Fix for #2591: Use host for SASL and SMTP domain validation

* Replace nslookup with host so dnsutils is not required (fix for #2591). * Instead of using return code, inspect output of host command, which should have something like: smtp.gmail.com has address 209.85.232.109 if successful.
freedomofpress · Nov 27, 2017 · 498aa89 · 498aa89
1 parent a2df1a3
commit 498aa89
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/install_files/ansible-base/roles/validate/tasks/validate_ossec_info.yml b/install_files/ansible-base/roles/validate/tasks/validate_ossec_info.yml
@@ -49,23 +49,24 @@
   set_fact:
     _smtp_hostname_query_command: >-
       {% if ansible_lsb.id == "Tails" -%}torify {% endif %}
-      nslookup -vc -retry=3 -timeout=10 -fail {{ smtp_relay }} 8.8.8.8
+      host -W=10 {{ smtp_relay }}
     _sasl_hostname_query_command: >-
       {% if ansible_lsb.id == "Tails" %}torify {% endif %}
-      nslookup -vc -retry=3 -timeout=10 -fail {{ sasl_domain }} 8.8.8.8
+      host -W=10 {{ sasl_domain }}
 
 - name: Perform SMTP lookup check.
   command: "{{ _smtp_hostname_query_command }}"
   changed_when: false
   register: smtp_validate_result
-  # We'll inspect return code in subsequent task to provide an informative
-  # failure message.
+  # We'll inspect the output of this command in the next task to see if
+  # an address was found.
   ignore_errors: yes
+  retries: 3
 
 - name: Validate SMTP relay connection.
   assert:
     that:
-      - "{{ smtp_validate_result.rc == 0 }}"
+      - "'has address' in smtp_validate_result.stdout"
     msg: >-
       The SMTP relay domain failed during lookup. This domain
       is the server contacted for authentication in order to send
@@ -77,14 +78,15 @@
   command: "{{ _sasl_hostname_query_command }}"
   register: sasl_validate_result
   changed_when: false
-  # We'll inspect return code in subsequent task to provide an informative
-  # failure message.
+  # We'll inspect the output of this command in the next task to see if
+  # an address was found.
   ignore_errors: yes
+  retries: 3
 
 - name: Validate SASL domain.
   assert:
     that:
-      - "{{ sasl_validate_result.rc == 0 }}"
+      - "'has address' in sasl_validate_result.stdout"
     msg: >-
       The SASL domain failed during lookup. This is typically the
       portion of the email address after the '@' symbol, although