Re: [Freeipa-devel] [PATCH] 966 limit allowed characters in netgroup name

2012-02-27 Thread Rob Crittenden 

Martin Kosek wrote:

On Mon, 2012-02-27 at 10:07 -0500, Rob Crittenden wrote:

Martin Kosek wrote:

On Fri, 2012-02-24 at 15:01 -0500, Rob Crittenden wrote:

Limit the characters in a netgroup name to alpha, digits, -, _ and .

rob


NACK.

1) The regular expressions is not correct, you forget the ending "$".
Thus it matches any string with the right beginning. Like this one:

# ipa netgroup-add "foo+bar" --desc=baz
ipa: ERROR: Can't contact LDAP server:

2) Shouldn't we add a similar validator for hostgroups too? Netgroups
are created out of hostgroups, i.e. I think they should share name
restrictions.

Martin



Nice catch. Fixed both and added simple test cases.

rob


Works for me. ACK if you re-generate API.txt (patterns were
changed/added).

Martin



Fixed and pushed to ipa-2-2 and master

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 966 limit allowed characters in netgroup name

2012-02-27 Thread Martin Kosek 
On Mon, 2012-02-27 at 10:07 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Fri, 2012-02-24 at 15:01 -0500, Rob Crittenden wrote:
> >> Limit the characters in a netgroup name to alpha, digits, -, _ and .
> >>
> >> rob
> >
> > NACK.
> >
> > 1) The regular expressions is not correct, you forget the ending "$".
> > Thus it matches any string with the right beginning. Like this one:
> >
> > # ipa netgroup-add "foo+bar" --desc=baz
> > ipa: ERROR: Can't contact LDAP server:
> >
> > 2) Shouldn't we add a similar validator for hostgroups too? Netgroups
> > are created out of hostgroups, i.e. I think they should share name
> > restrictions.
> >
> > Martin
> >
> 
> Nice catch. Fixed both and added simple test cases.
> 
> rob

Works for me. ACK if you re-generate API.txt (patterns were
changed/added).

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 966 limit allowed characters in netgroup name

2012-02-27 Thread Rob Crittenden 

Martin Kosek wrote:

On Fri, 2012-02-24 at 15:01 -0500, Rob Crittenden wrote:

Limit the characters in a netgroup name to alpha, digits, -, _ and .

rob


NACK.

1) The regular expressions is not correct, you forget the ending "$".
Thus it matches any string with the right beginning. Like this one:

# ipa netgroup-add "foo+bar" --desc=baz
ipa: ERROR: Can't contact LDAP server:

2) Shouldn't we add a similar validator for hostgroups too? Netgroups
are created out of hostgroups, i.e. I think they should share name
restrictions.

Martin



Nice catch. Fixed both and added simple test cases.

rob
>From c298cb77901ba9e3abd38601e68ab285fcd5f383 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Fri, 24 Feb 2012 14:39:56 -0500
Subject: [PATCH] Limit allowed characters in a netgroup name to alpha, digit,
 -, _ and .

Apply this to hostgroup names as well since they can be linked.

https://fedorahosted.org/freeipa/ticket/2221
---
 API.txt|   14 +++---
 ipalib/plugins/hostgroup.py|3 +++
 ipalib/plugins/netgroup.py |6 ++
 tests/test_xmlrpc/test_hostgroup_plugin.py |9 +
 tests/test_xmlrpc/test_netgroup_plugin.py  |9 +
 5 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/API.txt b/API.txt
index 8752da3e2462c19a8d58fb2852d793d9b04d7f60..f9cb7b35e2bf71fb51162da5d864678e6ac9790f 100644
--- a/API.txt
+++ b/API.txt
@@ -1985,7 +1985,7 @@ output: Output('failed', , None)
 output: Output('enabled', , None)
 command: netgroup_add
 args: 1,9,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, required=True)
 option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=True)
 option: Str('nisdomainname', attribute=True, cli_name='nisdomain', multivalue=False, required=False)
 option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
@@ -2000,7 +2000,7 @@ output: Entry('result', , Gettext('A dictionary representing an LDA
 output: Output('value', , None)
 command: netgroup_add_member
 args: 1,8,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
@@ -2014,7 +2014,7 @@ output: Output('failed', , None)
 output: Output('completed', , None)
 command: netgroup_del
 args: 1,1,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
 output: Output('summary', (, ), None)
 output: Output('result', , None)
@@ -2022,7 +2022,7 @@ output: Output('value', , None)
 command: netgroup_find
 args: 1,26,4
 arg: Str('criteria?', noextrawhitespace=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=False)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False)
 option: Str('nisdomainname', attribute=True, autofill=False, cli_name='nisdomain', multivalue=False, query=True, required=False)
 option: Str('ipauniqueid', attribute=True, autofill=False, cli_name='uuid', multivalue=False, query=True, required=False)
@@ -2054,7 +2054,7 @@ output: Output('count', , None)
 output: Output('truncated', , None)
 command: netgroup_mod
 args: 1,11,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+', pattern_errmsg='may only include letters, numbers, _, -, and .', primary_key=True, query=True, required=True)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
 option: Str('nisdomainname', attribu

Re: [Freeipa-devel] [PATCH] 966 limit allowed characters in netgroup name

2012-02-27 Thread Martin Kosek 
On Fri, 2012-02-24 at 15:01 -0500, Rob Crittenden wrote:
> Limit the characters in a netgroup name to alpha, digits, -, _ and .
> 
> rob

NACK.

1) The regular expressions is not correct, you forget the ending "$".
Thus it matches any string with the right beginning. Like this one:

# ipa netgroup-add "foo+bar" --desc=baz
ipa: ERROR: Can't contact LDAP server: 

2) Shouldn't we add a similar validator for hostgroups too? Netgroups
are created out of hostgroups, i.e. I think they should share name
restrictions.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel