[Freeipa-devel] [PATCH] 226 Improve hostname verification in install tools

[Martin Kosek]

Our install tools like ipa-server-install, ipa-replica-{prepare,
install} may allow hostnames that do not match the requirements
in ipalib. This creates a disconnect and may cause issues when
user cannot delete hostnames created by install tools.

This patch makes sure that ipalib requirements are applied to
install tools hostnames as well.

https://fedorahosted.org/freeipa/ticket/2089

From 3f7c9478f0c2575aaf7078fe133a15aa7ea3a349 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Thu, 1 Mar 2012 11:01:45 +0100
Subject: [PATCH] Improve hostname verification in install tools

Our install tools like ipa-server-install, ipa-replica-{prepare,
install} may allow hostnames that do not match the requirements
in ipalib. This creates a disconnect and may cause issues when
user cannot delete hostnames created by install tools.

This patch makes sure that ipalib requirements are applied to
install tools hostnames as well.

https://fedorahosted.org/freeipa/ticket/2089
---
 ipaserver/install/installutils.py |7 +++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index a9a3ec4318b1381bfe09fda085c330e40ce13c87..3e7ae41b5fdbc11353e43a63424f19fbc331435a 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -34,6 +34,7 @@ from ConfigParser import SafeConfigParser
 
 from ipapython import ipautil, dnsclient, sysrestore
 from ipapython.ipa_log_manager import *
+from ipalib.util import validate_hostname
 
 # Used to determine install status
 IPA_MODULES = ['httpd', 'kadmin', 'dirsrv', 'pki-cad', 'pkids', 'install', 'krb5kdc', 'ntpd', 'named', 'ipa_memcached']
@@ -159,6 +160,12 @@ def verify_fqdn(host_name, no_host_dns=False, local_hostname=True):
 if ipautil.valid_ip(host_name):
 raise BadHostError(IP address not allowed as a hostname)
 
+try:
+# make sure that the host name meets the requirements in ipalib
+validate_hostname(host_name)
+except ValueError, e:
+raise BadHostError(Invalid hostname '%s', %s % (host_name, unicode(e)))
+
 if local_hostname:
 try:
 ex_name = socket.gethostbyaddr(host_name)
-- 
1.7.7.6

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 226 Improve hostname verification in install tools

[Rob Crittenden]

Martin Kosek wrote:

Our install tools like ipa-server-install, ipa-replica-{prepare,
install} may allow hostnames that do not match the requirements
in ipalib. This creates a disconnect and may cause issues when
user cannot delete hostnames created by install tools.

This patch makes sure that ipalib requirements are applied to
install tools hostnames as well.

https://fedorahosted.org/freeipa/ticket/2089


ACK

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 226 Improve hostname verification in install tools

[Rob Crittenden]

Rob Crittenden wrote:

Martin Kosek wrote:

Our install tools like ipa-server-install, ipa-replica-{prepare,
install} may allow hostnames that do not match the requirements
in ipalib. This creates a disconnect and may cause issues when
user cannot delete hostnames created by install tools.

This patch makes sure that ipalib requirements are applied to
install tools hostnames as well.

https://fedorahosted.org/freeipa/ticket/2089


ACK


pushed to master and ipa-2-2

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel