Changeset 610 for trunk


Ignore:
Timestamp:
04/16/14 13:11:14 (11 years ago)
Author:
Kris Deugau
Message:

/trunk

Move a bunch of common code from _validate_1() into its own sub, since
we'll need to call it for any record that doesn't "belong" in a reverse
zone. And possibly the ones that do, too. See #53.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/DNSDB.pm

    r609 r610  
    383383}
    384384
     385## DNSDB::_inrev()
     386# Check if a given "hostname" is within a given reverse zone
     387# Takes a reference to the "hostname" and the reverse zone CIDR as a NetAddr::IP
     388# Returns true/false.  Sets $errstr on errors.
     389sub _inrev {
     390  my $self = shift;
     391  my $dbh = $self->{dbh};
     392  # References, since we might munge them
     393  my $fq = shift;
     394  my $zone = shift;
     395
     396  # set default error
     397  $errstr = "$$fq not within $zone";
     398
     399  # Unlike forward zones, we will not coerce the data into the reverse zone - an A record
     400  # in a reverse zone is already silly enough without appending a mess of 1.2.3.in-addr.arpa
     401  # (or worse, 1.2.3.4.5.6.7.8.ip6.arpa) on the end of the nominal "hostname".
     402  # We're also going to allow the "hostname" to be stored as .arpa or IP, because of
     403  # non-IP FQDNs in .arpa
     404  if ($$fq =~ /\.arpa$/) {
     405    # "FQDN" could be any syntactically legitimate string, but it must be within the formal
     406    # .arpa zone.  Note we're not validating these for correct reverse-IP values.
     407    # yes, we really need the v6 branch on the end here.
     408    $zone = _ZONE($zone, 'ZONE', 'r', '.').($zone->{isv6} ? '.ip6.arpa' : '.in-addr.arpa');
     409    return unless $$fq =~ /$zone$/;
     410  } else {
     411    # in most cases we should be getting a real IP as the "FQDN" to test
     412    my $addr = new NetAddr::IP $$fq if _maybeip($fq);
     413
     414    # "FQDN" should be a valid IP address.  Normalize formatting if so.
     415    if (!$addr) {
     416      $errstr = "$$fq is not a valid IP address";
     417      return;
     418    }
     419    return if !$zone->contains($addr);
     420    ($$fq = $addr) =~ s{/(?:32|128)$}{};
     421  }
     422  return 1;
     423} # end _inrev()
     424
    385425## DNSDB::_hostparent()
    386426# A little different than _ipparent above;  this tries to *find* the parent zone of a hostname
     
    463503    my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
    464504
    465     # Unlike forward zones, we will not coerce the data into the reverse zone - an A record
    466     # in a reverse zone is already silly enough without appending a mess of 1.2.3.in-addr.arpa
    467     # (or worse, 1.2.3.4.5.6.7.8.ip6.arpa) on the end of the nominal "hostname".
    468     # We're also going to allow the "hostname" to be stored as .arpa or IP, because it won't
    469     # make any more sense either way.
    470     if (${$args{val}} =~ /\.arpa$/) {
    471       # "hostname" could be any syntactically legitimate string, but it must be within the formal
    472       # .arpa zone.  Note we're not validating these for correct reverse-IP values.
    473       # yes, we really need the v6 branch on the end here.
    474       $revzone = _ZONE($revzone, 'ZONE', 'r', '.').($revzone->{isv6} ? '.ip6.arpa' : '.in-addr.arpa');
    475       return ('FAIL', "${$args{val}} not within $revzone")
    476         unless ${$args{val}} =~ /$revzone$/;
    477     } else {
    478       # "hostname" should be a valid IP address.  Normalize formatting if so.
    479       return ('FAIL', "${$args{val}} is not a valid IP address") if !$args{addr};
    480       return ('FAIL', "${$args{val}} is not within $revzone") if !$revzone->contains($args{addr});
    481       (${$args{val}} = $args{addr}) =~ s{/(?:32|128)$}{};
    482     }
     505    return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone);
    483506
    484507    # Check IP is well-formed, and that it's a v4 address
Note: See TracChangeset for help on using the changeset viewer.