Univention Bugzilla – Attachment 9118 Details for
Bug 41005
zoneName=../../../../../etc/shadow,cn=dns,dc=foo
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rejection.patch
rejection.patch (text/plain), 2.15 KB, created by
Janek Walkenhorst
on 2017-08-14 18:11:56 CEST
(
hide
)
Description:
rejection.patch
Filename:
MIME Type:
Creator:
Janek Walkenhorst
Created:
2017-08-14 18:11:56 CEST
Size:
2.15 KB
patch
obsolete
>commit 9cff3802df2d4d3f8a07a15b9313eb6dd5fd3e30 >Author: Janek Walkenhorst <walkenhorst@univention.de> >Date: Mon Aug 14 17:18:22 2017 +0200 > > rejection > >diff --git a/services/univention-bind/bind.py b/services/univention-bind/bind.py >index 8b86a0b..0d2a303 100755 >--- a/services/univention-bind/bind.py >+++ b/services/univention-bind/bind.py >@@ -45,6 +45,7 @@ import time > import errno > import signal > import grp >+import re > > name = 'bind' > description = 'Update BIND zones' >@@ -62,6 +63,7 @@ SIGNAL = dict([(getattr(signal, _), _) for _ in dir(signal) if _.startswith('SIG > > __zone_created_or_removed = False > >+reZoneName = re.compile('^([a-zA-Z0-9]([a-zA-Z0-9-]{0,63}[a-zA-Z0-9])?)([.]([a-zA-Z0-9]([a-zA-Z0-9-]{0,63}[a-zA-Z0-9])?))*$') > > def initialize(): > """Initialize module on first run.""" >@@ -92,18 +94,27 @@ def handler(dn, new, old): > try: > if new and not old: > # Add >- _new_zone(listener.configRegistry, new['zoneName'][0], dn) >+ if reZoneName.match(new['zoneName'][0]): >+ _new_zone(listener.configRegistry, new['zoneName'][0], dn) >+ else: >+ ud.debug(ud.LISTENER, ud.WARN, 'Ignoring addition of invalid zoneName %r' % (new['zoneName'][0], )) > elif old and not new: > # Remove >- _remove_zone(old['zoneName'][0]) >+ if reZoneName.match(old['zoneName'][0]): >+ _remove_zone(old['zoneName'][0]) >+ else: >+ ud.debug(ud.LISTENER, ud.WARN, 'Ignoring removal of invalid zoneName %r' % (old['zoneName'][0], )) > if new.get('zoneName'): > # Change >- # Create an empty file to trigger the postrun() >- zonefile = os.path.join(PROXY_CACHE_DIR, "%s.zone" % (new['zoneName'][0],)) >- proxy_cache = open(zonefile, 'w') >- proxy_cache.close() >- os.chmod(zonefile, 0o640) >- chgrp_bind(zonefile) >+ if reZoneName.match(new.get('zoneName')[0]): >+ # Create an empty file to trigger the postrun() >+ zonefile = os.path.join(PROXY_CACHE_DIR, "%s.zone" % (new['zoneName'][0],)) >+ proxy_cache = open(zonefile, 'w') >+ proxy_cache.close() >+ os.chmod(zonefile, 0o640) >+ chgrp_bind(zonefile) >+ else: >+ ud.debug(ud.LISTENER, ud.WARN, 'Ignoring change of invalid zoneName %r' % (new.get('zoneName')[0], )) > finally: > listener.unsetuid() >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9118">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 41005
:
7788
|
9117
| 9118 |
9996