rrsig_original_ttl', minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signature', attribute=False, cli_name='rrsig_signature', multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signature_expiration', attribute=False, cli_name='rrsig_signature_expiration', multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signature_inception', attribute=False, cli_name='rrsig_signature_inception', multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signers_name', attribute=False, cli_name='rrsig_signers_name', multivalue=False, option_group=u'RRSIG Record', required=False) -option: StrEnum('rrsig_part_type_covered', attribute=False, cli_name='rrsig_type_covered', multivalue=False, option_group=u'RRSIG Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')) option: RRSIGRecord('rrsigrecord', attribute=True, cli_name='rrsig_rec', csv=True, multivalue=True, option_group=u'RRSIG Record', required=False) option: Str('setattr*', cli_name='setattr', exclude='webui') -option: Int('sig_part_algorithm', attribute=False, cli_name='sig_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Int('sig_part_key_tag', attribute=False, cli_name='sig_key_tag', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Int('sig_part_labels', attribute=False, cli_name='sig_labels', maxvalue=255, minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Int('sig_part_original_ttl', attribute=False, cli_name='sig_original_ttl', minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signature', attribute=False, cli_name='sig_signature', multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signature_expiration', attribute=False, cli_name='sig_signature_expiration', multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signature_inception', attribute=False, cli_name='sig_signature_inception', multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signers_name', attribute=False, cli_name='sig_signers_name', multivalue=False, option_group=u'SIG Record', required=False) -option: StrEnum('sig_part_type_covered', attribute=False, cli_name='sig_type_covered', multivalue=False, option_group=u'SIG Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')) option: SIGRecord('sigrecord', attribute=True, cli_name='sig_rec', csv=True, multivalue=True, option_group=u'SIG Record', required=False) option: SPFRecord('spfrecord', attribute=True, cli_name='spf_rec', csv=True, multivalue=True, option_group=u'SPF Record', required=False) option: Int('srv_part_port', attribute=False, cli_name='srv_port', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'SRV Record', required=False) @@ -1029,7 +1005,7 @@ output: ListOfEntries('result', (, ), Gettext('A list output: Output('summary', (, ), None) output: Output('truncated', , None) command: dnsrecord_mod -args: 2,116,3 +args: 2,92,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone', multivalue=False, only_absolute=True, primary_key=True, query=True, required=True) arg: DNSNameParam('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: Str('a6_part_data', attribute=False, autofill=False, cli_name='a6_data', multivalue=False, option_group=u'A6 Record', required=False) @@ -1066,10 +1042,6 @@ option: Int('ds_part_key_tag', attribute=False, autofill=False, cli_name='ds_key option: DSRecord('dsrecord', attribute=True, autofill=False, cli_name='ds_rec', csv=True, multivalue=True, option_group=u'DS Record', required=False) option: HIPRecord('hiprecord', attribute=True, autofill=False, cli_name='hip_rec', csv=True, multivalue=True, option_group=u'HIP Record', required=False) option: IPSECKEYRecord('ipseckeyrecord', attribute=True, autofill=False, cli_name='ipseckey_rec', csv=True, multivalue=True, option_group=u'IPSECKEY Record', required=False) -option: Int('key_part_algorithm', attribute=False, autofill=False, cli_name='key_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'KEY Record', required=False) -option: Int('key_part_flags', attribute=False, autofill=False, cli_name='key_flags', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'KEY Record', required=False) -option: Int('key_part_protocol', attribute=False, autofill=False, cli_name='key_protocol', maxvalue=255, minvalue=0, multivalue=False, option_group=u'KEY Record', required=False) -option: Str('key_part_public_key', attribute=False, autofill=False, cli_name='key_public_key', multivalue=False, option_group=u'KEY Record', required=False) option: KEYRecord('keyrecord', attribute=True, autofill=False, cli_name='key_rec', csv=True, multivalue=True, option_group=u'KEY Record', required=False) option: DNSNameParam('kx_part_exchanger', attribute=False, autofill=False, cli_name='kx_exchanger', multivalue=False, option_group=u'KX Record', required=False) option: Int('kx_part_preference', attribute=False, autofill=False, cli_name='kx_preference', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'KX Record', required=False) @@ -1100,8 +1072,6 @@ option: NAPTRRecord('naptrrecord', attribute=True, autofill=False, cli_name='nap option: DNSNameParam('ns_part_hostname', attribute=False, autofill=False, cli_name='ns_hostname', multivalue=False, option_group=u'NS Record', required=False) option: NSEC3PARAMRecord('nsec3paramrecord', attribute=True, autofill=False, cli_name='nsec3param_rec', csv=True, multivalue=True, option_group=u'NSEC3PARAM Record', required=False) option: NSEC3Record('nsec3record', attribute=True, autofill=False, cli_name='nsec3_rec', csv=True, multivalue=True, option_group=u'NSEC3 Record', required=False) -option: DNSNameParam('nsec_part_next', attribute=False, autofill=False, cli_name='nsec_next', multivalue=False, option_group=u'NSEC Record', required=False) -option: StrEnum('nsec_part_types', attribute=False, autofill=False, cli_name='nsec_types', csv=True, multivalue=True, option_group=u'NSEC Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')) option: NSECRecord('nsecrecord', attribute=True, autofill=False, cli_name='nsec_rec', csv=True, multivalue=True, option_group=u'NSEC Record', required=False) option: NSRecord('nsrecord', attribute=True, autofill=False, cli_name='ns_rec', csv=True, multivalue=True, option_group=u'NS Record', required=False) option: DNSNameParam('ptr_part_hostname', attribute=False, autofill=False, cli_name='ptr_hostname', multivalue=False, option_group=u'PTR Record', required=False) @@ -1110,26 +1080,8 @@ option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui option: DNSNameParam('rename', cli_name='rename', multivalue=False, primary_key=True, required=False) option: Flag('rights', autofill=True, default=False) option: RPRecord('rprecord', attribute=True, autofill=False, cli_name='rp_rec', csv=True, multivalue=True, option_group=u'RP Record', required=False) -option: Int('rrsig_part_algorithm', attribute=False, autofill=False, cli_name='rrsig_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Int('rrsig_part_key_tag', attribute=False, autofill=False, cli_name='rrsig_key_tag', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Int('rrsig_part_labels', attribute=False, autofill=False, cli_name='rrsig_labels', maxvalue=255, minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Int('rrsig_part_original_ttl', attribute=False, autofill=False, cli_name='rrsig_original_ttl', minvalue=0, multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signature', attribute=False, autofill=False, cli_name='rrsig_signature', multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signature_expiration', attribute=False, autofill=False, cli_name='rrsig_signature_expiration', multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signature_inception', attribute=False, autofill=False, cli_name='rrsig_signature_inception', multivalue=False, option_group=u'RRSIG Record', required=False) -option: Str('rrsig_part_signers_name', attribute=False, autofill=False, cli_name='rrsig_signers_name', multivalue=False, option_group=u'RRSIG Record', required=False) -option: StrEnum('rrsig_part_type_covered', attribute=False, autofill=False, cli_name='rrsig_type_covered', multivalue=False, option_group=u'RRSIG Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')) option: RRSIGRecord('rrsigrecord', attribute=True, autofill=False, cli_name='rrsig_rec', csv=True, multivalue=True, option_group=u'RRSIG Record', required=False) option: Str('setattr*', cli_name='setattr', exclude='webui') -option: Int('sig_part_algorithm', attribute=False, autofill=False, cli_name='sig_algorithm', maxvalue=255, minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Int('sig_part_key_tag', attribute=False, autofill=False, cli_name='sig_key_tag', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Int('sig_part_labels', attribute=False, autofill=False, cli_name='sig_labels', maxvalue=255, minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Int('sig_part_original_ttl', attribute=False, autofill=False, cli_name='sig_original_ttl', minvalue=0, multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signature', attribute=False, autofill=False, cli_name='sig_signature', multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signature_expiration', attribute=False, autofill=False, cli_name='sig_signature_expiration', multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signature_inception', attribute=False, autofill=False, cli_name='sig_signature_inception', multivalue=False, option_group=u'SIG Record', required=False) -option: Str('sig_part_signers_name', attribute=False, autofill=False, cli_name='sig_signers_name', multivalue=False, option_group=u'SIG Record', required=False) -option: StrEnum('sig_part_type_covered', attribute=False, autofill=False, cli_name='sig_type_covered', multivalue=False, option_group=u'SIG Record', required=False, values=(u'SOA', u'A', u'AAAA', u'A6', u'AFSDB', u'APL', u'CERT', u'CNAME', u'DHCID', u'DLV', u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC', u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR', u'RRSIG', u'RP', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY', u'TSIG', u'TXT')) option: SIGRecord('sigrecord', attribute=True, autofill=False, cli_name='sig_rec', csv=True, multivalue=True, option_group=u'SIG Record', required=False) option: SPFRecord('spfrecord', attribute=True, autofill=False, cli_name='spf_rec', csv=True, multivalue=True, option_group=u'SPF Record', required=False) option: Int('srv_part_port', attribute=False, autofill=False, cli_name='srv_port', maxvalue=65535, minvalue=0, multivalue=False, option_group=u'SRV Record', required=False) diff --git a/VERSION b/VERSION index d2a367353..77324e7fb 100644 --- a/VERSION +++ b/VERSION @@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=90 -# Last change: mbasti - Add dnsforwardzone-* commands +IPA_API_VERSION_MINOR=91 +# Last change: mbasti - Removed records: SIG, NSEC, KEY, RRSIG diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 6c19f8b8c..2b6d37e93 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1034,26 +1034,7 @@ class HIPRecord(DNSRecord): class KEYRecord(DNSRecord): rrtype = 'KEY' rfc = 2535 - parts = ( - Int('flags', - label=_('Flags'), - minvalue=0, - maxvalue=65535, - ), - Int('protocol', - label=_('Protocol'), - minvalue=0, - maxvalue=255, - ), - Int('algorithm', - label=_('Algorithm'), - minvalue=0, - maxvalue=255, - ), - Str('public_key', - label=_('Public Key'), - ), - ) + supported = False # managed by BIND itself class IPSECKEYRecord(DNSRecord): rrtype = 'IPSECKEY' @@ -1234,42 +1215,7 @@ class NSRecord(DNSRecord): class NSECRecord(DNSRecord): rrtype = 'NSEC' rfc = 4034 - format_error_msg = _('format must be specified as "NEXT TYPE1 '\ - '[TYPE2 [TYPE3 [...]]]" (see RFC 4034 for details)') - _allowed_types = (u'SOA',) + _record_types - - parts = ( - DNSNameParam('next', - label=_('Next Domain Name'), - ), - StrEnum('types+', - label=_('Type Map'), - values=_allowed_types, - csv=True, - ), - ) - - def _get_part_values(self, value): - values = value.split() - - if len(values) < 2: - return None - - return (values[0], tuple(values[1:])) - - def _part_values_to_string(self, values, index, idna=True): - self._validate_parts(values) - if idna: - val = values[0].ToASCII() - else: - val = unicode(values[0]) - values_flat = [val, ] # add "next" part - types = values[1] - if not isinstance(types, (list, tuple)): - types = [types,] - values_flat.extend(types) - return u" ".join(Str._convert_scalar(self, v, index) \ - for v in values_flat if v is not None) + supported = False # managed by BIND itself class NSEC3Record(DNSRecord): rrtype = 'NSEC3' @@ -1372,47 +1318,7 @@ def _sig_time_validator(ugettext, value): class SIGRecord(DNSRecord): rrtype = 'SIG' rfc = 2535 - _allowed_types = tuple([u'SOA'] + [x for x in _record_types if x != u'SIG']) - - parts = ( - StrEnum('type_covered', - label=_('Type Covered'), - values=_allowed_types, - ), - Int('algorithm', - label=_('Algorithm'), - minvalue=0, - maxvalue=255, - ), - Int('labels', - label=_('Labels'), - minvalue=0, - maxvalue=255, - ), - Int('original_ttl', - label=_('Original TTL'), - minvalue=0, - ), - Str('signature_expiration', - _sig_time_validator, - label=_('Signature Expiration'), - ), - Str('signature_inception', - _sig_time_validator, - label=_('Signature Inception'), - ), - Int('key_tag', - label=_('Key Tag'), - minvalue=0, - maxvalue=65535, - ), - Str('signers_name', - label=_('Signer\'s Name'), - ), - Str('signature', - label=_('Signature'), - ), - ) + supported = False # managed by BIND itself class SPFRecord(DNSRecord): rrtype = 'SPF' @@ -1422,6 +1328,7 @@ class SPFRecord(DNSRecord): class RRSIGRecord(SIGRecord): rrtype = 'RRSIG' rfc = 4034 + supported = False # managed by BIND itself class SSHFPRecord(DNSRecord): rrtype = 'SSHFP' -- cgit