[Freeipa-devel] [PATCHES 0109-0110] DNS: fix DS record validation
Martin Basti
mbasti at redhat.com
Thu Sep 4 11:02:48 UTC 2014
On 04/09/14 11:46, Petr Spacek wrote:
> On 3.9.2014 16:42, Martin Basti wrote:
>> On 02/09/14 17:16, Petr Spacek wrote:
>>> On 20.8.2014 19:26, Martin Basti wrote:
>>>> Part of DNSSEC
>>>> Patches attached.
>>>
>>> NACK
>>>
>>> # ipa dnsrecord-add ipa.example. ds '--ds-rec=1 2 3 4'
>>> ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with
>>> an NS
>>> record (RFC 4529, section 4.6)
>>>
>>> RFC number is incorrect. IMHO it should also reference 'RFC 4035
>>> section 2.4'.
>>>
>>> Also, there is one hole:
>>> Current code allows you to add DS RR to existing NS and then to
>>> remove NS.
>>>
>>> Let me know if adding a check to -del is too hard, maybe we can live
>>> without
>>> it...
>>>
>> dnsrecord-del validation added
>>
>> Updated patch attached
>>
>> Required in ipa 4.1 but this could be pushed to 4.0.x too
>
> It almost works ... almost. I'm not sure if the problem is in your
> patch or in existing code:
>
> [root at vm-035 git]# ipa dnsrecord-add ipa.example ds --ds-rec='1 2 3 4'
> Record name: ds
> DS record: 1 2 3 4
> NS record: vm-035.idm.lab.eng.brq.redhat.com.
>
> [root at vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
> ipa: ERROR: invalid 'dsrecord': DS record requires to coexist with an
> NS record (RFC 4592 section 4.6, RFC 4035 section 2.4)
>
> [root at vm-035 git]# ipa dnsrecord-mod ipa.example ds --ds-rec=
> Record name: ds
> NS record: vm-035.idm.lab.eng.brq.redhat.com.
>
> [root at vm-035 git]# ipa dnsrecord-mod ipa.example ds --ns-rec=
> ipa: ERROR: an internal error has occurred
>
> # tail /var/log/httpd/error_log
>
> ipa: ERROR: non-public: TypeError: dnsrecord_mod.validate_output() =>
> PrimaryKey.validate():
> output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type
> 'list'>: [<DNS name ds>]
> Traceback (most recent call last):
> File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line
> 348, in wsgi_execute
> result = self.Command[name](*args, **options)
> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line
> 451, in __call__
> self.validate_output(ret, options['version'])
> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line
> 944, in validate_output
> o.validate(self, value, version)
> File "/usr/lib/python2.7/site-packages/ipalib/output.py", line 126,
> in validate
> types[0], type(value), value))
> TypeError: dnsrecord_mod.validate_output() => PrimaryKey.validate():
> output['value']: need <class 'ipapython.dnsutil.DNSName'>; got <type
> 'list'>: [<DNS name ds>]
> ipa: INFO: [jsonserver_session] admin at IPA.EXAMPLE: dnsrecord_mod(<DNS
> name ipa.example.>, <DNS name ds>, nsrecord=None, rights=False,
> structured=False, all=False, raw=False, version=u'2.102'): TypeError
>
This bug is not related with the patches.
Error is raised when you try to delete the last record in RRset using
dnsrecord-mod --any-rec=""
--
Martin Basti
More information about the Freeipa-devel
mailing list