areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone
Source Code
GIT

Blame SOURCES/0009-check-for-single-label-domains-only-during-server-in.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   c7-beta
  2.   SOURCES
  3.   0009-check-for-single-label-domains-only-during-server-in.patch
Blob History Raw
6ec482 
From 12d456a12d0029833059fe28d3bb1cea338fef16 Mon Sep 17 00:00:00 2001
6ec482 
From: Florence Blanc-Renaud <flo@redhat.com>
6ec482 
Date: Thu, 5 Sep 2019 15:49:05 +0200
6ec482 
Subject: [PATCH] check for single-label domains only during server install
6ec482
6ec482 
The fix for https://pagure.io/freeipa/issue/7207 and
6ec482 
https://pagure.io/freeipa/issue/7598 added checks against single-label
6ec482 
domains in client, server and replica installs. This prevents client
6ec482 
enrollment to existing topologies with single-label domain.
6ec482
6ec482 
This commit removes those fixes on ipa-4-6 branch. Server installation
6ec482 
with single-label domain will still be refused, but client enrollment
6ec482 
will succeed.
6ec482
6ec482 
Fixes: https://pagure.io/freeipa/issue/8058
6ec482 
Reviewed-By: Francois Cami <fcami@redhat.com>
6ec482 
---
6ec482 
 ipalib/util.py                      |  5 +++--
6ec482 
 ipaserver/install/server/install.py | 16 ++++++++--------
6ec482 
 ipaserver/plugins/config.py         |  2 +-
6ec482 
 ipaserver/plugins/realmdomains.py   |  2 +-
6ec482 
 4 files changed, 13 insertions(+), 12 deletions(-)
6ec482
6ec482 
diff --git a/ipalib/util.py b/ipalib/util.py
6ec482 
index 1aa94d97b440110fe55584048d468b9c014ec67b..8b6ec564aa6299a6dd149e9afa1bdc04ac770bf2 100644
6ec482 
--- a/ipalib/util.py
6ec482 
+++ b/ipalib/util.py
6ec482 
@@ -406,14 +406,15 @@ def validate_dns_label(dns_label, allow_underscore=False, allow_slash=False):
6ec482
6ec482 
 def validate_domain_name(
6ec482 
     domain_name, allow_underscore=False,
6ec482 
-    allow_slash=False, entity='domain'
6ec482 
+    allow_slash=False, entity='domain',
6ec482 
+    check_sld=False
6ec482 
 ):
6ec482 
     if domain_name.endswith('.'):
6ec482 
         domain_name = domain_name[:-1]
6ec482
6ec482 
     domain_name = domain_name.split(".")
6ec482
6ec482 
-    if len(domain_name) < 2:
6ec482 
+    if check_sld and len(domain_name) < 2:
6ec482 
         raise ValueError(_(
6ec482 
             'single label {}s are not supported'.format(entity)))
6ec482
6ec482 
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
6ec482 
index c1e593e467cdb856a4ab3251ee103f3da3386a82..5ea4f2e1cc80c995997888aaf44f500524beb796 100644
6ec482 
--- a/ipaserver/install/server/install.py
6ec482 
+++ b/ipaserver/install/server/install.py
6ec482 
@@ -471,25 +471,25 @@ def install_check(installer):
6ec482 
         domain_name = read_domain_name(host_name[host_name.find(".")+1:],
6ec482 
                                        not installer.interactive)
6ec482 
         logger.debug("read domain_name: %s\n", domain_name)
6ec482 
-        try:
6ec482 
-            validate_domain_name(domain_name)
6ec482 
-        except ValueError as e:
6ec482 
-            raise ScriptError("Invalid domain name: %s" % unicode(e))
6ec482 
     else:
6ec482 
         domain_name = options.domain_name
6ec482
6ec482 
     domain_name = domain_name.lower()
6ec482 
+    try:
6ec482 
+        validate_domain_name(domain_name, check_sld=True)
6ec482 
+    except ValueError as e:
6ec482 
+        raise ScriptError("Invalid domain name: %s" % unicode(e))
6ec482
6ec482 
     if not options.realm_name:
6ec482 
         realm_name = read_realm_name(domain_name, not installer.interactive)
6ec482 
         logger.debug("read realm_name: %s\n", realm_name)
6ec482
6ec482 
-        try:
6ec482 
-            validate_domain_name(realm_name, entity="realm")
6ec482 
-        except ValueError as e:
6ec482 
-            raise ScriptError("Invalid realm name: {}".format(unicode(e)))
6ec482 
     else:
6ec482 
         realm_name = options.realm_name.upper()
6ec482 
+    try:
6ec482 
+        validate_domain_name(realm_name, entity="realm", check_sld=True)
6ec482 
+    except ValueError as e:
6ec482 
+        raise ScriptError("Invalid realm name: {}".format(unicode(e)))
6ec482
6ec482 
     if not options.subject_base:
6ec482 
         options.subject_base = installutils.default_subject_base(realm_name)
6ec482 
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
6ec482 
index 58b48935c2c7471ff2ce0bb3f5ce92a9fb47a503..b6349f03b7347b696c4e38480440a31db6757de8 100644
6ec482 
--- a/ipaserver/plugins/config.py
6ec482 
+++ b/ipaserver/plugins/config.py
6ec482 
@@ -400,7 +400,7 @@ class config(LDAPObject):
6ec482 
             )
6ec482
6ec482 
         try:
6ec482 
-            validate_domain_name(domain)
6ec482 
+            validate_domain_name(domain, check_sld=True)
6ec482 
         except ValueError as e:
6ec482 
             raise errors.ValidationError(
6ec482 
                 name=attr_name,
6ec482 
diff --git a/ipaserver/plugins/realmdomains.py b/ipaserver/plugins/realmdomains.py
6ec482 
index 80c5c298372f1c3f773150622c708f0286cc87a2..414dfae5090c4cd2e694bdfd3839a39783dd95fc 100644
6ec482 
--- a/ipaserver/plugins/realmdomains.py
6ec482 
+++ b/ipaserver/plugins/realmdomains.py
6ec482 
@@ -59,7 +59,7 @@ def _domain_name_normalizer(d):
6ec482
6ec482 
 def _domain_name_validator(ugettext, value):
6ec482 
     try:
6ec482 
-        validate_domain_name(value, allow_slash=False)
6ec482 
+        validate_domain_name(value, allow_slash=False, check_sld=True)
6ec482 
     except ValueError as e:
6ec482 
         return unicode(e)
6ec482 
     return None
6ec482 
--
6ec482 
2.20.1
6ec482

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation