[Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct
Rob Crittenden
rcritten at redhat.com
Thu Feb 17 21:10:22 UTC 2011
Adam Tkac wrote:
> On Wed, Feb 16, 2011 at 05:26:55PM +0100, Jan Zeleny wrote:
>> Adam Tkac<atkac at redhat.com> wrote:
>>> On Wed, Feb 16, 2011 at 10:53:14AM +0100, Jan Zelený wrote:
>>>> This patch ensures that PTR records added by FreeIPA are compliant with
>>>> RFC.
>>>
>>> Nack.
>>>
>>> In my opinion the _ptrrecord_pre_callback should also handle PTR records
>>> for IPv6 addresses.
>>>
>>> You can check validity of IPv6 PTR record this way (pseudocode):
>>>
>>> zone.replace(.ip6.arpa., '')
>>> if (len(addr.split('.')) + len(zone.split('.')) != 32)
>>> raise_error
>>>
>>> Regards, Adam
>>
>> Thanks for the review, I made the changes you suggested. Second patch is in
>> attachment.
>
> Thanks for improvement, now it looks fine for me. Ack.
>
> Regards, Adam
>
>> From a01180772ab9ce9409532892e81f03ea7fc2582a Mon Sep 17 00:00:00 2001
>> From: Jan Zeleny<jzeleny at redhat.com>
>> Date: Wed, 16 Feb 2011 04:47:36 -0500
>> Subject: [PATCH] Validate that the reverse DNS record is correct
>>
>> This patch ensures that PTR records added by FreeIPA are compliant with
>> RFC.
>>
>> https://fedorahosted.org/freeipa/ticket/839
>> ---
>> ipalib/plugins/dns.py | 16 ++++++++++++++++
>> 1 files changed, 16 insertions(+), 0 deletions(-)
>>
>> diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
>> index 592945f78c59877fada5fa6c40eee3b1acb564b2..f50dd51f28f0ff59c8d1fe84730de302d9855467 100644
>> --- a/ipalib/plugins/dns.py
>> +++ b/ipalib/plugins/dns.py
>> @@ -619,6 +619,22 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options):
>> is_ns_rec_resolvable(ns)
>> return dn
>>
>> + def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
>> + components = dn.split(',',2)
>> + addr = components[0].split('=')[1]
>> + zone = components[1].split('=')[1]
>> + if zone.find('ip6') != -1:
>> + zone = zone.replace('.ip6.arpa.','')
>> + zone_len = 32
>> + else:
>> + zone = zone.replace('.in-addr.arpa.','')
>> + zone_len = 4
>> +
>> + if len(addr.split('.'))+len(zone.split('.')) != zone_len:
>> + raise errors.ValidationError(name='cn', error=unicode('IP address must have exactly '+str(zone_len)+' components'))
>> +
>> + return dn
>> +
>> def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
>> for rtype in options:
>> rtype_cb = '_%s_pre_callback' % rtype
>> --
>> 1.7.4
>>
>
>
ack as well
pushed to master
More information about the Freeipa-devel
mailing list