[Freeipa-devel] [PATCH] 0044 Validate externalhost (when added by --addattr/--setattr)
Ondrej Hamada
ohamada at redhat.com
Thu May 10 16:22:57 UTC 2012
On 05/10/2012 01:40 PM, Petr Viktorin wrote:
> On 05/10/2012 12:05 PM, Ondrej Hamada wrote:
>> On 05/09/2012 04:49 PM, Petr Viktorin wrote:
>>> On 05/04/2012 01:25 PM, Ondrej Hamada wrote:
>>>> On 04/30/2012 02:13 PM, Petr Viktorin wrote:
>>>>>
>>>>> Change the externalhost attribute of hbacrule, netgroup
>>>>> and sudorule into a full-fledged Parameter, and attach
>>>>> a validator to it.
>>>>>
>>>>> RFC 1123 specifies that only [-a-z0-9] are allowed, but apparently
>>>>> Windows and some phones also use underscores in hostnames.
>>>>> So the new validator allows the underscore.
>>>>>
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/2649
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>> 1) Current validation of external hostnames does not require them
>>>> to be
>>>> fully qualified, but you do. It's inconsistent.
>>>>
>>>> 2) one test case failed:
>>>> FAIL: Test adding an invalid external host to Sudo rule using
>>>> ----------------------------------------------------------------------
>>>> Traceback (most recent call last):
>>>> File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in
>>>> runTest
>>>> self.test(*self.arg)
>>>> File "/home/ohamada/2649/tests/test_xmlrpc/test_sudorule_plugin.py",
>>>> line 500, in test_a_sudorule_mod_externalhost_invalid_addattr
>>>> "character")
>>>> AssertionError
>>>>
>>>
>>> Thanks. Attaching updated patch.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Suggestion: you can use ipalib.utils.validate_hostname function with
>> check_fqdn param set to False. Sorry for not mentioning it before.
>>
>> Otherwise ACK
>>
>
> Attached patch uses your suggestion. Thanks.
>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: ohama at jabbim.cz
IRC: ohamada
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120510/8c86b11f/attachment.htm>
More information about the Freeipa-devel
mailing list