Unix gid duplicate fix (#1876)

* added gid removal only when the gid is actually set and updated tests --------- Signed-off-by: Sebastiano Tocci <seba.tocci@gmail.com>
2025-02-23 12:37:00 +01:00 · 2023-07-19 01:44:51 +02:00 · 2023-07-19 01:44:51 +02:00 · e5748fdebb
parent 73e6e11cd2
commit e5748fdebb
3 changed files with 21 additions and 7 deletions
--- a/server/core/src/actors/v1_write.rs
+++ b/server/core/src/actors/v1_write.rs
@ -1,6 +1,5 @@
-use std::iter;
-use std::sync::Arc;
 use std::time::Duration;
+use std::{iter, sync::Arc};

 use kanidm_proto::v1::{
    AccountUnixExtend, CUIntentToken, CUSessionToken, CUStatus, CreateRequest, DeleteRequest,
@ -1102,15 +1101,22 @@ impl QueryServerWriteV1 {
        gx: GroupUnixExtend,
        eventid: Uuid,
    ) -> Result<(), OperationError> {
-        // The filter_map here means we only create the mods if the gidnumber or shell are set
+        // The if let Some here means we only create the mods if the gidnumber is set
        // in the actual request.
+
+        let gidnumber_mods = if let Some(gid) = gx.gidnumber {
+            [
+                Some(Modify::Purged("gidnumber".into())),
+                Some(Modify::Present("gidnumber".into(), Value::new_uint32(gid))),
+            ]
+        } else {
+            [None, None]
+        };
        let mods: Vec<_> = iter::once(Some(Modify::Present(
            "class".into(),
            Value::new_class("posixgroup"),
        )))
-        .chain(iter::once(gx.gidnumber.map(|n| {
-            Modify::Present("gidnumber".into(), Value::new_uint32(n))
-        })))
+        .chain(gidnumber_mods)
        .flatten()
        .collect();

--- a/server/lib/src/server/modify.rs
+++ b/server/lib/src/server/modify.rs
@ -121,7 +121,6 @@ impl<'a> QueryServerWriteTransaction<'a> {
        }

        // Pre mod plugins
-        // We should probably supply the pre-post cands here.
        Plugins::run_pre_modify(self, &pre_candidates, &mut candidates, me).map_err(|e| {
            admin_error!("Pre-Modify operation failed (plugin), {:?}", e);
            e
--- a/server/testkit/tests/proto_v1_test.rs
+++ b/server/testkit/tests/proto_v1_test.rs
@ -532,6 +532,15 @@ async fn test_server_rest_posix_lifecycle(rsclient: KanidmClient) {
        .idm_group_unix_extend("posix_group", None)
        .await
        .unwrap();
+    // here we check that we can successfully change the gid without breaking anything
+
+    let res = rsclient
+        .idm_group_unix_extend("posix_group", Some(123123))
+        .await;
+    assert!(res.is_ok());
+
+    let res = rsclient.idm_group_unix_extend("posix_group", None).await;
+    assert!(res.is_ok());

    // Open a new connection as anonymous
    let res = rsclient.auth_anonymous().await;