From d317c2a0d1114cb0c53c9a333538f579624e4a9b Mon Sep 17 00:00:00 2001 From: John Dennis Date: Mon, 16 Apr 2012 08:33:26 +0200 Subject: Validate DN & RDN parameters for migrate command Ticket #2555 We were generating a traceback (server error) if a malformed RDN was passed as a parameter to the migrate command. * add parameter validation functions validate_dn_param() and validate_rdn_param() to ipalib.util. Those functions simply invoke the DN or RDN constructor from our dn module passing it the string representation. If the constructor does not throw an error it's valid. * Add the parameter validation function pointers to the Param objects in the migrate command. * Make the usercontainer and groupcontainer parameters required. passing --usercontainer= on the command line will produce ipa: ERROR: 'user_container' is required * Fix _get_search_bases() so if a container dn is empty it it just uses the base dn alone instead of faulting (currently bullet-proofing because now the containers are required). * Update the doc for usercontainer and groupcontainer to reflect the fact they are DN's not RDN's. A RDN can only be one level and it should be possible to have a container more than one RDN removed from the base. --- ipalib/util.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'ipalib/util.py') diff --git a/ipalib/util.py b/ipalib/util.py index a79f41cc..659e178d 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -31,6 +31,7 @@ from weakref import WeakKeyDictionary from ipalib import errors from ipalib.text import _ +from ipalib.dn import DN, RDN from ipapython import dnsclient from ipapython.ipautil import decode_ssh_pubkey @@ -484,3 +485,17 @@ def gen_dns_update_policy(realm, rrtypes=('A', 'AAAA', 'SSHFP')): policy += ";" return policy + +def validate_rdn_param(ugettext, value): + try: + rdn = RDN(value) + except Exception, e: + return str(e) + return None + +def validate_dn_param(ugettext, value): + try: + rdn = DN(value) + except Exception, e: + return str(e) + return None -- cgit