Changeset 616

Timestamp:

04/23/14 16:34:03 (11 years ago)

Author:

Kris Deugau

Message:

/trunk

Update _validate_2() to handle any-record-in-any-zone, and handle
semigibberish reverse zone records that are syntactically valid.

See #53.

File:

• trunk/DNSDB.pm (modified) (1 diff)

trunk/DNSDB.pm

@@ -551 +551 @@
   my %args = @_;
 
+  # NS target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
+  if ($args{revrec} eq 'y') {
+    return ('FAIL', "NS records cannot point directly to an IP address")
+      if ${$args{host}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
+##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
+    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+  } else {
+    return ('FAIL', "NS records cannot point directly to an IP address")
+      if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
+##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
+    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+  }
+
   # Check that the target of the record is within the parent.
-  # Yes, host<->val are mixed up here;  can't see a way to avoid it.  :(
   if ($args{defrec} eq 'n') {
     # Check if IP/address/zone/"subzone" is within the parent
     if ($args{revrec} eq 'y') {
-      my $tmpip = NetAddr::IP->new(${$args{val}});
-      my $pname = $self->revName($args{id});
-      return ('FAIL',"${$args{val}} not within $pname")
-         unless $self->_ipparent($args{defrec}, $args{revrec}, $args{val}, $args{id}, \$tmpip);
-      # Sub the returned thing for ZONE?  This could get stupid if you have typos...
-      ${$args{val}} =~ s/ZONE/$tmpip->address/;
+      # Get the revzone, so we can see if ${$args{val}} is in that zone
+      my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
+
+      # Note the NS record may or may not be for the zone itself, it may be a pointer for a subzone
+      return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone);
+
+      # ${$args{val}} is either a valid IP or a string ending with the .arpa zone name;
+      # now check if it's a well-formed FQDN
+##enhance or ##fixme
+# convert well-formed .arpa names to IP addresses to match old "strict" validation design
+      return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec}) &&
+        ${$args{val}} =~ /\.arpa$/;
     } else {
+      # Forcibly append the domain name if the hostname being added does not end with the current domain name
       my $pname = $self->domainName($args{id});
-      ${$args{host}} = $pname if ${$args{host}} !~ /\.$pname$/;
+      ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
     }
   } else {
-    # Default reverse NS records should always refer to the implied parent
-    ${$args{host}} = 'DOMAIN' if $args{revrec} eq 'n';
-    ${$args{val}} = 'ZONE' if $args{revrec} eq 'y';
-  }
-
-# Let this lie for now.  Needs more magic.
-#  # Check IP is well-formed, and that it's a v4 address
-#  return ('FAIL',"A record must be a valid IPv4 address")
-#       unless $addr && !$addr->{isv6};
-#  # coerce IP/value to normalized form for storage
-#  $$val = $addr->addr;
+    # Default reverse NS records should always refer to the implied parent.  
+    if ($args{revrec} eq 'y') {
+      ${$args{val}} = 'ZONE';
+    } else {
+      ${$args{host}} = 'DOMAIN';
+    }    
+  }
 
   return ('OK','OK');