On 27.6.2016 11:20, Petr Spacek wrote:
> On 27.6.2016 10:30, Martin Basti wrote:
>> > 
>> > 
>> > On 23.06.2016 18:32, Petr Spacek wrote:
>>> >> Hello,
>>> >>
>>> >> replica-install: Compare domain names as DNS names and not strings
>>> >>
>>> >> This fixes false possitive where user inputs "example.com" and 
>>> >> "EXAMPLE.COM"
>>> >> were not considered equivalent and installation was wrongly refused.
>>> >>
>>> >> https://fedorahosted.org/freeipa/ticket/5976
>>> >>
>> > 
>> > NACK, client installer should normalize domain name as host-add does, 
>> > because
>> > it will blow up in different places, we cannot compare this part as DNS 
>> > name
>> > when other parts works with it as strings
>> > 
>> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    Cannot promote 
>> > this
>> > client to a replica. Local domain 'ipa.example.COM' does not match IPA 
>> > domain
>> > 'ipa.example.com'.
> Okay, I will use the same validator as ipa-server-install and normalize it as
> you suggested.

Here you go. I was not able to find a corner case which would break this.

-- 
Petr^2 Spacek
From b964f784519442361695695fbde36385066506e3 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Mon, 27 Jun 2016 14:00:01 +0200
Subject: [PATCH] client: Share validator and domain name normalization with
 server install

https://fedorahosted.org/freeipa/ticket/5976
---
 client/ipa-client-install | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/client/ipa-client-install b/client/ipa-client-install
index 0a601b63118b0a3568066495837121c65e5df04f..2da2720d1f959b452a4895ebb23e0efadae2a7fc 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -54,7 +54,8 @@ try:
     from ipapython.config import IPAOptionParser
     from ipalib import api, errors
     from ipalib import x509, certstore
-    from ipalib.util import verify_host_resolvable
+    from ipalib.util import (
+        normalize_hostname, validate_domain_name, verify_host_resolvable)
     from ipalib.constants import CACERT
     from ipapython.dn import DN
     from ipapython.ssh import SSHPublicKey
@@ -230,6 +231,13 @@ def parse_options():
     if (options.server and not options.domain):
         parser.error("--server cannot be used without providing --domain")
 
+    if options.domain:
+        try:
+            validate_domain_name(options.domain)
+        except ValueError as ex:
+            parser.error("invalid domain name: %s" % ex)
+        options.domain = normalize_hostname(options.domain)
+
     if options.force_ntpd and not options.conf_ntp:
         parser.error("--force-ntpd cannot be used together with --no-ntp")
 
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to