diff options
| author | Ondrej Hamada <ohamada@redhat.com> | 2012-03-27 15:15:20 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-03-28 16:23:37 +0200 |
| commit | 5cfee2338d548035151926c5c235f3426fca0499 (patch) | |
| tree | bfaf5b0b796d398386e971c1ba272bb748e91145 /ipalib/plugins/baseldap.py | |
| parent | 159e848d85779e8fb3a9b2ed84490423014bf609 (diff) | |
| download | freeipa-5cfee2338d548035151926c5c235f3426fca0499.tar.gz freeipa-5cfee2338d548035151926c5c235f3426fca0499.tar.xz freeipa-5cfee2338d548035151926c5c235f3426fca0499.zip | |
Netgroup nisdomain and hosts validation
nisdomain validation:
Added pattern to the 'nisdomain' parameter to validate the specified
nisdomain name. According to most common use cases the same pattern as
for netgroup should fit. Unit-tests added.
https://fedorahosted.org/freeipa/ticket/2448
'add_external_pre_callback' function was created to allow validation of
all external members. Validation is based on usage of objects primary
key parameter. The 'add_external_pre_callback' fucntion has to be called
directly from in the 'pre_callback' function. This change affects
netgroup, hbacrule and sudorule commands.
For hostname, the validator allows non-fqdn and underscore characters.
validate_hostname function in ipalib.util was modified and contains
additional option that allows hostname to contain underscore characters.
This option is disabled by default.
Unit-tests added.
https://fedorahosted.org/freeipa/ticket/2447
Diffstat (limited to 'ipalib/plugins/baseldap.py')
| -rw-r--r-- | ipalib/plugins/baseldap.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index a09e00fef..38f369a77 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -33,7 +33,7 @@ from ipalib.base import NameSpace from ipalib.cli import to_cli, from_cli from ipalib import output from ipalib.text import _ -from ipalib.util import json_serialize +from ipalib.util import json_serialize, validate_hostname from ipalib.dn import * global_output_params = ( @@ -313,6 +313,33 @@ def wait_for_value(ldap, dn, attr, value): return entry_attrs +def add_external_pre_callback(membertype, ldap, dn, keys, options): + """ + Pre callback to validate external members. + + This should be called by a command pre callback directly. + + membertype is the type of member + """ + # validate hostname with allowed underscore characters, non-fqdn + # hostnames are allowed + def validate_host(hostname): + validate_hostname(hostname, check_fqdn=False, allow_underscore=True) + + if membertype in options: + if membertype == 'host': + validator = validate_host + else: + validator = api.Object[membertype].primary_key + for value in options[membertype]: + try: + validator(value) + except errors.ValidationError as e: + raise errors.ValidationError(name=membertype, error=e.error) + except ValueError as e: + raise errors.ValidationError(name=membertype, error=e) + return dn + def add_external_post_callback(memberattr, membertype, externalattr, ldap, completed, failed, dn, entry_attrs, *keys, **options): """ Post callback to add failed members as external members. |