additional dns record validation

serghey-rodin · serghey-rodin · commit add7d1442e1a · 2014-01-25T20:02:10.000+02:00
diff --git a/bin/v-add-dns-record b/bin/v-add-dns-record
@@ -33,6 +33,20 @@ source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 
+# Null priority for none MX/SRV records
+if [ "$rtype" != 'MX' ] && [ "$rtype" != 'SRV' ]; then
+    priority=''
+fi
+
+# Add trailing dot at the end of NS/CNAME/MX/PTR/SRV record
+fqdn_type=$(echo $rtype | grep "[NS|CNAME|MX|PTR|SRV]")
+if [ ! -z "$fqdn_type" ]; then
+    trailing_dot=$(echo $dvalue | grep "\.$")
+    if [ -z $trailing_dot ]; then
+        dvalue="$dvalue."
+    fi
+fi
+
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -49,16 +63,14 @@ is_package_full 'DNS_RECORDS'
 get_next_dnsrecord
 validate_format 'id'
 is_object_new "dns/$domain" 'ID' "$id"
+is_dns_fqnd "$rtype" "$dvalue"
+is_dns_nameserver_valid "$domain" "$rtype" "$dvalue"
 
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ "$rtype" != 'MX' ] && [ "$rtype" != 'SRV' ]; then
-    priority=''
-fi
-
 # Adding record
 zone="$USER_DATA/dns/$domain.conf"
 dns_rec="ID='$id' RECORD='$record' TYPE='$rtype' PRIORITY='$priority'"
@@ -67,7 +79,7 @@ echo "$dns_rec" >> $zone
 chmod 660 $zone
 
 # Sorting records
-sort_dns_records 
+sort_dns_records
 
 # Updating zone
 update_domain_zone
diff --git a/bin/v-change-dns-record b/bin/v-change-dns-record
@@ -44,12 +44,29 @@ is_object_valid "dns/$domain" 'ID' "$id"
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Deleting old record
+# Parsing domain config
 line=$(grep "ID='$id'" $USER_DATA/dns/$domain.conf)
 eval $line
+
+# Null priority for none MX/SRV records
 if [ "$TYPE" != 'MX' ] && [ "$TYPE" != 'SRV' ]; then
     priority=''
 fi
+
+# Add trailing dot at the end of NS/CNAME/MX/PTR/SRV record
+fqdn_type=$(echo $TYPE | grep "[NS|CNAME|MX|PTR|SRV]")
+if [ ! -z "$fqdn_type" ]; then
+    trailing_dot=$(echo $dvalue | grep "\.$")
+    if [ -z $trailing_dot ]; then
+        dvalue="$dvalue."
+    fi
+fi
+
+# Additional verifications
+is_dns_fqnd "$TYPE" "$dvalue"
+is_dns_nameserver_valid "$domain" "$TYPE" "$dvalue"
+
+# Deleting old record
 sed -i "/^ID='$id'/d" $USER_DATA/dns/$domain.conf
 
 # Adding record
diff --git a/bin/v-delete-dns-record b/bin/v-delete-dns-record
@@ -33,6 +33,7 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"
 is_object_unsuspended 'dns' 'DOMAIN' "$domain"
 is_object_valid "dns/$domain" 'ID' "$id"
+is_dns_record_critical
 
 
 #----------------------------------------------------------#
diff --git a/func/domain.sh b/func/domain.sh
@@ -459,3 +459,58 @@ upd_web_domain_values() {
     fi
 }
 
+# Check if this is a last record
+is_dns_record_critical() {
+    str=$(grep "ID='$id'" $USER_DATA/dns/$domain.conf)
+    eval $str
+    if [ "$TYPE" = 'A' ] || [ "$TYPE" = 'NS' ]; then
+        records=$(grep "TYPE='$TYPE'" $USER_DATA/dns/$domain.conf| wc -l)
+        if [ $records -le 1 ]; then
+            echo "Error: at least one $TYPE record should remain active"
+            log_event "$E_INVALID" "$EVENT"
+            exit $E_INVALID
+        fi
+    fi
+}
+
+# Check if dns record is valid
+is_dns_fqnd() {
+    t=$1
+    r=$2
+    fqdn_type=$(echo $t | grep "[NS|CNAME|MX|PTR|SRV]")
+    tree_length=3
+    if [ $t = 'CNAME' ]; then
+        tree_length=2
+    fi
+
+    if [ ! -z "$fqdn_type" ]; then
+        dots=$(echo $dvalue | grep -o "\." | wc -l)
+        if [ "$dots" -lt "$tree_length" ]; then
+            r=$(echo $r|sed -e "s/\.$//")
+            msg="$t record $r should be a fully qualified domain name (FQDN)"
+            echo "Error: $msg"
+            log_event "$E_INVALID" "$EVENT"
+            exit $E_INVALID
+        fi
+    fi
+}
+
+# Validate nameserver
+is_dns_nameserver_valid() {
+    d=$1
+    t=$2
+    r=$3
+    if [ "$t" = 'NS' ]; then
+        remote=$(echo $r |grep ".$domain.$")
+        if [ ! -z "$remote" ]; then
+            zone=$USER_DATA/dns/$d.conf
+            a_record=$(echo $r |cut -f 1 -d '.')
+            record=$(grep "RECORD='$a_record'" $zone| grep "TYPE='A'")
+            if [ -z "$record" ]; then
+                echo "Error: corresponding A record $a_record.$d is not exist"
+                log_event "$E_NOTEXIST" "$EVENT"
+                exit $E_NOTEXIST
+            fi
+        fi
+    fi
+}
