From 5b64cde92a84c2e8ad2f99fd139fa5d13598b096 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Mon, 11 Feb 2013 10:19:53 +0100
Subject: Prevent changing protected group's name using --setattr

The name of any protected group now cannot be changed by modifing
the cn attribute using --setattr. Unit tests have been added to
make sure there is no regression.

https://fedorahosted.org/freeipa/ticket/3354
---
 tests/test_xmlrpc/test_group_plugin.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'tests')

diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py
index a74a5e4c..2d6d2014 100644
--- a/tests/test_xmlrpc/test_group_plugin.py
+++ b/tests/test_xmlrpc/test_group_plugin.py
@@ -878,6 +878,13 @@ class test_group(Declarative):
                 key='admins', reason='Cannot be renamed'),
         ),
 
+        dict(
+            desc='Try to rename the admins group via setattr',
+            command=('group_mod', [u'admins'], {'setattr': u'cn=loosers'}),
+            expected=errors.ProtectedEntryError(label=u'group',
+                key='admins', reason='Cannot be renamed'),
+        ),
+
         dict(
             desc='Try to modify the admins group to support external membership',
             command=('group_mod', [u'admins'], dict(external=True)),
@@ -899,6 +906,14 @@ class test_group(Declarative):
                 key='trust admins', reason='Cannot be renamed'),
         ),
 
+        dict(
+            desc='Try to rename the trust admins group via setattr',
+            command=('group_mod', [u'trust admins'], {'setattr': u'cn=loosers'}),
+            expected=errors.ProtectedEntryError(label=u'group',
+                key='trust admins', reason='Cannot be renamed'),
+        ),
+
+
         dict(
             desc='Try to modify the trust admins group to support external membership',
             command=('group_mod', [u'trust admins'], dict(external=True)),
-- 
cgit