Ticket #131 (assigned task) Opened 2 months ago Last modified 1 month ago XML-RPC validation Reported by: rcritten Assigned to: rcritten (accepted) Priority: major Milestone: release-1 Component: ipa-server Version: 1.0 Keywords: Cc: Description ¶ Little to no validation is done on incoming data to the XML-RPC layer. This needs to be reviewed. Here are some specific things: - Check for uniqueness of a uidNumber if it changes - Enforce certain data types on some fields: * uidNumber and gidNumber are integers * e-mail addr is well-formed * login name is legal - Some fields should be required (user-configurable too?) - Don't allow the krbprincipalname field to change unless doing an RDN change - There are also surely other generic validations to be done and this should easily support plugins that may require specific things. Attachments freeipa-432-valid.patch (3.9 kB) - added by rcritten on 2007-11-30 11:30:22. verify that the default users group exists freeipa-502-cleanup.patch (32.9 kB) - added by rcritten on 2007-12-11 12:15:47. See the next entry for details freeipa-573-norealm.patch (0.9 kB) - added by rcritten on 2008-01-07 11:53:00. In add_service_principal() don't let the user pass in the realm Change History 2007-11-30 11:29:40 changed by rcritten ¶ * status changed from new to assigned. 2007-11-30 11:30:22 changed by rcritten * attachment freeipa-432-valid.patch added. verify that the default users group exists 2007-12-05 11:44:10 changed by kmacmill ¶ * milestone changed from milestone-6 to release-1. 2007-12-11 12:15:47 changed by rcritten * attachment freeipa-502-cleanup.patch added. See the next entry for details 2007-12-11 12:16:01 changed by rcritten ¶ This does the following: - Makes the old argument optional on update_*. If it doesn't exist the current record is looked up and used for comparison. - Checks for existence of required arguments (not always data type, that may come next) - Fix a slew of errors reported by pychecker - Converted some things from C-isms to be more python-ish (return True instead of 1) 2008-01-07 11:53:00 changed by rcritten * attachment freeipa-573-norealm.patch added. In add_service_principal() don't let the user pass in the realm
Created attachment 296372 [details] do more input type checking
Committed in change set 702
a comprehensive test will be perform in next release qa verified, bug closed build used: 4-7-2008 daily build