IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Restrict the SELinux user map user MLS value to 0-1023

Browse Source 
https://fedorahosted.org/freeipa/ticket/3001
This commit is contained in:
Rob Crittenden 2012-08-28 17:14:28 -04:00 committed by Martin Kosek
parent 5e277a97a6
commit 785e80c4fc
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ipalib/plugins/selinuxusermap.py
View File

@ -97,7 +97,8 @@ def validate_selinuxuser(ugettext, user):
return _('Invalid SELinux user name, only a-Z and _ are allowed') return _('Invalid SELinux user name, only a-Z and _ are allowed')
if not mls or not regex_mls.match(mls): if not mls or not regex_mls.match(mls):
return _('Invalid MLS value, must match s[0-15](-s[0-15])') return _('Invalid MLS value, must match s[0-15](-s[0-15])')
if mcs and not regex_mcs.match(mcs): m = regex_mcs.match(mcs)
if mcs and (not m or (m.group(3) and (int(m.group(3)) > 1023))):
return _('Invalid MCS value, must match c[0-1023].c[0-1023] and/or c[0-1023]-c[0-c0123]') return _('Invalid MCS value, must match c[0-1023].c[0-1023] and/or c[0-1023]-c[0-c0123]')
return None return None

11
tests/test_xmlrpc/test_selinuxusermap_plugin.py
View File

@ -643,6 +643,17 @@ class test_selinuxusermap(Declarative):
), ),
dict(
desc='Create rule with invalid MLS xguest_u:s0:c0.c1028',
command=(
'selinuxusermap_add', [rule1], dict(ipaselinuxuser=u'xguest_u:s0-s0:c0.c1028')
),
expected=errors.ValidationError(name='selinuxuser',
error=u'Invalid MCS value, must match c[0-1023].c[0-1023] ' +
u'and/or c[0-1023]-c[0-c0123]'),
),
dict( dict(
desc='Create rule with invalid user via setattr', desc='Create rule with invalid user via setattr',
command=( command=(