Hello,

DNS record-add warns when a suspicious DNS name is detected

Relative name "record.zone" is being added into zone "zone.",
which is probably a mistake. User probably wanted to either specify
relative name "record" or use FQDN "record.zone.".

-- 
Petr^2 Spacek
From fab0ad7c7d8456364a9529a3cdb797b19f3cd0f3 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Mon, 2 Nov 2015 09:50:57 +0100
Subject: [PATCH] DNS record-add warns when a suspicious DNS name is detected

Relative name "record.zone" is being added into zone "zone.",
which is probably a mistake. User probably wanted to either specify
relative name "record" or use FQDN "record.zone.".
---
 ipalib/messages.py    | 17 +++++++++++++++++
 ipalib/plugins/dns.py | 23 +++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/ipalib/messages.py b/ipalib/messages.py
index f4a23d09d6e3c409a91d3f72a137c8a4d678b5f1..7b4aaf4d85f72df3a27a05f23ee66b01c1e062db 100644
--- a/ipalib/messages.py
+++ b/ipalib/messages.py
@@ -294,6 +294,23 @@ class DNSSECMasterNotInstalled(PublicMessage):
         "until the DNSSEC key master is installed."
     )
 
+
+class DNSSuspiciousRelativeName(PublicMessage):
+    """
+    **13014** Relative name "record.zone" is being added into zone "zone.",
+    which is probably a mistake. User probably wanted to either specify
+    relative name "record" or use FQDN "record.zone.".
+    """
+
+    errno = 13014
+    type = "warning"
+    format = _(
+        "Relative record name '%(record)s' contains the zone name '%(zone)s' "
+        "as a suffix, which results in FQDN '%(fqdn)s'. This is usually a "
+        "mistake caused by a missing dot at the end of the name specification."
+    )
+
+
 def iter_messages(variables, base):
     """Return a tuple with all subclasses
     """
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 48d6f740ebea06e0ae9e8d68deafd607b5ae18d8..ad4d0ab0f8985c3b6f3a16f407c1aacf781f8772 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -3522,6 +3522,24 @@ class dnsrecord(LDAPObject):
             _add_warning_fw_zone_is_not_effective(result, fwzone,
                                                   options['version'])
 
+    def warning_suspicious_relative_name(self, result, *keys, **options):
+        """Detect if zone name is suffix of relative record name and warn.
+
+        Zone name: test.zone.
+        Relative name: record.test.zone
+        """
+        record_name = keys[-1]
+        zone = keys[-2]
+        if not record_name.is_absolute() and record_name.is_subdomain(
+            zone.relativize(dns.name.root)):
+            messages.add_message(
+                options['version'],
+                result,
+                messages.DNSSuspiciousRelativeName(record=record_name,
+                                                   zone=zone,
+                                                   fqdn=record_name + zone)
+            )
+
 
 @register()
 class dnsrecord_add(LDAPCreate):
@@ -3701,6 +3719,11 @@ class dnsrecord_add(LDAPCreate):
 
         return dn
 
+    def execute(self, *keys, **options):
+        result = super(dnsrecord_add, self).execute(*keys, **options)
+        self.obj.warning_suspicious_relative_name(result, *keys, **options)
+        return result
+
     def exc_callback(self, keys, options, exc, call_func, *call_args, **call_kwargs):
         if call_func.__name__ == 'add_entry':
             if isinstance(exc, errors.DuplicateEntry):
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to