IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Netgroup nisdomain and hosts validation

Browse Source 
nisdomain validation:
Added pattern to the 'nisdomain' parameter to validate the specified
nisdomain name. According to most common use cases the same pattern as
for netgroup should fit. Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2448

'add_external_pre_callback' function was created to allow validation of
all external members. Validation is based on usage of objects primary
key parameter. The 'add_external_pre_callback' fucntion has to be called
directly from in the 'pre_callback' function. This change affects
netgroup, hbacrule and sudorule commands.

For hostname, the validator allows non-fqdn and underscore characters.
validate_hostname function in ipalib.util was modified and contains
additional option that allows hostname to contain underscore characters.
This option is disabled by default.

Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2447
This commit is contained in:
Ondrej Hamada
2012-03-27 15:15:20 +02:00
committed by Martin Kosek
parent 159e848d85
commit 5cfee2338d
10 changed files with 165 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/test_xmlrpc/test_hbac_plugin.py
View File

@@ -50,6 +50,8 @@ class test_hbac(XMLRPC_test):
test_service = u'sshd'
test_host_external = u'notfound.example.com'
test_invalid_sourcehost = u'inv+alid#srchost.nonexist.com'
def test_0_hbacrule_add(self):
"""
Test adding a new HBAC rule using `xmlrpc.hbacrule_add`.
@@ -284,6 +286,17 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entry, 'sourcehost_host', self.test_host)
assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup)
def test_a_hbacrule_add_invalid_sourcehost(self):
"""
Test adding invalid source host to HBAC rule using `xmlrpc.hbacrule_add_host`.
"""
try:
api.Command['hbacrule_add_sourcehost'](
self.rule_name, host=self.test_invalid_sourcehost, hostgroup=self.test_hostgroup
)
except errors.ValidationError:
pass
def test_a_hbacrule_add_service(self):
"""
Test adding service to HBAC rule using `xmlrpc.hbacrule_add_service`.

57
tests/test_xmlrpc/test_netgroup_plugin.py
View File

@@ -57,6 +57,9 @@ user2 = u'pexample'
group1 = u'testgroup'
invalidnetgroup1=u'+badnetgroup'
invalidnisdomain1=u'domain1,domain2'
invalidnisdomain2=u'+invalidnisdomain'
invalidhost=u'+invalid&host'
class test_netgroup(Declarative):
"""
@@ -105,6 +108,20 @@ class test_netgroup(Declarative):
),
dict(
desc='Test an invalid nisdomain1 name %r' % invalidnisdomain1,
command=('netgroup_add', [netgroup1], dict(description=u'Test',nisdomainname=invalidnisdomain1)),
expected=errors.ValidationError(name='nisdomainname', error='may only include letters, numbers, _, - and .'),
),
dict(
desc='Test an invalid nisdomain2 name %r' % invalidnisdomain2,
command=('netgroup_add', [netgroup1], dict(description=u'Test',nisdomainname=invalidnisdomain2)),
expected=errors.ValidationError(name='nisdomainname', error='may only include letters, numbers, _, - and .'),
),
dict(
desc='Create %r' % netgroup1,
command=('netgroup_add', [netgroup1],
@@ -333,6 +350,14 @@ class test_netgroup(Declarative):
),
dict(
desc='Add invalid host %r to netgroup %r' % (invalidhost, netgroup1),
command=('netgroup_add_member', [netgroup1], dict(host=invalidhost)),
expected=errors.ValidationError(name='host',
error='only letters, numbers, _, and - are allowed. - must not be the DNS label character'),
),
dict(
desc='Add host %r to netgroup %r' % (host1, netgroup1),
command=(
@@ -756,7 +781,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -777,7 +802,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -800,7 +825,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
],
),
@@ -824,7 +849,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
],
),
@@ -848,7 +873,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
{
'dn': fuzzy_netgroupdn,
@@ -878,7 +903,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -913,7 +938,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -947,7 +972,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -980,7 +1005,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -1012,7 +1037,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -1043,7 +1068,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -1074,7 +1099,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -1105,7 +1130,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -1136,7 +1161,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -1167,7 +1192,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),
@@ -1198,7 +1223,7 @@ class test_netgroup(Declarative):
'cn': [netgroup1],
'description': [u'Updated netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
'externalhost': [unknown_host],
},
),
),

60
tests/test_xmlrpc/test_sudorule_plugin.py
View File

@@ -53,6 +53,10 @@ class test_sudorule(XMLRPC_test):
test_category = u'all'
test_option = u'authenticate'
test_invalid_user = u'+invalid#user'
test_invalid_host = u'+invalid&host.nonexist.com'
test_invalid_group = u'+invalid#group'
def test_0_sudorule_add(self):
"""
Test adding a new Sudo rule using `xmlrpc.sudorule_add`.
@@ -206,6 +210,20 @@ class test_sudorule(XMLRPC_test):
entry = ret['result']
assert_attr_equal(entry, 'ipasudorunas_user', self.test_runasuser)
def test_a_sudorule_add_runasuser_invalid(self):
"""
Test adding run as invalid user to Sudo rule using
`xmlrpc.sudorule_add_runasuser`.
"""
try:
api.Command['sudorule_add_runasuser'](
self.rule_name, user=self.test_invalid_user
)
except errors.ValidationError:
pass
else:
assert False
def test_b_sudorule_remove_runasuser(self):
"""
Test removing run as user to Sudo rule using
@@ -239,6 +257,20 @@ class test_sudorule(XMLRPC_test):
assert_attr_equal(entry, 'ipasudorunasgroup_group',
self.test_runasgroup)
def test_a_sudorule_add_runasgroup_invalid(self):
"""
Test adding run as invalid user to Sudo rule using
`xmlrpc.sudorule_add_runasuser`.
"""
try:
api.Command['sudorule_add_runasgroup'](
self.rule_name, group=self.test_invalid_group
)
except errors.ValidationError:
pass
else:
assert False
def test_b_sudorule_remove_runasgroup(self):
"""
Test removing run as group to Sudo rule using
@@ -268,6 +300,20 @@ class test_sudorule(XMLRPC_test):
entry = ret['result']
assert_attr_equal(entry, 'externaluser', self.test_external_user)
def test_a_sudorule_add_externaluser_invalid(self):
"""
Test adding an invalid external user to Sudo rule using
`xmlrpc.sudorule_add_user`.
"""
try:
api.Command['sudorule_add_user'](
self.rule_name, user=self.test_invalid_user
)
except errors.ValidationError:
pass
else:
assert False
def test_b_sudorule_remove_externaluser(self):
"""
Test removing an external user from Sudo rule using
@@ -424,6 +470,20 @@ class test_sudorule(XMLRPC_test):
entry = ret['result']
assert_attr_equal(entry, 'externalhost', self.test_external_host)
def test_a_sudorule_add_externalhost_invalid(self):
"""
Test adding an invalid external host to Sudo rule using
`xmlrpc.sudorule_add_host`.
"""
try:
api.Command['sudorule_add_host'](
self.rule_name, host=self.test_invalid_host
)
except errors.ValidationError:
pass
else:
assert False
def test_b_sudorule_remove_externalhost(self):
"""
Test removing an external host from Sudo rule using