Bug 813325 - ipa netgroup-mod addattr and setattr allow invalid characters for externalHost
ipa netgroup-mod addattr and setattr allow invalid characters for externalHost
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-17 10:03 EDT by Scott Poore
Modified: 2013-05-20 16:56 EDT (History)
2 users (show)

See Also:
Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:11:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0528 normal SHIPPED_LIVE Low: ipa security, bug fix and enhancement update 2013-02-21 03:22:21 EST

  None (edit)
Description Scott Poore 2012-04-17 10:03:23 EDT
Description of problem:

It is possible to add invalid hostnames to netgroups with ipa netgroup-mod --addattr and --setaddr.  This is being split out of bug 797256 into a separate bug here.

# ipa netgroup-add test1 --desc=asdf
----------------------
Added netgroup "test1"
----------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm.com
  IPA unique ID: 9a65ec84-7ccf-11e1-9e50-525400a8d770


# ipa netgroup-mod test1 --setattr=externalhost=anotherbadhost?
-------------------------
Modified netgroup "test1"
-------------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm.com
  External host: anotherbadhost?


# ipa netgroup-mod test1
--addattr=externalhost=anotherbadhost\!\@\#$\%\^\&\*\(\)
-------------------------
Modified netgroup "test1"
-------------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm.com
  External host: anotherbadhost?, anotherbadhost!@#$%^&*()

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.  <setup IPA server>
2.  ipa netgroup-add test1 --desc=asdf
3.  ipa netgroup-mod test1 --setattr=externalhost=anotherbadhost?
4.  ipa netgroup-mod test1
--addattr=externalhost=anotherbadhost\!\@\#$\%\^\&\*\(\)

  
Actual results:

External hosts with invalid characters in hostname are added to netgroup.  See output in Description for examples.

Expected results:

Should there be some validation of valid characters for externalhost (and other attrs) from the addattr/setaddr options for the netgroup-mod command (and others)?


Additional info:
Comment 2 Martin Kosek 2012-04-17 10:25:17 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2649
Comment 3 Martin Kosek 2012-05-11 02:35:07 EDT
Fixed upstream:

master: 1565ce3a8c39326f814c9781b3df24c42402c1b5
Comment 6 Scott Poore 2012-11-09 16:14:26 EST
Verified.

Version ::

ipa-server-3.0.0-7.el6.x86_64

Manual Test Results ::

[root@rhel6-1 yum.local.d]# ipa netgroup-add test1 --desc=asdf
----------------------
Added netgroup "test1"
----------------------
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm2.com
  IPA unique ID: 23f70f9c-2ab2-11e2-b742-525400239224

[root@rhel6-1 yum.local.d]# ipa netgroup-mod test1 --setattr=externalhost=anotherbadhost?
ipa: ERROR: invalid 'externalhost': only letters, numbers, _, and - are allowed. DNS label may not start or end with -

[root@rhel6-1 yum.local.d]# ipa netgroup-mod test1 --addattr=externalhost=anotherbadhost\!\@\#$\%\^\&\*\(\)
ipa: ERROR: invalid 'externalhost': only letters, numbers, _, and - are allowed. DNS label may not start or end with -

[root@rhel6-1 yum.local.d]# ipa netgroup-show test1
  Netgroup name: test1
  Description: asdf
  NIS domain name: testrelm2.com
Comment 8 errata-xmlrpc 2013-02-21 04:11:02 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.