[node-patches] Change in ovirt-node[node-3.0]: Block IPv6 for services which don't support it

Wed Dec 4 14:22:25 UTC 2013

Ryan Barry has uploaded a new change for review.

Change subject: Block IPv6 for services which don't support it
......................................................................

Block IPv6 for services which don't support it

Previously, we allowed FQDNOrIPAddress() for netconsole and kdump, which don't
support IPv6 configuration. Don't allow IPv6 addresses.

Related to this, give users support to disable it by passing an argument to
validators.

Change-Id: Id9dc98d9bc6b11060fd4deefe4332e24c517cb30
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1008841
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1008795
Signed-off-by: Ryan Barry <rbarry at redhat.com>
---
M src/ovirt/node/setup/core/kdump_page.py
M src/ovirt/node/setup/core/logging_page.py
M src/ovirt/node/valid.py
3 files changed, 25 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/40/22040/1

diff --git a/src/ovirt/node/setup/core/kdump_page.py b/src/ovirt/node/setup/core/kdump_page.py
index 5887cd4..c5ecef5 100644
--- a/src/ovirt/node/setup/core/kdump_page.py
+++ b/src/ovirt/node/setup/core/kdump_page.py
@@ -70,8 +70,10 @@
         """
         # FIXME improve validation for ssh and nfs
         return {"kdump.type": valid.Options(dict(self._types).keys()),
-                "kdump.ssh_location": valid.Empty() | valid.SSHAddress(),
-                "kdump.nfs_location": valid.Empty() | valid.NFSAddress(),
+                "kdump.ssh_location": (valid.Empty() |
+                                       valid.SSHAddress(allow_ipv6=False)),
+                "kdump.nfs_location": (valid.Empty() |
+                                       valid.NFSAddress(allow_ipv6=False)),
                 }
 
     def ui_content(self):
diff --git a/src/ovirt/node/setup/core/logging_page.py b/src/ovirt/node/setup/core/logging_page.py
index 270cd18..b0b014a 100644
--- a/src/ovirt/node/setup/core/logging_page.py
+++ b/src/ovirt/node/setup/core/logging_page.py
@@ -59,7 +59,8 @@
                 "rsyslog.address": (valid.Empty() | valid.FQDNOrIPAddress()),
                 "rsyslog.port": valid.Port(),
                 "netconsole.address": (valid.Empty() |
-                                       valid.FQDNOrIPAddress()),
+                                       valid.FQDNOrIPAddress(
+                                           allow_ipv6=False)),
                 "netconsole.port": valid.Port(),
                 }
 
diff --git a/src/ovirt/node/valid.py b/src/ovirt/node/valid.py
index 963f694..92ca35f 100644
--- a/src/ovirt/node/valid.py
+++ b/src/ovirt/node/valid.py
@@ -386,8 +386,9 @@
     False
     """
 
-    def __init__(self):
-        self._validator = IPv4Address() | IPv6Address()
+    def __init__(self, allow_ipv6=True):
+        self._validator = IPv4Address() | IPv6Address() if allow_ipv6 else \
+            IPv4Address()
         self.description = self._validator.description
 
     def validate(self, value):
@@ -407,8 +408,8 @@
     False
     """
 
-    def __init__(self):
-        self._validator = FQDN() | IPAddress()
+    def __init__(self, allow_ipv6=True):
+        self._validator = FQDN() | IPAddress(allow_ipv6)
         self.description = self._validator.description
 
     def validate(self, value):
@@ -517,6 +518,8 @@
     False
     >>> NFSAddress().validate("1.2.3.4:var/nfsserver")
     False
+    >>> NFSAddress(allow_ipv6=False).validate("1::4:/var/nfsserver")
+    False
     >>> NFSAddress().validate("1::4")
     False
     >>> NFSAddress().validate("1:2:3:4")
@@ -528,13 +531,16 @@
     """
     description = "a valid NFS address"
 
+    def __init__(self, allow_ipv6=True):
+        self._allow_ipv6 = allow_ipv6
+
     def validate(self, value):
         is_valid = False
         try:
             # Addr can be IPv6 or IPv4, therefor a bit more cplx
             parts = value.split(":")
             addr, path = ":".join(parts[:-1]), parts[-1]
-            FQDNOrIPAddress()(addr)
+            FQDNOrIPAddress(self._allow_ipv6)(addr)
             is_valid = path.startswith("/")
         except:
             is_valid = False
@@ -549,6 +555,10 @@
     True
     >>> SSHAddress()("root at 192.168.1.1")
     True
+    >>> SSHAddress().validate("root at 1::4")
+    True
+    >>> SSHAddress(allow_ipv6=False).validate("root at 1::4")
+    False
     >>> SSHAddress().validate(".com")
     False
     >>> SSHAddress().validate("")
@@ -556,6 +566,9 @@
     """
 
     description = "a valid SSH Address"
+
+    def __init__(self, allow_ipv6=True):
+        self._allow_ipv6 = allow_ipv6
 
     def validate(self, value):
         is_valid = False
@@ -565,7 +578,7 @@
                 raise ValueError()
             user, host = parts
             is_valid = Text().validate(user) and \
-                FQDNOrIPAddress().validate(host)
+                FQDNOrIPAddress(self._allow_ipv6).validate(host)
         except ValueError:
             is_valid = False
 


-- 
To view, visit http://gerrit.ovirt.org/22040
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id9dc98d9bc6b11060fd4deefe4332e24c517cb30
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: node-3.0
Gerrit-Owner: Ryan Barry <rbarry at redhat.com>

