Changeset 627


Ignore:
Timestamp:
04/29/14 18:03:44 (11 years ago)
Author:
Kris Deugau
Message:

/trunk

Update _validate_33() (SRV) for any-record-in-any-zone. See #53.

Also fix lurking bug in MX validation; MX-cannot-point-to-an-IP check was
checking the wrong record part for reverse records.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r626 r627  
    805805    # MX target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
    806806    return ('FAIL', "MX records cannot point directly to an IP address")
    807       if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
     807      if ${$args{host}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
    808808
    809809    # MX records in reverse zones get stricter treatment.  The UI bars adding them in
     
    942942  return ('FAIL', 'Reverse zones cannot contain SRV records') if $args{revrec} eq 'y';
    943943
    944   return ('FAIL', "Distance is required for SRV records") unless defined(${$args{dist}});
     944  # Key additional record parts.  Always required.
     945  return ('FAIL',"Distance, port and weight are required for SRV records")
     946        unless defined(${$args{weight}}) && defined(${$args{port}}) && defined(${$args{dist}});
    945947  ${$args{dist}} =~ s/\s*//g;
    946   return ('FAIL',"Distance is required, and must be numeric") unless ${$args{dist}} =~ /^\d+$/;
    947 
    948   # Coerce all hostnames to end in ".DOMAIN" for group/default records,
    949   # or the intended parent domain for live records.
    950   my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
    951   ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
    952 
    953   return ('FAIL',"SRV records must begin with _service._protocol [${$args{host}}]")
    954         unless ${$args{host}} =~ /^_[A-Za-z]+\._[A-Za-z]+\.[a-zA-Z0-9-]+/;
    955   return ('FAIL',"Port and weight are required for SRV records")
    956         unless defined(${$args{weight}}) && defined(${$args{port}});
    957948  ${$args{weight}} =~ s/\s*//g;
    958949  ${$args{port}} =~ s/\s*//g;
    959 
    960   return ('FAIL',"Port and weight are required, and must be numeric")
     950  return ('FAIL',"Distance, port and weight are required, and must be numeric")
    961951        unless ${$args{weight}} =~ /^\d+$/ && ${$args{port}} =~ /^\d+$/;
    962952
    963953  ${$args{fields}} = "distance,weight,port,";
    964954  push @{$args{vallist}}, (${$args{dist}}, ${$args{weight}}, ${$args{port}});
     955
     956  if ($args{revrec} eq 'n') {
     957    # Coerce all hostnames to end in ".DOMAIN" for group/default records,
     958    # or the intended parent domain for live records.
     959    my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
     960    ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
     961
     962    # Not strictly true, but SRV records not following this convention won't be found.
     963    return ('FAIL',"SRV records must begin with _service._protocol [${$args{host}}]")
     964        unless ${$args{host}} =~ /^_[A-Za-z]+\._[A-Za-z]+\.[a-zA-Z0-9-]+/;
     965
     966    # SRV target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
     967    return ('FAIL', "SRV records cannot point directly to an IP address")
     968      if ${$args{val}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
     969  } else {
     970    # hm.  we can't do anything sane with IP values here;  part of the record data is in
     971    # fact encoded in the "hostname".  enforce .arpa names?  OTOH, SRV records in a reverse
     972    # zone are pretty silly.
     973
     974    # Not strictly true, but SRV records not following this convention won't be found.
     975    return ('FAIL',"SRV records must begin with _service._protocol [${$args{host}}]")
     976        unless ${$args{val}} =~ /^_[A-Za-z]+\._[A-Za-z]+\.[a-zA-Z0-9-]+/;
     977
     978    # SRV target check - IP addresses not allowed.  Must be a more or less well-formed hostname.
     979    return ('FAIL', "SRV records cannot point directly to an IP address")
     980      if ${$args{host}} =~ /^(?:[\d.]+|[0-9a-fA-F:]+)$/;
     981
     982    # SRV records in reverse zones get stricter treatment.  The UI bars adding them in
     983    # reverse record sets, but we "need" to allow editing existing ones.  And we'll allow
     984    # editing them if some loon manually munges one into a default reverse record set.
     985    if ($args{defrec} eq 'n') {
     986      # Get the revzone, so we can see if ${$args{val}} is in that zone
     987      my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
     988      return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone);
     989    }
     990
     991##enhance or ##fixme
     992# convert well-formed .arpa names to IP addresses to match old "strict" validation design
     993    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec}) &&
     994      ${$args{val}} =~ /\.arpa$/;
     995
     996##enhance:  Look up the passed value to see if it exists.  Ooo, fancy.
     997    return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
     998
     999  }
    9651000
    9661001  return ('OK','OK');
Note: See TracChangeset for help on using the changeset viewer.