DNS API should reject qnames that aren't in a zone managed by the box

see https://discourse.mailinabox.email/t/set-www-a-and-other-dns-records-after-install/63/10
This commit is contained in:
Joshua Tauberer 2014-09-21 13:20:37 +00:00
parent 1637153566
commit c7c3bd33cf
1 changed files with 11 additions and 1 deletions

View File

@ -596,7 +596,17 @@ def write_opendkim_tables(zonefiles, env):
######################################################################## ########################################################################
def set_custom_dns_record(qname, rtype, value, env): def set_custom_dns_record(qname, rtype, value, env):
# validate # validate qname
for zone, fn in get_dns_zones(env):
# It must match a zone apex or be a subdomain of a zone
# that we are otherwise hosting.
if qname == zone or qname.endswith("."+zone):
break
else:
# No match.
raise ValueError("%s is not a domain name or a subdomain of a domain name managed by this box." % qname)
# validate rtype
rtype = rtype.upper() rtype = rtype.upper()
if value is not None: if value is not None:
if rtype in ("A", "AAAA"): if rtype in ("A", "AAAA"):