diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-06-30 20:41:48 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-07-01 10:35:39 +0200 |
commit | 5e78b54d7c532bec0ee5a4ce3f1b6d6c94d17c51 (patch) | |
tree | 13fd82fb19f99817eb20495e605c1dbfaa0c8196 /ipaserver | |
parent | ce1f9ca51bd91ed66233c1bac7eb05fac9c855c7 (diff) | |
download | freeipa-5e78b54d7c532bec0ee5a4ce3f1b6d6c94d17c51.tar.gz freeipa-5e78b54d7c532bec0ee5a4ce3f1b6d6c94d17c51.tar.xz freeipa-5e78b54d7c532bec0ee5a4ce3f1b6d6c94d17c51.zip |
Fix internal errors in host-add and other commands caused by DNS resolution
Previously resolver was returning CheckedIPAddress objects. This
internal server error in cases where DNS actually returned reserved IP
addresses.
Now the resolver is returning UnsafeIPAddress objects which do syntactic
checks but do not filter IP addresses.
From now on we can decide if some IP address should be accepted as-is or
if it needs to be contrained to some subset of IP addresses using
CheckedIPAddress class.
This regression was caused by changes for
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/installutils.py | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index a15571f92..25f48aed1 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -448,7 +448,7 @@ def create_keytab(path, principal): def resolve_ip_addresses_nss(fqdn): """Get list of IP addresses for given host (using NSS/getaddrinfo). :returns: - list of IP addresses as CheckedIPAddress objects + list of IP addresses as UnsafeIPAddress objects """ # make sure the name is fully qualified # so search path from resolv.conf does not apply @@ -468,13 +468,7 @@ def resolve_ip_addresses_nss(fqdn): ip_addresses = set() for ai in addrinfos: try: - ip = ipautil.CheckedIPAddress(ai[4][0], - parse_netmask=False, - # these are unreliable, disable them - allow_network=True, - allow_loopback=True, - allow_broadcast=True, - allow_multicast=True) + ip = ipautil.UnsafeIPAddress(ai[4][0]) except ValueError as ex: # getaddinfo may return link-local address other similar oddities # which are not accepted by CheckedIPAddress - skip these @@ -501,8 +495,7 @@ def get_host_name(no_host_dns): def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses): hostaddr = resolve_ip_addresses_nss(host_name) if hostaddr.intersection( - {ipautil.CheckedIPAddress(ip, allow_loopback=True) - for ip in ['127.0.0.1', '::1']}): + {ipautil.UnsafeIPAddress(ip) for ip in ['127.0.0.1', '::1']}): print("The hostname resolves to the localhost address (127.0.0.1/::1)", file=sys.stderr) print("Please change your /etc/hosts file so that the hostname", file=sys.stderr) print("resolves to the ip address of your network interface.", file=sys.stderr) |