Do at least a basic validation of DNS zone manager mail address.

Do not require '@' to be in the mail address as it is not used
in common DNS zone configuration (in bind for example) and people
may be used to configure it that way. '@' is always removed by the
installer before the DNS zone is created.

https://fedorahosted.org/freeipa/ticket/1966

>From a7485b5197f35170da647ef8ef34da03d4dc5149 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Fri, 14 Oct 2011 11:45:32 +0200
Subject: [PATCH] Add --zonemgr validator

Do at least a basic validation of DNS zone manager mail address.

Do not require '@' to be in the mail address as it is not used
in common DNS zone configuration (in bind for example) and people
may be used to configure it that way. '@' is always removed by the
installer before the DNS zone is created.

https://fedorahosted.org/freeipa/ticket/1966
---
 install/tools/ipa-dns-install     |    6 ++++++
 install/tools/ipa-server-install  |    6 ++++++
 ipaserver/install/bindinstance.py |   24 ++++++++++++++++++++++++
 3 files changed, 36 insertions(+), 0 deletions(-)

diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index d81b6a2e804a815d5bece8426a286e3190f6dee3..ef3e12be36397d8e735edf2cd64002cca119e6fe 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -69,6 +69,12 @@ def parse_options():
     elif options.reverse_zone and options.no_reverse:
         parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
 
+    if options.zonemgr:
+        try:
+            bindinstance.verify_zonemgr(options.zonemgr)
+        except ValueError, e:
+            parser.error("invalid zonemgr: " + str(e))
+
     if options.unattended:
         if not options.forwarders and not options.no_forwarders:
             parser.error("You must specify at least one --forwarder option or --no-forwarders option")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 76d5f2f5af656a1947da0a5d5d855a398e34ef37..cfee184ff18cce6e68f82591af764a113fe3a166 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -242,6 +242,12 @@ def parse_options():
     elif options.reverse_zone and options.no_reverse:
         parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
 
+    if options.zonemgr:
+        try:
+            bindinstance.verify_zonemgr(options.zonemgr)
+        except ValueError, e:
+            parser.error("invalid zonemgr: " + str(e))
+
     if options.uninstall:
         if (options.realm_name or
             options.admin_password or options.master_password):
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index ddf5497708ab8598d9a01fa0e555dd1ced55953b..8a30f6e8253e780b9a53f08709304b533ef1edd3 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -22,6 +22,7 @@ import os
 import pwd
 import logging
 import netaddr
+import re
 
 import installutils
 import ldap
@@ -286,6 +287,29 @@ def get_rr(zone, name, type):
 
     return []
 
+def verify_zonemgr(zonemgr):
+    regex = re.compile(r'^[a-z0-9][a-z0-9-]*$', re.IGNORECASE)
+
+    if len(zonemgr) > 255:
+        raise ValueError('cannot be longer that 255 characters')
+
+    if '@' in zonemgr:
+        print 1, zonemgr
+        name, dot, domain = zonemgr.partition('@')
+
+        if not regex.match(name):
+            raise ValueError('name before @ may only contain letters, numbers and -')
+
+        zonemgr = zonemgr.replace('@','.')
+
+    if zonemgr.endswith('.'):
+        zonemgr = zonemgr[:-1]
+
+    if '.' not in zonemgr:
+        raise ValueError('address is not fully qualified')
+
+    if not all(regex.match(name) for name in zonemgr.split(".")):
+        raise ValueError('address may only include letters, numbers, and -')
 
 class DnsBackup(object):
     def __init__(self, service):
-- 
1.7.6.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to