diff options
author | Rob Crittenden <rcrit@ipa.greyoak.com> | 2008-08-06 13:00:36 -0400 |
---|---|---|
committer | Rob Crittenden <rcrit@ipa.greyoak.com> | 2008-08-07 11:21:33 -0400 |
commit | 110f60da8e8cbf2b83f66b4959857dc62b407f06 (patch) | |
tree | 17ad23d4b346d7e826f8e3755697c382ed5ac84e /ipa-python | |
parent | fbc74a0cb48e7c596eb5c03fd56c068a8e0ef29e (diff) | |
download | freeipa-110f60da8e8cbf2b83f66b4959857dc62b407f06.tar.gz freeipa-110f60da8e8cbf2b83f66b4959857dc62b407f06.tar.xz freeipa-110f60da8e8cbf2b83f66b4959857dc62b407f06.zip |
Change user and group validators to match shadow-utils
This sets the regex to [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
Also change the validators to return True/False
450613, 457124
Diffstat (limited to 'ipa-python')
-rw-r--r-- | ipa-python/ipaadminutil.py | 9 | ||||
-rw-r--r-- | ipa-python/ipautil.py | 15 | ||||
-rw-r--r-- | ipa-python/ipavalidate.py | 76 | ||||
-rw-r--r-- | ipa-python/radius_util.py | 2 | ||||
-rw-r--r-- | ipa-python/test/test_ipavalidate.py | 80 |
5 files changed, 120 insertions, 62 deletions
diff --git a/ipa-python/ipaadminutil.py b/ipa-python/ipaadminutil.py index d94ced4d9..27337642c 100644 --- a/ipa-python/ipaadminutil.py +++ b/ipa-python/ipaadminutil.py @@ -22,6 +22,7 @@ import tempfile import logging import subprocess import os +import ipa.ipavalidate as ipavalidate def select_user(counter, users): """counter is the number of User objects in users @@ -82,3 +83,11 @@ def select_group(counter, groups): print "Please enter a number between 1 and %s" % counter return groupindex + +def check_name(name): + """Helper to ensure that a user or group name is legal""" + + if (not ipavalidate.GoodName(name, notEmpty=True)): + raise ValueError("may only include letters, numbers, _, -, . and $") + + return diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py index 3526cc7a8..f3018ed09 100644 --- a/ipa-python/ipautil.py +++ b/ipa-python/ipautil.py @@ -30,6 +30,7 @@ import stat import shutil from ipa import ipavalidate +from ipa import ipaadminutil from types import * import re @@ -529,13 +530,13 @@ def user_input_email(prompt, default = None, allow_empty = False): ret = user_input(prompt, default, allow_empty) if allow_empty and ret.lower() == "none": return "" - if not ipavalidate.Email(ret, not allow_empty): + if ipavalidate.Email(ret, not allow_empty): return ret.strip() def user_input_plain(prompt, default = None, allow_empty = True, allow_spaces = True): while True: ret = user_input(prompt, default, allow_empty) - if not ipavalidate.Plain(ret, not allow_empty, allow_spaces): + if ipavalidate.Plain(ret, not allow_empty, allow_spaces): return ret def user_input_path(prompt, default = None, allow_empty = True): @@ -545,9 +546,17 @@ def user_input_path(prompt, default = None, allow_empty = True): ret = user_input(prompt, default, allow_empty) if allow_empty and ret.lower() == "none": return "" - if not ipavalidate.Path(ret, not allow_empty): + if ipavalidate.Path(ret, not allow_empty): return ret +def user_input_name(prompt, default = None): + while True: + ret = user_input(prompt, default, False) + try: + ipaadminutil.check_name(ret) + return ret + except ValueError, e: + print prompt + " " + str(e) class AttributeValueCompleter: ''' diff --git a/ipa-python/ipavalidate.py b/ipa-python/ipavalidate.py index 4dc7fe1a6..63e0a7614 100644 --- a/ipa-python/ipavalidate.py +++ b/ipa-python/ipavalidate.py @@ -21,8 +21,8 @@ import re def Email(mail, notEmpty=True): """Do some basic validation of an e-mail address. - Return 0 if ok - Return 1 if not + Return True if ok + Return False if not If notEmpty is True the this will return an error if the field is "" or None. @@ -32,61 +32,61 @@ def Email(mail, notEmpty=True): if not mail or mail is None: if notEmpty is True: - return 1 + return False else: - return 0 + return True mail = mail.strip() s = mail.split('@', 1) try: username, domain=s except ValueError: - return 1 + return False if not usernameRE.search(username): - return 1 + return False if not domainRE.search(domain): - return 1 + return False - return 0 + return True def Plain(text, notEmpty=False, allowSpaces=True): """Do some basic validation of a plain text field - Return 0 if ok - Return 1 if not + Return True if ok + Return False if not If notEmpty is True the this will return an error if the field is "" or None. """ if (text is None) or (not text.strip()): if notEmpty is True: - return 1 + return False else: - return 0 + return True if allowSpaces: textRE = re.compile(r"^[a-zA-Z_\-0-9\'\ ]*$") else: textRE = re.compile(r"^[a-zA-Z_\-0-9\']*$") if not textRE.search(text): - return 1 + return False - return 0 + return True def String(text, notEmpty=False): """A string type. This is much looser in what it allows than plain""" if text is None or not text.strip(): if notEmpty is True: - return 1 + return False else: - return 0 + return True - return 0 + return True def Path(text, notEmpty=False): """Do some basic validation of a path - Return 0 if ok - Return 1 if not + Return True if ok + Return False if not If notEmpty is True the this will return an error if the field is "" or None. @@ -94,16 +94,44 @@ def Path(text, notEmpty=False): textRE = re.compile(r"^[a-zA-Z_\-0-9\\ \.\/\\:]*$") if not text and notEmpty is True: - return 1 + return False if text is None: if notEmpty is True: - return 1 + return False else: - return 0 + return True if not textRE.search(text): - return 1 + return False - return 0 + return True +def GoodName(text, notEmpty=False): + """From shadow-utils: + + User/group names must match gnu e-regex: + [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? + + as a non-POSIX, extension, allow "$" as the last char for + sake of Samba 3.x "add machine script" + + Return True if ok + Return False if not + """ + textRE = re.compile(r"^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?$") + + if not text and notEmpty is True: + return False + + if text is None: + if notEmpty is True: + return False + else: + return True + + m = textRE.match(text) + if not m or text != m.group(0): + return False + + return True diff --git a/ipa-python/radius_util.py b/ipa-python/radius_util.py index fb3e581e6..3d2e83e18 100644 --- a/ipa-python/radius_util.py +++ b/ipa-python/radius_util.py @@ -347,7 +347,7 @@ def validate_nastype(nastype, variable_name=None): return True def validate_desc(desc, variable_name=None): - if ipavalidate.Plain(desc) != 0: + if not ipavalidate.Plain(desc): print valid_desc_msg return False return True diff --git a/ipa-python/test/test_ipavalidate.py b/ipa-python/test/test_ipavalidate.py index de4693c36..8b79fbf07 100644 --- a/ipa-python/test/test_ipavalidate.py +++ b/ipa-python/test/test_ipavalidate.py @@ -32,54 +32,66 @@ class TestValidate(unittest.TestCase): pass def test_validEmail(self): - self.assertEqual(0, ipavalidate.Email("test@freeipa.org")) - self.assertEqual(0, ipavalidate.Email("", notEmpty=False)) + self.assertEqual(True, ipavalidate.Email("test@freeipa.org")) + self.assertEqual(True, ipavalidate.Email("", notEmpty=False)) def test_invalidEmail(self): - self.assertEqual(1, ipavalidate.Email("test")) - self.assertEqual(1, ipavalidate.Email("test@freeipa")) - self.assertEqual(1, ipavalidate.Email("test@.com")) - self.assertEqual(1, ipavalidate.Email("")) - self.assertEqual(1, ipavalidate.Email(None)) + self.assertEqual(False, ipavalidate.Email("test")) + self.assertEqual(False, ipavalidate.Email("test@freeipa")) + self.assertEqual(False, ipavalidate.Email("test@.com")) + self.assertEqual(False, ipavalidate.Email("")) + self.assertEqual(False, ipavalidate.Email(None)) def test_validPlain(self): - self.assertEqual(0, ipavalidate.Plain("Joe User")) - self.assertEqual(0, ipavalidate.Plain("Joe O'Malley")) - self.assertEqual(0, ipavalidate.Plain("", notEmpty=False)) - self.assertEqual(0, ipavalidate.Plain(None, notEmpty=False)) - self.assertEqual(0, ipavalidate.Plain("JoeUser", allowSpaces=False)) - self.assertEqual(0, ipavalidate.Plain("JoeUser", allowSpaces=True)) + self.assertEqual(True, ipavalidate.Plain("Joe User")) + self.assertEqual(True, ipavalidate.Plain("Joe O'Malley")) + self.assertEqual(True, ipavalidate.Plain("", notEmpty=False)) + self.assertEqual(True, ipavalidate.Plain(None, notEmpty=False)) + self.assertEqual(True, ipavalidate.Plain("JoeUser", allowSpaces=False)) + self.assertEqual(True, ipavalidate.Plain("JoeUser", allowSpaces=True)) def test_invalidPlain(self): - self.assertEqual(1, ipavalidate.Plain("Joe (User)")) - self.assertEqual(1, ipavalidate.Plain("Joe C. User")) - self.assertEqual(1, ipavalidate.Plain("", notEmpty=True)) - self.assertEqual(1, ipavalidate.Plain(None, notEmpty=True)) - self.assertEqual(1, ipavalidate.Plain("Joe User", allowSpaces=False)) + self.assertEqual(False, ipavalidate.Plain("Joe (User)")) + self.assertEqual(False, ipavalidate.Plain("Joe C. User")) + self.assertEqual(False, ipavalidate.Plain("", notEmpty=True)) + self.assertEqual(False, ipavalidate.Plain(None, notEmpty=True)) + self.assertEqual(False, ipavalidate.Plain("Joe User", allowSpaces=False)) + self.assertEqual(False, ipavalidate.Plain("Joe C. User")) def test_validString(self): - self.assertEqual(0, ipavalidate.String("Joe User")) - self.assertEqual(0, ipavalidate.String("Joe O'Malley")) - self.assertEqual(1, ipavalidate.Plain("Joe C. User")) - self.assertEqual(0, ipavalidate.String("", notEmpty=False)) - self.assertEqual(0, ipavalidate.String(None, notEmpty=False)) + self.assertEqual(True, ipavalidate.String("Joe User")) + self.assertEqual(True, ipavalidate.String("Joe O'Malley")) + self.assertEqual(True, ipavalidate.String("", notEmpty=False)) + self.assertEqual(True, ipavalidate.String(None, notEmpty=False)) + self.assertEqual(True, ipavalidate.String("Joe C. User")) def test_invalidString(self): - self.assertEqual(1, ipavalidate.String("", notEmpty=True)) - self.assertEqual(1, ipavalidate.String(None, notEmpty=True)) + self.assertEqual(False, ipavalidate.String("", notEmpty=True)) + self.assertEqual(False, ipavalidate.String(None, notEmpty=True)) def test_validPath(self): - self.assertEqual(0, ipavalidate.Path("/")) - self.assertEqual(0, ipavalidate.Path("/home/user")) - self.assertEqual(0, ipavalidate.Path("../home/user")) - self.assertEqual(0, ipavalidate.Path("", notEmpty=False)) - self.assertEqual(0, ipavalidate.Path(None, notEmpty=False)) + self.assertEqual(True, ipavalidate.Path("/")) + self.assertEqual(True, ipavalidate.Path("/home/user")) + self.assertEqual(True, ipavalidate.Path("../home/user")) + self.assertEqual(True, ipavalidate.Path("", notEmpty=False)) + self.assertEqual(True, ipavalidate.Path(None, notEmpty=False)) def test_invalidPath(self): - self.assertEqual(1, ipavalidate.Path("(foo)")) - self.assertEqual(1, ipavalidate.Path("", notEmpty=True)) - self.assertEqual(1, ipavalidate.Path(None, notEmpty=True)) + self.assertEqual(False, ipavalidate.Path("(foo)")) + self.assertEqual(False, ipavalidate.Path("", notEmpty=True)) + self.assertEqual(False, ipavalidate.Path(None, notEmpty=True)) + + def test_validName(self): + self.assertEqual(True, ipavalidate.GoodName("foo")) + self.assertEqual(True, ipavalidate.GoodName("1foo")) + self.assertEqual(True, ipavalidate.GoodName("foo.bar")) + self.assertEqual(True, ipavalidate.GoodName("foo.bar$")) + + def test_invalidName(self): + self.assertEqual(False, ipavalidate.GoodName("foo bar")) + self.assertEqual(False, ipavalidate.GoodName("foo%bar")) + self.assertEqual(False, ipavalidate.GoodName("*foo")) + self.assertEqual(False, ipavalidate.GoodName("$foo.bar$")) if __name__ == '__main__': unittest.main() - |