From a9cd2fd0099bcd47852d1a5c262cd0c55a6e59a8 Mon Sep 17 00:00:00 2001
From: Narayan Desai <desai@mcs.anl.gov>
Date: Sat, 24 Oct 2009 16:24:26 +0000
Subject: Metadata: refuse to add dynamic group membership in explicitly
 private groups (Resolves Ticket #529)

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5496 ce84e21b-d406-0410-9b95-82705330c041
---
 src/lib/Server/Plugins/Metadata.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/Server/Plugins/Metadata.py b/src/lib/Server/Plugins/Metadata.py
index d78592f14..21c69e5bd 100644
--- a/src/lib/Server/Plugins/Metadata.py
+++ b/src/lib/Server/Plugins/Metadata.py
@@ -82,6 +82,7 @@ class Metadata(Bcfg2.Server.Plugin.Plugin,
         self.groups = {}
         self.cgroups = {}
         self.public = []
+        self.private = []
         self.profiles = []
         self.categories = {}
         self.bad_clients = {}
@@ -277,7 +278,7 @@ class Metadata(Bcfg2.Server.Plugin.Plugin,
         client_tree.close()
 
     def update_client(self, client_name, attribs):
-        '''Update a client's attributes'''
+        '''Update a clients attributes'''
         tree = lxml.etree.parse(self.data + "/clients.xml")
         root = tree.getroot()
         node = self.search_client(client_name, tree)
@@ -379,6 +380,7 @@ class Metadata(Bcfg2.Server.Plugin.Plugin,
                  in client.findall('Alias')]
         elif dest == 'groups.xml':
             self.public = []
+            self.private = []
             self.profiles = []
             self.groups = {}
             grouptmp = {}
@@ -394,6 +396,8 @@ class Metadata(Bcfg2.Server.Plugin.Plugin,
                     self.profiles.append(group.get('name'))
                 if group.get('public', 'false') == 'true':
                     self.public.append(group.get('name'))
+                elif group.get('public', 'true') == 'false':
+                    self.private.append(group.get('name'))
                 if 'category' in group.attrib:
                     self.categories[group.get('name')] = group.get('category')
             for group in grouptmp:
@@ -578,6 +582,9 @@ class Metadata(Bcfg2.Server.Plugin.Plugin,
                     if g in self.categories and \
                        self.categories[g] in imd.categories:
                         continue
+                    if g in self.private:
+                        self.logger.error("Refusing to add dynamic membership in private group %s for client %s" % (g, imd.hostname))
+                        continue
                     imd.groups.add(g)
 
     def merge_additional_data(self, imd, source, data):
-- 
cgit v1.2.3-1-g7c22