Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as it is not used in common DNS zone configuration (in bind for example) and people may be used to configure it that way. '@' is always removed by the installer before the DNS zone is created.
https://fedorahosted.org/freeipa/ticket/1966
>From a7485b5197f35170da647ef8ef34da03d4dc5149 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Fri, 14 Oct 2011 11:45:32 +0200 Subject: [PATCH] Add --zonemgr validator Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as it is not used in common DNS zone configuration (in bind for example) and people may be used to configure it that way. '@' is always removed by the installer before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966 --- install/tools/ipa-dns-install | 6 ++++++ install/tools/ipa-server-install | 6 ++++++ ipaserver/install/bindinstance.py | 24 ++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index d81b6a2e804a815d5bece8426a286e3190f6dee3..ef3e12be36397d8e735edf2cd64002cca119e6fe 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -69,6 +69,12 @@ def parse_options(): elif options.reverse_zone and options.no_reverse: parser.error("You cannot specify a --reverse-zone option together with --no-reverse") + if options.zonemgr: + try: + bindinstance.verify_zonemgr(options.zonemgr) + except ValueError, e: + parser.error("invalid zonemgr: " + str(e)) + if options.unattended: if not options.forwarders and not options.no_forwarders: parser.error("You must specify at least one --forwarder option or --no-forwarders option") diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 76d5f2f5af656a1947da0a5d5d855a398e34ef37..cfee184ff18cce6e68f82591af764a113fe3a166 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -242,6 +242,12 @@ def parse_options(): elif options.reverse_zone and options.no_reverse: parser.error("You cannot specify a --reverse-zone option together with --no-reverse") + if options.zonemgr: + try: + bindinstance.verify_zonemgr(options.zonemgr) + except ValueError, e: + parser.error("invalid zonemgr: " + str(e)) + if options.uninstall: if (options.realm_name or options.admin_password or options.master_password): diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index ddf5497708ab8598d9a01fa0e555dd1ced55953b..8a30f6e8253e780b9a53f08709304b533ef1edd3 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -22,6 +22,7 @@ import os import pwd import logging import netaddr +import re import installutils import ldap @@ -286,6 +287,29 @@ def get_rr(zone, name, type): return [] +def verify_zonemgr(zonemgr): + regex = re.compile(r'^[a-z0-9][a-z0-9-]*$', re.IGNORECASE) + + if len(zonemgr) > 255: + raise ValueError('cannot be longer that 255 characters') + + if '@' in zonemgr: + print 1, zonemgr + name, dot, domain = zonemgr.partition('@') + + if not regex.match(name): + raise ValueError('name before @ may only contain letters, numbers and -') + + zonemgr = zonemgr.replace('@','.') + + if zonemgr.endswith('.'): + zonemgr = zonemgr[:-1] + + if '.' not in zonemgr: + raise ValueError('address is not fully qualified') + + if not all(regex.match(name) for name in zonemgr.split(".")): + raise ValueError('address may only include letters, numbers, and -') class DnsBackup(object): def __init__(self, service): -- 1.7.6.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel