This is a quick fix to make sure that the hostname passed to
ipa-server-install, ipa-client-install and ipa-replica-prepare is not an
IP address. The other install tools that accept a hostname as a
parameter aren't affected, as they already either doesn't accept IP
addresses (ipa-replica-manage, ipa-csreplica-manage) or work fine with
them (ipa-replica-conncheck).
https://fedorahosted.org/freeipa/ticket/1375
I'm working on patch that does the (hopefully) right thing and uses a
new type for storing hostnames, which does all the validation (similar
to what we do with IP addresses in the installer), but I'll submit that
later.
Honza
--
Jan Cholasta
>From da77ca1a0a7add5aff330ead4296df3c4c8892da Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 25 Jul 2011 17:14:01 +0200
Subject: [PATCH] Make sure that hostname specified by user is not an IP
address.
ticket 1375
---
ipa-client/ipaclient/ipadiscovery.py | 5 ++++-
ipapython/ipautil.py | 3 +++
ipaserver/install/installutils.py | 3 +++
3 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index 77727b2..ecd8275 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -24,7 +24,7 @@ import ipapython.dnsclient
import tempfile
import ldap
from ldap import LDAPError
-from ipapython.ipautil import run, CalledProcessError
+from ipapython.ipautil import run, CalledProcessError, valid_ip
NOT_FQDN = -1
@@ -119,6 +119,9 @@ class IPADiscovery:
if not hostname:
return BAD_HOST_CONFIG
+ if valid_ip(hostname):
+ return NOT_FQDN
+
# first, check for an LDAP server for the local domain
p = hostname.find(".")
if p == -1: #no domain name
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 0191662..da6e94c 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -145,6 +145,9 @@ class CheckedIPAddress(netaddr.IPAddress):
def is_local(self):
return self.interface is not None
+def valid_ip(addr):
+ return netaddr.valid_ipv4(addr) or netaddr.valid_ipv6(addr)
+
def realm_to_suffix(realm_name):
s = realm_name.split(".")
terms = ["dc=" + x.lower() for x in s]
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index c6e8641..df63b8e 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -120,6 +120,9 @@ def verify_fqdn(host_name,no_host_dns=False):
if host_name != host_name.lower():
raise RuntimeError("Invalid hostname '%s', must be lower-case." % host_name)
+ if ipautil.valid_ip(host_name):
+ raise RuntimeError("IP address not allowed as a hostname")
+
if no_host_dns:
print "Warning: skipping DNS resolution of host", host_name
return
--
1.7.4.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
