Hello, replica-install: Compare domain names as DNS names and not strings
This fixes false possitive where user inputs "example.com" and "EXAMPLE.COM" were not considered equivalent and installation was wrongly refused. https://fedorahosted.org/freeipa/ticket/5976 -- Petr^2 Spacek
From 1eb9dddf141814e9b10aabf70d8970ae312db849 Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Thu, 23 Jun 2016 18:30:39 +0200 Subject: [PATCH] replica-install: Compare domain names as DNS names and not strings This fixes false possitive where user inputs "example.com" and "EXAMPLE.COM" were not considered equivalent and installation was wrongly refused. https://fedorahosted.org/freeipa/ticket/5976 --- ipaserver/install/server/replicainstall.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 52b2ea5b0691cd99c6cb566af5a15af3b2dffb14..9b31f926e3be78017c7b178f099332910d34ba5c 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -6,7 +6,6 @@ from __future__ import print_function import collections import dns.exception as dnsexception -import dns.name as dnsname import dns.resolver as dnsresolver import dns.reversename as dnsreversename import os @@ -19,6 +18,7 @@ import six from ipapython import ipaldap, ipautil, sysrestore from ipapython.dn import DN +from ipapython.dnsutil import DNSName from ipapython.install.common import step from ipapython.install.core import Knob from ipapython.ipa_log_manager import root_logger @@ -304,7 +304,7 @@ def check_dns_resolution(host_name, dns_servers): address, host_name) no_errors = False else: - host_name_obj = dnsname.from_text(host_name) + host_name_obj = DNSName(host_name).make_absolute() if rrset: names = [r.target.to_text() for r in rrset] else: @@ -949,7 +949,8 @@ def promotion_check_ipa_domain(master_ldap_conn, basedn): domains=u', '.join(entry['associatedDomain']) )) - if entry['associatedDomain'][0] != api.env.domain: + if (DNSName(entry['associatedDomain'][0]) + != DNSName.from_text(api.env.domain)): raise RuntimeError( "Cannot promote this client to a replica. Local domain " "'{local}' does not match IPA domain '{ipadomain}'. ".format( -- 2.7.4
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
