IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 08:41:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow a group to be converted to POSIX and external

Browse Source 
This condition was checked in group-add but not in group-mod.
This evaluation is done later in the pre_callback so that all
the other machinations about posix are already done to make
it easier to tell whether this condition is true or not.

Fixes: https://pagure.io/freeipa/issue/8990

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
Rob Crittenden 2023-05-24 15:40:37 -04:00
parent f2b821abca
commit 58017abeb8
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ipaserver/plugins/group.py
View File

@ -505,6 +505,9 @@ class group_mod(LDAPUpdate):
else: else:
old_entry_attrs['objectclass'].append('ipaexternalgroup') old_entry_attrs['objectclass'].append('ipaexternalgroup')
entry_attrs['objectclass'] = old_entry_attrs['objectclass'] entry_attrs['objectclass'] = old_entry_attrs['objectclass']
if 'gidnumber' in entry_attrs:
raise errors.MutuallyExclusiveError(reason=_(
'An external group cannot be POSIX'))
# Can't check for this in a validator because we lack context # Can't check for this in a validator because we lack context
if 'gidnumber' in options and options['gidnumber'] is None: if 'gidnumber' in options and options['gidnumber'] is None:

15
ipatests/test_xmlrpc/test_group_plugin.py
View File

@ -466,6 +466,21 @@ class TestNonposixGroup(XMLRPC_test):
], ],
), result) ), result)
def test_upgrade_nonposix_to_posix_and_external(self, group):
""" Update non-posix group to promote it to posix group & external"""
command = group.make_update_command(dict(posix=True, external=True))
with raises_exact(errors.MutuallyExclusiveError(
reason=u"An external group cannot be POSIX")):
command()
def test_upgrade_nonposix_with_gid_and_external(self, group):
""" Update non-posix group to promote it to posix group & external"""
command = group.make_update_command(dict(gidnumber=12345,
external=True))
with raises_exact(errors.MutuallyExclusiveError(
reason=u"An external group cannot be POSIX")):
command()
def test_upgrade_nonposix_to_posix(self, group): def test_upgrade_nonposix_to_posix(self, group):
""" Update non-posix group to promote it to posix group """ """ Update non-posix group to promote it to posix group """
group.attrs.update(gidnumber=[fuzzy_digits]) group.attrs.update(gidnumber=[fuzzy_digits])