From 7d7322de2eb0de61ea917d03662452d3efa4c834 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 24 Feb 2012 14:39:56 -0500 Subject: Limit allowed characters in a netgroup name to alpha, digit, -, _ and . Apply this to hostgroup names as well since they can be linked. https://fedorahosted.org/freeipa/ticket/2221 --- API.txt | 28 ++++++++++++++-------------- ipalib/plugins/hostgroup.py | 3 +++ ipalib/plugins/netgroup.py | 6 ++++++ tests/test_xmlrpc/test_hostgroup_plugin.py | 9 +++++++++ tests/test_xmlrpc/test_netgroup_plugin.py | 9 +++++++++ 5 files changed, 41 insertions(+), 14 deletions(-) diff --git a/API.txt b/API.txt index 2b2d41c3..548fc93d 100644 --- a/API.txt +++ b/API.txt @@ -1755,7 +1755,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('value', , None) command: hostgroup_add args: 1,6,3 -arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, required=True) +arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, required=True) option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=True) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1767,7 +1767,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('value', , None) command: hostgroup_add_member args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('version?', exclude='webui') @@ -1778,7 +1778,7 @@ output: Output('failed', , None) output: Output('completed', , None) command: hostgroup_del args: 1,1,3 -arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=True, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('continue', autofill=True, cli_name='continue', default=False) output: Output('summary', (, ), None) output: Output('result', , None) @@ -1786,7 +1786,7 @@ output: Output('value', , None) command: hostgroup_find args: 1,20,4 arg: Str('criteria?', noextrawhitespace=False) -option: Str('cn', attribute=True, autofill=False, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=False) +option: Str('cn', attribute=True, autofill=False, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) option: Int('timelimit?', autofill=False, minvalue=0) option: Int('sizelimit?', autofill=False, minvalue=0) @@ -1812,7 +1812,7 @@ output: Output('count', , None) output: Output('truncated', , None) command: hostgroup_mod args: 1,8,3 -arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1826,7 +1826,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('value', , None) command: hostgroup_remove_member args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('version?', exclude='webui') @@ -1837,7 +1837,7 @@ output: Output('failed', , None) output: Output('completed', , None) command: hostgroup_show args: 1,4,3 -arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('rights', autofill=True, default=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') @@ -1915,7 +1915,7 @@ output: Output('failed', , None) output: Output('enabled', , None) command: netgroup_add args: 1,9,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, required=True) option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=True) option: Str('nisdomainname', attribute=True, cli_name='nisdomain', multivalue=False, required=False) option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) @@ -1930,7 +1930,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('value', , None) command: netgroup_add_member args: 1,8,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('version?', exclude='webui') @@ -1944,7 +1944,7 @@ output: Output('failed', , None) output: Output('completed', , None) command: netgroup_del args: 1,1,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('continue', autofill=True, cli_name='continue', default=False) output: Output('summary', (, ), None) output: Output('result', , None) @@ -1952,7 +1952,7 @@ output: Output('value', , None) command: netgroup_find args: 1,26,4 arg: Str('criteria?', noextrawhitespace=False) -option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False) +option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) option: Str('nisdomainname', attribute=True, autofill=False, cli_name='nisdomain', multivalue=False, query=True, required=False) option: Str('ipauniqueid', attribute=True, autofill=False, cli_name='uuid', multivalue=False, query=True, required=False) @@ -1984,7 +1984,7 @@ output: Output('count', , None) output: Output('truncated', , None) command: netgroup_mod args: 1,11,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) option: Str('nisdomainname', attribute=True, autofill=False, cli_name='nisdomain', multivalue=False, required=False) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) @@ -2001,7 +2001,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA output: Output('value', , None) command: netgroup_remove_member args: 1,8,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('version?', exclude='webui') @@ -2015,7 +2015,7 @@ output: Output('failed', , None) output: Output('completed', , None) command: netgroup_show args: 1,4,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True) option: Flag('rights', autofill=True, default=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index 28e3ef5d..2a9a0a53 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -20,6 +20,7 @@ from ipalib.plugins.baseldap import * from ipalib import api, Int, _, ngettext, errors +from ipalib.plugins.netgroup import NETGROUP_PATTERN, NETGROUP_PATTERN_ERRMSG from ipalib.dn import DN __doc__ = _(""" @@ -76,6 +77,8 @@ class hostgroup(LDAPObject): takes_params = ( Str('cn', + pattern=NETGROUP_PATTERN, + pattern_errmsg=NETGROUP_PATTERN_ERRMSG, cli_name='hostgroup_name', label=_('Host-group'), doc=_('Name of host-group'), diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index fd3478e9..2ba15464 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -49,6 +49,10 @@ EXAMPLES: ipa netgroup-del admins """) + +NETGROUP_PATTERN='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$' +NETGROUP_PATTERN_ERRMSG='may only include letters, numbers, _, -, and .' + output_params = ( Str('memberuser_user?', label='Member User', @@ -101,6 +105,8 @@ class netgroup(LDAPObject): takes_params = ( Str('cn', + pattern=NETGROUP_PATTERN, + pattern_errmsg=NETGROUP_PATTERN_ERRMSG, cli_name='name', label=_('Netgroup name'), primary_key=True, diff --git a/tests/test_xmlrpc/test_hostgroup_plugin.py b/tests/test_xmlrpc/test_hostgroup_plugin.py index e0d11585..f5c2efb7 100644 --- a/tests/test_xmlrpc/test_hostgroup_plugin.py +++ b/tests/test_xmlrpc/test_hostgroup_plugin.py @@ -36,6 +36,8 @@ fqdn1 = u'testhost1.%s' % api.env.domain host_dn1 = DN(('fqdn',fqdn1),('cn','computers'),('cn','accounts'), api.env.basedn) +invalidhostgroup1 = u'@invalid' + class test_hostgroup(Declarative): @@ -69,6 +71,13 @@ class test_hostgroup(Declarative): ), + dict( + desc='Test an invalid hostgroup name %r' % invalidhostgroup1, + command=('hostgroup_add', [invalidhostgroup1], dict(description=u'Test')), + expected=errors.ValidationError(name='cn', error='may only include letters, numbers, _, - and .'), + ), + + dict( desc='Create %r' % hostgroup1, command=('hostgroup_add', [hostgroup1], diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py index 9194b549..1c6b94bd 100644 --- a/tests/test_xmlrpc/test_netgroup_plugin.py +++ b/tests/test_xmlrpc/test_netgroup_plugin.py @@ -56,6 +56,8 @@ user2 = u'pexample' group1 = u'testgroup' +invalidnetgroup1=u'+badnetgroup' + class test_netgroup(Declarative): """ Test the `netgroup` plugin. @@ -96,6 +98,13 @@ class test_netgroup(Declarative): ), + dict( + desc='Test an invalid netgroup name %r' % invalidnetgroup1, + command=('netgroup_add', [invalidnetgroup1], dict(description=u'Test')), + expected=errors.ValidationError(name='cn', error='may only include letters, numbers, _, - and .'), + ), + + dict( desc='Create %r' % netgroup1, command=('netgroup_add', [netgroup1], -- cgit