From 1565ce3a8c39326f814c9781b3df24c42402c1b5 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 30 Apr 2012 07:29:08 -0400
Subject: Validate externalhost (when added by --addattr/--setattr)

Change the externalhost attribute of hbacrule, netgroup
and sudorule into a full-fledged Parameter, and attach
a validator to it.
The validator is relaxed to allow underscores, so that
some hosts with nonstandard names can be added.

Tests included.

https://fedorahosted.org/freeipa/ticket/2649
---
 ipalib/plugins/baseldap.py | 17 ++++++++++++++---
 ipalib/plugins/hbacrule.py |  1 +
 ipalib/plugins/netgroup.py |  1 +
 ipalib/plugins/sudorule.py |  1 +
 4 files changed, 17 insertions(+), 3 deletions(-)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 85a81723..895ec682 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -157,9 +157,6 @@ global_output_params = (
     Str('memberofindirect_hbacrule?',
         label='Indirect Member of HBAC rule',
     ),
-    Str('externalhost?',
-        label=_('External host'),
-    ),
     Str('sourcehost',
         label=_('Failed source hosts/hostgroups'),
     ),
@@ -313,6 +310,20 @@ def wait_for_value(ldap, dn, attr, value):
 
     return entry_attrs
 
+
+def validate_externalhost(ugettext, hostname):
+    try:
+        validate_hostname(hostname, check_fqdn=False, allow_underscore=True)
+    except ValueError, e:
+        return unicode(e)
+
+
+external_host_param = Str('externalhost*', validate_externalhost,
+        label=_('External host'),
+        flags=['no_create', 'no_update', 'no_search'],
+)
+
+
 def add_external_pre_callback(membertype, ldap, dn, keys, options):
     """
     Pre callback to validate external members.
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index eb5cb696..33440ccd 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -219,6 +219,7 @@ class hbacrule(LDAPObject):
             label=_('Service Groups'),
             flags=['no_create', 'no_update', 'no_search'],
         ),
+        external_host_param,
     )
 
 api.register(hbacrule)
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index d2a78098..4236feeb 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -146,6 +146,7 @@ class netgroup(LDAPObject):
             doc=_('Host category the rule applies to'),
             values=(u'all', ),
         ),
+        external_host_param,
     )
 
 api.register(netgroup)
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 7432bc42..2c0358e8 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -217,6 +217,7 @@ class sudorule(LDAPObject):
             doc=_('Run with the gid of a specified POSIX group'),
             flags=['no_create', 'no_update', 'no_search'],
         ),
+        external_host_param,
     )
 
     order_not_unique_msg = _(
-- 
cgit