IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Validate externalhost (when added by --addattr/--setattr)

Browse Source 
Change the externalhost attribute of hbacrule, netgroup
and sudorule into a full-fledged Parameter, and attach
a validator to it.
The validator is relaxed to allow underscores, so that
some hosts with nonstandard names can be added.

Tests included.

https://fedorahosted.org/freeipa/ticket/2649
This commit is contained in:
Petr Viktorin
2012-04-30 07:29:08 -04:00
committed by Martin Kosek
parent f19218f7d8
commit 1565ce3a8c
7 changed files with 105 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/test_xmlrpc/test_hbac_plugin.py
View File

@@ -377,6 +377,15 @@ class test_hbac(XMLRPC_test):
entry = ret['result']
assert_attr_equal(entry, 'externalhost', self.test_host_external)
@raises(errors.ValidationError)
def test_c_hbacrule_mod_invalid_external_setattr(self):
"""
Test adding the same external host using `xmlrpc.hbacrule_add_host`.
"""
ret = api.Command['hbacrule_mod'](
self.rule_name, setattr=self.test_invalid_sourcehost
)
def test_c_hbacrule_remove_external_host(self):
"""
Test removing external source host using `xmlrpc.hbacrule_remove_host`.

62
tests/test_xmlrpc/test_netgroup_plugin.py
View File

@@ -46,6 +46,8 @@ host_dn1 = DN(('fqdn',host1),('cn','computers'),('cn','accounts'),
unknown_host = u'unknown'
unknown_host2 = u'unknown2'
hostgroup1 = u'hg1'
hostgroup_dn1 = DN(('cn',hostgroup1),('cn','hostgroups'),('cn','accounts'),
api.env.basedn)
@@ -828,6 +830,66 @@ class test_netgroup(Declarative):
),
),
dict(
desc='Add invalid host %r to netgroup %r using setattr' %
(invalidhost, netgroup1),
command=(
'netgroup_mod', [netgroup1],
dict(setattr='externalhost=%s' % invalidhost)
),
expected=errors.ValidationError(name='externalhost',
error='only letters, numbers, _, and - are allowed. ' +
'DNS label may not start or end with -'),
),
dict(
desc='Add unknown host %r to netgroup %r using addattr' %
(unknown_host2, netgroup1),
command=(
'netgroup_mod', [netgroup1],
dict(addattr='externalhost=%s' % unknown_host2)
),
expected=dict(
value=u'netgroup1',
summary=u'Modified netgroup "netgroup1"',
result={
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host, unknown_host2],
},
)
),
dict(
desc='Remove unknown host %r from netgroup %r using delattr' %
(unknown_host2, netgroup1),
command=(
'netgroup_mod', [netgroup1],
dict(delattr='externalhost=%s' % unknown_host2)
),
expected=dict(
value=u'netgroup1',
summary=u'Modified netgroup "netgroup1"',
result={
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [unknown_host],
},
)
),
dict(
desc='Retrieve %r' % netgroup1,
command=('netgroup_show', [netgroup1], {}),

17
tests/test_xmlrpc/test_sudorule_plugin.py
View File

@@ -484,6 +484,23 @@ class test_sudorule(XMLRPC_test):
else:
assert False
def test_a_sudorule_mod_externalhost_invalid_addattr(self):
"""
Test adding an invalid external host to Sudo rule using
`xmlrpc.sudorule_mod --addattr`.
"""
try:
api.Command['sudorule_mod'](
self.rule_name,
addattr='externalhost=%s' % self.test_invalid_host
)
except errors.ValidationError, e:
assert unicode(e) == ("invalid 'externalhost': only letters, " +
"numbers, _, and - are allowed. " +
"DNS label may not start or end with -")
else:
assert False
def test_b_sudorule_remove_externalhost(self):
"""
Test removing an external host from Sudo rule using