diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-04-06 04:56:46 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-09 20:56:29 -0400 |
commit | 6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9 (patch) | |
tree | 910e45fc7a0f9077388932bef9d08b71631fe125 /ipalib/plugins/selfservice.py | |
parent | 35f44a1aebe0350884113c0ce57c2aeb736c714b (diff) | |
download | freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.gz freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.xz freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.zip |
Limit permission and selfservice names to alphanumerics, -, _, space
The DN and ACI code doesn't always escape special characters properly.
Rather than trying to fix it, this patch takes the easy way out and
enforces that the names are safe.
https://fedorahosted.org/freeipa/ticket/2585
Diffstat (limited to 'ipalib/plugins/selfservice.py')
-rw-r--r-- | ipalib/plugins/selfservice.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 6f843d469..a60475b7c 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import copy + from ipalib import api, _, ngettext from ipalib import Flag, Str from ipalib.request import context @@ -60,6 +61,7 @@ output_params = ( ), ) + class selfservice(Object): """ Selfservice object. @@ -77,6 +79,8 @@ class selfservice(Object): label=_('Self-service name'), doc=_('Self-service name'), primary_key=True, + pattern='^[-_ a-zA-Z0-9]+$', + pattern_errmsg="May only contain letters, numbers, -, _, and space", ), Str('permissions*', cli_name='permissions', |