From b26d0dcc04e821543b8582328e99e630b752768f Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Mon, 24 Oct 2011 18:35:48 +0200 Subject: Add --zonemgr/--admin-mail validator Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as the SOA record stores this value without it and people may be used to configure it that way. '@' is always removed by the installer/dns plugin before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966 --- ipalib/util.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'ipalib/util.py') diff --git a/ipalib/util.py b/ipalib/util.py index cc887c34..fa93cc75 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -203,3 +203,33 @@ def check_writable_file(filename): fp.close() except (IOError, OSError), e: raise errors.FileError(reason=str(e)) + + +def validate_zonemgr(zonemgr): + """ See RFC 1033, 1035 """ + regex_domain = re.compile(r'^[a-z0-9][a-z0-9-]*$', re.IGNORECASE) + regex_name = re.compile(r'^[a-z0-9][a-z0-9-_]*$', re.IGNORECASE) + + if len(zonemgr) > 255: + raise ValueError(_('cannot be longer that 255 characters')) + + if zonemgr.count('@') == 1: + name, dot, domain = zonemgr.partition('@') + elif zonemgr.count('@') > 1: + raise ValueError(_('too many \'@\' characters')) + else: + # address in SOA format already (without @) + name, dot, domain = zonemgr.partition('.') + + if domain.endswith('.'): + domain = domain[:-1] + + if '.' not in domain: + raise ValueError(_('address domain is not fully qualified ' \ + '("example.com" instead of just "example")')) + + if not regex_name.match(name): + raise ValueError(_('mail account may only include letters, numbers, -, and _')) + + if not all(regex_domain.match(part) for part in domain.split(".")): + raise ValueError(_('domain name may only include letters, numbers, and -')) -- cgit