diff options
-rw-r--r-- | ipalib/constants.py | 3 | ||||
-rw-r--r-- | ipaserver/plugins/baseuser.py | 3 | ||||
-rw-r--r-- | ipaserver/plugins/group.py | 3 | ||||
-rw-r--r-- | ipaserver/plugins/idviews.py | 10 |
4 files changed, 14 insertions, 5 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py index 04515dcd2..c423117ef 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -276,3 +276,6 @@ IPA_CA_CN = u'ipa' IPA_CA_RECORD = "ipa-ca" IPA_CA_NICKNAME = 'caSigningCert cert-pki-ca' RENEWAL_CA_NAME = 'dogtag-ipa-ca-renew-agent' + +# regexp definitions +PATTERN_GROUPUSER_NAME = '^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$' diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py index 608e2d4fb..4c7e9f083 100644 --- a/ipaserver/plugins/baseuser.py +++ b/ipaserver/plugins/baseuser.py @@ -33,6 +33,7 @@ from ipaserver.plugins.service import ( validate_certificate, validate_realm, normalize_principal) from ipalib.request import context from ipalib import _ +from ipalib.constants import PATTERN_GROUPUSER_NAME from ipapython import kerberos from ipapython.ipautil import ipa_generate_password, GEN_TMP_PWD_LEN from ipapython.ipavalidate import Email @@ -172,7 +173,7 @@ class baseuser(LDAPObject): takes_params = ( Str('uid', - pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$', + pattern=PATTERN_GROUPUSER_NAME, pattern_errmsg='may only include letters, numbers, _, -, . and $', maxlength=255, cli_name='login', diff --git a/ipaserver/plugins/group.py b/ipaserver/plugins/group.py index 5f0e9afd6..6677634f3 100644 --- a/ipaserver/plugins/group.py +++ b/ipaserver/plugins/group.py @@ -22,6 +22,7 @@ import six from ipalib import api from ipalib import Int, Str, Flag +from ipalib.constants import PATTERN_GROUPUSER_NAME from ipalib.plugable import Registry from .baseldap import ( add_external_post_callback, @@ -260,7 +261,7 @@ class group(LDAPObject): takes_params = ( Str('cn', - pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$', + pattern=PATTERN_GROUPUSER_NAME, pattern_errmsg='may only include letters, numbers, _, -, . and $', maxlength=255, cli_name='group_name', diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py index 371e09211..1d7cba246 100644 --- a/ipaserver/plugins/idviews.py +++ b/ipaserver/plugins/idviews.py @@ -29,7 +29,11 @@ from .baseldap import (LDAPQuery, LDAPObject, LDAPCreate, from .hostgroup import get_complete_hostgroup_member_list from .service import validate_certificate from ipalib import api, Str, Int, Bytes, Flag, _, ngettext, errors, output -from ipalib.constants import IPA_ANCHOR_PREFIX, SID_ANCHOR_PREFIX +from ipalib.constants import ( + IPA_ANCHOR_PREFIX, + SID_ANCHOR_PREFIX, + PATTERN_GROUPUSER_NAME, +) from ipalib.plugable import Registry from ipalib.util import (normalize_sshpubkey, validate_sshpubkey, convert_sshpubkey_post) @@ -841,7 +845,7 @@ class idoverrideuser(baseidoverride): takes_params = baseidoverride.takes_params + ( Str('uid?', - pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$', + pattern=PATTERN_GROUPUSER_NAME, pattern_errmsg='may only include letters, numbers, _, -, . and $', maxlength=255, cli_name='login', @@ -944,7 +948,7 @@ class idoverridegroup(baseidoverride): takes_params = baseidoverride.takes_params + ( Str('cn?', - pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$', + pattern=PATTERN_GROUPUSER_NAME, pattern_errmsg='may only include letters, numbers, _, -, . and $', maxlength=255, cli_name='group_name', |