Limit permission and selfservice names to alphanumerics, -, _, space

The DN and ACI code doesn't always escape special characters properly. Rather than trying to fix it, this patch takes the easy way out and enforces that the names are safe. https://fedorahosted.org/freeipa/ticket/2585
author: Petr Viktorin <pviktori@redhat.com> 2012-04-06 04:56:46 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2012-04-09 20:56:29 -0400
commit: 6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9 (patch)
tree: 910e45fc7a0f9077388932bef9d08b71631fe125 /tests
parent: 35f44a1aebe0350884113c0ce57c2aeb736c714b (diff)
download: freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.gz
freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.xz
freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.zip
2 files changed, 24 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index 51546732..ab285886 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -45,6 +45,8 @@ privilege1 = u'testpriv1'
 privilege1_dn = DN(('cn',privilege1),
                    api.env.container_privilege,api.env.basedn)
 
+invalid_permission1 = u'bad;perm'
+
 
 class test_permission(Declarative):
 
@@ -712,5 +714,14 @@ class test_permission(Declarative):
             ),
         ),
 
+        dict(
+            desc='Try to create invalid %r' % invalid_permission1,
+            command=('permission_add', [invalid_permission1], dict(
+                     type=u'user',
+                     permissions=u'write',
+                )),
+            expected=errors.ValidationError(name='name',
+                error='May only contain letters, numbers, -, _, and space'),
+        ),
 
     ]
diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py
index d457627c..3546701d 100644
--- a/tests/test_xmlrpc/test_selfservice_plugin.py
+++ b/tests/test_xmlrpc/test_selfservice_plugin.py
@@ -26,6 +26,7 @@ from tests.test_xmlrpc import objectclasses
 from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
 
 selfservice1 = u'testself'
+invalid_selfservice1 = u'bad+name'
 
 class test_selfservice(Declarative):
 
@@ -270,4 +271,16 @@ class test_selfservice(Declarative):
             )
         ),
 
+        dict(
+            desc='Create invalid %r' % invalid_selfservice1,
+            command=(
+                'selfservice_add', [invalid_selfservice1], dict(
+                    attrs=[u'street', u'c', u'l', u'st', u'postalcode'],
+                    permissions=u'write',
+                )
+            ),
+            expected=errors.ValidationError(name='name',
+                error='May only contain letters, numbers, -, _, and space'),
+        ),
+
     ]
author	Petr Viktorin <pviktori@redhat.com>	2012-04-06 04:56:46 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2012-04-09 20:56:29 -0400
commit	6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9 (patch)
tree	910e45fc7a0f9077388932bef9d08b71631fe125 /tests
parent	35f44a1aebe0350884113c0ce57c2aeb736c714b (diff)
download	freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.gz freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.tar.xz freeipa-6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9.zip