Re: [Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct
On Wed, Feb 16, 2011 at 05:26:55PM +0100, Jan Zeleny wrote:
Adam Tkac at...@redhat.com wrote:
On Wed, Feb 16, 2011 at 10:53:14AM +0100, Jan Zelený wrote:
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
Nack.
In my opinion the _ptrrecord_pre_callback should also handle PTR records
for IPv6 addresses.
You can check validity of IPv6 PTR record this way (pseudocode):
zone.replace(.ip6.arpa., '')
if (len(addr.split('.')) + len(zone.split('.')) != 32)
raise_error
Regards, Adam
Thanks for the review, I made the changes you suggested. Second patch is in
attachment.
Thanks for improvement, now it looks fine for me. Ack.
Regards, Adam
From a01180772ab9ce9409532892e81f03ea7fc2582a Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Wed, 16 Feb 2011 04:47:36 -0500
Subject: [PATCH] Validate that the reverse DNS record is correct
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
https://fedorahosted.org/freeipa/ticket/839
---
ipalib/plugins/dns.py | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index
592945f78c59877fada5fa6c40eee3b1acb564b2..f50dd51f28f0ff59c8d1fe84730de302d9855467
100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -619,6 +619,22 @@ class dnsrecord_add(LDAPCreate,
dnsrecord_cmd_w_record_options):
is_ns_rec_resolvable(ns)
return dn
+def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys,
**options):
+components = dn.split(',',2)
+addr = components[0].split('=')[1]
+zone = components[1].split('=')[1]
+if zone.find('ip6') != -1:
+zone = zone.replace('.ip6.arpa.','')
+zone_len = 32
+else:
+zone = zone.replace('.in-addr.arpa.','')
+zone_len = 4
+
+if len(addr.split('.'))+len(zone.split('.')) != zone_len:
+raise errors.ValidationError(name='cn', error=unicode('IP
address must have exactly '+str(zone_len)+' components'))
+
+return dn
+
def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
for rtype in options:
rtype_cb = '_%s_pre_callback' % rtype
--
1.7.4
--
Adam Tkac, Red Hat, Inc.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct
Adam Tkac wrote:
On Wed, Feb 16, 2011 at 05:26:55PM +0100, Jan Zeleny wrote:
Adam Tkacat...@redhat.com wrote:
On Wed, Feb 16, 2011 at 10:53:14AM +0100, Jan Zelený wrote:
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
Nack.
In my opinion the _ptrrecord_pre_callback should also handle PTR records
for IPv6 addresses.
You can check validity of IPv6 PTR record this way (pseudocode):
zone.replace(.ip6.arpa., '')
if (len(addr.split('.')) + len(zone.split('.')) != 32)
raise_error
Regards, Adam
Thanks for the review, I made the changes you suggested. Second patch is in
attachment.
Thanks for improvement, now it looks fine for me. Ack.
Regards, Adam
From a01180772ab9ce9409532892e81f03ea7fc2582a Mon Sep 17 00:00:00 2001
From: Jan Zelenyjzel...@redhat.com
Date: Wed, 16 Feb 2011 04:47:36 -0500
Subject: [PATCH] Validate that the reverse DNS record is correct
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
https://fedorahosted.org/freeipa/ticket/839
---
ipalib/plugins/dns.py | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index
592945f78c59877fada5fa6c40eee3b1acb564b2..f50dd51f28f0ff59c8d1fe84730de302d9855467
100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -619,6 +619,22 @@ class dnsrecord_add(LDAPCreate,
dnsrecord_cmd_w_record_options):
is_ns_rec_resolvable(ns)
return dn
+def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
+components = dn.split(',',2)
+addr = components[0].split('=')[1]
+zone = components[1].split('=')[1]
+if zone.find('ip6') != -1:
+zone = zone.replace('.ip6.arpa.','')
+zone_len = 32
+else:
+zone = zone.replace('.in-addr.arpa.','')
+zone_len = 4
+
+if len(addr.split('.'))+len(zone.split('.')) != zone_len:
+raise errors.ValidationError(name='cn', error=unicode('IP address
must have exactly '+str(zone_len)+' components'))
+
+return dn
+
def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
for rtype in options:
rtype_cb = '_%s_pre_callback' % rtype
--
1.7.4
ack as well
pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
https://fedorahosted.org/freeipa/ticket/839
Jan
From 4d2b3200920c90884ddf5a2d5ae784bbe35b41d1 Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Wed, 16 Feb 2011 04:47:36 -0500
Subject: [PATCH] Validate that the reverse DNS record is correct
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
https://fedorahosted.org/freeipa/ticket/839
---
ipalib/plugins/dns.py | 10 ++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 592945f78c59877fada5fa6c40eee3b1acb564b2..e764d6f558a6ecb0d7b732a1e51b1755beb4f7f4 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -619,6 +619,16 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options):
is_ns_rec_resolvable(ns)
return dn
+def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
+components = dn.split(',',2)
+addr = components[0].split('=')[1]
+zone = components[1].split('=')[1].replace('.in-addr.arpa.','')
+
+if len(addr.split('.'))+len(zone.split('.')) != 4:
+raise errors.ValidationError(name='idnsname', error=u'reversed IP address must have exactly four components')
+
+return dn
+
def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
for rtype in options:
rtype_cb = '_%s_pre_callback' % rtype
--
1.7.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 47 Validate that the reverse DNS record is correct
Adam Tkac at...@redhat.com wrote:
On Wed, Feb 16, 2011 at 10:53:14AM +0100, Jan Zelený wrote:
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
Nack.
In my opinion the _ptrrecord_pre_callback should also handle PTR records
for IPv6 addresses.
You can check validity of IPv6 PTR record this way (pseudocode):
zone.replace(.ip6.arpa., '')
if (len(addr.split('.')) + len(zone.split('.')) != 32)
raise_error
Regards, Adam
Thanks for the review, I made the changes you suggested. Second patch is in
attachment.
Jan
From a01180772ab9ce9409532892e81f03ea7fc2582a Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Wed, 16 Feb 2011 04:47:36 -0500
Subject: [PATCH] Validate that the reverse DNS record is correct
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
https://fedorahosted.org/freeipa/ticket/839
---
ipalib/plugins/dns.py | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 592945f78c59877fada5fa6c40eee3b1acb564b2..f50dd51f28f0ff59c8d1fe84730de302d9855467 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -619,6 +619,22 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options):
is_ns_rec_resolvable(ns)
return dn
+def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
+components = dn.split(',',2)
+addr = components[0].split('=')[1]
+zone = components[1].split('=')[1]
+if zone.find('ip6') != -1:
+zone = zone.replace('.ip6.arpa.','')
+zone_len = 32
+else:
+zone = zone.replace('.in-addr.arpa.','')
+zone_len = 4
+
+if len(addr.split('.'))+len(zone.split('.')) != zone_len:
+raise errors.ValidationError(name='cn', error=unicode('IP address must have exactly '+str(zone_len)+' components'))
+
+return dn
+
def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
for rtype in options:
rtype_cb = '_%s_pre_callback' % rtype
--
1.7.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
