[Freeipa-devel] [PATCH] 0044 Validate externalhost (when added by --addattr/--setattr)
Martin Kosek
mkosek at redhat.com
Fri May 11 06:36:34 UTC 2012
On Thu, 2012-05-10 at 18:22 +0200, Ondrej Hamada wrote:
> On 05/10/2012 01:40 PM, Petr Viktorin wrote:
> > On 05/10/2012 12:05 PM, Ondrej Hamada wrote:
> > > On 05/09/2012 04:49 PM, Petr Viktorin wrote:
> > > > On 05/04/2012 01:25 PM, Ondrej Hamada wrote:
> > > > > On 04/30/2012 02:13 PM, Petr Viktorin wrote:
> > > > > >
> > > > > > Change the externalhost attribute of hbacrule, netgroup
> > > > > > and sudorule into a full-fledged Parameter, and attach
> > > > > > a validator to it.
> > > > > >
> > > > > > RFC 1123 specifies that only [-a-z0-9] are allowed, but
> > > > > > apparently
> > > > > > Windows and some phones also use underscores in hostnames.
> > > > > > So the new validator allows the underscore.
> > > > > >
> > > > > >
> > > > > > https://fedorahosted.org/freeipa/ticket/2649
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Freeipa-devel mailing list
> > > > > > Freeipa-devel at redhat.com
> > > > > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> > > > > 1) Current validation of external hostnames does not require
> > > > > them to be
> > > > > fully qualified, but you do. It's inconsistent.
> > > > >
> > > > > 2) one test case failed:
> > > > > FAIL: Test adding an invalid external host to Sudo rule using
> > > > > ----------------------------------------------------------------------
> > > > > Traceback (most recent call last):
> > > > > File "/usr/lib/python2.7/site-packages/nose/case.py", line
> > > > > 197, in
> > > > > runTest
> > > > > self.test(*self.arg)
> > > > > File
> > > > > "/home/ohamada/2649/tests/test_xmlrpc/test_sudorule_plugin.py",
> > > > > line 500, in test_a_sudorule_mod_externalhost_invalid_addattr
> > > > > "character")
> > > > > AssertionError
> > > > >
> > > >
> > > > Thanks. Attaching updated patch.
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Freeipa-devel mailing list
> > > > Freeipa-devel at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> > > Suggestion: you can use ipalib.utils.validate_hostname function
> > > with
> > > check_fqdn param set to False. Sorry for not mentioning it
> > > before.
> > >
> > > Otherwise ACK
> > >
> >
> > Attached patch uses your suggestion. Thanks.
> >
> >
> >
> >
> > _______________________________________________
> > Freeipa-devel mailing list
> > Freeipa-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK
>
Pushed to master.
Martin
More information about the Freeipa-devel
mailing list