[Freeipa-devel] [PATCH] 19 Do stricter checking of IP addressed passed to server install
Martin Kosek
mkosek at redhat.com
Mon May 16 15:26:48 UTC 2011
On Tue, 2011-05-10 at 20:11 +0200, Jan Cholasta wrote:
> Split from patch 3, requires patch 18.
>
> https://fedorahosted.org/freeipa/ticket/1213
>
> Honza
>
I tested all patches (3.6, 18, 19), but I think some work still needs to
be done:
1) What about adding /sbin/ip package to Requires in spec? I thought
there was an agreement to do it.
2) When I run `ipa-server-install --ip-address=$ADDR`, and $ADDR is
invalid address (e.g. $ADDR==foo), loopback address (e.g.
$ADDR==127.0.0.1) or just another that the local address (e.g.
$ADDR==123.123.123.123) the installer always fails with "the hostname
resolves to an IP address that is different from the one provided on the
command line".
I think we may want a different error message in those 3 cases - it
should be easy to do it now, with the improved IP handling.
3) When I pass netmask to ipa-server-install --ip-address=$ADDR, the
installation always fails with the above message. Even though I took the
addr+netmask from "/sbin/ip address" output.
4) I miss IP address checks in --ip-address and --forwarder parameters
of ipa-dns-install script. I can pass invalid or local addresses to
these parameters. This breaks Bind configuration.
5) I think we may want to check also for local address in
#ipa host-add $HOST --ip-address=127.0.0.1
6) I couldn't add IP address with netmask in host module:
# ipa host-add $HOST --ip-address=10.16.78.102/22
ipa: ERROR: invalid 'ip_address': invalid IP address
7) Why is the _ParsedIPAddress named with a leading underscore? It's not
really an internal use since it is returned by new IP handling functions
and used in other modules.
Martin
More information about the Freeipa-devel
mailing list