Improve hostname verification in install tools

Our install tools like ipa-server-install, ipa-replica-{prepare,
install} may allow hostnames that do not match the requirements
in ipalib. This creates a disconnect and may cause issues when
user cannot delete hostnames created by install tools.

This patch makes sure that ipalib requirements are applied to
install tools hostnames as well.

https://fedorahosted.org/freeipa/ticket/2089

1 files changed, 7 insertions, 0 deletions

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index a9a3ec43..3e7ae41b 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -34,6 +34,7 @@ from ConfigParser import SafeConfigParser
 
 from ipapython import ipautil, dnsclient, sysrestore
 from ipapython.ipa_log_manager import *
+from ipalib.util import validate_hostname
 
 # Used to determine install status
 IPA_MODULES = ['httpd', 'kadmin', 'dirsrv', 'pki-cad', 'pkids', 'install', 'krb5kdc', 'ntpd', 'named', 'ipa_memcached']
@@ -159,6 +160,12 @@ def verify_fqdn(host_name, no_host_dns=False, local_hostname=True):
     if ipautil.valid_ip(host_name):
         raise BadHostError("IP address not allowed as a hostname")
 
+    try:
+        # make sure that the host name meets the requirements in ipalib
+        validate_hostname(host_name)
+    except ValueError, e:
+        raise BadHostError("Invalid hostname '%s', %s" % (host_name, unicode(e)))
+
     if local_hostname:
         try:
             ex_name = socket.gethostbyaddr(host_name)