[Freeipa-devel] [PATCH] 34 Make sure that hostname specified by user is not an IP address

[Jan Cholasta]

This is a quick fix to make sure that the hostname passed to 
ipa-server-install, ipa-client-install and ipa-replica-prepare is not an 
IP address. The other install tools that accept a hostname as a 
parameter aren't affected, as they already either doesn't accept IP 
addresses (ipa-replica-manage, ipa-csreplica-manage) or work fine with 
them (ipa-replica-conncheck).


https://fedorahosted.org/freeipa/ticket/1375

I'm working on patch that does the (hopefully) right thing and uses a 
new type for storing hostnames, which does all the validation (similar 
to what we do with IP addresses in the installer), but I'll submit that 
later.


Honza

--
Jan Cholasta
From da77ca1a0a7add5aff330ead4296df3c4c8892da Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Mon, 25 Jul 2011 17:14:01 +0200
Subject: [PATCH] Make sure that hostname specified by user is not an IP
 address.

ticket 1375
---
 ipa-client/ipaclient/ipadiscovery.py |5 -
 ipapython/ipautil.py |3 +++
 ipaserver/install/installutils.py|3 +++
 3 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index 77727b2..ecd8275 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -24,7 +24,7 @@ import ipapython.dnsclient
 import tempfile
 import ldap
 from ldap import LDAPError
-from ipapython.ipautil import run, CalledProcessError
+from ipapython.ipautil import run, CalledProcessError, valid_ip
 
 
 NOT_FQDN = -1
@@ -119,6 +119,9 @@ class IPADiscovery:
 if not hostname:
 return BAD_HOST_CONFIG
 
+if valid_ip(hostname):
+return NOT_FQDN
+
 # first, check for an LDAP server for the local domain
 p = hostname.find(.)
 if p == -1: #no domain name
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 0191662..da6e94c 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -145,6 +145,9 @@ class CheckedIPAddress(netaddr.IPAddress):
 def is_local(self):
 return self.interface is not None
 
+def valid_ip(addr):
+return netaddr.valid_ipv4(addr) or netaddr.valid_ipv6(addr)
+
 def realm_to_suffix(realm_name):
 s = realm_name.split(.)
 terms = [dc= + x.lower() for x in s]
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index c6e8641..df63b8e 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -120,6 +120,9 @@ def verify_fqdn(host_name,no_host_dns=False):
 if host_name != host_name.lower():
 raise RuntimeError(Invalid hostname '%s', must be lower-case. % host_name)
 
+if ipautil.valid_ip(host_name):
+raise RuntimeError(IP address not allowed as a hostname)
+
 if no_host_dns:
 print Warning: skipping DNS resolution of host, host_name
 return
-- 
1.7.4.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 34 Make sure that hostname specified by user is not an IP address

[Rob Crittenden]

Jan Cholasta wrote:

This is a quick fix to make sure that the hostname passed to
ipa-server-install, ipa-client-install and ipa-replica-prepare is not an
IP address. The other install tools that accept a hostname as a
parameter aren't affected, as they already either doesn't accept IP
addresses (ipa-replica-manage, ipa-csreplica-manage) or work fine with
them (ipa-replica-conncheck).

https://fedorahosted.org/freeipa/ticket/1375

I'm working on patch that does the (hopefully) right thing and uses a
new type for storing hostnames, which does all the validation (similar
to what we do with IP addresses in the installer), but I'll submit that
later.

Honza


Ack, pushed to master.

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel