Univention Bugzilla – Attachment 5537 Details for
Bug 32995
Missing gateway validation
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Validate gateway addresses
32995_uss-validate-gateway.diff (text/plain), 7.57 KB, created by
Philipp Hahn
on 2013-10-28 22:14 CET
(
hide
)
Description:
Validate gateway addresses
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2013-10-28 22:14 CET
Size:
7.57 KB
patch
obsolete
>diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/__init__.py b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/__init__.py >index aa8afbd..5ac903e 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/__init__.py >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/__init__.py >@@ -317,22 +317,19 @@ class Instance(umcm.Base): > # helper functions > # TODO: 'valid' is not correctly evaluated in frontend > # i.e. if valid you may continue without getting message >- def _check(key, check, message, critical=True): >- if key not in values: >- return >- if not check(values[key]): >- messages.append({ >- 'message': message, >- 'valid': not critical, >- 'key': key >- }) >- >- def _append(key, message): >+ def _append(key, message, critical=True): > messages.append({ > 'key': key, >- 'valid': False, >- 'message': message >+ 'message': message, >+ 'valid': not critical, > }) >+ def _check(key, check, message, critical=True): >+ try: >+ value = values[key] >+ except KeyError: >+ return >+ if not check(value): >+ _append(key, message, critical) > > # system role > _check('server/role', lambda x: not(orgValues.get('joined')) or (orgValues.get('server/role') == values.get('server/role')), _('The system role may not change on a system that has already joined to domain.')) >@@ -395,9 +392,16 @@ class Instance(umcm.Base): > > # check gateways > if values.get('gateway'): # allow empty value >- _check('gateway', util.is_ipv4addr, _('The specified gateway IPv4 address is not valid: %s') % values.get('gateway')) >+ _check('gateway', util.is_ipv4addr, _("The specified gateway IPv4 address '%(gateway)s' is not valid.") % values) >+ gateway = values.get('gateway', ucr.get('gateway')) >+ if gateway and not interfaces.check_ip4_reachable(gateway): >+ _append('gateway', _("The specified gateway IPv4 address '%s' is not reachable.") % gateway) >+ > if values.get('ipv6/gateway'): # allow empty value >- _check('ipv6/gateway', util.is_ipv6addr, _('The specified gateway IPv6 address is not valid: %s') % values.get('ipv6/gateway')) >+ _check('ipv6/gateway', util.is_ipv6addr, _("The specified gateway IPv6 address '%(ipv6/gateway)s' is not valid.") % values) >+ gateway = values.get('ipv6/gateway', ucr.get('ipv6/gateway')) >+ if gateway and not interfaces.check_ip6_reachable(gateway): >+ _append('ipv6/gateway', _("The specified gateway IPv6 address '%s' is not reachable.") % gateway) > > # proxy > _check('proxy/http', util.is_proxy, _('The specified proxy address is not valid (e.g., http://10.201.1.1:8080): %s') % allValues.get('proxy/http', '')) >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/de.po b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/de.po >index dec47cf..30ca3e7 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/de.po >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/de.po >@@ -241,13 +241,23 @@ msgstr "Die angegebenen IP-Adresse (%s) ist nicht gültig: %s" > > #: umc/python/setup/__init__.py: > #, python-format >-msgid "The specified gateway IPv4 address is not valid: %s" >-msgstr "Die angegebene Gateway-IPv4-Adresse ist nicht gültig: %s" >+msgid "The specified gateway IPv4 address '%(gateway)s' is not valid." >+msgstr "Die angegebene Gateway-IPv4-Adresse '%(gateway)s' ist nicht gültig." > > #: umc/python/setup/__init__.py: > #, python-format >-msgid "The specified gateway IPv6 address is not valid: %s" >-msgstr "Die angegebene Gateway-IPv6-Adresse is nicht gültig: %s" >+msgid "The specified gateway IPv4 address '%s' is not reachable." >+msgstr "Die angegebene Gateway-IPv4-Adresse '%s' ist nicht erreichbar." >+ >+#: umc/python/setup/__init__.py: >+#, python-format >+msgid "The specified gateway IPv6 address '%(ipv6/gateway)s' is not valid." >+msgstr "Die angegebene Gateway-IPv6-Adresse '%(ipv6/gateway)s' is nicht gültig." >+ >+#: umc/python/setup/__init__.py: >+#, python-format >+msgid "The specified gateway IPv6 address '%s' is not reachable." >+msgstr "Die angegebene Gateway-IPv6-Adresse '%s' is nicht erreichbar." > > #: umc/python/setup/__init__.py: > #, python-format >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/network.py b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/network.py >index 4157f5d..22e4bed 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/network.py >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/network.py >@@ -61,22 +61,6 @@ class DeviceError(ValueError): > ValueError.__init__(self, msg) > > >-class IP4Set(set): >- def add(self, ip): >- set.add(self, ipaddr.IPv4Address(ip)) >- >- def __contains__(self, ip): >- return set.__contains__(self, ipaddr.IPv4Address(ip)) >- >- >-class IP6Set(set): >- def add(self, ip): >- set.add(self, ipaddr.IPv6Address(ip)) >- >- def __contains__(self, ip): >- return set.__contains__(self, ipaddr.IPv6Address(ip)) >- >- > class Interfaces(dict): > """All network interfaces""" > >@@ -108,10 +92,6 @@ class Interfaces(dict): > device = Device.from_dict(values, self) > self[device.name] = device > >-# def finalize(self): >-# self.check_consistency() >-# return self.to_ucr() >- > def to_ucr(self): > """Returns a UCR representation of all interfaces""" > ucr.load() >@@ -143,24 +123,56 @@ class Interfaces(dict): > self.set_device_order() > > def check_unique_ip4_address(self): >- all_ip4s = IP4Set() >+ all_ip4s = set() >+ for network, device in self.all_ip4_networks(): >+ address = network.ip >+ if address not in all_ip4s: >+ all_ip4s.add(address) >+ else: >+ raise DeviceError(_('Duplicated IP address: %r') % (address,), device.name) >+ >+ def check_ip4_reachable(self, address): >+ try: >+ address = ipaddr.IPv4Address(address) >+ except ipaddr.AddressValueError: >+ return False >+ for network, _device in self.all_ip4_networks(): >+ if address in network: >+ return True >+ return False >+ >+ def all_ip4_networks(self): > for device in self.values(): >- if not device.ip4dynamic: >- for address, netmask in device.ip4: >- # check for duplicated IP's >- if address in all_ip4s: >- raise DeviceError(_('Duplicated IP address: %r') % (address), device.name) >- all_ip4s.add(address) >+ if device.ip4dynamic: >+ continue >+ for address, netmask in device.ip4: >+ yield (ipaddr.IPv4Network("%s/%s" % (address, netmask)), device) > > def check_unique_ip6_address(self): >- all_ip6s = IP6Set() >+ all_ip6s = set() >+ for network, device in self.all_ip6_networks(): >+ address = network.ip >+ if address not in all_ip6s: >+ all_ip6s.add(address) >+ else: >+ raise DeviceError(_('Duplicated IP address: %r') % (address,), device.name) >+ >+ def check_ip6_reachable(self, address): >+ try: >+ address = ipaddr.IPv6Address(address) >+ except ipaddr.AddressValueError: >+ return False >+ for network, _device in self.all_ip6_networks(): >+ if address in network: >+ return True >+ return False >+ >+ def all_ip6_networks(self): > for device in self.values(): >- if not device.ip6dynamic: >- for address, prefix, identifier in device.ip6: >- # check for duplicated IP's >- if address in all_ip6s: >- raise DeviceError(_('Duplicated IP address: %r') % (address), device.name) >- all_ip6s.add(address) >+ if device.ip6dynamic: >+ continue >+ for address, prefix, _identifier in device.ip6: >+ yield (ipaddr.IPv4Network("%s/%s" % (address, prefix)), device) > > def set_device_order(self): > if not any(isinstance(device, (VLAN, Bridge, Bond)) for device in self.values()):
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5537">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 32995
: 5537