Limit allowed characters in a netgroup name to alpha, digit, -, _ and .

Apply this to hostgroup names as well since they can be linked. https://fedorahosted.org/freeipa/ticket/2221
author: Rob Crittenden <rcritten@redhat.com> 2012-02-24 14:39:56 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2012-02-27 00:06:44 -0500
commit: 7d7322de2eb0de61ea917d03662452d3efa4c834 (patch)
tree: b553e8fa4180f59db38ea3b01fcbd73bba0f09b7
parent: a09063cbb83aa9c3c77886fe43d70ba15fe4ef48 (diff)
download: freeipa.git-7d7322de2eb0de61ea917d03662452d3efa4c834.tar.gz
freeipa.git-7d7322de2eb0de61ea917d03662452d3efa4c834.tar.xz
freeipa.git-7d7322de2eb0de61ea917d03662452d3efa4c834.zip
5 files changed, 41 insertions, 14 deletions
diff --git a/API.txt b/API.txt
index 2b2d41c3..548fc93d 100644
--- a/API.txt
+++ b/API.txt
@@ -1755,7 +1755,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('value', <type 'unicode'>, None)
 command: hostgroup_add
 args: 1,6,3
-arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, required=True)
+arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, required=True)
 option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=True)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1767,7 +1767,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('value', <type 'unicode'>, None)
 command: hostgroup_add_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
@@ -1778,7 +1778,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Output('completed', <type 'int'>, None)
 command: hostgroup_del
 args: 1,1,3
-arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=True, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('result', <type 'dict'>, None)
@@ -1786,7 +1786,7 @@ output: Output('value', <type 'unicode'>, None)
 command: hostgroup_find
 args: 1,20,4
 arg: Str('criteria?', noextrawhitespace=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=False)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, minvalue=0)
 option: Int('sizelimit?', autofill=False, minvalue=0)
@@ -1812,7 +1812,7 @@ output: Output('count', <type 'int'>, None)
 output: Output('truncated', <type 'bool'>, None)
 command: hostgroup_mod
 args: 1,8,3
-arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1826,7 +1826,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('value', <type 'unicode'>, None)
 command: hostgroup_remove_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
@@ -1837,7 +1837,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Output('completed', <type 'int'>, None)
 command: hostgroup_show
 args: 1,4,3
-arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='hostgroup_name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('rights', autofill=True, default=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -1915,7 +1915,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Output('enabled', <type 'bool'>, None)
 command: netgroup_add
 args: 1,9,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, required=True)
 option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=True)
 option: Str('nisdomainname', attribute=True, cli_name='nisdomain', multivalue=False, required=False)
 option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
@@ -1930,7 +1930,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('value', <type 'unicode'>, None)
 command: netgroup_add_member
 args: 1,8,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
@@ -1944,7 +1944,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Output('completed', <type 'int'>, None)
 command: netgroup_del
 args: 1,1,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('result', <type 'dict'>, None)
@@ -1952,7 +1952,7 @@ output: Output('value', <type 'unicode'>, None)
 command: netgroup_find
 args: 1,26,4
 arg: Str('criteria?', noextrawhitespace=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=False)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False)
 option: Str('nisdomainname', attribute=True, autofill=False, cli_name='nisdomain', multivalue=False, query=True, required=False)
 option: Str('ipauniqueid', attribute=True, autofill=False, cli_name='uuid', multivalue=False, query=True, required=False)
@@ -1984,7 +1984,7 @@ output: Output('count', <type 'int'>, None)
 output: Output('truncated', <type 'bool'>, None)
 command: netgroup_mod
 args: 1,11,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
 option: Str('nisdomainname', attribute=True, autofill=False, cli_name='nisdomain', multivalue=False, required=False)
 option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
@@ -2001,7 +2001,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('value', <type 'unicode'>, None)
 command: netgroup_remove_member
 args: 1,8,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
@@ -2015,7 +2015,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Output('completed', <type 'int'>, None)
 command: netgroup_show
 args: 1,4,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('rights', autofill=True, default=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 28e3ef5d..2a9a0a53 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -20,6 +20,7 @@
 
 from ipalib.plugins.baseldap import *
 from ipalib import api, Int, _, ngettext, errors
+from ipalib.plugins.netgroup import NETGROUP_PATTERN, NETGROUP_PATTERN_ERRMSG
 from ipalib.dn import DN
 
 __doc__ = _("""
@@ -76,6 +77,8 @@ class hostgroup(LDAPObject):
 
     takes_params = (
         Str('cn',
+            pattern=NETGROUP_PATTERN,
+            pattern_errmsg=NETGROUP_PATTERN_ERRMSG,
             cli_name='hostgroup_name',
             label=_('Host-group'),
             doc=_('Name of host-group'),
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index fd3478e9..2ba15464 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -49,6 +49,10 @@ EXAMPLES:
    ipa netgroup-del admins
 """)
 
+
+NETGROUP_PATTERN='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$'
+NETGROUP_PATTERN_ERRMSG='may only include letters, numbers, _, -, and .'
+
 output_params = (
         Str('memberuser_user?',
             label='Member User',
@@ -101,6 +105,8 @@ class netgroup(LDAPObject):
 
     takes_params = (
         Str('cn',
+            pattern=NETGROUP_PATTERN,
+            pattern_errmsg=NETGROUP_PATTERN_ERRMSG,
             cli_name='name',
             label=_('Netgroup name'),
             primary_key=True,
diff --git a/tests/test_xmlrpc/test_hostgroup_plugin.py b/tests/test_xmlrpc/test_hostgroup_plugin.py
index e0d11585..f5c2efb7 100644
--- a/tests/test_xmlrpc/test_hostgroup_plugin.py
+++ b/tests/test_xmlrpc/test_hostgroup_plugin.py
@@ -36,6 +36,8 @@ fqdn1 = u'testhost1.%s' % api.env.domain
 host_dn1 = DN(('fqdn',fqdn1),('cn','computers'),('cn','accounts'),
               api.env.basedn)
 
+invalidhostgroup1 = u'@invalid'
+
 
 class test_hostgroup(Declarative):
 
@@ -70,6 +72,13 @@ class test_hostgroup(Declarative):
 
 
         dict(
+            desc='Test an invalid hostgroup name %r' % invalidhostgroup1,
+            command=('hostgroup_add', [invalidhostgroup1], dict(description=u'Test')),
+            expected=errors.ValidationError(name='cn', error='may only include letters, numbers, _, - and .'),
+        ),
+
+
+        dict(
             desc='Create %r' % hostgroup1,
             command=('hostgroup_add', [hostgroup1],
                 dict(description=u'Test hostgroup 1')
diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py
index 9194b549..1c6b94bd 100644
--- a/tests/test_xmlrpc/test_netgroup_plugin.py
+++ b/tests/test_xmlrpc/test_netgroup_plugin.py
@@ -56,6 +56,8 @@ user2 = u'pexample'
 
 group1 = u'testgroup'
 
+invalidnetgroup1=u'+badnetgroup'
+
 class test_netgroup(Declarative):
     """
     Test the `netgroup` plugin.
@@ -97,6 +99,13 @@ class test_netgroup(Declarative):
 
 
         dict(
+            desc='Test an invalid netgroup name %r' % invalidnetgroup1,
+            command=('netgroup_add', [invalidnetgroup1], dict(description=u'Test')),
+            expected=errors.ValidationError(name='cn', error='may only include letters, numbers, _, - and .'),
+        ),
+
+
+        dict(
             desc='Create %r' % netgroup1,
             command=('netgroup_add', [netgroup1],
                 dict(description=u'Test netgroup 1')
author	Rob Crittenden <rcritten@redhat.com>	2012-02-24 14:39:56 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2012-02-27 00:06:44 -0500
commit	7d7322de2eb0de61ea917d03662452d3efa4c834 (patch)
tree	b553e8fa4180f59db38ea3b01fcbd73bba0f09b7
parent	a09063cbb83aa9c3c77886fe43d70ba15fe4ef48 (diff)
download	freeipa.git-7d7322de2eb0de61ea917d03662452d3efa4c834.tar.gz freeipa.git-7d7322de2eb0de61ea917d03662452d3efa4c834.tar.xz freeipa.git-7d7322de2eb0de61ea917d03662452d3efa4c834.zip