Add knob to limit hostname length

On Linux systems the length limit for hostnames is hardcoded at 64 in MAXHOSTNAMELEN Solaris, for example, allows 255 characters, and DNS allows the total length to be up to 255 (with each label < 64). Add a knob to allow configuring the maximum hostname length (FQDN) The same validators are used between hosts and DNS to apply the knob only when dealing with a FQDN as a hostname. The maxlen option is included so installers can limit the length of allowed hostnames when the --hostname option is used. https://pagure.io/freeipa/issue/2018 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-05-01 10:15:37 -04:00
parent 7fe10d9903
commit 6662e99e17
12 changed files with 79 additions and 14 deletions
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -21,6 +21,7 @@
 from ipalib import api
 from ipalib import Bool, Int, Str, IA5Str, StrEnum, DNParam
 from ipalib import errors
+from ipalib.constants import MAXHOSTNAMELEN
 from ipalib.plugable import Registry
 from ipalib.util import validate_domain_name
 from .baseldap import (
@@ -59,6 +60,12 @@ Password plug-in features: currently defines additional hashes that the
 When setting the order list for mapping SELinux users you may need to
 quote the value so it isn't interpreted by the shell.

+The maximum length of a hostname in Linux is controlled by
+MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating
+systems, Solaris for example, allows hostnames up to 255 characters.
+This option will allow flexibility in length but by default limiting
+to the Linux maximum length.
+
 EXAMPLES:

 Show basic server configuration:
@@ -70,6 +77,9 @@ EXAMPLES:
 Change maximum username length to 99 characters:
   ipa config-mod --maxusername=99

+ Change maximum host name length to 255 characters:
+   ipa config-mod --maxhostname=255
+
 Increase default time and size limits for maximum IPA server search:
   ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000

@@ -110,7 +120,7 @@ class config(LDAPObject):
        'ipamigrationenabled', 'ipacertificatesubjectbase',
        'ipapwdexpadvnotify', 'ipaselinuxusermaporder',
        'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata',
-        'ipauserauthtype', 'ipadomainresolutionorder'
+        'ipauserauthtype', 'ipadomainresolutionorder', 'ipamaxhostnamelength',
    ]
    container_dn = DN(('cn', 'ipaconfig'), ('cn', 'etc'))
    permission_filter_objectclasses = ['ipaguiconfig']
@@ -132,6 +142,7 @@ class config(LDAPObject):
                'ipasearchrecordslimit', 'ipasearchtimelimit',
                'ipauserauthtype', 'ipauserobjectclasses',
                'ipausersearchfields', 'ipacustomfields',
+                'ipamaxhostnamelength',
            },
        },
    }
@@ -146,6 +157,11 @@ class config(LDAPObject):
            minvalue=1,
            maxvalue=255,
        ),
+        Int('ipamaxhostnamelength',
+            cli_name='maxhostname',
+            label=_('Maximum hostname length'),
+            minvalue=MAXHOSTNAMELEN,
+            maxvalue=255,),
        IA5Str('ipahomesrootdir',
            cli_name='homedirectory',
            label=_('Home directory base'),
--- a/ipaserver/plugins/host.py
+++ b/ipaserver/plugins/host.py
@@ -653,6 +653,15 @@ class host_add(LDAPCreate):

    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
        assert isinstance(dn, DN)
+        config = ldap.get_ipa_config()
+        if 'ipamaxhostnamelength' in config:
+            maxlen = int(config.get('ipamaxhostnamelength')[0])
+            if len(keys[-1]) > maxlen:
+                raise errors.ValidationError(
+                    name=self.obj.primary_key.cli_name,
+                    error=_('can be at most %(len)d characters' %
+                            dict(len=maxlen))
+                )
        if options.get('ip_address') and dns_container_exists(ldap):
            parts = keys[-1].split('.')
            host = parts[0]
@@ -762,7 +771,9 @@ class host_del(LDAPDelete):
    def pre_callback(self, ldap, dn, *keys, **options):
        assert isinstance(dn, DN)
        # If we aren't given a fqdn, find it
-        if hostname_validator(None, keys[-1]) is not None:
+        config = ldap.get_ipa_config()
+        maxlen = int(config.get('ipamaxhostnamelength')[0])
+        if hostname_validator(None, keys[-1], maxlen=maxlen) is not None:
            hostentry = api.Command['host_show'](keys[-1])['result']
            fqdn = hostentry['fqdn'][0]
        else: