URL: https://github.com/freeipa/freeipa/pull/2313 Author: serg-cymbaluk Title: #2313: [Backport] Prevent installation with single label domains Action: opened
PR body: """ Adds validation to prevent user to install ipa with single label domain. https://pagure.io/freeipa/issue/7207 Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2313/head:pr2313 git checkout pr2313
From 152b5f63dae8c2bbbe0332e0f7e99f039b3f19d5 Mon Sep 17 00:00:00 2001 From: Aleksei Slaikovskii <aslai...@redhat.com> Date: Tue, 24 Oct 2017 11:33:33 +0200 Subject: [PATCH] Prevent installation with single label domains Adds validation to prevent user to install ipa with single label domain. https://pagure.io/freeipa/issue/7207 Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> --- ipalib/install/service.py | 4 ++++ ipalib/util.py | 9 ++++++++- ipaserver/install/server/install.py | 5 +++++ ipatests/test_xmlrpc/test_config_plugin.py | 18 +++++++++++++++++- .../test_xmlrpc/test_realmdomains_plugin.py | 9 +++++++++ 5 files changed, 43 insertions(+), 2 deletions(-) diff --git a/ipalib/install/service.py b/ipalib/install/service.py index 7d1045ae8c..a101b7ca60 100644 --- a/ipalib/install/service.py +++ b/ipalib/install/service.py @@ -129,6 +129,10 @@ def domain_name(self, value): cli_names='--realm', ) + @realm_name.validator + def realm_name(self, value): + validate_domain_name(value, entity="realm") + host_name = knob( str, None, description="The hostname of this machine (FQDN). If specified, the " diff --git a/ipalib/util.py b/ipalib/util.py index 592821f9ff..c5b55970c2 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -402,12 +402,19 @@ def validate_dns_label(dns_label, allow_underscore=False, allow_slash=False): % dict(chars=chars, chars2=chars2)) -def validate_domain_name(domain_name, allow_underscore=False, allow_slash=False): +def validate_domain_name( + domain_name, allow_underscore=False, + allow_slash=False, entity='domain' +): if domain_name.endswith('.'): domain_name = domain_name[:-1] domain_name = domain_name.split(".") + if len(domain_name) < 2: + raise ValueError(_( + 'single label {}s are not supported'.format(entity))) + # apply DNS name validator to every name part for label in domain_name: validate_dns_label(label, allow_underscore, allow_slash) diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index a341408f78..003fd48f7c 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -473,6 +473,11 @@ def install_check(installer): if not options.realm_name: realm_name = read_realm_name(domain_name, not installer.interactive) logger.debug("read realm_name: %s\n", realm_name) + + try: + validate_domain_name(realm_name, entity="realm") + except ValueError as e: + raise ScriptError("Invalid realm name: {}".format(unicode(e))) else: realm_name = options.realm_name.upper() diff --git a/ipatests/test_xmlrpc/test_config_plugin.py b/ipatests/test_xmlrpc/test_config_plugin.py index 666b7c2c87..a277eab7ee 100644 --- a/ipatests/test_xmlrpc/test_config_plugin.py +++ b/ipatests/test_xmlrpc/test_config_plugin.py @@ -22,10 +22,12 @@ Test the `ipaserver/plugins/config.py` module. """ -from ipalib import errors +from ipalib import api, errors from ipatests.test_xmlrpc.xmlrpc_test import Declarative import pytest +domain = api.env.domain +sl_domain = 'singlelabeldomain' @pytest.mark.tier1 class test_config(Declarative): @@ -287,4 +289,18 @@ class test_config(Declarative): 'value': None, }, ), + dict( + desc='Check if domain resolution order does not accept SLD', + command=( + 'config_mod', [], { + 'ipadomainresolutionorder': u'{domain}:{sl_domain}'.format( + domain=domain, sl_domain=sl_domain)}), + expected=errors.ValidationError( + name=u'ipadomainresolutionorder', + error=( + u"Invalid domain name '{}': " + "single label domains are not supported").format( + sl_domain), + ), + ), ] diff --git a/ipatests/test_xmlrpc/test_realmdomains_plugin.py b/ipatests/test_xmlrpc/test_realmdomains_plugin.py index 4d85306e6c..e7d57a05bf 100644 --- a/ipatests/test_xmlrpc/test_realmdomains_plugin.py +++ b/ipatests/test_xmlrpc/test_realmdomains_plugin.py @@ -33,6 +33,7 @@ new_domain_1 = u'example1.com' new_domain_2 = u'example2.com' bad_domain = u'doesnotexist.test' +sl_domain = u'singlelabeldomain' @pytest.mark.tier1 @@ -280,4 +281,12 @@ class test_realmdomains(Declarative): ), ), ), + dict( + desc='Add a single label domain {}'.format(sl_domain), + command=('realmdomains_mod', [], {'add_domain': sl_domain}), + expected=errors.ValidationError( + name='add_domain', + error='single label domains are not supported' + ), + ) ]
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org