Changeset 618


Ignore:
Timestamp:
04/24/14 15:10:04 (10 years ago)
Author:
Kris Deugau
Message:

/trunk

Update _validate_5() (CNAME) for any-record-in-any-zone. See #53.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r617 r618  
    604604  my %args = @_;
    605605
    606 # Not really true, but these are only useful for delegating smaller-than-/24 IP blocks.
    607 # This is fundamentally a messy operation and should really just be taken care of by the
    608 # export process, not manual maintenance of the necessary records.
    609   return ('FAIL', 'Reverse zones cannot contain CNAME records') if $args{revrec} eq 'y';
    610 
    611   # Coerce all hostnames to end in ".DOMAIN" for group/default records,
    612   # or the intended parent domain for live records.
    613   my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
    614   ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
     606  # CNAMEs in reverse zones shouldn't be handled manually, they should be generated on
     607  # export by use of the "delegation" type.  For the masochistic, and those importing
     608  # legacy data from $deity-knows-where, we'll support them.
     609
     610  if ($args{revrec} eq 'y') {
     611    # CNAME target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
     612    return ('FAIL', "CNAME records cannot point directly to an IP address")
     613      if ${$args{host}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
     614
     615    if ($args{defrec} eq 'n') {
     616      # Get the revzone, so we can see if ${$args{val}} is in that zone
     617      my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
     618      return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone);
     619    }
     620
     621##enhance or ##fixme
     622# convert well-formed .arpa names to IP addresses to match old "strict" validation design
     623    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec}) &&
     624      ${$args{val}} =~ /\.arpa$/;
     625
     626##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
     627    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
     628  } else {
     629    # CNAME target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
     630    return ('FAIL', "CNAME records cannot point directly to an IP address")
     631      if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
     632
     633    # Forcibly append the domain name if the hostname being added does not end with the current domain name
     634    my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
     635    ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
     636
     637##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
     638    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
     639  }
    615640
    616641  return ('OK','OK');
Note: See TracChangeset for help on using the changeset viewer.