def get_url_list(self, xmlrpc_uri):
"""
Create a list of urls consisting of the available IPA servers.
"""
# the configured URL defines what we use for the discovered servers
(scheme, netloc, path, params, query,
fragment) = urlparse.urlparse(xmlrpc_uri)
servers = []
name = '_ldap._tcp.%s.' % self.env.domain
rs = dnsclient.query(name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV)
for r in rs:
if r.dns_type == dnsclient.DNS_T_SRV:
rsrv = r.rdata.server.rstrip('.')
servers.append('https://%s%s' %
(ipautil.format_netloc(rsrv), path))
servers = list(set(servers))
# the list/set conversion won't preserve order so stick in the
# local config file version here.
cfg_server = xmlrpc_uri
if cfg_server in servers:
# make sure the configured master server is there just once and
# it is the first one
servers.remove(cfg_server)
servers.insert(0, cfg_server)
else:
servers.insert(0, cfg_server)
return servers
def get_url_list(self, xmlrpc_uri):
"""
Create a list of urls consisting of the available IPA servers.
"""
# the configured URL defines what we use for the discovered servers
(scheme, netloc, path, params, query, fragment) = urlparse.urlparse(xmlrpc_uri)
servers = []
name = '_ldap._tcp.%s.' % self.env.domain
rs = dnsclient.query(name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV)
for r in rs:
if r.dns_type == dnsclient.DNS_T_SRV:
rsrv = r.rdata.server.rstrip('.')
servers.append('https://%s%s' % (ipautil.format_netloc(rsrv), path))
servers = list(set(servers))
# the list/set conversion won't preserve order so stick in the
# local config file version here.
cfg_server = xmlrpc_uri
if cfg_server in servers:
# make sure the configured master server is there just once and
# it is the first one
servers.remove(cfg_server)
servers.insert(0, cfg_server)
else:
servers.insert(0, cfg_server)
return servers
def is_host_resolvable(fqdn):
if not fqdn.endswith('.'):
fqdn = fqdn + '.'
for rdtype in (dnsclient.DNS_T_A, dnsclient.DNS_T_AAAA):
rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, rdtype)
if len([ rec for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA ]) > 0:
return True
return False
def is_host_resolvable(fqdn):
if not fqdn.endswith('.'):
fqdn = fqdn + '.'
for rdtype in (dnsclient.DNS_T_A, dnsclient.DNS_T_AAAA):
rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, rdtype)
if len([rec
for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA]) > 0:
return True
return False
def validate_host_dns(log, fqdn):
"""
See if the hostname has a DNS A record.
"""
if not fqdn.endswith('.'):
fqdn += '.'
rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
if len(rs) == 0:
log.debug('IPA: DNS A record lookup failed for %s' % fqdn)
raise errors.DNSNotARecordError()
else:
log.debug('IPA: found %d records for %s' % (len(rs), fqdn))
def ipadns_search_srv(self,
domain,
srv_record_name,
default_port,
break_on_first=True):
"""
Search for SRV records in given domain. When no record is found,
en empty list is returned
:param domain: Search domain name
:param srv_record_name: SRV record name, e.g. "_ldap._tcp"
:param default_port: When default_port is not None, it is being
checked with the port in SRV record and if they don't
match, the port from SRV record is appended to
found hostname in this format: "hostname:port"
:param break_on_first: break on the first find and return just one
entry
"""
servers = []
qname = '%s.%s' % (srv_record_name, domain)
if not qname.endswith("."):
qname += "."
root_logger.debug("Search DNS for SRV record of %s", qname)
results = dnsclient.query(qname, dnsclient.DNS_C_IN,
dnsclient.DNS_T_SRV)
if not results:
root_logger.debug("No DNS record found")
for result in results:
if result.dns_type == dnsclient.DNS_T_SRV:
root_logger.debug("DNS record found: %s", result)
server = result.rdata.server.rstrip(".")
if not server:
root_logger.debug(
"Cannot parse the hostname from SRV record: %s",
result)
continue
if default_port is not None and \
result.rdata.port and result.rdata.port != default_port:
server = "%s:%s" % (server, result.rdata.port)
servers.append(server)
if break_on_first:
break
return servers
def validate_host_dns(log, fqdn):
"""
See if the hostname has a DNS A record.
"""
if not fqdn.endswith('.'):
fqdn += '.'
rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
if len(rs) == 0:
log.debug(
'IPA: DNS A record lookup failed for %s' % fqdn
)
raise errors.DNSNotARecordError()
else:
log.debug(
'IPA: found %d records for %s' % (len(rs), fqdn)
)
def ipadns_search_srv(self, domain, srv_record_name, default_port,
break_on_first=True):
"""
Search for SRV records in given domain. When no record is found,
en empty list is returned
:param domain: Search domain name
:param srv_record_name: SRV record name, e.g. "_ldap._tcp"
:param default_port: When default_port is not None, it is being
checked with the port in SRV record and if they don't
match, the port from SRV record is appended to
found hostname in this format: "hostname:port"
:param break_on_first: break on the first find and return just one
entry
"""
servers = []
qname = '%s.%s' % (srv_record_name, domain)
if not qname.endswith("."):
qname += "."
root_logger.debug("Search DNS for SRV record of %s", qname)
results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV)
if not results:
root_logger.debug("No DNS record found")
for result in results:
if result.dns_type == dnsclient.DNS_T_SRV:
root_logger.debug("DNS record found: %s", result)
server = result.rdata.server.rstrip(".")
if not server:
root_logger.debug("Cannot parse the hostname from SRV record: %s", result)
continue
if default_port is not None and \
result.rdata.port and result.rdata.port != default_port:
server = "%s:%s" % (server, result.rdata.port)
servers.append(server)
if break_on_first:
break
return servers
def ipadnssearchkrb(self, tdomain):
realm = None
kdc = None
# now, check for a Kerberos realm the local host or domain is in
qname = "_kerberos." + tdomain
if not qname.endswith("."):
qname += "."
root_logger.debug("Search DNS for TXT record of %s", qname)
results = dnsclient.query(qname, dnsclient.DNS_C_IN,
dnsclient.DNS_T_TXT)
if not results:
root_logger.debug("No DNS record found")
for result in results:
if result.dns_type == dnsclient.DNS_T_TXT:
root_logger.debug("DNS record found: %s", result)
if result.rdata.data:
realm = result.rdata.data
if realm:
break
if realm:
# now fetch server information for the realm
domain = realm.lower()
kdc = self.ipadns_search_srv(domain,
'_kerberos._udp',
88,
break_on_first=False)
if kdc:
kdc = ','.join(kdc)
else:
root_logger.debug(
"SRV record for KDC not found! Realm: %s, SRV record: %s" %
(realm, qname))
kdc = None
return realm, kdc
def ipadnssearchkrb(self, tdomain):
realm = None
kdc = None
# now, check for a Kerberos realm the local host or domain is in
qname = "_kerberos." + tdomain
if not qname.endswith("."):
qname += "."
root_logger.debug("Search DNS for TXT record of %s", qname)
results = dnsclient.query(qname, dnsclient.DNS_C_IN, dnsclient.DNS_T_TXT)
if not results:
root_logger.debug("No DNS record found")
for result in results:
if result.dns_type == dnsclient.DNS_T_TXT:
root_logger.debug("DNS record found: %s", result)
if result.rdata.data:
realm = result.rdata.data
if realm:
break
if realm:
# now fetch server information for the realm
domain = realm.lower()
kdc = self.ipadns_search_srv(domain, '_kerberos._udp', 88,
break_on_first=False)
if kdc:
kdc = ','.join(kdc)
else:
root_logger.debug("SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname))
kdc = None
return realm, kdc
finddc_error = e
info = dict()
info['auth'] = self._domains[domain][2]
servers = []
if result:
info['name'] = unicode(result.domain_name)
info['dns_domain'] = unicode(result.dns_domain)
servers = [(unicode(result.pdc_dns_name), 3268)]
else:
info['name'] = self._domains[domain]
info['dns_domain'] = domain
# Retrieve GC servers list
gc_name = '_gc._tcp.%s.' % info['dns_domain']
results = dnsclient.query(gc_name, dnsclient.DNS_C_IN,
dnsclient.DNS_T_SRV)
for result in results:
if result.dns_type == dnsclient.DNS_T_SRV:
server = result.rdata.server.rstrip(".")
if not server:
continue
try:
port = int(result.rdata.port)
except ValueError:
# invalid port number, should not happen
continue
servers.append((server, port))
info['gc'] = servers
# Both methods should not fail at the same time
finddc_error = e
info = dict()
info['auth'] = self._domains[domain][2]
servers = []
if result:
info['name'] = unicode(result.domain_name)
info['dns_domain'] = unicode(result.dns_domain)
servers = [(unicode(result.pdc_dns_name), 3268)]
else:
info['name'] = self._domains[domain]
info['dns_domain'] = domain
# Retrieve GC servers list
gc_name = '_gc._tcp.%s.' % info['dns_domain']
results = dnsclient.query(gc_name, dnsclient.DNS_C_IN, dnsclient.DNS_T_SRV)
for result in results:
if result.dns_type == dnsclient.DNS_T_SRV:
server = result.rdata.server.rstrip(".")
if not server:
continue
try:
port = int(result.rdata.port)
except ValueError:
# invalid port number, should not happen
continue
servers.append((server, port))
info['gc'] = servers
# Both methods should not fail at the same time
try:
root_logger.debug('Search DNS for %s', host_name)
hostaddr = socket.getaddrinfo(host_name, None)
except Exception, e:
root_logger.debug('Search failed: %s', e)
raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution")
if len(hostaddr) == 0:
raise HostForwardLookupError("Unable to resolve host name, check /etc/hosts or DNS name resolution")
# Verify this is NOT a CNAME
cname_hostname = host_name
if not cname_hostname.endswith('.'):
cname_hostname += '.'
root_logger.debug('Check if %s is not a CNAME', cname_hostname)
rs = dnsclient.query(cname_hostname, dnsclient.DNS_C_IN, dnsclient.DNS_T_CNAME)
for rsn in rs:
if rsn.dns_type == dnsclient.DNS_T_CNAME:
raise HostReverseLookupError("The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed.")
# list of verified addresses to prevent multiple searches for the same address
verified = set()
for a in hostaddr:
address = a[4][0]
if address in verified:
continue
if address == '127.0.0.1' or address == '::1':
raise HostForwardLookupError("The IPA Server hostname must not resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (address, host_name, address))
try:
root_logger.debug('Check reverse address of %s', address)
revname = socket.gethostbyaddr(address)[0]
root_logger.debug('Search failed: %s', e)
raise HostForwardLookupError(
"Unable to resolve host name, check /etc/hosts or DNS name resolution"
)
if len(hostaddr) == 0:
raise HostForwardLookupError(
"Unable to resolve host name, check /etc/hosts or DNS name resolution"
)
# Verify this is NOT a CNAME
cname_hostname = host_name
if not cname_hostname.endswith('.'):
cname_hostname += '.'
root_logger.debug('Check if %s is not a CNAME', cname_hostname)
rs = dnsclient.query(cname_hostname, dnsclient.DNS_C_IN,
dnsclient.DNS_T_CNAME)
for rsn in rs:
if rsn.dns_type == dnsclient.DNS_T_CNAME:
raise HostReverseLookupError(
"The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed."
)
# list of verified addresses to prevent multiple searches for the same address
verified = set()
for a in hostaddr:
address = a[4][0]
if address in verified:
continue
if address == '127.0.0.1' or address == '::1':
raise HostForwardLookupError(
"The IPA Server hostname must not resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s"
