[Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct
Adam Tkac
atkac at redhat.com
Wed Feb 16 12:52:02 UTC 2011
On Wed, Feb 16, 2011 at 10:53:14AM +0100, Jan Zelený wrote:
> This patch ensures that PTR records added by FreeIPA are compliant with
> RFC.
Nack.
In my opinion the _ptrrecord_pre_callback should also handle PTR records
for IPv6 addresses.
You can check validity of IPv6 PTR record this way (pseudocode):
zone.replace(.ip6.arpa., '')
if (len(addr.split('.')) + len(zone.split('.')) != 32)
raise_error
Regards, Adam
> From 4d2b3200920c90884ddf5a2d5ae784bbe35b41d1 Mon Sep 17 00:00:00 2001
> From: Jan Zeleny <jzeleny at redhat.com>
> Date: Wed, 16 Feb 2011 04:47:36 -0500
> Subject: [PATCH] Validate that the reverse DNS record is correct
>
> This patch ensures that PTR records added by FreeIPA are compliant with
> RFC.
>
> https://fedorahosted.org/freeipa/ticket/839
> ---
> ipalib/plugins/dns.py | 10 ++++++++++
> 1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
> index 592945f78c59877fada5fa6c40eee3b1acb564b2..e764d6f558a6ecb0d7b732a1e51b1755beb4f7f4 100644
> --- a/ipalib/plugins/dns.py
> +++ b/ipalib/plugins/dns.py
> @@ -619,6 +619,16 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options):
> is_ns_rec_resolvable(ns)
> return dn
>
> + def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
> + components = dn.split(',',2)
> + addr = components[0].split('=')[1]
> + zone = components[1].split('=')[1].replace('.in-addr.arpa.','')
> +
> + if len(addr.split('.'))+len(zone.split('.')) != 4:
> + raise errors.ValidationError(name='idnsname', error=u'reversed IP address must have exactly four components')
> +
> + return dn
> +
> def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
> for rtype in options:
> rtype_cb = '_%s_pre_callback' % rtype
> --
> 1.7.4
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Adam Tkac, Red Hat, Inc.
More information about the Freeipa-devel
mailing list