From 47ff46d042fd4803f03ee8854fd07984bd03a3f5 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Thu, 6 Sep 2012 11:34:02 +0200
Subject: Allow localhost in zone ACIs

Loopback address, "localhost" and "localnets" ACIs are no longer
an issue for bind-dyndb-ldap. Allow them in our validators.
---
 ipalib/plugins/dns.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'ipalib/plugins/dns.py')

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 3987001f..e9f8b0cc 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -299,18 +299,15 @@ def _validate_bind_aci(ugettext, bind_acis):
         bind_acis.pop(-1)
 
     for bind_aci in bind_acis:
-        if bind_aci in ("any", "none"):
+        if bind_aci in ("any", "none", "localhost", "localnets"):
             continue
 
-        if bind_aci in ("localhost", "localnets"):
-            return _('ACL name "%s" is not supported') % bind_aci
-
         if bind_aci.startswith('!'):
             bind_aci = bind_aci[1:]
 
         try:
             ip = CheckedIPAddress(bind_aci, parse_netmask=True,
-                                  allow_network=True)
+                                  allow_network=True, allow_loopback=True)
         except (netaddr.AddrFormatError, ValueError), e:
             return unicode(e)
         except UnboundLocalError:
@@ -335,7 +332,7 @@ def _normalize_bind_aci(bind_acis):
 
         try:
             ip = CheckedIPAddress(bind_aci, parse_netmask=True,
-                                  allow_network=True)
+                                  allow_network=True, allow_loopback=True)
             if '/' in bind_aci:    # addr with netmask
                 netmask = "/%s" % ip.prefixlen
             else:
-- 
cgit