def evaluate(self,
hints # Information used for doing identification
):
"""Given a set of hints, evaluate this identifier and return True if
an identification is made.
"""
try:
ip = hints['requester']
except KeyError:
return False
addr = ipaddr.IPAddress(ip)
ip_reverse = dns.reversename.from_address(ip)
# Resolve to a FQDN
try:
reverse = str(self.resolver.query(ip_reverse, 'PTR')[0])
except (dns.resolver.NXDOMAIN,
dns.exception.Timeout,
dns.resolver.NoAnswer,
dns.resolver.NoNameservers):
return False
# Resolve the FQDN back to an IP and see if they match. This
# prevents someone in control over their reverse resolution
# from claiming they're someone they're not.
# TODO: Check against _all_ returned IPs
record = 'A' if addr.version == 4 else 'AAAA'
try:
forwards = self.resolver.query(reverse, record)
except (dns.resolver.NXDOMAIN,
dns.exception.Timeout,
dns.resolver.NoAnswer,
dns.resolver.NoNameservers):
return False
if ip not in [ str(f) for f in forwards ]:
return False
# Try to match with and without the dot at the end.
for reverse_candidate in [ reverse, reverse.rstrip('.') ]:
if self.matcher.matches(reverse_candidate):
return True
# No match, no dice.
return False
# A short test program
评论列表
文章目录
