Martin Kosek wrote:
On Fri, 2012-02-24 at 15:01 -0500, Rob Crittenden wrote:
Limit the characters in a netgroup name to alpha, digits, -, _ and .
rob
NACK.
1) The regular expressions is not correct, you forget the ending "$".
Thus it matches any string with the right beginning. Like this one:
# ipa netgroup-add "foo+bar" --desc=baz
ipa: ERROR: Can't contact LDAP server:
2) Shouldn't we add a similar validator for hostgroups too? Netgroups
are created out of hostgroups, i.e. I think they should share name
restrictions.
Martin
Nice catch. Fixed both and added simple test cases.
rob
>From c298cb77901ba9e3abd38601e68ab285fcd5f383 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 24 Feb 2012 14:39:56 -0500
Subject: [PATCH] Limit allowed characters in a netgroup name to alpha, digit,
-, _ and .
Apply this to hostgroup names as well since they can be linked.
https://fedorahosted.org/freeipa/ticket/2221
---
API.txt | 14 +++++++-------
ipalib/plugins/hostgroup.py | 3 +++
ipalib/plugins/netgroup.py | 6 ++++++
tests/test_xmlrpc/test_hostgroup_plugin.py | 9 +++++++++
tests/test_xmlrpc/test_netgroup_plugin.py | 9 +++++++++
5 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/API.txt b/API.txt
index 8752da3e2462c19a8d58fb2852d793d9b04d7f60..f9cb7b35e2bf71fb51162da5d864678e6ac9790f 100644
--- a/API.txt
+++ b/API.txt
@@ -1985,7 +1985,7 @@ output: Output('failed', <type 'dict'>, None)
output: Output('enabled', <type 'bool'>, None)
command: netgroup_add
args: 1,9,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, required=True)
option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=True)
option: Str('nisdomainname', attribute=True, cli_name='nisdomain', multivalue=False, required=False)
option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
@@ -2000,7 +2000,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('value', <type 'unicode'>, None)
command: netgroup_add_member
args: 1,8,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('version?', exclude='webui')
@@ -2014,7 +2014,7 @@ output: Output('failed', <type 'dict'>, None)
output: Output('completed', <type 'int'>, None)
command: netgroup_del
args: 1,1,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
option: Flag('continue', autofill=True, cli_name='continue', default=False)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('result', <type 'dict'>, None)
@@ -2022,7 +2022,7 @@ output: Output('value', <type 'unicode'>, None)
command: netgroup_find
args: 1,26,4
arg: Str('criteria?', noextrawhitespace=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=False)
option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False)
option: Str('nisdomainname', attribute=True, autofill=False, cli_name='nisdomain', multivalue=False, query=True, required=False)
option: Str('ipauniqueid', attribute=True, autofill=False, cli_name='uuid', multivalue=False, query=True, required=False)
@@ -2054,7 +2054,7 @@ output: Output('count', <type 'int'>, None)
output: Output('truncated', <type 'bool'>, None)
command: netgroup_mod
args: 1,11,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
option: Str('nisdomainname', attribute=True, autofill=False, cli_name='nisdomain', multivalue=False, required=False)
option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
@@ -2071,7 +2071,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('value', <type 'unicode'>, None)
command: netgroup_remove_member
args: 1,8,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('version?', exclude='webui')
@@ -2085,7 +2085,7 @@ output: Output('failed', <type 'dict'>, None)
output: Output('completed', <type 'int'>, None)
command: netgroup_show
args: 1,4,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
option: Flag('rights', autofill=True, default=False)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 28e3ef5dd2052acdcb1b0c99c8fab44186dcaee7..2a9a0a53342e08a73c89e572a368dec2eaece58f 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -20,6 +20,7 @@
from ipalib.plugins.baseldap import *
from ipalib import api, Int, _, ngettext, errors
+from ipalib.plugins.netgroup import NETGROUP_PATTERN, NETGROUP_PATTERN_ERRMSG
from ipalib.dn import DN
__doc__ = _("""
@@ -76,6 +77,8 @@ class hostgroup(LDAPObject):
takes_params = (
Str('cn',
+ pattern=NETGROUP_PATTERN,
+ pattern_errmsg=NETGROUP_PATTERN_ERRMSG,
cli_name='hostgroup_name',
label=_('Host-group'),
doc=_('Name of host-group'),
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index fd3478e9bd3c61753fc073380ed711052ae780c8..2ba154649e9d0de600aba8346e93831416e2457c 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -49,6 +49,10 @@ EXAMPLES:
ipa netgroup-del admins
""")
+
+NETGROUP_PATTERN='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$'
+NETGROUP_PATTERN_ERRMSG='may only include letters, numbers, _, -, and .'
+
output_params = (
Str('memberuser_user?',
label='Member User',
@@ -101,6 +105,8 @@ class netgroup(LDAPObject):
takes_params = (
Str('cn',
+ pattern=NETGROUP_PATTERN,
+ pattern_errmsg=NETGROUP_PATTERN_ERRMSG,
cli_name='name',
label=_('Netgroup name'),
primary_key=True,
diff --git a/tests/test_xmlrpc/test_hostgroup_plugin.py b/tests/test_xmlrpc/test_hostgroup_plugin.py
index e0d115854e1f437da04cae797eb67e4b82230850..f5c2efb79b3d209750ad42e3fa8bf449d472424e 100644
--- a/tests/test_xmlrpc/test_hostgroup_plugin.py
+++ b/tests/test_xmlrpc/test_hostgroup_plugin.py
@@ -36,6 +36,8 @@ fqdn1 = u'testhost1.%s' % api.env.domain
host_dn1 = DN(('fqdn',fqdn1),('cn','computers'),('cn','accounts'),
api.env.basedn)
+invalidhostgroup1 = u'@invalid'
+
class test_hostgroup(Declarative):
@@ -70,6 +72,13 @@ class test_hostgroup(Declarative):
dict(
+ desc='Test an invalid hostgroup name %r' % invalidhostgroup1,
+ command=('hostgroup_add', [invalidhostgroup1], dict(description=u'Test')),
+ expected=errors.ValidationError(name='cn', error='may only include letters, numbers, _, - and .'),
+ ),
+
+
+ dict(
desc='Create %r' % hostgroup1,
command=('hostgroup_add', [hostgroup1],
dict(description=u'Test hostgroup 1')
diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py
index 9194b549260a569ae777090a33d68b7e3339ead2..1c6b94bd20027bc3c7e550322ae27a5a05bfe426 100644
--- a/tests/test_xmlrpc/test_netgroup_plugin.py
+++ b/tests/test_xmlrpc/test_netgroup_plugin.py
@@ -56,6 +56,8 @@ user2 = u'pexample'
group1 = u'testgroup'
+invalidnetgroup1=u'+badnetgroup'
+
class test_netgroup(Declarative):
"""
Test the `netgroup` plugin.
@@ -97,6 +99,13 @@ class test_netgroup(Declarative):
dict(
+ desc='Test an invalid netgroup name %r' % invalidnetgroup1,
+ command=('netgroup_add', [invalidnetgroup1], dict(description=u'Test')),
+ expected=errors.ValidationError(name='cn', error='may only include letters, numbers, _, - and .'),
+ ),
+
+
+ dict(
desc='Create %r' % netgroup1,
command=('netgroup_add', [netgroup1],
dict(description=u'Test netgroup 1')
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
