projects
/
mirror
/
userdir-ldap.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
de13864
)
disallow CNAME and any other RR type for the same name for DNS entries.
author
rmurray
<>
Wed, 5 Mar 2003 13:56:50 +0000
(13:56 +0000)
committer
rmurray
<>
Wed, 5 Mar 2003 13:56:50 +0000
(13:56 +0000)
ud-mailgate
patch
|
blob
|
history
diff --git
a/ud-mailgate
b/ud-mailgate
index
cdd3fd4
..
e8bff01
100755
(executable)
--- a/
ud-mailgate
+++ b/
ud-mailgate
@@
-17,6
+17,7
@@
EX_PERMFAIL = 65; # EX_DATAERR
Error = 'Message Error';
SeenKey = 0;
SeenDNS = 0;
Error = 'Message Error';
SeenKey = 0;
SeenDNS = 0;
+DNS = {}
ArbChanges = {"c": "..",
"l": ".*",
ArbChanges = {"c": "..",
"l": ".*",
@@
-179,9
+180,9
@@
def DoSSH(Str,Attrs):
# host in a 12.12.12.12
# host in cname foo.bar. <- Trailing dot is required
def DoDNS(Str,Attrs,DnRecord):
# host in a 12.12.12.12
# host in cname foo.bar. <- Trailing dot is required
def DoDNS(Str,Attrs,DnRecord):
+ cname = re.match("^[\w-]+\s+in\s+cname\s+[\w.\-]+\.$",Str,re.IGNORECASE);
if re.match('^[\w-]+\s+in\s+a\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$',\
if re.match('^[\w-]+\s+in\s+a\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$',\
- Str,re.IGNORECASE) == None and \
- re.match("^[\w-]+\s+in\s+cname\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None and \
+ Str,re.IGNORECASE) == None and cname == None and \
re.match("^[\w-]+\s+in\s+mx\s+\d{1,3}\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None:
return None;
re.match("^[\w-]+\s+in\s+mx\s+\d{1,3}\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None:
return None;
@@
-196,6
+197,19
@@
def DoDNS(Str,Attrs,DnRecord):
return "DNS entry is already owned by " + GetAttr(x,"uid")
global SeenDNS;
return "DNS entry is already owned by " + GetAttr(x,"uid")
global SeenDNS;
+ global DNS;
+
+ if cname:
+ if DNS.has_key(G[0]):
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[G[0]] = 2
+ else:
+ if DNS.has_key(G[0]) and DNS[G[0]] == 2:
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[G[0]] = 1
+
if SeenDNS:
Attrs.append((ldap.MOD_ADD,"dnszoneentry",Str));
return "DNS Entry added "+Str;
if SeenDNS:
Attrs.append((ldap.MOD_ADD,"dnszoneentry",Str));
return "DNS Entry added "+Str;