diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-10-11 14:28:17 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-10-12 10:12:49 +0200 |
commit | c0879cd00b17b61de54b52cb24a61ce85374cae4 (patch) | |
tree | 61c12f0f9ac8a845422cbbf0cda7aceba804c679 | |
parent | 89b869d2c2ab6a86b3be12f1aff33437e9974571 (diff) | |
download | freeipa-c0879cd00b17b61de54b52cb24a61ce85374cae4.tar.gz freeipa-c0879cd00b17b61de54b52cb24a61ce85374cae4.tar.xz freeipa-c0879cd00b17b61de54b52cb24a61ce85374cae4.zip |
Disallow deletion of global password policy.
ticket 1936
-rw-r--r-- | ipalib/plugins/pwpolicy.py | 8 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_pwpolicy.py | 13 |
2 files changed, 21 insertions, 0 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index 79ea44dda..f261de562 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -366,6 +366,14 @@ class pwpolicy_del(LDAPDelete): attribute=True, required=True, multivalue=True ) + def pre_callback(self, ldap, dn, *keys, **options): + if dn.lower() == global_policy_dn.lower(): + raise errors.ValidationError( + name='group', + error=_('cannot delete global password policy') + ) + return dn + def post_callback(self, ldap, dn, *keys, **options): try: self.api.Command.cosentry_del(keys[-1]) diff --git a/tests/test_xmlrpc/test_pwpolicy.py b/tests/test_xmlrpc/test_pwpolicy.py index 3cfc311b9..c0ead9f78 100644 --- a/tests/test_xmlrpc/test_pwpolicy.py +++ b/tests/test_xmlrpc/test_pwpolicy.py @@ -36,6 +36,7 @@ class test_pwpolicy(XMLRPC_test): user = u'testuser12' kw = {'cospriority': 1, 'krbminpwdlife': 30, 'krbmaxpwdlife': 40, 'krbpwdhistorylength': 5, 'krbpwdminlength': 6 } kw2 = {'cospriority': 2, 'krbminpwdlife': 40, 'krbmaxpwdlife': 60, 'krbpwdhistorylength': 8, 'krbpwdminlength': 9 } + global_policy = u'global_policy' def test_1_pwpolicy_add(self): """ @@ -173,6 +174,18 @@ class test_pwpolicy(XMLRPC_test): else: assert False + # Verify that global policy cannot be deleted + try: + api.Command['pwpolicy_del'](self.global_policy) + except errors.ValidationError: + pass + else: + assert False + try: + api.Command['pwpolicy_show'](self.global_policy) + except errors.NotFound: + assert False + # Remove the groups we created api.Command['group_del'](self.group) api.Command['group_del'](self.group2) |