[Freeipa-devel] [PATCH] 0044 Validate externalhost (when added by --addattr/--setattr)

[Ondrej Hamada]

On 05/09/2012 04:49 PM, Petr Viktorin wrote:
> On 05/04/2012 01:25 PM, Ondrej Hamada wrote:
>> On 04/30/2012 02:13 PM, Petr Viktorin wrote:
>>>
>>> Change the externalhost attribute of hbacrule, netgroup
>>> and sudorule into a full-fledged Parameter, and attach
>>> a validator to it.
>>>
>>> RFC 1123 specifies that only [-a-z0-9] are allowed, but apparently
>>> Windows and some phones also use underscores in hostnames.
>>> So the new validator allows the underscore.
>>>
>>>
>>> https://fedorahosted.org/freeipa/ticket/2649
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> 1) Current validation of external hostnames does not require them to be
>> fully qualified, but you do. It's inconsistent.
>>
>> 2) one test case failed:
>> FAIL: Test adding an invalid external host to Sudo rule using
>> ----------------------------------------------------------------------
>> Traceback (most recent call last):
>> File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in 
>> runTest
>> self.test(*self.arg)
>> File "/home/ohamada/2649/tests/test_xmlrpc/test_sudorule_plugin.py",
>> line 500, in test_a_sudorule_mod_externalhost_invalid_addattr
>> "character")
>> AssertionError
>>
>
> Thanks. Attaching updated patch.
>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Suggestion: you can use ipalib.utils.validate_hostname function with 
check_fqdn param set to False. Sorry for not mentioning it before.

Otherwise ACK

-- 
Regards,

Ondrej Hamada
FreeIPA team
jabber: ohama at jabbim.cz
IRC: ohamada

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120510/7e900d03/attachment.htm>