Ryan Barry has uploaded a new change for review. Change subject: Block IPv6 for services which don't support it ......................................................................
Block IPv6 for services which don't support it Previously, we allowed FQDNOrIPAddress() for netconsole and kdump, which don't support IPv6 configuration. Don't allow IPv6 addresses. Related to this, give users support to disable it by passing an argument to validators. Change-Id: Id9dc98d9bc6b11060fd4deefe4332e24c517cb30 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1008841 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1008795 Signed-off-by: Ryan Barry <[email protected]> --- M src/ovirt/node/setup/core/kdump_page.py M src/ovirt/node/setup/core/logging_page.py M src/ovirt/node/valid.py 3 files changed, 25 insertions(+), 9 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/40/22040/1 diff --git a/src/ovirt/node/setup/core/kdump_page.py b/src/ovirt/node/setup/core/kdump_page.py index 5887cd4..c5ecef5 100644 --- a/src/ovirt/node/setup/core/kdump_page.py +++ b/src/ovirt/node/setup/core/kdump_page.py @@ -70,8 +70,10 @@ """ # FIXME improve validation for ssh and nfs return {"kdump.type": valid.Options(dict(self._types).keys()), - "kdump.ssh_location": valid.Empty() | valid.SSHAddress(), - "kdump.nfs_location": valid.Empty() | valid.NFSAddress(), + "kdump.ssh_location": (valid.Empty() | + valid.SSHAddress(allow_ipv6=False)), + "kdump.nfs_location": (valid.Empty() | + valid.NFSAddress(allow_ipv6=False)), } def ui_content(self): diff --git a/src/ovirt/node/setup/core/logging_page.py b/src/ovirt/node/setup/core/logging_page.py index 270cd18..b0b014a 100644 --- a/src/ovirt/node/setup/core/logging_page.py +++ b/src/ovirt/node/setup/core/logging_page.py @@ -59,7 +59,8 @@ "rsyslog.address": (valid.Empty() | valid.FQDNOrIPAddress()), "rsyslog.port": valid.Port(), "netconsole.address": (valid.Empty() | - valid.FQDNOrIPAddress()), + valid.FQDNOrIPAddress( + allow_ipv6=False)), "netconsole.port": valid.Port(), } diff --git a/src/ovirt/node/valid.py b/src/ovirt/node/valid.py index 963f694..92ca35f 100644 --- a/src/ovirt/node/valid.py +++ b/src/ovirt/node/valid.py @@ -386,8 +386,9 @@ False """ - def __init__(self): - self._validator = IPv4Address() | IPv6Address() + def __init__(self, allow_ipv6=True): + self._validator = IPv4Address() | IPv6Address() if allow_ipv6 else \ + IPv4Address() self.description = self._validator.description def validate(self, value): @@ -407,8 +408,8 @@ False """ - def __init__(self): - self._validator = FQDN() | IPAddress() + def __init__(self, allow_ipv6=True): + self._validator = FQDN() | IPAddress(allow_ipv6) self.description = self._validator.description def validate(self, value): @@ -517,6 +518,8 @@ False >>> NFSAddress().validate("1.2.3.4:var/nfsserver") False + >>> NFSAddress(allow_ipv6=False).validate("1::4:/var/nfsserver") + False >>> NFSAddress().validate("1::4") False >>> NFSAddress().validate("1:2:3:4") @@ -528,13 +531,16 @@ """ description = "a valid NFS address" + def __init__(self, allow_ipv6=True): + self._allow_ipv6 = allow_ipv6 + def validate(self, value): is_valid = False try: # Addr can be IPv6 or IPv4, therefor a bit more cplx parts = value.split(":") addr, path = ":".join(parts[:-1]), parts[-1] - FQDNOrIPAddress()(addr) + FQDNOrIPAddress(self._allow_ipv6)(addr) is_valid = path.startswith("/") except: is_valid = False @@ -549,6 +555,10 @@ True >>> SSHAddress()("[email protected]") True + >>> SSHAddress().validate("root@1::4") + True + >>> SSHAddress(allow_ipv6=False).validate("root@1::4") + False >>> SSHAddress().validate(".com") False >>> SSHAddress().validate("") @@ -556,6 +566,9 @@ """ description = "a valid SSH Address" + + def __init__(self, allow_ipv6=True): + self._allow_ipv6 = allow_ipv6 def validate(self, value): is_valid = False @@ -565,7 +578,7 @@ raise ValueError() user, host = parts is_valid = Text().validate(user) and \ - FQDNOrIPAddress().validate(host) + FQDNOrIPAddress(self._allow_ipv6).validate(host) except ValueError: is_valid = False -- To view, visit http://gerrit.ovirt.org/22040 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id9dc98d9bc6b11060fd4deefe4332e24c517cb30 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: node-3.0 Gerrit-Owner: Ryan Barry <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
