From f1ed123caddd7525a0081c4a9de931cabdfda43f Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 11 May 2012 14:38:09 +0200
Subject: Replace DNS client based on acutil with python-dns

IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
---
 ipalib/rpc.py | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

(limited to 'ipalib/rpc.py')

diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 04a3f3e3..bd18b6bb 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -39,11 +39,15 @@ import errno
 import locale
 from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError
 import kerberos
+from dns import resolver, rdatatype
+from dns.exception import DNSException
+
 from ipalib.backend import Connectible
 from ipalib.errors import public_errors, PublicError, UnknownError, NetworkError, KerberosError, XMLRPCMarshallError
 from ipalib import errors
 from ipalib.request import context, Connection
-from ipapython import ipautil, dnsclient
+from ipapython import ipautil
+
 import httplib
 import socket
 from ipapython.nsslib import NSSHTTPS, NSSConnection
@@ -349,11 +353,16 @@ class xmlclient(Connectible):
         (scheme, netloc, path, params, query, fragment) = urlparse.urlparse(self.env.xmlrpc_uri)
         servers = []
         name = '_ldap._tcp.%s.' % self.env.domain
-        rs = dnsclient.query(name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV)
-        for r in rs:
-            if r.dns_type == dnsclient.DNS_T_SRV:
-                rsrv = r.rdata.server.rstrip('.')
-                servers.append('https://%s%s' % (ipautil.format_netloc(rsrv), path))
+
+        try:
+            answers = resolver.query(name, rdatatype.SRV)
+        except DNSException, e:
+            answers = []
+
+        for answer in answers:
+            server = str(answer.target).rstrip(".")
+            servers.append('https://%s%s' % (ipautil.format_netloc(server), path))
+
         servers = list(set(servers))
         # the list/set conversion won't preserve order so stick in the
         # local config file version here.
-- 
cgit