[Freeipa-devel] [PATCHES 0109-0110] DNS: fix DS record validation
Petr Spacek
pspacek at redhat.com
Thu Sep 4 09:46:47 UTC 2014
On 3.9.2014 16:42, Martin Basti wrote:
> On 02/09/14 17:16, Petr Spacek wrote:
>> On 20.8.2014 19:26, Martin Basti wrote:
>>> Part of DNSSEC
>>> Patches attached.
>>
>> NACK
>>
>> # ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
>> ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS
>> record (RFC 4529, section 4.6)
>>
>> RFC number is incorrect. IMHO it should also reference 'RFC 4035 section 2.4'.
>>
>> Also, there is one hole:
>> Current code allows you to add DS RR to existing NS and then to remove NS.
>>
>> Let me know if adding a check to -del is too hard, maybe we can live without
>> it...
>>
> dnsrecord-del validation added
>
> Updated patch attached
>
> Required in ipa 4.1 but this could be pushed to 4.0.x too
It almost works ... almost. I'm not sure if the problem is in your patch or in
existing code:
[root at vm-035 git]# ipa dnsrecord-add ipa.example ds --ds-rec='1 2 3 4'
Record name: ds
DS record: 1 2 3 4
NS record: vm-035.idm.lab.eng.brq.redhat.com.
[root at vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an NS
record (RFC 4592 section 4.6, RFC 4035 section 2.4)
[root at vm-035 git]# ipa dnsrecord-mod ipa.example ds --ds-rec=
Record name: ds
NS record: vm-035.idm.lab.eng.brq.redhat.com.
[root at vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
ipa: ERROR: an internal error has occurred
# tail /var/log/httpd/error_log
ipa: ERROR: non-public: TypeError: dnsrecord_mod.validate_output() =>
PrimaryKey.validate():
output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type
'list'>: [<DNS name ds>]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348,
in wsgi_execute
result = self.Command[name](*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 451, in
__call__
self.validate_output(ret, options['version'])
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 944, in
validate_output
o.validate(self, value, version)
File "/usr/lib/python2.7/site-packages/ipalib/output.py", line 126, in validate
types[0], type(value), value))
TypeError: dnsrecord_mod.validate_output() => PrimaryKey.validate():
output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type
'list'>: [<DNS name ds>]
ipa: INFO: [jsonserver_session] admin at IPA.EXAMPLE: dnsrecord_mod(<DNS name
ipa.example.>, <DNS name ds>, nsrecord=None, rights=False, structured=False,
all=False, raw=False, version=u'2.102'): TypeError
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list