diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-10-11 14:28:17 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-10-12 10:12:59 +0200 |
| commit | 1e56498479e15989e85777f22bd4d775023b2e73 (patch) | |
| tree | 4d1bff2dbbed692e252a89c589c58bcde010e6d9 | |
| parent | 07b87aac69edab0ea4aaa79ec5b4edc7af2c382a (diff) | |
| download | freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.gz freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.xz freeipa-1e56498479e15989e85777f22bd4d775023b2e73.zip | |
Disallow deletion of global password policy.
ticket 1936
| -rw-r--r-- | ipalib/plugins/pwpolicy.py | 8 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_pwpolicy.py | 13 |
2 files changed, 21 insertions, 0 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index 79ea44dda..f261de562 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -366,6 +366,14 @@ class pwpolicy_del(LDAPDelete): attribute=True, required=True, multivalue=True ) + def pre_callback(self, ldap, dn, *keys, **options): + if dn.lower() == global_policy_dn.lower(): + raise errors.ValidationError( + name='group', + error=_('cannot delete global password policy') + ) + return dn + def post_callback(self, ldap, dn, *keys, **options): try: self.api.Command.cosentry_del(keys[-1]) diff --git a/tests/test_xmlrpc/test_pwpolicy.py b/tests/test_xmlrpc/test_pwpolicy.py index 3cfc311b9..c0ead9f78 100644 --- a/tests/test_xmlrpc/test_pwpolicy.py +++ b/tests/test_xmlrpc/test_pwpolicy.py @@ -36,6 +36,7 @@ class test_pwpolicy(XMLRPC_test): user = u'testuser12' kw = {'cospriority': 1, 'krbminpwdlife': 30, 'krbmaxpwdlife': 40, 'krbpwdhistorylength': 5, 'krbpwdminlength': 6 } kw2 = {'cospriority': 2, 'krbminpwdlife': 40, 'krbmaxpwdlife': 60, 'krbpwdhistorylength': 8, 'krbpwdminlength': 9 } + global_policy = u'global_policy' def test_1_pwpolicy_add(self): """ @@ -173,6 +174,18 @@ class test_pwpolicy(XMLRPC_test): else: assert False + # Verify that global policy cannot be deleted + try: + api.Command['pwpolicy_del'](self.global_policy) + except errors.ValidationError: + pass + else: + assert False + try: + api.Command['pwpolicy_show'](self.global_policy) + except errors.NotFound: + assert False + # Remove the groups we created api.Command['group_del'](self.group) api.Command['group_del'](self.group2) |