diff options
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/baseldap.py | 29 | ||||
-rw-r--r-- | ipalib/plugins/hbacrule.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/netgroup.py | 9 | ||||
-rw-r--r-- | ipalib/plugins/sudorule.py | 8 |
4 files changed, 42 insertions, 6 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index a09e00fef..38f369a77 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -33,7 +33,7 @@ from ipalib.base import NameSpace from ipalib.cli import to_cli, from_cli from ipalib import output from ipalib.text import _ -from ipalib.util import json_serialize +from ipalib.util import json_serialize, validate_hostname from ipalib.dn import * global_output_params = ( @@ -313,6 +313,33 @@ def wait_for_value(ldap, dn, attr, value): return entry_attrs +def add_external_pre_callback(membertype, ldap, dn, keys, options): + """ + Pre callback to validate external members. + + This should be called by a command pre callback directly. + + membertype is the type of member + """ + # validate hostname with allowed underscore characters, non-fqdn + # hostnames are allowed + def validate_host(hostname): + validate_hostname(hostname, check_fqdn=False, allow_underscore=True) + + if membertype in options: + if membertype == 'host': + validator = validate_host + else: + validator = api.Object[membertype].primary_key + for value in options[membertype]: + try: + validator(value) + except errors.ValidationError as e: + raise errors.ValidationError(name=membertype, error=e.error) + except ValueError as e: + raise errors.ValidationError(name=membertype, error=e) + return dn + def add_external_post_callback(memberattr, membertype, externalattr, ldap, completed, failed, dn, entry_attrs, *keys, **options): """ Post callback to add failed members as external members. diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 466648556..eb5cb696e 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -498,7 +498,7 @@ class hbacrule_add_sourcehost(LDAPAddMember): if 'sourcehostcategory' in entry_attrs and \ entry_attrs['sourcehostcategory'][0].lower() == 'all': raise errors.MutuallyExclusiveError(reason="source hosts cannot be added when sourcehost category='all'") - return dn + return add_external_pre_callback('host', ldap, dn, keys, options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): return add_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 2ba154649..06372a592 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -53,6 +53,11 @@ EXAMPLES: NETGROUP_PATTERN='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$' NETGROUP_PATTERN_ERRMSG='may only include letters, numbers, _, -, and .' +# according to most common use cases the netgroup pattern should fit +# also the nisdomain pattern +NISDOMAIN_PATTERN=NETGROUP_PATTERN +NISDOMAIN_PATTERN_ERRMSG=NETGROUP_PATTERN_ERRMSG + output_params = ( Str('memberuser_user?', label='Member User', @@ -118,6 +123,8 @@ class netgroup(LDAPObject): doc=_('Netgroup description'), ), Str('nisdomainname?', + pattern=NISDOMAIN_PATTERN, + pattern_errmsg=NISDOMAIN_PATTERN_ERRMSG, cli_name='nisdomain', label=_('NIS domain name'), ), @@ -255,6 +262,8 @@ class netgroup_add_member(LDAPAddMember): member_attributes = ['memberuser', 'memberhost', 'member'] has_output_params = LDAPAddMember.has_output_params + output_params + def pre_callback(self, ldap, dn, found, not_found, *keys, **options): + return add_external_pre_callback('host', ldap, dn, keys, options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): return add_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index de7a7af37..7432bc42b 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -431,7 +431,7 @@ class sudorule_add_user(LDAPAddMember): self.obj.handle_not_found(*keys) if is_all(_entry_attrs, 'usercategory'): raise errors.MutuallyExclusiveError(reason=_("users cannot be added when user category='all'")) - return dn + return add_external_pre_callback('user', ldap, dn, keys, options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): return add_external_post_callback('memberuser', 'user', 'externaluser', ldap, completed, failed, dn, entry_attrs, keys, options) @@ -464,7 +464,7 @@ class sudorule_add_host(LDAPAddMember): self.obj.handle_not_found(*keys) if is_all(_entry_attrs, 'hostcategory'): raise errors.MutuallyExclusiveError(reason=_("hosts cannot be added when host category='all'")) - return dn + return add_external_pre_callback('host', ldap, dn, keys, options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): return add_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) @@ -517,7 +517,7 @@ class sudorule_add_runasuser(LDAPAddMember): error=unicode(_("RunAsUser does not accept '%(name)s' as a group name")) % dict(name=name)) - return dn + return add_external_pre_callback('user', ldap, dn, keys, options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): return add_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options) @@ -565,7 +565,7 @@ class sudorule_add_runasgroup(LDAPAddMember): error=unicode(_("RunAsGroup does not accept '%(name)s' as a group name")) % dict(name=name)) - return dn + return add_external_pre_callback('group', ldap, dn, keys, options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): return add_external_post_callback('ipasudorunasgroup', 'group', 'ipasudorunasextgroup', ldap, completed, failed, dn, entry_attrs, keys, options) |