Change DNA magic value to -1 to make UID 999 usable

Change user-add's uid & gid parameters from autofill to optional. Change the DNA magic value to -1. For old clients, which will still send 999 when they want DNA assignment, translate the 999 to -1. This is done via a new capability, optional_uid_params. Tests included https://fedorahosted.org/freeipa/ticket/2886
2025-02-25 18:55:28 -06:00 · 2013-01-08 04:10:35 -05:00
parent 8d432353cc
commit 91606e6679
13 changed files with 144 additions and 28 deletions
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -34,6 +34,8 @@ from ipalib.text import _
 from ipalib.util import json_serialize, validate_hostname
 from ipapython.dn import DN, RDN

+DNA_MAGIC = -1
+
 global_output_params = (
    Flag('has_password',
        label=_('Password'),
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -21,6 +21,7 @@
 from ipalib import api
 from ipalib import Int, Str
 from ipalib.plugins.baseldap import *
+from ipalib.plugins import baseldap
 from ipalib import _, ngettext
 if api.env.in_server and api.env.context in ['lite', 'server']:
    try:
@@ -202,7 +203,7 @@ class group_add(LDAPCreate):
        elif not options['nonposix']:
            entry_attrs['objectclass'].append('posixgroup')
            if not 'gidnumber' in options:
-                entry_attrs['gidnumber'] = 999
+                entry_attrs['gidnumber'] = baseldap.DNA_MAGIC
        return dn


@@ -281,7 +282,7 @@ class group_mod(LDAPUpdate):
                old_entry_attrs['objectclass'].append('posixgroup')
                entry_attrs['objectclass'] = old_entry_attrs['objectclass']
                if not 'gidnumber' in options:
-                    entry_attrs['gidnumber'] = 999
+                    entry_attrs['gidnumber'] = baseldap.DNA_MAGIC

        if options['external']:
            if is_protected_group:
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -18,23 +18,25 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-from time import gmtime, strftime, strptime
+from time import gmtime, strftime
 import string
+import posixpath
+import os

 from ipalib import api, errors
-from ipalib import Flag, Int, Password, Str, Bool, Bytes
+from ipalib import Flag, Int, Password, Str, Bool
 from ipalib.plugins.baseldap import *
+from ipalib.plugins import baseldap
 from ipalib.request import context
 from ipalib import _, ngettext
 from ipalib import output
 from ipapython.ipautil import ipa_generate_password
 from ipapython.ipavalidate import Email
-import posixpath
+from ipalib.capabilities import client_has_capability
 from ipalib.util import (normalize_sshpubkey, validate_sshpubkey,
    convert_sshpubkey_post)
 if api.env.in_server and api.env.context in ['lite', 'server']:
    from ipaserver.plugins.ldap2 import ldap2
-    import os

 __doc__ = _("""
 Users
@@ -81,7 +83,6 @@ EXAMPLES:


 NO_UPG_MAGIC = '__no_upg__'
-DNA_MAGIC = 999

 user_output_params = (
    Flag('has_keytab',
@@ -300,20 +301,16 @@ class user(LDAPObject):
            label=_('Random password'),
            flags=('no_create', 'no_update', 'no_search', 'virtual_attribute'),
        ),
-        Int('uidnumber',
+        Int('uidnumber?',
            cli_name='uid',
            label=_('UID'),
            doc=_('User ID Number (system will assign one if not provided)'),
-            autofill=True,
-            default=DNA_MAGIC,
            minvalue=1,
        ),
-        Int('gidnumber',
+        Int('gidnumber?',
            label=_('GID'),
            doc=_('Group ID Number'),
            minvalue=1,
-            default=DNA_MAGIC,
-            autofill=True,
        ),
        Str('street?',
            cli_name='street',
@@ -468,6 +465,19 @@ class user_add(LDAPCreate):
            entry_attrs.setdefault('description', [])
            entry_attrs['description'].append(NO_UPG_MAGIC)

+        entry_attrs.setdefault('uidnumber', baseldap.DNA_MAGIC)
+
+        if not client_has_capability(
+                options['version'], 'optional_uid_params'):
+            # https://fedorahosted.org/freeipa/ticket/2886
+            # Old clients say 999 (OLD_DNA_MAGIC) when they really mean
+            # "assign a value dynamically".
+            OLD_DNA_MAGIC = 999
+            if entry_attrs.get('uidnumber') == OLD_DNA_MAGIC:
+                entry_attrs['uidnumber'] = baseldap.DNA_MAGIC
+            if entry_attrs.get('gidnumber') == OLD_DNA_MAGIC:
+                entry_attrs['gidnumber'] = baseldap.DNA_MAGIC
+
        validate_nsaccountlock(entry_attrs)
        config = ldap.get_ipa_config()[1]
        if 'ipamaxusernamelength' in config:
@@ -493,7 +503,7 @@ class user_add(LDAPCreate):
                                  api.env.basedn))
        entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm))

-        if entry_attrs.get('gidnumber', DNA_MAGIC) == DNA_MAGIC:
+        if entry_attrs.get('gidnumber') is None:
            # gidNumber wasn't specified explicity, find out what it should be
            if not options.get('noprivate', False) and ldap.has_upg():
                # User Private Groups - uidNumber == gidNumber