From d622be295a8c61fc3b3213527de1684c4af6a7ac Mon Sep 17 00:00:00 2001
From: Armando Neto <abiagion@redhat.com>
Date: Jun 27 2018 18:25:39 +0000
Subject: Prevent the creation on users and groups with numeric characters only


Update regular expression validator to prevent user and group creation.

Fixes: https://pagure.io/freeipa/issue/7572

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

---

diff --git a/ipalib/constants.py b/ipalib/constants.py
index 2dc0438..b128b02 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -288,7 +288,9 @@ RENEWAL_REUSE_CA_NAME = 'dogtag-ipa-ca-renew-agent-reuse'
 CA_DBUS_TIMEOUT = 120
 
 # regexp definitions
-PATTERN_GROUPUSER_NAME = '^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$'
+PATTERN_GROUPUSER_NAME = (
+    '(?!^[0-9]+$)^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$'
+)
 
 # Kerberos Anonymous principal name
 ANON_USER = 'WELLKNOWN/ANONYMOUS'
diff --git a/ipatests/test_xmlrpc/test_group_plugin.py b/ipatests/test_xmlrpc/test_group_plugin.py
index 2f824de..c89de66 100644
--- a/ipatests/test_xmlrpc/test_group_plugin.py
+++ b/ipatests/test_xmlrpc/test_group_plugin.py
@@ -169,6 +169,26 @@ class TestGroup(XMLRPC_test):
                 error=u'may only include letters, numbers, _, -, . and $')):
             command()
 
+    def test_create_with_name_starting_with_numeric(self):
+        """Successfully create a group with name starting with numeric chars"""
+        testgroup = GroupTracker(
+            name=u'1234group',
+            description=u'Group name starting with numeric chars',
+        )
+        testgroup.create()
+        testgroup.delete()
+
+    def test_create_with_numeric_only_group_name(self):
+        """Try to create a group with name only contains numeric chars"""
+        testgroup = GroupTracker(
+            name=u'1234', description=u'Numeric only group name',
+        )
+        with raises_exact(errors.ValidationError(
+            name='group_name',
+            error=u'may only include letters, numbers, _, -, . and $',
+        )):
+            testgroup.create()
+
 
 @pytest.mark.tier1
 class TestFindGroup(XMLRPC_test):
diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py
index af825f7..d8176cd 100644
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -644,6 +644,25 @@ class TestCreate(XMLRPC_test):
         with raises_exact(errors.ManagedGroupExistsError(group=group.cn)):
             command()
 
+    def test_create_with_username_starting_with_numeric(self):
+        """Successfully create a user with name starting with numeric chars"""
+        testuser = UserTracker(
+            name=u'1234user', givenname=u'First1234', sn=u'Surname1234',
+        )
+        testuser.create()
+        testuser.delete()
+
+    def test_create_with_numeric_only_username(self):
+        """Try to create a user with name only contains numeric chars"""
+        testuser = UserTracker(
+            name=u'1234', givenname=u'NumFirst1234', sn=u'NumSurname1234',
+        )
+        with raises_exact(errors.ValidationError(
+                name=u'login',
+                error=u'may only include letters, numbers, _, -, . and $',
+        )):
+            testuser.create()
+
 
 @pytest.mark.tier1
 class TestUserWithGroup(XMLRPC_test):