diff options
author | Ondrej Hamada <ohamada@redhat.com> | 2012-03-27 15:15:20 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-03-28 16:23:53 +0200 |
commit | df0e73a5dbfb4ad09a74c930f4d7e6d0721e5c9b (patch) | |
tree | f59e7ba98b24dcafa3aadf21f8052c6651f170fd /tests | |
parent | f1f6b1dfca3d9f296ab57a26ef893073e3d415a8 (diff) | |
download | freeipa.git-df0e73a5dbfb4ad09a74c930f4d7e6d0721e5c9b.tar.gz freeipa.git-df0e73a5dbfb4ad09a74c930f4d7e6d0721e5c9b.tar.xz freeipa.git-df0e73a5dbfb4ad09a74c930f4d7e6d0721e5c9b.zip |
Netgroup nisdomain and hosts validation
nisdomain validation:
Added pattern to the 'nisdomain' parameter to validate the specified
nisdomain name. According to most common use cases the same pattern as
for netgroup should fit. Unit-tests added.
https://fedorahosted.org/freeipa/ticket/2448
'add_external_pre_callback' function was created to allow validation of
all external members. Validation is based on usage of objects primary
key parameter. The 'add_external_pre_callback' fucntion has to be called
directly from in the 'pre_callback' function. This change affects
netgroup, hbacrule and sudorule commands.
For hostname, the validator allows non-fqdn and underscore characters.
validate_hostname function in ipalib.util was modified and contains
additional option that allows hostname to contain underscore characters.
This option is disabled by default.
Unit-tests added.
https://fedorahosted.org/freeipa/ticket/2447
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 13 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_netgroup_plugin.py | 57 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_sudorule_plugin.py | 60 |
3 files changed, 114 insertions, 16 deletions
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index 58265dc0..bd50a585 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -50,6 +50,8 @@ class test_hbac(XMLRPC_test): test_service = u'sshd' test_host_external = u'notfound.example.com' + test_invalid_sourcehost = u'inv+alid#srchost.nonexist.com' + def test_0_hbacrule_add(self): """ Test adding a new HBAC rule using `xmlrpc.hbacrule_add`. @@ -284,6 +286,17 @@ class test_hbac(XMLRPC_test): assert_attr_equal(entry, 'sourcehost_host', self.test_host) assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup) + def test_a_hbacrule_add_invalid_sourcehost(self): + """ + Test adding invalid source host to HBAC rule using `xmlrpc.hbacrule_add_host`. + """ + try: + api.Command['hbacrule_add_sourcehost']( + self.rule_name, host=self.test_invalid_sourcehost, hostgroup=self.test_hostgroup + ) + except errors.ValidationError: + pass + def test_a_hbacrule_add_service(self): """ Test adding service to HBAC rule using `xmlrpc.hbacrule_add_service`. diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py index c40b01ad..33b2c6da 100644 --- a/tests/test_xmlrpc/test_netgroup_plugin.py +++ b/tests/test_xmlrpc/test_netgroup_plugin.py @@ -57,6 +57,9 @@ user2 = u'pexample' group1 = u'testgroup' invalidnetgroup1=u'+badnetgroup' +invalidnisdomain1=u'domain1,domain2' +invalidnisdomain2=u'+invalidnisdomain' +invalidhost=u'+invalid&host' class test_netgroup(Declarative): """ @@ -106,6 +109,20 @@ class test_netgroup(Declarative): dict( + desc='Test an invalid nisdomain1 name %r' % invalidnisdomain1, + command=('netgroup_add', [netgroup1], dict(description=u'Test',nisdomainname=invalidnisdomain1)), + expected=errors.ValidationError(name='nisdomainname', error='may only include letters, numbers, _, - and .'), + ), + + + dict( + desc='Test an invalid nisdomain2 name %r' % invalidnisdomain2, + command=('netgroup_add', [netgroup1], dict(description=u'Test',nisdomainname=invalidnisdomain2)), + expected=errors.ValidationError(name='nisdomainname', error='may only include letters, numbers, _, - and .'), + ), + + + dict( desc='Create %r' % netgroup1, command=('netgroup_add', [netgroup1], dict(description=u'Test netgroup 1') @@ -334,6 +351,14 @@ class test_netgroup(Declarative): dict( + desc='Add invalid host %r to netgroup %r' % (invalidhost, netgroup1), + command=('netgroup_add_member', [netgroup1], dict(host=invalidhost)), + expected=errors.ValidationError(name='host', + error='only letters, numbers, _, and - are allowed. - must not be the DNS label character'), + ), + + + dict( desc='Add host %r to netgroup %r' % (host1, netgroup1), command=( 'netgroup_add_member', [netgroup1], dict(host=host1) @@ -756,7 +781,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -777,7 +802,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -800,7 +825,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ], ), @@ -824,7 +849,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ], ), @@ -848,7 +873,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Test netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, { 'dn': fuzzy_netgroupdn, @@ -878,7 +903,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -913,7 +938,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -947,7 +972,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -980,7 +1005,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -1012,7 +1037,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -1043,7 +1068,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -1074,7 +1099,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -1105,7 +1130,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -1136,7 +1161,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -1167,7 +1192,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), @@ -1198,7 +1223,7 @@ class test_netgroup(Declarative): 'cn': [netgroup1], 'description': [u'Updated netgroup 1'], 'nisdomainname': [u'%s' % api.env.domain], - 'externalhost': [u'unknown'], + 'externalhost': [unknown_host], }, ), ), diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py index 7c45256e..6aabd2b2 100644 --- a/tests/test_xmlrpc/test_sudorule_plugin.py +++ b/tests/test_xmlrpc/test_sudorule_plugin.py @@ -53,6 +53,10 @@ class test_sudorule(XMLRPC_test): test_category = u'all' test_option = u'authenticate' + test_invalid_user = u'+invalid#user' + test_invalid_host = u'+invalid&host.nonexist.com' + test_invalid_group = u'+invalid#group' + def test_0_sudorule_add(self): """ Test adding a new Sudo rule using `xmlrpc.sudorule_add`. @@ -206,6 +210,20 @@ class test_sudorule(XMLRPC_test): entry = ret['result'] assert_attr_equal(entry, 'ipasudorunas_user', self.test_runasuser) + def test_a_sudorule_add_runasuser_invalid(self): + """ + Test adding run as invalid user to Sudo rule using + `xmlrpc.sudorule_add_runasuser`. + """ + try: + api.Command['sudorule_add_runasuser']( + self.rule_name, user=self.test_invalid_user + ) + except errors.ValidationError: + pass + else: + assert False + def test_b_sudorule_remove_runasuser(self): """ Test removing run as user to Sudo rule using @@ -239,6 +257,20 @@ class test_sudorule(XMLRPC_test): assert_attr_equal(entry, 'ipasudorunasgroup_group', self.test_runasgroup) + def test_a_sudorule_add_runasgroup_invalid(self): + """ + Test adding run as invalid user to Sudo rule using + `xmlrpc.sudorule_add_runasuser`. + """ + try: + api.Command['sudorule_add_runasgroup']( + self.rule_name, group=self.test_invalid_group + ) + except errors.ValidationError: + pass + else: + assert False + def test_b_sudorule_remove_runasgroup(self): """ Test removing run as group to Sudo rule using @@ -268,6 +300,20 @@ class test_sudorule(XMLRPC_test): entry = ret['result'] assert_attr_equal(entry, 'externaluser', self.test_external_user) + def test_a_sudorule_add_externaluser_invalid(self): + """ + Test adding an invalid external user to Sudo rule using + `xmlrpc.sudorule_add_user`. + """ + try: + api.Command['sudorule_add_user']( + self.rule_name, user=self.test_invalid_user + ) + except errors.ValidationError: + pass + else: + assert False + def test_b_sudorule_remove_externaluser(self): """ Test removing an external user from Sudo rule using @@ -424,6 +470,20 @@ class test_sudorule(XMLRPC_test): entry = ret['result'] assert_attr_equal(entry, 'externalhost', self.test_external_host) + def test_a_sudorule_add_externalhost_invalid(self): + """ + Test adding an invalid external host to Sudo rule using + `xmlrpc.sudorule_add_host`. + """ + try: + api.Command['sudorule_add_host']( + self.rule_name, host=self.test_invalid_host + ) + except errors.ValidationError: + pass + else: + assert False + def test_b_sudorule_remove_externalhost(self): """ Test removing an external host from Sudo rule using |