def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) associateddomain = entry_attrs.get('associateddomain') add_domain = entry_attrs.get('add_domain') del_domain = entry_attrs.get('del_domain') force = options.get('force') if associateddomain: if add_domain or del_domain: raise errors.MutuallyExclusiveError(reason=_( "you cannot specify the --domain option together with --add-domain or --del-domain" )) if get_domain_name() not in associateddomain: raise errors.ValidationError( name='domain', error=_("cannot delete domain of IPA server")) if not force: bad_domains = [ d for d in associateddomain if not has_soa_or_ns_record(d) ] if bad_domains: bad_domains = ', '.join(bad_domains) raise errors.ValidationError( name='domain', error=_("no SOA or NS records found for domains: %s" % bad_domains)) return dn # If --add-domain or --del-domain options were provided, read # the curent list from LDAP, modify it, and write the changes back domains = ldap.get_entry(dn)['associateddomain'] if add_domain: if not force and not has_soa_or_ns_record(add_domain): raise errors.ValidationError( name='add_domain', error=_("no SOA or NS records found for domain %s" % add_domain)) del entry_attrs['add_domain'] domains.append(add_domain) if del_domain: if del_domain == get_domain_name(): raise errors.ValidationError( name='del_domain', error=_("cannot delete domain of IPA server")) del entry_attrs['del_domain'] try: domains.remove(del_domain) except ValueError: raise errors.AttrValueNotFound(attr='associateddomain', value=del_domain) entry_attrs['associateddomain'] = domains return dn
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) associateddomain = entry_attrs.get('associateddomain') add_domain = entry_attrs.get('add_domain') del_domain = entry_attrs.get('del_domain') force = options.get('force') if associateddomain: if add_domain or del_domain: raise errors.MutuallyExclusiveError(reason=_("you cannot specify the --domain option together with --add-domain or --del-domain")) if get_domain_name() not in associateddomain: raise errors.ValidationError(name='domain', error=_("cannot delete domain of IPA server")) if not force: bad_domains = [d for d in associateddomain if not has_soa_or_ns_record(d)] if bad_domains: bad_domains = ', '.join(bad_domains) raise errors.ValidationError(name='domain', error=_("no SOA or NS records found for domains: %s" % bad_domains)) return dn # If --add-domain or --del-domain options were provided, read # the curent list from LDAP, modify it, and write the changes back domains = ldap.get_entry(dn)['associateddomain'] if add_domain: if not force and not has_soa_or_ns_record(add_domain): raise errors.ValidationError(name='add_domain', error=_("no SOA or NS records found for domain %s" % add_domain)) del entry_attrs['add_domain'] domains.append(add_domain) if del_domain: if del_domain == get_domain_name(): raise errors.ValidationError(name='del_domain', error=_("cannot delete domain of IPA server")) del entry_attrs['del_domain'] try: domains.remove(del_domain) except ValueError: raise errors.AttrValueNotFound(attr='associateddomain', value=del_domain) entry_attrs['associateddomain'] = domains return dn
def validate_domains(self, domains, force): """ Validates the list of domains as candidates for additions to the realmdomains list. Requirements: - Each domain has SOA or NS record - Each domain belongs to the current realm """ # Unless forced, check that each domain has SOA or NS records if not force: invalid_domains = [ d for d in domains if not has_soa_or_ns_record(d) ] if invalid_domains: raise errors.ValidationError( name='domain', error=_("DNS zone for each realmdomain must contain " "SOA or NS records. No records found for: %s") % ','.join(invalid_domains)) # Check realm alliegence for each domain domains_with_realm = [(domain, detect_dns_zone_realm_type(self.api, domain)) for domain in domains] foreign_domains = [ domain for domain, realm in domains_with_realm if realm == 'foreign' ] unknown_domains = [ domain for domain, realm in domains_with_realm if realm == 'unknown' ] # If there are any foreing realm domains, bail out if foreign_domains: raise errors.ValidationError( name='domain', error=_('The following domains do not belong ' 'to this realm: %(domains)s') % dict(domains=','.join(foreign_domains))) # If there are any unknown domains, error out, # asking for _kerberos TXT records # Note: This can be forced, since realmdomains-mod # is called from dnszone-add where we know that # the domain being added belongs to our realm if not force and unknown_domains: raise errors.ValidationError( name='domain', error=_('The realm of the following domains could ' 'not be detected: %(domains)s. If these are ' 'domains that belong to the this realm, please ' 'create a _kerberos TXT record containing "%(realm)s" ' 'in each of them.') % dict(domains=','.join(unknown_domains), realm=self.api.env.realm))
def validate_domains(self, domains, force): """ Validates the list of domains as candidates for additions to the realmdomains list. Requirements: - Each domain has SOA or NS record - Each domain belongs to the current realm """ # Unless forced, check that each domain has SOA or NS records if not force: invalid_domains = [ d for d in domains if not has_soa_or_ns_record(d) ] if invalid_domains: raise errors.ValidationError( name='domain', error= _( "DNS zone for each realmdomain must contain " "SOA or NS records. No records found for: %s" ) % ','.join(invalid_domains) ) # Check realm alliegence for each domain domains_with_realm = [ (domain, detect_dns_zone_realm_type(self.api, domain)) for domain in domains ] foreign_domains = [ domain for domain, realm in domains_with_realm if realm == 'foreign' ] unknown_domains = [ domain for domain, realm in domains_with_realm if realm == 'unknown' ] # If there are any foreing realm domains, bail out if foreign_domains: raise errors.ValidationError( name='domain', error=_( 'The following domains do not belong ' 'to this realm: %(domains)s' ) % dict(domains=','.join(foreign_domains)) ) # If there are any unknown domains, error out, # asking for _kerberos TXT records # Note: This can be forced, since realmdomains-mod # is called from dnszone-add where we know that # the domain being added belongs to our realm if not force and unknown_domains: raise errors.ValidationError( name='domain', error=_( 'The realm of the following domains could ' 'not be detected: %(domains)s. If these are ' 'domains that belong to the this realm, please ' 'create a _kerberos TXT record containing "%(realm)s" ' 'in each of them.' ) % dict(domains=','.join(unknown_domains), realm=self.api.env.realm) )