From 78f276657ee8abb1a1b9e84337c6fb7050710d15 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 12 Oct 2010 17:26:03 -0400
Subject: Compare resolver IP address with DNS IP address

We check the resolver against the resolver and DNS against DNS but not
the resolver against DNS so if something is wrong in /etc/hosts we don't
catch it and nasty connection messages occur.

Also fix a problem where a bogus error message was being displayed because
we were trying to close an unconnected LDAP connection.

ticket 327
---
 ipaserver/install/installutils.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ipaserver/install/installutils.py')

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 93d9f79b..7863f11a 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -59,6 +59,7 @@ def verify_fqdn(host_name,no_host_dns=False):
         if a[4][0] == '127.0.0.1' or a[4][0] == '::1':
             raise RuntimeError("The IPA Server hostname cannot resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (a[4][0], host_name, a[4][0]))
         try:
+            revaddr = a[4][0]
             revname = socket.gethostbyaddr(a[4][0])[0]
         except:
             raise RuntimeError("Unable to resolve the reverse ip address, check /etc/hosts or DNS name resolution")
@@ -97,6 +98,8 @@ def verify_fqdn(host_name,no_host_dns=False):
 
     addr = socket.inet_ntoa(struct.pack('<L',rec.rdata.address))
     ipaddr = socket.inet_ntoa(struct.pack('!L',rec.rdata.address))
+    if revaddr != ipaddr:
+        raise RuntimeError("The network address %s does not match the reverse lookup %s. Check /etc/hosts and ensure that %s is the IP address for %s" % (ipaddr, revaddr, ipaddr, host_name))
 
     addr = addr + ".in-addr.arpa."
     rs = dnsclient.query(addr, dnsclient.DNS_C_IN, dnsclient.DNS_T_PTR)
-- 
cgit