diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2012-04-30 07:29:08 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-05-11 08:14:20 +0200 |
| commit | 1565ce3a8c39326f814c9781b3df24c42402c1b5 (patch) | |
| tree | 010f750b8f28cdc2cf53c465407cb302e8212880 /ipalib | |
| parent | f19218f7d87f5847d51f79b5d2850f90b0ae8407 (diff) | |
| download | freeipa-1565ce3a8c39326f814c9781b3df24c42402c1b5.tar.gz freeipa-1565ce3a8c39326f814c9781b3df24c42402c1b5.tar.xz freeipa-1565ce3a8c39326f814c9781b3df24c42402c1b5.zip | |
Validate externalhost (when added by --addattr/--setattr)
Change the externalhost attribute of hbacrule, netgroup
and sudorule into a full-fledged Parameter, and attach
a validator to it.
The validator is relaxed to allow underscores, so that
some hosts with nonstandard names can be added.
Tests included.
https://fedorahosted.org/freeipa/ticket/2649
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/baseldap.py | 17 | ||||
| -rw-r--r-- | ipalib/plugins/hbacrule.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/netgroup.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/sudorule.py | 1 |
4 files changed, 17 insertions, 3 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 85a817231..895ec682a 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -157,9 +157,6 @@ global_output_params = ( Str('memberofindirect_hbacrule?', label='Indirect Member of HBAC rule', ), - Str('externalhost?', - label=_('External host'), - ), Str('sourcehost', label=_('Failed source hosts/hostgroups'), ), @@ -313,6 +310,20 @@ def wait_for_value(ldap, dn, attr, value): return entry_attrs + +def validate_externalhost(ugettext, hostname): + try: + validate_hostname(hostname, check_fqdn=False, allow_underscore=True) + except ValueError, e: + return unicode(e) + + +external_host_param = Str('externalhost*', validate_externalhost, + label=_('External host'), + flags=['no_create', 'no_update', 'no_search'], +) + + def add_external_pre_callback(membertype, ldap, dn, keys, options): """ Pre callback to validate external members. diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index eb5cb696e..33440ccde 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -219,6 +219,7 @@ class hbacrule(LDAPObject): label=_('Service Groups'), flags=['no_create', 'no_update', 'no_search'], ), + external_host_param, ) api.register(hbacrule) diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index d2a780980..4236feeb7 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -146,6 +146,7 @@ class netgroup(LDAPObject): doc=_('Host category the rule applies to'), values=(u'all', ), ), + external_host_param, ) api.register(netgroup) diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 7432bc42b..2c0358e87 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -217,6 +217,7 @@ class sudorule(LDAPObject): doc=_('Run with the gid of a specified POSIX group'), flags=['no_create', 'no_update', 'no_search'], ), + external_host_param, ) order_not_unique_msg = _( |