From: Sage Weil Date: Wed, 5 Feb 2020 17:19:59 +0000 (-0600) Subject: mgr/cephadm: enforce that a host is a valid DNS name X-Git-Tag: v15.1.1~534^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F33058%2Fhead;p=ceph.git mgr/cephadm: enforce that a host is a valid DNS name This combines the hostname restrictions * 1-63 chars * a-z, A-Z, 0-9, - and the DNS name restrictions * .-delimited * no empty components (or leading or trailing .) * 250 chars total max Note that this allows bare IPv4 addresses (which are indistinguishable from a valid DNS name, AFAICS), but disallows bare IPv6 addresses. Signed-off-by: Sage Weil --- diff --git a/src/pybind/mgr/cephadm/module.py b/src/pybind/mgr/cephadm/module.py index 53e759a4dbdf..57478dff6772 100644 --- a/src/pybind/mgr/cephadm/module.py +++ b/src/pybind/mgr/cephadm/module.py @@ -19,6 +19,7 @@ import os import random import tempfile import multiprocessing.pool +import re import shutil import subprocess @@ -88,6 +89,17 @@ def _name_to_entity_name(name): else: return name +def assert_valid_host(name): + p = re.compile('^[a-zA-Z0-9-]+$') + try: + assert len(name) <= 250, 'name is too long (max 250 chars)' + parts = name.split('.') + for part in name.split('.'): + assert len(part) > 0, '.-delimited name component must not be empty' + assert len(part) <= 63, '.-delimited name component must not be more than 63 chars' + assert p.match(part), 'name component must include only a-z, 0-9, and -' + except AssertionError as e: + raise OrchestratorError(e) class AsyncCompletion(orchestrator.Completion): def __init__(self, @@ -1121,6 +1133,7 @@ class CephadmOrchestrator(MgrModule, orchestrator.OrchestratorClientMixin): :param host: host name """ + assert_valid_host(host) out, err, code = self._run_cephadm(host, 'client', 'check-host', ['--expect-hostname', host], error_ok=True, no_fsid=True)