summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2011-02-16 04:47:36 -0500
committerRob Crittenden <rcritten@redhat.com>2011-02-17 16:08:50 -0500
commit23234094c3fbdc415ffe4e221bd29c0dedf0c5b3 (patch)
treed0d32ccb05f7d8d25fd422bf2e15092ec5544609
parent2d97f4b335ce2f2f1d62194ef614af3ace77a57e (diff)
downloadfreeipa-23234094c3fbdc415ffe4e221bd29c0dedf0c5b3.zip
freeipa-23234094c3fbdc415ffe4e221bd29c0dedf0c5b3.tar.gz
freeipa-23234094c3fbdc415ffe4e221bd29c0dedf0c5b3.tar.xz
Validate that the reverse DNS record is correct
This patch ensures that PTR records added by FreeIPA are compliant with RFC. https://fedorahosted.org/freeipa/ticket/839
-rw-r--r--ipalib/plugins/dns.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 1bdb4bf..0c7f1af 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -622,6 +622,22 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options):
is_ns_rec_resolvable(ns)
return dn
+ def _ptrrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
+ components = dn.split(',',2)
+ addr = components[0].split('=')[1]
+ zone = components[1].split('=')[1]
+ if zone.find('ip6') != -1:
+ zone = zone.replace('.ip6.arpa.','')
+ zone_len = 32
+ else:
+ zone = zone.replace('.in-addr.arpa.','')
+ zone_len = 4
+
+ if len(addr.split('.'))+len(zone.split('.')) != zone_len:
+ raise errors.ValidationError(name='cn', error=unicode('IP address must have exactly '+str(zone_len)+' components'))
+
+ return dn
+
def pre_callback(self, ldap, dn, entry_attrs, *keys, **options):
for rtype in options:
rtype_cb = '_%s_pre_callback' % rtype