IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow removing sudo commands with special characters from command groups

Browse Source 
Previously the commands were compared as serialized strings.
Differences in serializations meant commands with special characters
weren't found in the checked list.
Use the DN class to compare DNs correctly.

https://fedorahosted.org/freeipa/ticket/2483
This commit is contained in:
Petr Viktorin 2012-03-02 12:42:27 -05:00 committed by Martin Kosek
parent 71d134dfa0
commit 1dc11a01d7
3 changed files with 77 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipalib/plugins/baseldap.py
View File

@ -1583,8 +1583,8 @@ class LDAPRemoveMember(LDAPModMember):
completed = 0
for (attr, objs) in member_dns.iteritems():
for ldap_obj_name in objs:
for m_dn in member_dns[attr][ldap_obj_name]:
for ldap_obj_name, m_dns in objs.iteritems():
for m_dn in m_dns:
if not m_dn:
continue
try:

6
ipaserver/plugins/ldap2.py
View File

@ -1091,12 +1091,12 @@ class ldap2(CrudBackend, Encoder):
(group_dn, group_entry_attrs) = self.get_entry(group_dn, [member_attr])
# remove dn from group entry's `member_attr` attribute
members = group_entry_attrs.get(member_attr, [])
members = [DN(m) for m in group_entry_attrs.get(member_attr, [])]
try:
members.remove(dn.lower())
members.remove(DN(dn))
except ValueError:
raise errors.NotGroupMember()
group_entry_attrs[member_attr] = members
group_entry_attrs[member_attr] = [str(m) for m in members]
# update group entry
self.update_entry(group_dn, group_entry_attrs)

72
tests/test_xmlrpc/test_sudocmdgroup_plugin.py
View File

@ -28,12 +28,36 @@ from ipalib.dn import *
sudocmdgroup1 = u'testsudocmdgroup1'
sudocmdgroup2 = u'testsudocmdgroup2'
sudocmd1 = u'/usr/bin/sudotestcmd1'
sudocmd_plus = u'/bin/ls -l /lost+found/*'
def create_command(sudocmd):
return dict(
desc='Create %r' % sudocmd,
command=(
'sudocmd_add', [], dict(sudocmd=sudocmd,
description=u'Test sudo command')
),
expected=dict(
value=sudocmd,
summary=u'Added Sudo Command "%s"' % sudocmd,
result=dict(
objectclass=objectclasses.sudocmd,
sudocmd=[sudocmd],
ipauniqueid=[fuzzy_uuid],
description=[u'Test sudo command'],
dn=lambda x: DN(x) == \
DN(('sudocmd',sudocmd),('cn','sudocmds'),('cn','sudo'),
api.env.basedn),
),
),
)
class test_sudocmdgroup(Declarative):
cleanup_commands = [
('sudocmdgroup_del', [sudocmdgroup1], {}),
('sudocmdgroup_del', [sudocmdgroup2], {}),
('sudocmd_del', [sudocmd1], {}),
('sudocmd_del', [sudocmd_plus], {}),
]
tests = [
@ -473,6 +497,54 @@ class test_sudocmdgroup(Declarative):
),
),
################
# test a command that needs DN escaping:
create_command(sudocmd_plus),
dict(
desc='Add %r to %r' % (sudocmd_plus, sudocmdgroup1),
command=('sudocmdgroup_add_member', [sudocmdgroup1],
dict(sudocmd=sudocmd_plus)
),
expected=dict(
completed=1,
failed=dict(
member=dict(
sudocmd=tuple(),
),
),
result={
'dn': lambda x: DN(x) == \
DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
('cn','sudo'),api.env.basedn),
'member_sudocmd': (sudocmd_plus,),
'cn': [sudocmdgroup1],
'description': [u'New desc 1'],
},
),
),
dict(
desc='Remove %r from %r' % (sudocmd_plus, sudocmdgroup1),
command=('sudocmdgroup_remove_member', [sudocmdgroup1],
dict(sudocmd=sudocmd_plus)
),
expected=dict(
completed=1,
failed=dict(
member=dict(
sudocmd=tuple(),
),
),
result={
'dn': lambda x: DN(x) == \
DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'),
('cn','sudo'),api.env.basedn),
'cn': [sudocmdgroup1],
'description': [u'New desc 1'],
},
),
),
################
# delete sudocmdgroup1: