def _hostname_validator(ugettext, value): try: validate_hostname(value) except ValueError as e: return _('invalid domain-name: %s') % unicode(e) return None
def verify_fqdn(host_name, no_host_dns=False, local_hostname=True): """ Run fqdn checks for given host: - test hostname format - test that hostname is fully qualified - test forward and reverse hostname DNS lookup Raises `BadHostError` or derived Exceptions if there is an error :param host_name: The host name to verify. :param no_host_dns: If true, skip DNS resolution tests of the host name. :param local_hostname: If true, run additional checks for local hostnames """ if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain": raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name) if host_name != host_name.lower(): raise BadHostError("Invalid hostname '%s', must be lower-case." % host_name) if ipautil.valid_ip(host_name): raise BadHostError("IP address not allowed as a hostname") try: # make sure that the host name meets the requirements in ipalib validate_hostname(host_name) except ValueError, e: raise BadHostError("Invalid hostname '%s', %s" % (host_name, unicode(e)))
def validate_radiusserver(ugettext, server): split = server.rsplit(':', 1) server = split[0] if len(split) == 2: try: port = int(split[1]) if (port < 0 or port > 65535): raise ValueError() except ValueError: raise ValidationError(name="ipatokenradiusserver", error=_('invalid port number')) if validate_ipaddr(server): return try: validate_hostname(server, check_fqdn=True, allow_underscore=True) except ValueError as e: raise errors.ValidationError(name="ipatokenradiusserver", error=str(e))
def validate_radiusserver(ugettext, server): split = server.rsplit(':', 1) server = split[0] if len(split) == 2: try: port = int(split[1]) if (port < 0 or port > 65535): raise ValueError() except ValueError: raise ValidationError(name="ipatokenradiusserver", error=_('invalid port number')) if validate_ipaddr(server): return try: validate_hostname(server, check_fqdn=True, allow_underscore=True) except ValueError, e: raise errors.ValidationError(name="ipatokenradiusserver", error=e.message)
def verify_fqdn(host_name, no_host_dns=False, local_hostname=True): """ Run fqdn checks for given host: - test hostname format - test that hostname is fully qualified - test forward and reverse hostname DNS lookup Raises `BadHostError` or derived Exceptions if there is an error :param host_name: The host name to verify. :param no_host_dns: If true, skip DNS resolution tests of the host name. :param local_hostname: If true, run additional checks for local hostnames """ if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain": raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name) if host_name != host_name.lower(): raise BadHostError("Invalid hostname '%s', must be lower-case." % host_name) if ipautil.valid_ip(host_name): raise BadHostError("IP address not allowed as a hostname") try: # make sure that the host name meets the requirements in ipalib validate_hostname(host_name) except ValueError as e: raise BadHostError("Invalid hostname '%s', %s" % (host_name, unicode(e))) if local_hostname: try: logger.debug('Check if %s is a primary hostname for localhost', host_name) ex_name = socket.gethostbyaddr(host_name) logger.debug('Primary hostname for localhost: %s', ex_name[0]) if host_name != ex_name[0]: raise HostLookupError("The host name %s does not match the primary host name %s. "\ "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) except socket.gaierror: pass except socket.error as e: logger.debug( 'socket.gethostbyaddr() error: %d: %s', e.errno, e.strerror) # pylint: disable=no-member if no_host_dns: print("Warning: skipping DNS resolution of host", host_name) return try: logger.debug('Search DNS for %s', host_name) hostaddr = socket.getaddrinfo(host_name, None) except Exception as e: logger.debug('Search failed: %s', e) raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution") if len(hostaddr) == 0: raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution") # Verify this is NOT a CNAME try: logger.debug('Check if %s is not a CNAME', host_name) resolver.query(host_name, rdatatype.CNAME) raise HostReverseLookupError("The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed.") except DNSException: pass # list of verified addresses to prevent multiple searches for the same address verified = set() for a in hostaddr: address = a[4][0] if address in verified: continue if address in ('127.0.0.1', '::1'): raise HostForwardLookupError("The IPA Server hostname must not resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (address, host_name, address)) try: logger.debug('Check reverse address of %s', address) revname = socket.gethostbyaddr(address)[0] except Exception as e: logger.debug('Check failed: %s', e) logger.error( "Unable to resolve the IP address %s to a host name, " "check /etc/hosts and DNS name resolution", address) else: logger.debug('Found reverse name: %s', revname) if revname != host_name: logger.error( "The host name %s does not match the value %s obtained " "by reverse lookup on IP address %s", host_name, revname, address) verified.add(address)
def verify_fqdn(host_name, no_host_dns=False, local_hostname=True): """ Run fqdn checks for given host: - test hostname format - test that hostname is fully qualified - test forward and reverse hostname DNS lookup Raises `BadHostError` or derived Exceptions if there is an error :param host_name: The host name to verify. :param no_host_dns: If true, skip DNS resolution tests of the host name. :param local_hostname: If true, run additional checks for local hostnames """ if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain": raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name) if host_name != host_name.lower(): raise BadHostError("Invalid hostname '%s', must be lower-case." % host_name) if ipautil.valid_ip(host_name): raise BadHostError("IP address not allowed as a hostname") try: # make sure that the host name meets the requirements in ipalib validate_hostname(host_name) except ValueError as e: raise BadHostError("Invalid hostname '%s', %s" % (host_name, unicode(e))) if local_hostname: try: root_logger.debug('Check if %s is a primary hostname for localhost', host_name) ex_name = socket.gethostbyaddr(host_name) root_logger.debug('Primary hostname for localhost: %s', ex_name[0]) if host_name != ex_name[0]: raise HostLookupError("The host name %s does not match the primary host name %s. "\ "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) except socket.gaierror: pass except socket.error as e: root_logger.debug( 'socket.gethostbyaddr() error: %d: %s', e.errno, e.strerror) # pylint: disable=no-member if no_host_dns: print("Warning: skipping DNS resolution of host", host_name) return try: root_logger.debug('Search DNS for %s', host_name) hostaddr = socket.getaddrinfo(host_name, None) except Exception as e: root_logger.debug('Search failed: %s', e) raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution") if len(hostaddr) == 0: raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution") # Verify this is NOT a CNAME try: root_logger.debug('Check if %s is not a CNAME', host_name) resolver.query(host_name, rdatatype.CNAME) raise HostReverseLookupError("The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed.") except DNSException: pass # list of verified addresses to prevent multiple searches for the same address verified = set() for a in hostaddr: address = a[4][0] if address in verified: continue if address == '127.0.0.1' or address == '::1': raise HostForwardLookupError("The IPA Server hostname must not resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (address, host_name, address)) try: root_logger.debug('Check reverse address of %s', address) revname = socket.gethostbyaddr(address)[0] except Exception as e: root_logger.debug('Check failed: %s', e) root_logger.error( "Unable to resolve the IP address %s to a host name, " "check /etc/hosts and DNS name resolution", address) else: root_logger.debug('Found reverse name: %s', revname) if revname != host_name: root_logger.error( "The host name %s does not match the value %s obtained " "by reverse lookup on IP address %s", host_name, revname, address) verified.add(address)