Bug 813325

Summary:	ipa netgroup-mod addattr and setattr allow invalid characters for externalHost
Product:	Red Hat Enterprise Linux 6	Reporter:	Scott Poore <spoore>
Component:	ipa	Assignee:	Rob Crittenden <rcritten>
Status:	CLOSED ERRATA	QA Contact:	Namita Soman <nsoman>
Severity:	unspecified	Docs Contact:
Priority:	high
Version:	6.3	CC:	jgalipea, mkosek
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ipa-3.0.0-1.el6	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-02-21 09:11:02 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Scott Poore 2012-04-17 14:03:23 UTC

Description of problem:

It is possible to add invalid hostnames to netgroups with ipa netgroup-mod --addattr and --setaddr.  This is being split out of bug 797256 into a separate bug here.

# ipa netgroup-add test1 --desc=asdf
----------------------
Added netgroup "test1"
----------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm.com
  IPA unique ID: 9a65ec84-7ccf-11e1-9e50-525400a8d770


# ipa netgroup-mod test1 --setattr=externalhost=anotherbadhost?
-------------------------
Modified netgroup "test1"
-------------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm.com
  External host: anotherbadhost?


# ipa netgroup-mod test1
--addattr=externalhost=anotherbadhost\!\@\#$\%\^\&\*\(\)
-------------------------
Modified netgroup "test1"
-------------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm.com
  External host: anotherbadhost?, anotherbadhost!@#$%^&*()

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.  <setup IPA server>
2.  ipa netgroup-add test1 --desc=asdf
3.  ipa netgroup-mod test1 --setattr=externalhost=anotherbadhost?
4.  ipa netgroup-mod test1
--addattr=externalhost=anotherbadhost\!\@\#$\%\^\&\*\(\)

  
Actual results:

External hosts with invalid characters in hostname are added to netgroup.  See output in Description for examples.

Expected results:

Should there be some validation of valid characters for externalhost (and other attrs) from the addattr/setaddr options for the netgroup-mod command (and others)?


Additional info:

Comment 2 Martin Kosek 2012-04-17 14:25:17 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2649

Comment 3 Martin Kosek 2012-05-11 06:35:07 UTC

Fixed upstream:

master: 1565ce3a8c39326f814c9781b3df24c42402c1b5

Comment 6 Scott Poore 2012-11-09 21:14:26 UTC

Verified.

Version ::

ipa-server-3.0.0-7.el6.x86_64

Manual Test Results ::

[root@rhel6-1 yum.local.d]# ipa netgroup-add test1 --desc=asdf
----------------------
Added netgroup "test1"
----------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm2.com
  IPA unique ID: 23f70f9c-2ab2-11e2-b742-525400239224

[root@rhel6-1 yum.local.d]# ipa netgroup-mod test1 --setattr=externalhost=anotherbadhost?
ipa: ERROR: invalid 'externalhost': only letters, numbers, _, and - are allowed. DNS label may not start or end with -

[root@rhel6-1 yum.local.d]# ipa netgroup-mod test1 --addattr=externalhost=anotherbadhost\!\@\#$\%\^\&\*\(\)
ipa: ERROR: invalid 'externalhost': only letters, numbers, _, and - are allowed. DNS label may not start or end with -

[root@rhel6-1 yum.local.d]# ipa netgroup-show test1
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm2.com

Comment 8 errata-xmlrpc 2013-02-21 09:11:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html