diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-05-11 14:38:09 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-05-24 13:55:56 +0200 |
| commit | f1ed123caddd7525a0081c4a9de931cabdfda43f (patch) | |
| tree | f615dabc3535203fbd2777166dbe150f6d31197e /ipalib/rpc.py | |
| parent | 6bb462e26a814e683b3ec5b39d2ff9a1db8fa4ec (diff) | |
| download | freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.tar.gz freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.tar.xz freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.zip | |
Replace DNS client based on acutil with python-dns
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
Diffstat (limited to 'ipalib/rpc.py')
| -rw-r--r-- | ipalib/rpc.py | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 04a3f3e35..bd18b6bbf 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -39,11 +39,15 @@ import errno import locale from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, Transport, ProtocolError import kerberos +from dns import resolver, rdatatype +from dns.exception import DNSException + from ipalib.backend import Connectible from ipalib.errors import public_errors, PublicError, UnknownError, NetworkError, KerberosError, XMLRPCMarshallError from ipalib import errors from ipalib.request import context, Connection -from ipapython import ipautil, dnsclient +from ipapython import ipautil + import httplib import socket from ipapython.nsslib import NSSHTTPS, NSSConnection @@ -349,11 +353,16 @@ class xmlclient(Connectible): (scheme, netloc, path, params, query, fragment) = urlparse.urlparse(self.env.xmlrpc_uri) servers = [] name = '_ldap._tcp.%s.' % self.env.domain - rs = dnsclient.query(name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV) - for r in rs: - if r.dns_type == dnsclient.DNS_T_SRV: - rsrv = r.rdata.server.rstrip('.') - servers.append('https://%s%s' % (ipautil.format_netloc(rsrv), path)) + + try: + answers = resolver.query(name, rdatatype.SRV) + except DNSException, e: + answers = [] + + for answer in answers: + server = str(answer.target).rstrip(".") + servers.append('https://%s%s' % (ipautil.format_netloc(server), path)) + servers = list(set(servers)) # the list/set conversion won't preserve order so stick in the # local config file version here. |