Add --zonemgr/--admin-mail validator

Do at least a basic validation of DNS zone manager mail address.

Do not require '@' to be in the mail address as the SOA record
stores this value without it and people may be used to configure
it that way. '@' is always removed by the installer/dns plugin before
the DNS zone is created.

https://fedorahosted.org/freeipa/ticket/1966

1 files changed, 9 insertions, 0 deletions

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index f6bbb3c4..97eb6a6d 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -26,6 +26,7 @@ from ipalib import Command
 from ipalib import Flag, Int, List, Str, StrEnum
 from ipalib.plugins.baseldap import *
 from ipalib import _, ngettext
+from ipalib.util import validate_zonemgr
 from ipapython import dnsclient
 from ipapython.ipautil import valid_ip
 from ldap import explode_dn
@@ -136,6 +137,13 @@ _record_attributes = [str('%srecord' % t.lower()) for t in _record_types]
 # supported DNS classes, IN = internet, rest is almost never used
 _record_classes = (u'IN', u'CS', u'CH', u'HS')
 
+def _rname_validator(ugettext, zonemgr):
+    try:
+        validate_zonemgr(zonemgr)
+    except ValueError, e:
+        return unicode(e)
+    return None
+
 # normalizer for admin email
 def _rname_normalizer(value):
     value = value.replace('@', '.')
@@ -323,6 +331,7 @@ class dnszone(LDAPObject):
             doc=_('Authoritative nameserver domain name'),
         ),
         Str('idnssoarname',
+            _rname_validator,
             cli_name='admin_email',
             label=_('Administrator e-mail address'),
             doc=_('Administrator e-mail address'),