server/mirrormanager/controllers.py | 23 ++++++++++++++++++++--- server/mirrormanager/lib.py | 21 +++++++++++++++++++++ server/mirrormanager/mirrorlist.py | 18 +----------------- 3 files changed, 42 insertions(+), 20 deletions(-)
New commits: commit 5c486ec9f915f9c0b87aa85b245de5fa95282581 Author: Matt Domsch Matt_Domsch@dell.com Date: Fri Nov 25 22:39:48 2011 -0600
validate value passed as a netblock resolves to at least one IP address
diff --git a/server/mirrormanager/controllers.py b/server/mirrormanager/controllers.py index f48b56e..9eb0c5d 100644 --- a/server/mirrormanager/controllers.py +++ b/server/mirrormanager/controllers.py @@ -676,7 +676,10 @@ class HostNetblockController(HostListitemController): raise InvalidData, emsg except ValueError: # also accept DNS hostnames - pass + emsg = "Error: host names must resolve to at least one IP address" + ips = name_to_ips(kwargs['netblock']) + if len(ips) == 0: + raise InvalidData, emsg
HostNetblock(host=host, netblock=kwargs['netblock'])
commit 0e8b90a5dc8c36b855cccc2b82e78d69edaebfd4 Author: Matt Domsch Matt_Domsch@dell.com Date: Fri Nov 25 22:33:58 2011 -0600
validate string passed for rsync ACL is an IP address or valid hostname
diff --git a/server/mirrormanager/controllers.py b/server/mirrormanager/controllers.py index 3f5bd85..f48b56e 100644 --- a/server/mirrormanager/controllers.py +++ b/server/mirrormanager/controllers.py @@ -20,7 +20,7 @@ from fedora.tg.controllers import logout as fc_logout import mirrormanager.model from mirrormanager import my_validators from mirrormanager.model import * -from mirrormanager.lib import createErrorString +from mirrormanager.lib import createErrorString, name_to_ips import IPy IPy.check_addr_prefixlen = 0
@@ -627,7 +627,21 @@ class HostAclIPController(HostListitemController): return dict(values=v, host=v.host)
def do_create(self, host, kwargs): - HostAclIp(host=host, ip=kwargs['ip']) + emesg = 'Error: value must be a single IP address or DNS name that resolves to at most one IPv4 and one IPv6 address.' + passed_value = kwargs['ip'] + + try: + ip = IPy.IP(passed_value) + if ip.len() > 1: + raise InvalidData, emsg + except ValueError: + ips = name_to_ips(passed_value) + if len(ips) == 0: + raise InvalidData, emsg + elif len(ips) > 2: # allow one IPv4 and one IPv6 resolved address + raise InvalidData, emsg + + HostAclIp(host=host, passed_value)
commit 05f4fe22803ee57f20fa881e84686b55254af074 Author: Matt Domsch Matt_Domsch@dell.com Date: Fri Nov 25 22:33:19 2011 -0600
move name_to_ips into lib.py
diff --git a/server/mirrormanager/lib.py b/server/mirrormanager/lib.py index 8c75cbd..ea3882d 100644 --- a/server/mirrormanager/lib.py +++ b/server/mirrormanager/lib.py @@ -1,4 +1,7 @@ import types, os +import dns.resolver +from dns.resolver import NoAnswer +from IPy import IP
def createErrorString(tg_errors): """ @@ -67,3 +70,21 @@ def manage_pidfile(pidfile): if err.errno == 3: # No such process return write_pidfile(pidfile, pid) return 1 + +def name_to_ips(name): + result=[] + recordtypes=('A', 'AAAA') + for r in recordtypes: + try: + records = dns.resolver.query(name, r) + for rdata in records: + try: + ip = IP(str(rdata)) + result.append(ip) + except ValueError: + raise + except NoAnswer: + pass + except: + raise + return result diff --git a/server/mirrormanager/mirrorlist.py b/server/mirrormanager/mirrorlist.py index e3fd2a0..88b5dcf 100644 --- a/server/mirrormanager/mirrorlist.py +++ b/server/mirrormanager/mirrorlist.py @@ -1,8 +1,8 @@ from mirrormanager.model import Directory, Host, RepositoryRedirect, CountryContinentRedirect, Repository, HostCategoryUrl +from mirrormanager.lib import name_to_ips from IPy import IP import sha import pprint -import dns.resolver
# key is directoryname mirrorlist_cache = {} @@ -152,22 +152,6 @@ def populate_directory_cache(): global mirrorlist_cache mirrorlist_cache = shrink(cache)
-def name_to_ips(name): - result=[] - recordtypes=('A', 'AAAA') - for r in recordtypes: - try: - records = dns.resolver.query(name, r) - for rdata in records: - try: - ip = IP(str(rdata)) - result.append(ip) - except: - continue - except: - continue - return result - def populate_netblock_cache(): cache = {} for host in Host.select():
mirrormanager-commits@lists.fedorahosted.org