From 16d88d79ad251e353059d18a4020a96e52ee9363 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Thu, 23 Feb 2012 10:25:22 +0100
Subject: Add gidnumber minvalue

Do not accept invalid GID values in IPA user/group plugins.

https://fedorahosted.org/freeipa/ticket/2335
---
 API.txt                 | 12 ++++++------
 ipalib/plugins/group.py |  1 +
 ipalib/plugins/user.py  |  1 +
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/API.txt b/API.txt
index a7f364cc0..7cabd9ce5 100644
--- a/API.txt
+++ b/API.txt
@@ -1264,7 +1264,7 @@ command: group_add
 args: 1,8,3
 arg: Str('cn', attribute=True, cli_name='group_name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, required=True)
 option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=True)
-option: Int('gidnumber', attribute=True, cli_name='gid', multivalue=False, required=False)
+option: Int('gidnumber', attribute=True, cli_name='gid', minvalue=1, multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False)
@@ -1303,7 +1303,7 @@ args: 1,24,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Str('cn', attribute=True, autofill=False, cli_name='group_name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=False)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False)
-option: Int('gidnumber', attribute=True, autofill=False, cli_name='gid', multivalue=False, query=True, required=False)
+option: Int('gidnumber', attribute=True, autofill=False, cli_name='gid', minvalue=1, multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, minvalue=0)
 option: Int('sizelimit?', autofill=False, minvalue=0)
 option: Flag('private', autofill=True, cli_name='private', default=False)
@@ -1333,7 +1333,7 @@ command: group_mod
 args: 1,11,3
 arg: Str('cn', attribute=True, cli_name='group_name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=True)
 option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
-option: Int('gidnumber', attribute=True, autofill=False, cli_name='gid', multivalue=False, required=False)
+option: Int('gidnumber', attribute=True, autofill=False, cli_name='gid', minvalue=1, multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Str('delattr*', cli_name='delattr', exclude='webui')
@@ -3142,7 +3142,7 @@ option: Str('mail', attribute=True, cli_name='email', multivalue=True, required=
 option: Password('userpassword', attribute=True, cli_name='password', exclude='webui', multivalue=False, required=False)
 option: Flag('random', attribute=False, autofill=True, cli_name='random', default=False, multivalue=False, required=False)
 option: Int('uidnumber', attribute=True, autofill=True, cli_name='uid', default=999, minvalue=1, multivalue=False, required=True)
-option: Int('gidnumber', attribute=True, autofill=True, cli_name='gidnumber', multivalue=False, required=True)
+option: Int('gidnumber', attribute=True, autofill=True, cli_name='gidnumber', minvalue=1, multivalue=False, required=True)
 option: Str('street', attribute=True, cli_name='street', multivalue=False, required=False)
 option: Str('l', attribute=True, cli_name='city', multivalue=False, required=False)
 option: Str('st', attribute=True, cli_name='state', multivalue=False, required=False)
@@ -3200,7 +3200,7 @@ option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='princi
 option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, query=True, required=False)
 option: Password('userpassword', attribute=True, autofill=False, cli_name='password', exclude='webui', multivalue=False, query=True, required=False)
 option: Int('uidnumber', attribute=True, autofill=False, cli_name='uid', default=999, minvalue=1, multivalue=False, query=True, required=False)
-option: Int('gidnumber', attribute=True, autofill=False, cli_name='gidnumber', multivalue=False, query=True, required=False)
+option: Int('gidnumber', attribute=True, autofill=False, cli_name='gidnumber', minvalue=1, multivalue=False, query=True, required=False)
 option: Str('street', attribute=True, autofill=False, cli_name='street', multivalue=False, query=True, required=False)
 option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, query=True, required=False)
 option: Str('st', attribute=True, autofill=False, cli_name='state', multivalue=False, query=True, required=False)
@@ -3249,7 +3249,7 @@ option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue
 option: Password('userpassword', attribute=True, autofill=False, cli_name='password', exclude='webui', multivalue=False, required=False)
 option: Flag('random', attribute=False, autofill=True, cli_name='random', default=False, multivalue=False, required=False)
 option: Int('uidnumber', attribute=True, autofill=False, cli_name='uid', default=999, minvalue=1, multivalue=False, required=False)
-option: Int('gidnumber', attribute=True, autofill=False, cli_name='gidnumber', multivalue=False, required=False)
+option: Int('gidnumber', attribute=True, autofill=False, cli_name='gidnumber', minvalue=1, multivalue=False, required=False)
 option: Str('street', attribute=True, autofill=False, cli_name='street', multivalue=False, required=False)
 option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, required=False)
 option: Str('st', attribute=True, autofill=False, cli_name='state', multivalue=False, required=False)
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 49bc82328..b101d1285 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -119,6 +119,7 @@ class group(LDAPObject):
             cli_name='gid',
             label=_('GID'),
             doc=_('GID (use this option to set it manually)'),
+            minvalue=1,
         ),
     )
 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index ad9805bec..d8da3a373 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -263,6 +263,7 @@ class user(LDAPObject):
         Int('gidnumber',
             label=_('GID'),
             doc=_('Group ID Number'),
+            minvalue=1,
             default_from=lambda uidnumber: uidnumber,
             autofill=True,
         ),
-- 
cgit