def get_url_list(self, xmlrpc_uri): """ Create a list of urls consisting of the available IPA servers. """ # the configured URL defines what we use for the discovered servers (scheme, netloc, path, params, query, fragment) = urlparse.urlparse(xmlrpc_uri) servers = [] name = '_ldap._tcp.%s.' % self.env.domain rs = dnsclient.query(name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV) for r in rs: if r.dns_type == dnsclient.DNS_T_SRV: rsrv = r.rdata.server.rstrip('.') servers.append('https://%s%s' % (ipautil.format_netloc(rsrv), path)) servers = list(set(servers)) # the list/set conversion won't preserve order so stick in the # local config file version here. cfg_server = xmlrpc_uri if cfg_server in servers: # make sure the configured master server is there just once and # it is the first one servers.remove(cfg_server) servers.insert(0, cfg_server) else: servers.insert(0, cfg_server) return servers
def is_host_resolvable(fqdn): if not fqdn.endswith('.'): fqdn = fqdn + '.' for rdtype in (dnsclient.DNS_T_A, dnsclient.DNS_T_AAAA): rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, rdtype) if len([ rec for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA ]) > 0: return True return False
def is_host_resolvable(fqdn): if not fqdn.endswith('.'): fqdn = fqdn + '.' for rdtype in (dnsclient.DNS_T_A, dnsclient.DNS_T_AAAA): rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, rdtype) if len([rec for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA]) > 0: return True return False
def validate_host_dns(log, fqdn): """ See if the hostname has a DNS A record. """ if not fqdn.endswith('.'): fqdn += '.' rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, dnsclient.DNS_T_A) if len(rs) == 0: log.debug('IPA: DNS A record lookup failed for %s' % fqdn) raise errors.DNSNotARecordError() else: log.debug('IPA: found %d records for %s' % (len(rs), fqdn))
def ipadns_search_srv(self, domain, srv_record_name, default_port, break_on_first=True): """ Search for SRV records in given domain. When no record is found, en empty list is returned :param domain: Search domain name :param srv_record_name: SRV record name, e.g. "_ldap._tcp" :param default_port: When default_port is not None, it is being checked with the port in SRV record and if they don't match, the port from SRV record is appended to found hostname in this format: "hostname:port" :param break_on_first: break on the first find and return just one entry """ servers = [] qname = '%s.%s' % (srv_record_name, domain) if not qname.endswith("."): qname += "." root_logger.debug("Search DNS for SRV record of %s", qname) results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV) if not results: root_logger.debug("No DNS record found") for result in results: if result.dns_type == dnsclient.DNS_T_SRV: root_logger.debug("DNS record found: %s", result) server = result.rdata.server.rstrip(".") if not server: root_logger.debug( "Cannot parse the hostname from SRV record: %s", result) continue if default_port is not None and \ result.rdata.port and result.rdata.port != default_port: server = "%s:%s" % (server, result.rdata.port) servers.append(server) if break_on_first: break return servers
def validate_host_dns(log, fqdn): """ See if the hostname has a DNS A record. """ if not fqdn.endswith('.'): fqdn += '.' rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, dnsclient.DNS_T_A) if len(rs) == 0: log.debug( 'IPA: DNS A record lookup failed for %s' % fqdn ) raise errors.DNSNotARecordError() else: log.debug( 'IPA: found %d records for %s' % (len(rs), fqdn) )
def ipadns_search_srv(self, domain, srv_record_name, default_port, break_on_first=True): """ Search for SRV records in given domain. When no record is found, en empty list is returned :param domain: Search domain name :param srv_record_name: SRV record name, e.g. "_ldap._tcp" :param default_port: When default_port is not None, it is being checked with the port in SRV record and if they don't match, the port from SRV record is appended to found hostname in this format: "hostname:port" :param break_on_first: break on the first find and return just one entry """ servers = [] qname = '%s.%s' % (srv_record_name, domain) if not qname.endswith("."): qname += "." root_logger.debug("Search DNS for SRV record of %s", qname) results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV) if not results: root_logger.debug("No DNS record found") for result in results: if result.dns_type == dnsclient.DNS_T_SRV: root_logger.debug("DNS record found: %s", result) server = result.rdata.server.rstrip(".") if not server: root_logger.debug("Cannot parse the hostname from SRV record: %s", result) continue if default_port is not None and \ result.rdata.port and result.rdata.port != default_port: server = "%s:%s" % (server, result.rdata.port) servers.append(server) if break_on_first: break return servers
def ipadnssearchkrb(self, tdomain): realm = None kdc = None # now, check for a Kerberos realm the local host or domain is in qname = "_kerberos." + tdomain if not qname.endswith("."): qname += "." root_logger.debug("Search DNS for TXT record of %s", qname) results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_TXT) if not results: root_logger.debug("No DNS record found") for result in results: if result.dns_type == dnsclient.DNS_T_TXT: root_logger.debug("DNS record found: %s", result) if result.rdata.data: realm = result.rdata.data if realm: break if realm: # now fetch server information for the realm domain = realm.lower() kdc = self.ipadns_search_srv(domain, '_kerberos._udp', 88, break_on_first=False) if kdc: kdc = ','.join(kdc) else: root_logger.debug( "SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname)) kdc = None return realm, kdc
def ipadnssearchkrb(self, tdomain): realm = None kdc = None # now, check for a Kerberos realm the local host or domain is in qname = "_kerberos." + tdomain if not qname.endswith("."): qname += "." root_logger.debug("Search DNS for TXT record of %s", qname) results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_TXT) if not results: root_logger.debug("No DNS record found") for result in results: if result.dns_type == dnsclient.DNS_T_TXT: root_logger.debug("DNS record found: %s", result) if result.rdata.data: realm = result.rdata.data if realm: break if realm: # now fetch server information for the realm domain = realm.lower() kdc = self.ipadns_search_srv(domain, '_kerberos._udp', 88, break_on_first=False) if kdc: kdc = ','.join(kdc) else: root_logger.debug("SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname)) kdc = None return realm, kdc
finddc_error = e info = dict() info['auth'] = self._domains[domain][2] servers = [] if result: info['name'] = unicode(result.domain_name) info['dns_domain'] = unicode(result.dns_domain) servers = [(unicode(result.pdc_dns_name), 3268)] else: info['name'] = self._domains[domain] info['dns_domain'] = domain # Retrieve GC servers list gc_name = '_gc._tcp.%s.' % info['dns_domain'] results = dnsclient.query(gc_name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV) for result in results: if result.dns_type == dnsclient.DNS_T_SRV: server = result.rdata.server.rstrip(".") if not server: continue try: port = int(result.rdata.port) except ValueError: # invalid port number, should not happen continue servers.append((server, port)) info['gc'] = servers # Both methods should not fail at the same time
try: root_logger.debug('Search DNS for %s', host_name) hostaddr = socket.getaddrinfo(host_name, None) except Exception, e: root_logger.debug('Search failed: %s', e) raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution") if len(hostaddr) == 0: raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution") # Verify this is NOT a CNAME cname_hostname = host_name if not cname_hostname.endswith('.'): cname_hostname += '.' root_logger.debug('Check if %s is not a CNAME', cname_hostname) rs = dnsclient.query(cname_hostname, dnsclient.DNS_C_IN, dnsclient.DNS_T_CNAME) for rsn in rs: if rsn.dns_type == dnsclient.DNS_T_CNAME: raise HostReverseLookupError("The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed.") # list of verified addresses to prevent multiple searches for the same address verified = set() for a in hostaddr: address = a[4][0] if address in verified: continue if address == '127.0.0.1' or address == '::1': raise HostForwardLookupError("The IPA Server hostname must not resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (address, host_name, address)) try: root_logger.debug('Check reverse address of %s', address) revname = socket.gethostbyaddr(address)[0]
root_logger.debug('Search failed: %s', e) raise HostForwardLookupError( "Unable to resolve host name, check /etc/hosts or DNS name resolution" ) if len(hostaddr) == 0: raise HostForwardLookupError( "Unable to resolve host name, check /etc/hosts or DNS name resolution" ) # Verify this is NOT a CNAME cname_hostname = host_name if not cname_hostname.endswith('.'): cname_hostname += '.' root_logger.debug('Check if %s is not a CNAME', cname_hostname) rs = dnsclient.query(cname_hostname, dnsclient.DNS_C_IN, dnsclient.DNS_T_CNAME) for rsn in rs: if rsn.dns_type == dnsclient.DNS_T_CNAME: raise HostReverseLookupError( "The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed." ) # list of verified addresses to prevent multiple searches for the same address verified = set() for a in hostaddr: address = a[4][0] if address in verified: continue if address == '127.0.0.1' or address == '::1': raise HostForwardLookupError( "The IPA Server hostname must not resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s"