Invalid Role generation with AddRole

Question

Invalid Role generation with AddRole

LeChatP opened this issue 2 years ago · 5 comments

LeChatP commented 2 years ago

Issue

When creating a role with insufficient parameters (no users/groups), the role created is incorrect.

Command

addrole test cap_dac_override -c ls

Result

<role name="test">
      <capabilities>
        <capability>cap_sys_admin</capability>
      </capabilities>
      <commands>
        <command>ls</command>
      </commands>
</role>

Expected Result

An error, Respecting the DTD, role must have actor to have command.

Answer 1 · 2022-10-27T15:31:51.000Z

We need to block this operation, because roles must be assigned to users and/or groups.

Answer 2 · 2022-10-28T08:28:10.000Z

Globally, addrole don't respect DTD at all.

Answer 3 · 2022-10-28T08:35:58.000Z

I think we need to revise the code of role manager tools.

Answer 4 · 2022-10-30T08:25:09.000Z

d596b19 Not completely tested fix

Answer 5 · 2023-06-17T17:17:37.000Z

is no longer relevant