Ryan Barry has uploaded a new change for review. Change subject: Block IPv6 for services which don't support it ......................................................................
Block IPv6 for services which don't support it Previously, we allowed FQDNOrIPAddress() for netconsole and kdump, which don't support IPv6 configuration. Don't allow IPv6 addresses. Related to this, give users support to disable it by passing an argument to validators. Change-Id: Id9dc98d9bc6b11060fd4deefe4332e24c517cb30 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1008841 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1008795 Signed-off-by: Ryan Barry <[email protected]> --- M src/ovirt/node/setup/core/kdump_page.py M src/ovirt/node/setup/core/logging_page.py M src/ovirt/node/valid.py 3 files changed, 25 insertions(+), 9 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/24/20124/1 diff --git a/src/ovirt/node/setup/core/kdump_page.py b/src/ovirt/node/setup/core/kdump_page.py index 30395e5..3f0cbdf 100644 --- a/src/ovirt/node/setup/core/kdump_page.py +++ b/src/ovirt/node/setup/core/kdump_page.py @@ -71,9 +71,11 @@ """ # FIXME improve validation for ssh and nfs return {"kdump.type": valid.Options(dict(self._types).keys()), - "kdump.ssh_location": valid.Empty() | valid.SSHAddress(), + "kdump.ssh_location": (valid.Empty() | + valid.SSHAddress(check_ipv6=False)), "kdump.ssh_key": valid.Empty() | valid.URL(), - "kdump.nfs_location": valid.Empty() | valid.NFSAddress(), + "kdump.nfs_location": (valid.Empty() | + valid.NFSAddress(check_ipv6=False)), } def ui_content(self): diff --git a/src/ovirt/node/setup/core/logging_page.py b/src/ovirt/node/setup/core/logging_page.py index 731ef5a..18f03ed 100644 --- a/src/ovirt/node/setup/core/logging_page.py +++ b/src/ovirt/node/setup/core/logging_page.py @@ -59,7 +59,8 @@ "rsyslog.address": (valid.Empty() | valid.FQDNOrIPAddress()), "rsyslog.port": valid.Port(), "netconsole.address": (valid.Empty() | - valid.FQDNOrIPAddress()), + valid.FQDNOrIPAddress( + check_ipv6=False)), "netconsole.port": valid.Port(), } diff --git a/src/ovirt/node/valid.py b/src/ovirt/node/valid.py index 963f694..45f4025 100644 --- a/src/ovirt/node/valid.py +++ b/src/ovirt/node/valid.py @@ -386,8 +386,9 @@ False """ - def __init__(self): - self._validator = IPv4Address() | IPv6Address() + def __init__(self, check_ipv6=True): + self._validator = IPv4Address() | IPv6Address() if check_ipv6 else \ + IPv4Address() self.description = self._validator.description def validate(self, value): @@ -407,8 +408,8 @@ False """ - def __init__(self): - self._validator = FQDN() | IPAddress() + def __init__(self, check_ipv6=True): + self._validator = FQDN() | IPAddress(check_ipv6) self.description = self._validator.description def validate(self, value): @@ -517,6 +518,8 @@ False >>> NFSAddress().validate("1.2.3.4:var/nfsserver") False + >>> NFSAddress(check_ipv6=False).validate("1::4:/var/nfsserver") + False >>> NFSAddress().validate("1::4") False >>> NFSAddress().validate("1:2:3:4") @@ -528,13 +531,16 @@ """ description = "a valid NFS address" + def __init__(self, check_ipv6=True): + self._check_ipv6 = check_ipv6 + def validate(self, value): is_valid = False try: # Addr can be IPv6 or IPv4, therefor a bit more cplx parts = value.split(":") addr, path = ":".join(parts[:-1]), parts[-1] - FQDNOrIPAddress()(addr) + FQDNOrIPAddress(self._check_ipv6)(addr) is_valid = path.startswith("/") except: is_valid = False @@ -549,6 +555,10 @@ True >>> SSHAddress()("[email protected]") True + >>> SSHAddress().validate("root@1::4") + True + >>> SSHAddress(check_ipv6=False).validate("root@1::4") + False >>> SSHAddress().validate(".com") False >>> SSHAddress().validate("") @@ -556,6 +566,9 @@ """ description = "a valid SSH Address" + + def __init__(self, check_ipv6=True): + self._check_ipv6 = check_ipv6 def validate(self, value): is_valid = False @@ -565,7 +578,7 @@ raise ValueError() user, host = parts is_valid = Text().validate(user) and \ - FQDNOrIPAddress().validate(host) + FQDNOrIPAddress(self._check_ipv6).validate(host) except ValueError: is_valid = False -- To view, visit http://gerrit.ovirt.org/20124 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id9dc98d9bc6b11060fd4deefe4332e24c517cb30 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Ryan Barry <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
