DNSSEC: add TLSA record type

Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2014-06-25 12:36:59 +0200
committer: Petr Vobornik <pvoborni@redhat.com> 2014-07-01 12:37:08 +0200
commit: 12cb31575ca84d8084687c9906e5824462bd33ec (patch)
tree: 6b7e496a904d71375a07443e933745b4f30f047d /ipalib
parent: 99c5f0511f697cc54a9de7994c3e6999c6fd119f (diff)
download: freeipa-12cb31575ca84d8084687c9906e5824462bd33ec.tar.gz
freeipa-12cb31575ca84d8084687c9906e5824462bd33ec.tar.xz
freeipa-12cb31575ca84d8084687c9906e5824462bd33ec.zip
1 files changed, 44 insertions, 15 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 890d2cceb..3fa2c0b6a 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -238,7 +238,7 @@ _record_types = (
     u'DNAME', u'DNSKEY', u'DS', u'HIP', u'IPSECKEY', u'KEY', u'KX', u'LOC',
     u'MX', u'NAPTR', u'NS', u'NSEC', u'NSEC3', u'NSEC3PARAM', u'PTR',
     u'RRSIG', u'RP', u'SIG', u'SPF', u'SRV', u'SSHFP', u'TA', u'TKEY',
-    u'TSIG', u'TXT',
+    u'TLSA', u'TSIG', u'TXT',
 )
 
 # DNS zone record identificator
@@ -1384,6 +1384,32 @@ class TARecord(DNSRecord):
     rrtype = 'TA'
     supported = False
 
+
+class TLSARecord(DNSRecord):
+    rrtype = 'TLSA'
+    rfc = 6698
+    parts = (
+        Int('cert_usage',
+            label=_('Certificate Usage'),
+            minvalue=0,
+            maxvalue=255,
+        ),
+        Int('selector',
+            label=_('Selector'),
+            minvalue=0,
+            maxvalue=255,
+        ),
+        Int('matching_type',
+            label=_('Matching Type'),
+            minvalue=0,
+            maxvalue=255,
+        ),
+        Str('cert_association_data',
+            label=_('Certificate Association Data'),
+        ),
+    )
+
+
 class TKEYRecord(DNSRecord):
     rrtype = 'TKEY'
     supported = False
@@ -1437,6 +1463,7 @@ _dns_records = (
     SRVRecord(),
     SSHFPRecord(),
     TARecord(),
+    TLSARecord(),
     TKEYRecord(),
     TSIGRecord(),
     TXTRecord(),
@@ -2118,13 +2145,14 @@ class dnszone(DNSZoneBase):
                 'dnsclass', 'dnsttl', 'dsrecord', 'hinforecord',
                 'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr',
                 'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy',
-                'idnsname', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname',
-                'idnssoarefresh', 'idnssoaretry', 'idnssoarname',
-                'idnssoaserial', 'idnsupdatepolicy', 'idnszoneactive',
-                'keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord',
-                'minforecord', 'mxrecord', 'naptrrecord', 'nsecrecord',
-                'nsec3paramrecord', 'nsrecord', 'nxtrecord', 'ptrrecord',
-                'rrsigrecord', 'sigrecord', 'srvrecord', 'sshfprecord',
+                'idnsname', 'idnssoaexpire',
+                'idnssoaminimum', 'idnssoamname', 'idnssoarefresh',
+                'idnssoaretry', 'idnssoarname', 'idnssoaserial',
+                'idnsupdatepolicy', 'idnszoneactive', 'keyrecord', 'kxrecord',
+                'locrecord', 'managedby', 'mdrecord', 'minforecord',
+                'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',
+                'nsrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord',
+                'sigrecord', 'srvrecord', 'sshfprecord', 'tlsarecord',
                 'txtrecord',
             },
             'replaces_system': ['Read DNS Entries'],
@@ -2151,13 +2179,14 @@ class dnszone(DNSZoneBase):
                 'dnsclass', 'dnsttl', 'dsrecord', 'hinforecord',
                 'idnsallowdynupdate', 'idnsallowquery', 'idnsallowsyncptr',
                 'idnsallowtransfer', 'idnsforwarders', 'idnsforwardpolicy',
-                'idnsname', 'idnssoaexpire', 'idnssoaminimum', 'idnssoamname',
-                'idnssoarefresh', 'idnssoaretry', 'idnssoarname',
-                'idnssoaserial', 'idnsupdatepolicy', 'idnszoneactive',
-                'keyrecord', 'kxrecord', 'locrecord', 'managedby', 'mdrecord',
-                'minforecord', 'mxrecord', 'naptrrecord', 'nsecrecord',
-                'nsec3paramrecord', 'nsrecord', 'nxtrecord', 'ptrrecord',
-                'rrsigrecord', 'sigrecord', 'srvrecord', 'sshfprecord',
+                'idnsname', 'idnssoaexpire',
+                'idnssoaminimum', 'idnssoamname', 'idnssoarefresh',
+                'idnssoaretry', 'idnssoarname', 'idnssoaserial',
+                'idnsupdatepolicy', 'idnszoneactive', 'keyrecord', 'kxrecord',
+                'locrecord', 'managedby', 'mdrecord', 'minforecord',
+                'mxrecord', 'naptrrecord', 'nsecrecord', 'nsec3paramrecord',
+                'nsrecord', 'nxtrecord', 'ptrrecord', 'rrsigrecord',
+                'sigrecord', 'srvrecord', 'sshfprecord', 'tlsarecord',
                 'txtrecord',
             },
             'replaces': [
author	Martin Basti <mbasti@redhat.com>	2014-06-25 12:36:59 +0200
committer	Petr Vobornik <pvoborni@redhat.com>	2014-07-01 12:37:08 +0200
commit	12cb31575ca84d8084687c9906e5824462bd33ec (patch)
tree	6b7e496a904d71375a07443e933745b4f30f047d /ipalib
parent	99c5f0511f697cc54a9de7994c3e6999c6fd119f (diff)
download	freeipa-12cb31575ca84d8084687c9906e5824462bd33ec.tar.gz freeipa-12cb31575ca84d8084687c9906e5824462bd33ec.tar.xz freeipa-12cb31575ca84d8084687c9906e5824462bd33ec.zip