disallow CNAME and any other RR type for the same name for DNS entries.

diff --git a/ud-mailgate b/ud-mailgate
index cdd3fd4..e8bff01 100755 (executable)
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -17,6 +17,7 @@ EX_PERMFAIL = 65;      # EX_DATAERR
 Error = 'Message Error';
 SeenKey = 0;
 SeenDNS = 0;
+DNS = {}
 
 ArbChanges = {"c": "..",
              "l": ".*",
@@ -179,9 +180,9 @@ def DoSSH(Str,Attrs):
 #  host in a 12.12.12.12
 #  host in cname foo.bar.    <- Trailing dot is required
 def DoDNS(Str,Attrs,DnRecord):
+   cname = re.match("^[\w-]+\s+in\s+cname\s+[\w.\-]+\.$",Str,re.IGNORECASE);
    if re.match('^[\w-]+\s+in\s+a\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$',\
-        Str,re.IGNORECASE) == None and \
-      re.match("^[\w-]+\s+in\s+cname\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None and \
+        Str,re.IGNORECASE) == None and cname == None and \
       re.match("^[\w-]+\s+in\s+mx\s+\d{1,3}\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None:
      return None;     
 
@@ -196,6 +197,19 @@ def DoDNS(Str,Attrs,DnRecord):
          return "DNS entry is already owned by " + GetAttr(x,"uid")
 
    global SeenDNS;
+   global DNS;
+
+   if cname:
+     if DNS.has_key(G[0]):
+       return "CNAME and other RR types not allowed: "+Str
+     else:
+       DNS[G[0]] = 2
+   else:
+     if DNS.has_key(G[0]) and DNS[G[0]] == 2:
+       return "CNAME and other RR types not allowed: "+Str
+     else:
+       DNS[G[0]] = 1
+     
    if SeenDNS:
      Attrs.append((ldap.MOD_ADD,"dnszoneentry",Str));
      return "DNS Entry added "+Str;