-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/16/2011 03:28 PM, Jakub Hrozek wrote: > On Tue, Feb 15, 2011 at 03:45:12PM -0500, Rob Crittenden wrote: >> Jakub Hrozek wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> https://fedorahosted.org/freeipa/ticket/967 >>> >>> I'm wondering whether to extend the patch - if the mail server name does >>> not end with a dot, BIND treats it as relative to the zone. >>> >>> So if you do: >>> ipa dnsrecord-add example.com @ --mx-rec="10 mail.example.com" >>> >>> dig would then return mail.example.com.example.com >>> >>> The correct way of adding it is (note the trailing dot): >>> ipa dnsrecord-add example.com @ --mx-rec="10 mail.example.com." >>> >>> This is in line with how nsupdate works, so should we just document it? >>> A smarter way might be to check if the hostname ends with the zone name >>> and append a dot, but I'm not sure if that perhaps /too/ smart.. >> >> While we're at this should we enforce that prio is >= 0 and < MAXINT ? > > Good suggestion, thanks. As per the MX record documentation I found it > should actually be between 0 and 65535, so this is what the patch > enforces. > > Jan's suggestion to rename the parameter is also included. > >
Rob reminded me that the example included was actually wrong. New patch attached. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1b5RQACgkQHsardTLnvCVwngCfRoP9hv7lZQSwkLh5o2yt8etx m4oAoIPs6VnXpVxnmk70Y5wvfbvV9xun =05R/ -----END PGP SIGNATURE-----
From bca6c53ac41081adfe5ec427d5b27499df85852b Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Tue, 15 Feb 2011 10:40:27 +0100 Subject: [PATCH] Validate MX records https://fedorahosted.org/freeipa/ticket/967 --- API.txt | 8 ++++---- ipalib/plugins/dns.py | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/API.txt b/API.txt index 6f0c32f..9e34647 100644 --- a/API.txt +++ b/API.txt @@ -514,7 +514,7 @@ option: List('ipseckeyrecord?', attribute=True, cli_name='ipseckey_rec',ist('ips option: List('keyrecord?', attribute=True, cli_name='key_rec',ist('keyrecord?', attribute=True, cli_name='key_rec', doc='comma-separated list of KEY records', label='KEY record', multivalue=True) option: List('kxrecord?', attribute=True, cli_name='kx_rec',ist('kxrecord?', attribute=True, cli_name='kx_rec', doc='comma-separated list of KX records', label='KX record', multivalue=True) option: List('locrecord?', attribute=True, cli_name='loc_rec',ist('locrecord?', attribute=True, cli_name='loc_rec', doc='comma-separated list of LOC records', label='LOC record', multivalue=True) -option: List('mxrecord?', attribute=True, cli_name='mx_rec',ist('mxrecord?', attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True) +option: List('mxrecord?', _validate_mx, attribute=True, cli_name='mx_rec',ist('mxrecord?', _validate_mx, attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True) option: List('naptrrecord?', attribute=True, cli_name='naptr_rec',ist('naptrrecord?', attribute=True, cli_name='naptr_rec', doc='comma-separated list of NAPTR records', label='NAPTR record', multivalue=True) option: List('nsrecord?', attribute=True, cli_name='ns_rec',ist('nsrecord?', attribute=True, cli_name='ns_rec', doc='comma-separated list of NS records', label='NS record', multivalue=True) option: List('nsecrecord?', attribute=True, cli_name='nsec_rec',ist('nsecrecord?', attribute=True, cli_name='nsec_rec', doc='comma-separated list of NSEC records', label='NSEC record', multivalue=True) @@ -558,7 +558,7 @@ option: List('ipseckeyrecord?', attribute=True, cli_name='ipseckey_rec',ist('ips option: List('keyrecord?', attribute=True, cli_name='key_rec',ist('keyrecord?', attribute=True, cli_name='key_rec', doc='comma-separated list of KEY records', label='KEY record', multivalue=True) option: List('kxrecord?', attribute=True, cli_name='kx_rec',ist('kxrecord?', attribute=True, cli_name='kx_rec', doc='comma-separated list of KX records', label='KX record', multivalue=True) option: List('locrecord?', attribute=True, cli_name='loc_rec',ist('locrecord?', attribute=True, cli_name='loc_rec', doc='comma-separated list of LOC records', label='LOC record', multivalue=True) -option: List('mxrecord?', attribute=True, cli_name='mx_rec',ist('mxrecord?', attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True) +option: List('mxrecord?', _validate_mx, attribute=True, cli_name='mx_rec',ist('mxrecord?', _validate_mx, attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True) option: List('naptrrecord?', attribute=True, cli_name='naptr_rec',ist('naptrrecord?', attribute=True, cli_name='naptr_rec', doc='comma-separated list of NAPTR records', label='NAPTR record', multivalue=True) option: List('nsrecord?', attribute=True, cli_name='ns_rec',ist('nsrecord?', attribute=True, cli_name='ns_rec', doc='comma-separated list of NS records', label='NS record', multivalue=True) option: List('nsecrecord?', attribute=True, cli_name='nsec_rec',ist('nsecrecord?', attribute=True, cli_name='nsec_rec', doc='comma-separated list of NSEC records', label='NSEC record', multivalue=True) @@ -603,7 +603,7 @@ option: List('ipseckeyrecord?', attribute=True, cli_name='ipseckey_rec',ist('ips option: List('keyrecord?', attribute=True, cli_name='key_rec',ist('keyrecord?', attribute=True, cli_name='key_rec', doc='comma-separated list of KEY records', label='KEY record', multivalue=True) option: List('kxrecord?', attribute=True, cli_name='kx_rec',ist('kxrecord?', attribute=True, cli_name='kx_rec', doc='comma-separated list of KX records', label='KX record', multivalue=True) option: List('locrecord?', attribute=True, cli_name='loc_rec',ist('locrecord?', attribute=True, cli_name='loc_rec', doc='comma-separated list of LOC records', label='LOC record', multivalue=True) -option: List('mxrecord?', attribute=True, cli_name='mx_rec',ist('mxrecord?', attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True) +option: List('mxrecord?', _validate_mx, attribute=True, cli_name='mx_rec',ist('mxrecord?', _validate_mx, attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True) option: List('naptrrecord?', attribute=True, cli_name='naptr_rec',ist('naptrrecord?', attribute=True, cli_name='naptr_rec', doc='comma-separated list of NAPTR records', label='NAPTR record', multivalue=True) option: List('nsrecord?', attribute=True, cli_name='ns_rec',ist('nsrecord?', attribute=True, cli_name='ns_rec', doc='comma-separated list of NS records', label='NS record', multivalue=True) option: List('nsecrecord?', attribute=True, cli_name='nsec_rec',ist('nsecrecord?', attribute=True, cli_name='nsec_rec', doc='comma-separated list of NSEC records', label='NSEC record', multivalue=True) @@ -660,7 +660,7 @@ option: List('ipseckeyrecord', attribute=True, cli_name='ipseckey_rec',ist('ipse option: List('keyrecord', attribute=True, cli_name='key_rec',ist('keyrecord', attribute=True, cli_name='key_rec', doc='comma-separated list of KEY records', label='KEY record', multivalue=True, query=True, required=False) option: List('kxrecord', attribute=True, cli_name='kx_rec',ist('kxrecord', attribute=True, cli_name='kx_rec', doc='comma-separated list of KX records', label='KX record', multivalue=True, query=True, required=False) option: List('locrecord', attribute=True, cli_name='loc_rec',ist('locrecord', attribute=True, cli_name='loc_rec', doc='comma-separated list of LOC records', label='LOC record', multivalue=True, query=True, required=False) -option: List('mxrecord', attribute=True, cli_name='mx_rec',ist('mxrecord', attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True, query=True, required=False) +option: List('mxrecord', _validate_mx, attribute=True, cli_name='mx_rec',ist('mxrecord', _validate_mx, attribute=True, cli_name='mx_rec', doc='comma-separated list of MX records', label='MX record', multivalue=True, query=True, required=False) option: List('naptrrecord', attribute=True, cli_name='naptr_rec',ist('naptrrecord', attribute=True, cli_name='naptr_rec', doc='comma-separated list of NAPTR records', label='NAPTR record', multivalue=True, query=True, required=False) option: List('nsrecord', attribute=True, cli_name='ns_rec',ist('nsrecord', attribute=True, cli_name='ns_rec', doc='comma-separated list of NS records', label='NS record', multivalue=True, query=True, required=False) option: List('nsecrecord', attribute=True, cli_name='nsec_rec',ist('nsecrecord', attribute=True, cli_name='nsec_rec', doc='comma-separated list of NSEC records', label='NSEC record', multivalue=True, query=True, required=False) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 1437011..1bdb4bf 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -30,6 +30,9 @@ EXAMPLES: Add second nameserver for example.com: ipa dnsrecord-add example.com @ --ns-rec nameserver2.example.com + Add a mail server for example.com: + ipa dnsrecord-add example.com @ --mx-rec="10 mail2" + Delete previously added nameserver from example.com: ipa dnsrecord-del example.com @ --ns-rec nameserver2.example.com @@ -136,11 +139,28 @@ def _validate_srv(ugettext, srv): return None +def _validate_mx(ugettext, mx): + try: + prio, host = mx.split() + except ValueError: + return u'format must be specified as "priority mailserver"' + + try: + prio = int(prio) + except ValueError: + return u'the value of priority must be integer' + + if prio < 0 or prio > 65535: + return u'the value of priority must be between 0 and 65535' + + return None + _record_validators = { u'A': _validate_ipaddr, u'AAAA': _validate_ipaddr, u'APL': _validate_ipnet, u'SRV': _validate_srv, + u'MX': _validate_mx, } def has_cli_options(entry, no_option_msg): -- 1.7.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel