Loopback address, "localhost" and "localnets" ACIs are no longer
an issue for bind-dyndb-ldap. Allow them in our validators.
--
Martin Kosek <mko...@redhat.com>
Senior Software Engineer - Identity Management Team
Red Hat Inc.
>From 74dcac478622c502bab7aef9ba7bade0bd9a704f Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Thu, 6 Sep 2012 11:34:02 +0200
Subject: [PATCH] Allow localhost in zone ACIs
Loopback address, "localhost" and "localnets" ACIs are no longer
an issue for bind-dyndb-ldap. Allow them in our validators.
---
ipalib/plugins/dns.py | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 3987001f06dba1bcc5a311243e4f1fdcf83091c7..e9f8b0cc0103706c5bbf933b14c372c369ff86b2 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -299,18 +299,15 @@ def _validate_bind_aci(ugettext, bind_acis):
bind_acis.pop(-1)
for bind_aci in bind_acis:
- if bind_aci in ("any", "none"):
+ if bind_aci in ("any", "none", "localhost", "localnets"):
continue
- if bind_aci in ("localhost", "localnets"):
- return _('ACL name "%s" is not supported') % bind_aci
-
if bind_aci.startswith('!'):
bind_aci = bind_aci[1:]
try:
ip = CheckedIPAddress(bind_aci, parse_netmask=True,
- allow_network=True)
+ allow_network=True, allow_loopback=True)
except (netaddr.AddrFormatError, ValueError), e:
return unicode(e)
except UnboundLocalError:
@@ -335,7 +332,7 @@ def _normalize_bind_aci(bind_acis):
try:
ip = CheckedIPAddress(bind_aci, parse_netmask=True,
- allow_network=True)
+ allow_network=True, allow_loopback=True)
if '/' in bind_aci: # addr with netmask
netmask = "/%s" % ip.prefixlen
else:
--
1.7.11.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
