Fix handling of forwarders addresses with custom port.

When setting a DNS forwarder, IPA allows the use of a custom port using the format '<ip> port <port>', and this configuration is validated with dnspython to ensure the forwarder is resolvable. Starting with dnspython 2.2.0 the Resolver.nameservers property, used to resolve the forwarders IP address, validates the IP address when the value is assigned to property, and as the forwarder format is not an IP address, it fails and a ValueError exception is raised. Modifying the way forwarders are handled when validating them prevents the exception to be raised, and test for the correct port. Fixes: https://pagure.io/freeipa/issue/9158 Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
freeipa · May 25, 2022 · af65a3e · af65a3e
1 parent 7487d64
commit af65a3e
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/ipalib/util.py b/ipalib/util.py
@@ -801,7 +801,15 @@ def _resolve_record(owner, rtype, nameserver_ip=None, edns0=False,
 
     res = DNSResolver()
     if nameserver_ip:
+        # When validating forwarders, nameserver_ip takes the format
+        # '<ip> port <port>', which is not a vaild IP address. In this
+        # case, split the string and add the IP part to res.nameservers,
+        # and the ip:port pair to res.nameserver_ports dict.
+        nameserver_ip = re.sub(r'\s+', ' ', nameserver_ip.strip())
+        nameserver_ip, *port = nameserver_ip.split(" port ")
         res.nameservers = [nameserver_ip]
+        if port:
+            res.nameserver_ports = {nameserver_ip: int(*port)}
     res.lifetime = timeout
 
     # Recursion Desired,