[Freeipa-devel] [PATCH] 641 Check for existence of the group when adding a user.

Rob Crittenden Fri, 10 Dec 2010 13:43:39 -0800

The Managed Entries plugin will allow a user to be added even if a groupof the same name exists. This would leave the user without a private group.


We need to check for both the user and the group so we can do 1 of 3 things:
- throw an error that the group exists (but not the user)
- throw an error that the user exists (and the group)
- allow the uesr to be added


ticket 567

rob

>From 48a72e4fbe820d2b03f81340a0d08d7b2c967626 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <[email protected]>
Date: Fri, 10 Dec 2010 16:39:00 -0500
Subject: [PATCH] Check for existence of the group when adding a user.

The Managed Entries plugin will allow a user to be added even if a group
of the same name exists. This would leave the user without a private
group.

We need to check for both the user and the group so we can do 1 of 3 things:
- throw an error that the group exists (but not the user)
- throw an error that the user exists (and the group)
- allow the uesr to be added

ticket 567
---
 ipalib/errors.py                      |   15 +++++++++++++++
 ipalib/plugins/user.py                |   12 ++++++++++++
 tests/test_xmlrpc/test_user_plugin.py |   31 +++++++++++++++++++++++++++++++
 3 files changed, 58 insertions(+), 0 deletions(-)

diff --git a/ipalib/errors.py b/ipalib/errors.py
index b7b2ff8..fe2b01e 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1142,6 +1142,21 @@ class NoCertificateError(ExecutionError):
     errno = 4023
     format = _('\'%(entry)s\' doesn\'t have a certificate.')
 
+class ManagedGroupExistsError(ExecutionError):
+    """
+    **4024** Raised when adding a user and its managed group exists
+
+    For example:
+
+    >>> raise ManagedGroupExistsError(group=u'engineering')
+    Traceback (most recent call last):
+      ...
+    ManagedGroupExistsError: Unable to create private group. A group 'engineering' already exists.'
+    """
+
+    errno = 4024
+    format = _('Unable to create private group. Group \'%(group)s\' already exists.')
+
 class BuiltinError(ExecutionError):
     """
     **4100** Base class for builtin execution errors (*4100 - 4199*).
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index c3246f5..283c0c4 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -211,6 +211,18 @@ class user_add(LDAPCreate):
     msg_summary = _('Added user "%(value)s"')
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+        try:
+            # The Managed Entries plugin will allow a user to be created
+            # even if a group has a duplicate name. This would leave a user
+            # without a private group. Check for both the group and the user.
+            self.api.Command['group_show'](keys[-1])
+            try:
+                self.api.Command['user_show'](keys[-1])
+                raise errors.DuplicateEntry()
+            except errors.NotFound:
+                raise errors.ManagedGroupExistsError(group=keys[-1])
+        except errors.NotFound:
+            pass
         config = ldap.get_ipa_config()[1]
         if 'ipamaxusernamelength' in config:
             if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py
index 79beca7..8dc715c 100644
--- a/tests/test_xmlrpc/test_user_plugin.py
+++ b/tests/test_xmlrpc/test_user_plugin.py
@@ -32,6 +32,7 @@ user_memberof = (u'cn=ipausers,cn=groups,cn=accounts,%s' % api.env.basedn,)
 user1=u'tuser1'
 user2=u'tuser2'
 renameduser1=u'tuser'
+group1=u'group1'
 
 invaliduser1=u'+tuser1'
 invaliduser2=u'tuser1234567890123456789012345678901234567890'
@@ -41,6 +42,7 @@ class test_user(Declarative):
 
     cleanup_commands = [
         ('user_del', [user1, user2], {}),
+        ('group_del', [group1], {}),
     ]
 
     tests = [
@@ -473,4 +475,33 @@ class test_user(Declarative):
             expected=errors.ValidationError(name='uid', error='can be at most 33 characters'),
         ),
 
+        dict(
+            desc='Create %r' % group1,
+            command=(
+                'group_add', [group1], dict(description=u'Test desc')
+            ),
+            expected=dict(
+                value=group1,
+                summary=u'Added group "%s"' % group1,
+                result=dict(
+                    cn=[group1],
+                    description=[u'Test desc'],
+                    gidnumber=[fuzzy_digits],
+                    objectclass=objectclasses.group + [u'posixgroup'],
+                    ipauniqueid=[fuzzy_uuid],
+                    dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group1, api.env.basedn),
+                ),
+            ),
+        ),
+
+
+        dict(
+            desc='Try to user %r where the managed group exists' % group1,
+            command=(
+                'user_add', [group1], dict(givenname=u'Test', sn=u'User1')
+            ),
+            expected=errors.ManagedGroupExistsError(group=group1)
+        ),
+
+
     ]
-- 
1.7.2.1

_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 641 Check for existence of the group when adding a user.

Reply via email to