Current PTR validation is unclear and may misled the user. This
patch improves the validation process so that the eventual exception
is clearer. New check that the PTR record is fully qualified has
been added to ensure that the reverse zone resolution behaves as
expected.

Additionally, several strings in the DNS plugin were prepared for
localization.

https://fedorahosted.org/freeipa/ticket/1129

>From fb899d2039f090529f44eb1513a518819c0cba67 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Fri, 1 Apr 2011 12:01:39 +0200
Subject: [PATCH] Improve DNS PTR record validation

Current PTR validation is unclear and may misled the user. This
patch improves the validation process so that the eventual exception
is clearer. New check that the PTR record is fully qualified has
been added to ensure that the reverse zone resolution behaves as
expected.

Additionally, several strings in the DNS plugin were prepared for
localization.

https://fedorahosted.org/freeipa/ticket/1129
---
 ipalib/plugins/dns.py |   39 +++++++++++++++++++++++++++++----------
 1 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index f58e1ae1fae170270e8d065ada42da2f898992f5..ef35a3ea493c1555c2f121a8da9b832bd7d51ff2 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -189,6 +189,12 @@ _record_validators = {
     u'NAPTR': _validate_naptr,
 }
 
+# dictionary of valid reverse zone -> number of address components
+_valid_reverse_zones = {
+    '.in-addr.arpa.' : 4,
+    '.ip6.arpa.' : 32,
+}
+
 def has_cli_options(entry, no_option_msg):
     entry = dict((t, entry.get(t, [])) for t in _record_attributes)
     numattr = reduce(lambda x,y: x+y,
@@ -660,15 +666,28 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options):
         components = dn.split(',',2)
         addr = components[0].split('=')[1]
         zone = components[1].split('=')[1]
-        if zone.find('ip6') != -1:
-            zone = zone.replace('.ip6.arpa.','')
-            zone_len = 32
-        else:
-            zone = zone.replace('.in-addr.arpa.','')
-            zone_len = 4
+        zone_len = 0
+        for valid_zone in _valid_reverse_zones:
+            if zone.find(valid_zone) != -1:
+                zone = zone.replace(valid_zone,'')
+                zone_name = valid_zone
+                zone_len = _valid_reverse_zones[valid_zone]
 
-        if len(addr.split('.'))+len(zone.split('.')) != zone_len:
-            raise errors.ValidationError(name='cn', error=unicode('IP address must have exactly '+str(zone_len)+' components'))
+        if not zone_len:
+            allowed_zones = ', '.join(_valid_reverse_zones)
+            raise errors.ValidationError(name='cn',
+                    error=unicode(_('Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: %s') % allowed_zones))
+
+        ip_addr_comp_count = len(addr.split('.')) + len(zone.split('.'))
+        if ip_addr_comp_count != zone_len:
+            raise errors.ValidationError(name='cn',
+                error=unicode(_('Reverse zone %s requires exactly %d IP address components, %d given')
+                % (zone_name, zone_len, ip_addr_comp_count)))
+
+        for ptr in options['ptrrecord']:
+            if not ptr.endswith('.'):
+                raise errors.ValidationError(name='ptr-rec',
+                        error=unicode(_('PTR record \'%s\' is not fully qualified (check traling \'.\')') % ptr))
 
         return dn
 
@@ -706,7 +725,7 @@ class dnsrecord_del(dnsrecord_mod_record):
     """
     Delete DNS resource record.
     """
-    no_option_msg = 'Neither --del-all nor options to delete a specific record provided.'
+    no_option_msg = _('Neither --del-all nor options to delete a specific record provided.')
     takes_options = (
             Flag('del_all',
                 default=False,
@@ -732,7 +751,7 @@ class dnsrecord_del(dnsrecord_mod_record):
                 try:
                     old_entry_attrs[a].remove(val)
                 except (KeyError, ValueError):
-                    raise errors.NotFound(reason='%s record with value %s not found' %
+                    raise errors.NotFound(reason=_('%s record with value %s not found') %
                                           (self.obj.attr_to_cli(a), val))
 
     def post_callback(self, keys, entry_attrs):
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to