The PKI bug preventing use of multiple dashes in hostnames [1] was
already fixed. We may now relax our own syntax constraints.
https://fedorahosted.org/freeipa/ticket/4710
[1] https://fedorahosted.org/pki/ticket/1260
--
Martin^3 Babinsky
From ac5cdb1f31dcf7d4edfe5347d7204bda387b0df7 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Mon, 4 Jul 2016 12:43:08 +0200
Subject: [PATCH] allow multiple dashes in the components of server hostname
Relax the check for valid hostname component by allowing multiple consecutive
'-' or '/' characters int he middle of the label (the first/last character
must still be alphanumeric or underscore). Also use verbose regex format to
document its structure.
https://fedorahosted.org/freeipa/ticket/4710
---
ipalib/util.py | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/ipalib/util.py b/ipalib/util.py
index d101514cad4f35fd9a09d84b549ffa86de432f70..0cd5c091ec576e02e477f661bab981d12e01f1eb 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -194,9 +194,16 @@ def validate_dns_label(dns_label, allow_underscore=False, allow_slash=False):
middle_chars = middle_chars + '-' #has to be always the last in the regex [....-]
- label_regex = r'^[%(base)s%(extra)s]([%(base)s%(extra)s%(middle)s]?[%(base)s%(extra)s])*$' \
- % dict(base=base_chars, extra=extra_chars, middle=middle_chars)
- regex = re.compile(label_regex, re.IGNORECASE)
+ label_regex = r'''^[%(base)s%(extra)s] # must begin with an alphanumeric
+ # character, or underscore if
+ # allow_underscore is True
+ ([%(base)s%(extra)s%(middle)s]* # can contain all allowed character
+ # classes in the middle
+ [%(base)s%(extra)s])*$ # must end with alphanumeric
+ # character or underscore if
+ # allow_underscore is True
+ ''' % dict(base=base_chars, extra=extra_chars, middle=middle_chars)
+ regex = re.compile(label_regex, re.IGNORECASE | re.VERBOSE)
if not dns_label:
raise ValueError(_('empty DNS label'))
--
2.5.5
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code