diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-02-28 09:05:01 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-29 18:52:58 +0100 |
commit | 7db1da1d6524aba1319d83bb711c59968557de5f (patch) | |
tree | 293ead5ab8f19c36a02f73dc3532cf0f63d281bb /ipalib/plugins/host.py | |
parent | 4e9a2e0983a92829f497bb3ba6b3ab7b6db2967d (diff) | |
download | freeipa-7db1da1d6524aba1319d83bb711c59968557de5f.tar.gz freeipa-7db1da1d6524aba1319d83bb711c59968557de5f.tar.xz freeipa-7db1da1d6524aba1319d83bb711c59968557de5f.zip |
Improve hostname and domain name validation
DNS plugin did not check DNS zone and DNS record validity and
user was thus able to create domains like "foo bar" or other
invalid DNS labels which would really confuse both user and
bind-dyndb-ldap plugin.
This patch at first consolidates hostname/domain name validators
so that they use common functions and we don't have regular
expressions and other checks defined in several places. These
new cleaned validators are then used for zone/record name
validation.
https://fedorahosted.org/freeipa/ticket/2384
Diffstat (limited to 'ipalib/plugins/host.py')
-rw-r--r-- | ipalib/plugins/host.py | 21 |
1 files changed, 6 insertions, 15 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index df9ad7370..0ff5237fa 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -31,7 +31,9 @@ from ipalib.plugins.baseldap import * from ipalib.plugins.service import split_principal from ipalib.plugins.service import validate_certificate from ipalib.plugins.service import set_certificate_attrs -from ipalib.plugins.dns import dns_container_exists, _record_types, add_records_for_host_validation, add_records_for_host +from ipalib.plugins.dns import (dns_container_exists, _record_types, + add_records_for_host_validation, add_records_for_host, + _hostname_validator, get_reverse_zone) from ipalib.plugins.dns import get_reverse_zone from ipalib import _, ngettext from ipalib import x509 @@ -97,14 +99,6 @@ EXAMPLES: ipa host-add-managedby --hosts=test2 test """) -def validate_host(ugettext, fqdn): - """ - Require at least one dot in the hostname (to support localhost.localdomain) - """ - if fqdn.find('.') == -1: - return _('Fully-qualified hostname required') - return None - def remove_fwd_ptr(ipaddr, host, domain, recordtype): api.log.debug('deleting ipaddr %s' % ipaddr) try: @@ -225,10 +219,7 @@ class host(LDAPObject): label_singular = _('Host') takes_params = ( - Str('fqdn', validate_host, - pattern='^[a-zA-Z0-9][a-zA-Z0-9-\.]{0,254}$', - pattern_errmsg='may only include letters, numbers, and -', - maxlength=255, + Str('fqdn', _hostname_validator, cli_name='hostname', label=_('Host name'), primary_key=True, @@ -481,7 +472,7 @@ class host_del(LDAPDelete): def pre_callback(self, ldap, dn, *keys, **options): # If we aren't given a fqdn, find it - if validate_host(None, keys[-1]) is not None: + if _hostname_validator(None, keys[-1]) is not None: hostentry = api.Command['host_show'](keys[-1])['result'] fqdn = hostentry['fqdn'][0] else: @@ -856,7 +847,7 @@ class host_disable(LDAPQuery): ldap = self.obj.backend # If we aren't given a fqdn, find it - if validate_host(None, keys[-1]) is not None: + if _hostname_validator(None, keys[-1]) is not None: hostentry = api.Command['host_show'](keys[-1])['result'] fqdn = hostentry['fqdn'][0] else: |