commit 9cff3802df2d4d3f8a07a15b9313eb6dd5fd3e30 Author: Janek Walkenhorst Date: Mon Aug 14 17:18:22 2017 +0200 rejection diff --git a/services/univention-bind/bind.py b/services/univention-bind/bind.py index 8b86a0b..0d2a303 100755 --- a/services/univention-bind/bind.py +++ b/services/univention-bind/bind.py @@ -45,6 +45,7 @@ import time import errno import signal import grp +import re name = 'bind' description = 'Update BIND zones' @@ -62,6 +63,7 @@ SIGNAL = dict([(getattr(signal, _), _) for _ in dir(signal) if _.startswith('SIG __zone_created_or_removed = False +reZoneName = re.compile('^([a-zA-Z0-9]([a-zA-Z0-9-]{0,63}[a-zA-Z0-9])?)([.]([a-zA-Z0-9]([a-zA-Z0-9-]{0,63}[a-zA-Z0-9])?))*$') def initialize(): """Initialize module on first run.""" @@ -92,18 +94,27 @@ def handler(dn, new, old): try: if new and not old: # Add - _new_zone(listener.configRegistry, new['zoneName'][0], dn) + if reZoneName.match(new['zoneName'][0]): + _new_zone(listener.configRegistry, new['zoneName'][0], dn) + else: + ud.debug(ud.LISTENER, ud.WARN, 'Ignoring addition of invalid zoneName %r' % (new['zoneName'][0], )) elif old and not new: # Remove - _remove_zone(old['zoneName'][0]) + if reZoneName.match(old['zoneName'][0]): + _remove_zone(old['zoneName'][0]) + else: + ud.debug(ud.LISTENER, ud.WARN, 'Ignoring removal of invalid zoneName %r' % (old['zoneName'][0], )) if new.get('zoneName'): # Change - # Create an empty file to trigger the postrun() - zonefile = os.path.join(PROXY_CACHE_DIR, "%s.zone" % (new['zoneName'][0],)) - proxy_cache = open(zonefile, 'w') - proxy_cache.close() - os.chmod(zonefile, 0o640) - chgrp_bind(zonefile) + if reZoneName.match(new.get('zoneName')[0]): + # Create an empty file to trigger the postrun() + zonefile = os.path.join(PROXY_CACHE_DIR, "%s.zone" % (new['zoneName'][0],)) + proxy_cache = open(zonefile, 'w') + proxy_cache.close() + os.chmod(zonefile, 0o640) + chgrp_bind(zonefile) + else: + ud.debug(ud.LISTENER, ud.WARN, 'Ignoring change of invalid zoneName %r' % (new.get('zoneName')[0], )) finally: listener.unsetuid()