| Summary: | repo auth reg ex does not substitute correctly if oid ends with a yum variable | ||
|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | James Slagle <jslagle> |
| Component: | user-experience | Assignee: | James Slagle <jslagle> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 1.1.0 | Keywords: | Triaged |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-05-25 14:13:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Changing the afore mentioned line to:
oid_re = re.sub(r'\$[^/]+(/|$)', '[^/]+/', oid_url.strip('/'))
seems to do the trick.
At the end of the first argument, instead of +/, there is +(/|$), which means the substitution pattern can either end in a /, or be the end of the line.
committed to pulp master 0f218c8421418dd6892cc82d7040bf0089e37bc0 cherry picked to rhui branch build: 0.270 verified
[root@pulp-v1-1-server ~]# rpm -q pulp
pulp-1.1.4-1.fc16.noarch
[root@pulp-v1-1-server ~]#
[root@pulp-v1-1-server ~]# cat /usr/lib/python2.7/site-packages/pulp/repo_auth/oid_validation.py |grep oid
oid_url = extensions[e]
if self._validate_url(oid_url, repo_dest):
def _is_download_url_ext(self, ext_oid):
@param ext_oid: OID being tested; cannot be None
@type ext_oid: a certificiate.OID object
result = ext_oid.match('1.3.6.1.4.1.2312.9.2.') and ext_oid.match('.1.6')
def _validate_url(self, oid_url, dest):
# equivalent regular expressions in oid_url.
oid_re = re.sub(r'\$[^/]+/', '[^/]+/', oid_url.strip('/'))
return re.match(oid_re, dest) is not None
[root@pulp-v1-1-server ~]#
Pulp v1.1 Release |
The repo auth code uses a regex to substitute yum variables in the entitlement oid path. The reg ex used is: oid_re = re.sub(r'\$[^/]+/', '[^/]+/', oid_url.strip('/')) The idea is to substitute any occurrences of $basearch, $releasever, or some other yum variable with '[^/]+/' before we compare the oid to the requested url. However, the first argument to re.sub requires that the substitution pattern end with a /. So, if you have an oid like repos/pulp/pulp/fedora-14/$basearch, it will not get substituted correctly. We end up comparing the oid with the literal '$basearch' in it to the requested url, which of course will never match.