salt/prevent-possible-exceptions-on-salt.utils.user.get_g.patch
Victor Zhestkov 4093dfc994 Accepting request 1105250 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
- Make sure configured user is properly set by Salt (bsc#1210994)
- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
- Fix broken tests to make them running in the testsuite
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Added:
  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
  * fix-tests-to-make-them-running-with-salt-testsuite.patch
  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
  * make-sure-configured-user-is-properly-set-by-salt-bs.patch

OBS-URL: https://build.opensuse.org/request/show/1105250
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=213
2023-08-22 12:20:45 +00:00

69 lines
2.3 KiB
Diff

From 4ea91a61abbb6ef001f057685370454c85b72c3a Mon Sep 17 00:00:00 2001
From: Victor Zhestkov <vzhestkov@suse.com>
Date: Mon, 21 Aug 2023 13:04:32 +0200
Subject: [PATCH] Prevent possible exceptions on
salt.utils.user.get_group_dict (bsc#1212794)
* Prevent KeyError on calling grp.getgrnam in case of improper group
* Add test of calling salt.utils.user.get_group_dict
for the user having improper duplicate group
* Update tests/pytests/functional/utils/user/test_get_group_dict.py
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
---------
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
---
salt/utils/user.py | 6 +++++-
.../utils/user/test_get_group_dict.py | 17 +++++++++++++++++
2 files changed, 22 insertions(+), 1 deletion(-)
create mode 100644 tests/pytests/functional/utils/user/test_get_group_dict.py
diff --git a/salt/utils/user.py b/salt/utils/user.py
index 9763667443..2f1ca65cf9 100644
--- a/salt/utils/user.py
+++ b/salt/utils/user.py
@@ -352,7 +352,11 @@ def get_group_dict(user=None, include_default=True):
group_dict = {}
group_names = get_group_list(user, include_default=include_default)
for group in group_names:
- group_dict.update({group: grp.getgrnam(group).gr_gid})
+ try:
+ group_dict.update({group: grp.getgrnam(group).gr_gid})
+ except KeyError:
+ # In case if imporer duplicate group was returned by get_group_list
+ pass
return group_dict
diff --git a/tests/pytests/functional/utils/user/test_get_group_dict.py b/tests/pytests/functional/utils/user/test_get_group_dict.py
new file mode 100644
index 0000000000..653d664607
--- /dev/null
+++ b/tests/pytests/functional/utils/user/test_get_group_dict.py
@@ -0,0 +1,17 @@
+import logging
+
+import pytest
+
+import salt.utils.platform
+import salt.utils.user
+from tests.support.mock import patch
+
+log = logging.getLogger(__name__)
+
+pytestmark = [
+ pytest.mark.skip_unless_on_linux(reason="Should only run in platforms which have duplicate GID support"),
+]
+def test_get_group_dict_with_improper_duplicate_root_group():
+ with patch("salt.utils.user.get_group_list", return_value=["+", "root"]):
+ group_list = salt.utils.user.get_group_dict("root")
+ assert group_list == {"root": 0}
--
2.41.0