[Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct

Adam Tkac atkac at redhat.com
Thu Feb 17 09:20:12 UTC 2011 

On Wed, Feb 16, 2011 at 05:26:55PM +0100, Jan Zeleny wrote:
> Adam Tkac <atkac at redhat.com> wrote:
> > On Wed, Feb 16, 2011 at 10:53:14AM +0100, Jan Zelený wrote:
> > > This patch ensures that PTR records added by FreeIPA are compliant with
> > > RFC.
> > 
> > Nack.
> > 
> > In my opinion the _ptrrecord_pre_callback should also handle PTR records
> > for IPv6 addresses.
> > 
> > You can check validity of IPv6 PTR record this way (pseudocode):
> > 
> > zone.replace(.ip6.arpa., '')
> > if (len(addr.split('.')) + len(zone.split('.')) != 32)
> > 	raise_error
> > 
> > Regards, Adam
> 
> Thanks for the review, I made the changes you suggested. Second patch is in 
> attachment.

Thanks for improvement, now it looks fine for me. Ack.

Regards, Adam

> From a01180772ab9ce9409532892e81f03ea7fc2582a Mon Sep 17 00:00:00 2001
> From: Jan Zeleny <jzeleny at redhat.com>
> Date: Wed, 16 Feb 2011 04:47:36 -0500
> Subject: [PATCH] Validate that the reverse DNS record is correct
> 
> This patch ensures that PTR records added by FreeIPA are compliant with
> RFC.
> 
> https://fedorahosted.org/freeipa/ticket/839
> ---
>  ipalib/plugins/dns.py |   16 ++++++++++++++++
>  1 files changed, 16 insertions(+), 0 deletions(-)
> 
> diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
> index 592945f78c59877fada5fa6c40eee3b1acb564b2..f50dd51f28f0ff59c8d1fe84730de302d9855467 100644
> --- a/ipalib/plugins/dns.py
> +++ b/ipalib/plugins/dns.py
> @@ -619,6 +619,22 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options):
>              is_ns_rec_resolvable(ns)
>          return dn
>  
> +    def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
> +        components = dn.split(',',2)
> +        addr = components[0].split('=')[1]
> +        zone = components[1].split('=')[1]
> +        if zone.find('ip6') != -1:
> +            zone = zone.replace('.ip6.arpa.','')
> +            zone_len = 32
> +        else:
> +            zone = zone.replace('.in-addr.arpa.','')
> +            zone_len = 4
> +
> +        if len(addr.split('.'))+len(zone.split('.')) != zone_len:
> +            raise errors.ValidationError(name='cn', error=unicode('IP address must have exactly '+str(zone_len)+' components'))
> +
> +        return dn
> +
>      def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
>          for rtype in options:
>              rtype_cb = '_%s_pre_callback' % rtype
> -- 
> 1.7.4
> 


-- 
Adam Tkac, Red Hat, Inc.

More information about the Freeipa-devel mailing list