diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2012-04-06 04:56:46 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-09 20:56:29 -0400 |
| commit | 6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9 (patch) | |
| tree | 910e45fc7a0f9077388932bef9d08b71631fe125 /ipalib | |
| parent | 35f44a1aebe0350884113c0ce57c2aeb736c714b (diff) | |
| download | freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.gz freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.xz freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.zip | |
Limit permission and selfservice names to alphanumerics, -, _, space
The DN and ACI code doesn't always escape special characters properly.
Rather than trying to fix it, this patch takes the easy way out and
enforces that the names are safe.
https://fedorahosted.org/freeipa/ticket/2585
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/permission.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/selfservice.py | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index ce2536d99..9b669d9f5 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import copy + from ipalib.plugins.baseldap import * from ipalib import api, _, ngettext from ipalib import Flag, Str, StrEnum @@ -92,6 +93,7 @@ output_params = ( dn_ipaconfig = str(DN('cn=ipaconfig,cn=etc,%s' % api.env.basedn)) + def check_attrs(attrs, type): # Trying to delete attributes - no need for validation if attrs is None: @@ -154,6 +156,8 @@ class permission(LDAPObject): cli_name='name', label=_('Permission name'), primary_key=True, + pattern='^[-_ a-zA-Z0-9]+$', + pattern_errmsg="May only contain letters, numbers, -, _, and space", ), Str('permissions+', cli_name='permissions', diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 6f843d469..a60475b7c 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import copy + from ipalib import api, _, ngettext from ipalib import Flag, Str from ipalib.request import context @@ -60,6 +61,7 @@ output_params = ( ), ) + class selfservice(Object): """ Selfservice object. @@ -77,6 +79,8 @@ class selfservice(Object): label=_('Self-service name'), doc=_('Self-service name'), primary_key=True, + pattern='^[-_ a-zA-Z0-9]+$', + pattern_errmsg="May only contain letters, numbers, -, _, and space", ), Str('permissions*', cli_name='permissions', |