Re: [Freeipa-devel] [PATCH] 1012 validate domain in installer
On Wed, 2012-05-16 at 14:04 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2012-05-14 at 17:29 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-05-11 at 16:03 -0400, Rob Crittenden wrote: Use our domain validator to validate the domain name we get in the installer. rob I found few issues with the patch: 1) The unexpected error is not very user friendly error message: # ipa-server-install ... Server host name [vm-109.idm.lab.bos.redhat.com]: The domain name has been calculated based on the host name. Please confirm the domain name [idm.lab.bos.redhat.com]: bar-.com Unexpected error - see ipaserver-install.log for details: only letters, numbers, and - are allowed. DNS label may not start or end with - I think we should make it consistent with hostname validation error message format: # ipa-server-install ... Server host name [vm-109.idm.lab.bos.redhat.com]: foo- Invalid hostname 'foo-', must be fully-qualified. 2) The error is also confusing when domain is passed as an option, user won't know what actually failed: # ipa-server-install --domain .. ... Server host name [vm-109.idm.lab.bos.redhat.com]: Unexpected error - see ipaserver-install.log for details: empty DNS label As for value passed via option, I think we should quit immediately and not in second or third interactive step - like we do for --zonemgr validation: # ipa-server-install --zonemgr=foo Usage: ipa-server-install [options] ipa-server-install: error: invalid zonemgr: missing address domain This applies both for --hostname and --domain options. Martin Done. There is a separate ticket to validate hostname in the parser. It is a bit more complicated since it depends on other options so I punted on that. rob Nack. Domain name passed via option is not used. I assume this is the reason: +def domain_callback(option, opt_str, value, parser): ... + +parser.values.zonemgr = value + Btw. callback is not necessary for domain validation, it may be done right in parse_options() in ipa-server-install with other checks. Martin Ouch, that was embarrassing. Took your advise and dumped the validator, it isn't like this is going to be shared so yeah, it's overkill. I went back and forth whether to validate in read_domain_name() or not and decided against it. rob Yup, this one is ok :-) ACK, pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1012 validate domain in installer
On Mon, 2012-05-14 at 17:29 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-05-11 at 16:03 -0400, Rob Crittenden wrote: Use our domain validator to validate the domain name we get in the installer. rob I found few issues with the patch: 1) The unexpected error is not very user friendly error message: # ipa-server-install ... Server host name [vm-109.idm.lab.bos.redhat.com]: The domain name has been calculated based on the host name. Please confirm the domain name [idm.lab.bos.redhat.com]: bar-.com Unexpected error - see ipaserver-install.log for details: only letters, numbers, and - are allowed. DNS label may not start or end with - I think we should make it consistent with hostname validation error message format: # ipa-server-install ... Server host name [vm-109.idm.lab.bos.redhat.com]: foo- Invalid hostname 'foo-', must be fully-qualified. 2) The error is also confusing when domain is passed as an option, user won't know what actually failed: # ipa-server-install --domain .. ... Server host name [vm-109.idm.lab.bos.redhat.com]: Unexpected error - see ipaserver-install.log for details: empty DNS label As for value passed via option, I think we should quit immediately and not in second or third interactive step - like we do for --zonemgr validation: # ipa-server-install --zonemgr=foo Usage: ipa-server-install [options] ipa-server-install: error: invalid zonemgr: missing address domain This applies both for --hostname and --domain options. Martin Done. There is a separate ticket to validate hostname in the parser. It is a bit more complicated since it depends on other options so I punted on that. rob Nack. Domain name passed via option is not used. I assume this is the reason: +def domain_callback(option, opt_str, value, parser): ... + +parser.values.zonemgr = value + Btw. callback is not necessary for domain validation, it may be done right in parse_options() in ipa-server-install with other checks. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1012 validate domain in installer
On Fri, 2012-05-11 at 16:03 -0400, Rob Crittenden wrote: Use our domain validator to validate the domain name we get in the installer. rob I found few issues with the patch: 1) The unexpected error is not very user friendly error message: # ipa-server-install ... Server host name [vm-109.idm.lab.bos.redhat.com]: The domain name has been calculated based on the host name. Please confirm the domain name [idm.lab.bos.redhat.com]: bar-.com Unexpected error - see ipaserver-install.log for details: only letters, numbers, and - are allowed. DNS label may not start or end with - I think we should make it consistent with hostname validation error message format: # ipa-server-install ... Server host name [vm-109.idm.lab.bos.redhat.com]: foo- Invalid hostname 'foo-', must be fully-qualified. 2) The error is also confusing when domain is passed as an option, user won't know what actually failed: # ipa-server-install --domain .. ... Server host name [vm-109.idm.lab.bos.redhat.com]: Unexpected error - see ipaserver-install.log for details: empty DNS label As for value passed via option, I think we should quit immediately and not in second or third interactive step - like we do for --zonemgr validation: # ipa-server-install --zonemgr=foo Usage: ipa-server-install [options] ipa-server-install: error: invalid zonemgr: missing address domain This applies both for --hostname and --domain options. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1012 validate domain in installer
Martin Kosek wrote:
On Fri, 2012-05-11 at 16:03 -0400, Rob Crittenden wrote:
Use our domain validator to validate the domain name we get in the
installer.
rob
I found few issues with the patch:
1) The unexpected error is not very user friendly error message:
# ipa-server-install
...
Server host name [vm-109.idm.lab.bos.redhat.com]:
The domain name has been calculated based on the host name.
Please confirm the domain name [idm.lab.bos.redhat.com]: bar-.com
Unexpected error - see ipaserver-install.log for details:
only letters, numbers, and - are allowed. DNS label may not start or
end with -
I think we should make it consistent with hostname validation error
message format:
# ipa-server-install
...
Server host name [vm-109.idm.lab.bos.redhat.com]: foo-
Invalid hostname 'foo-', must be fully-qualified.
2) The error is also confusing when domain is passed as an option, user
won't know what actually failed:
# ipa-server-install --domain ..
...
Server host name [vm-109.idm.lab.bos.redhat.com]:
Unexpected error - see ipaserver-install.log for details:
empty DNS label
As for value passed via option, I think we should quit immediately and
not in second or third interactive step - like we do for --zonemgr
validation:
# ipa-server-install --zonemgr=foo
Usage: ipa-server-install [options]
ipa-server-install: error: invalid zonemgr: missing address domain
This applies both for --hostname and --domain options.
Martin
Done.
There is a separate ticket to validate hostname in the parser. It is a
bit more complicated since it depends on other options so I punted on that.
rob
From 6f306111a727b481838b77fbc4bf6a80b7b0cc89 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 11 May 2012 15:56:43 -0400
Subject: [PATCH] Call the domain validator on the user-provided domain name.
Wrap printing exceptions in unicode() to do Gettext conversion.
https://fedorahosted.org/freeipa/ticket/2196
---
install/tools/ipa-server-install | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 1dd02ba870a02e902c4c345d9f5802ef09f78a7a..a6a98159bb7e44db8a1c37e2d55920d294d953c4 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -62,6 +62,7 @@ from ipapython.config import IPAOptionParser
from ipalib.dn import DN
from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
from ipalib.constants import DNS_ZONE_REFRESH
+from ipalib.util import validate_domain_name
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
@@ -96,6 +97,17 @@ def subject_callback(option, opt_str, value, parser):
raise OptionValueError('Invalid subject base format: %s' % str(e))
parser.values.subject = str(dn) # may as well normalize it
+def domain_callback(option, opt_str, value, parser):
+
+Validate the domain name
+
+try:
+validate_domain_name(value)
+except ValueError, e:
+parser.error(invalid domain: + unicode(e))
+
+parser.values.zonemgr = value
+
def validate_dm_password(password):
if len(password) 8:
raise ValueError(Password must be at least 8 characters long)
@@ -117,6 +129,9 @@ def parse_options():
basic_group.add_option(-r, --realm, dest=realm_name,
help=realm name)
basic_group.add_option(-n, --domain, dest=domain_name,
+ action=callback,
+ callback=domain_callback,
+ type=string,
help=domain name)
basic_group.add_option(-p, --ds-password, dest=dm_password,
sensitive=True, help=admin password)
@@ -727,6 +742,10 @@ def main():
domain_name = options.domain_name
domain_name = domain_name.lower()
+try:
+validate_domain_name(domain_name)
+except ValueError, e:
+sys.exit(Invalid domain name: %s % unicode(e))
ip = get_server_ip_address(host_name, fstore, options.unattended, options)
ip_address = str(ip)
@@ -1108,9 +1127,9 @@ try:
except Exception, e:
success = False
if uninstalling:
-message = Unexpected error - see ipaserver-uninstall.log for details:\n %s % str(e)
+message = Unexpected error - see ipaserver-uninstall.log for details:\n %s % unicode(e)
else:
-message = Unexpected error - see ipaserver-install.log for details:\n %s % str(e)
+message = Unexpected error - see ipaserver-install.log for details:\n %s % unicode(e)
print message
message = str(e)
for str in traceback.format_tb(sys.exc_info()[2]):
--
1.7.10.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
