From 0206dbe79502dd06b9c44622ead4635e430e3620 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 27 Apr 2012 07:15:56 -0400 Subject: [PATCH] Do not crash on empty reverse member options Calling a LDAP{Add,Remove}ReverseMember with an empty reverse_member caused an internal error, because empty values are converted to None, which is then iterated. Use an empty list instead of None (or other false falues, of which we only use the empty list). https://fedorahosted.org/freeipa/ticket/2681 --- ipalib/plugins/baseldap.py | 4 +- tests/test_xmlrpc/test_privilege_plugin.py | 44 ++++++++++++++++++++++ tests/test_xmlrpc/test_role_plugin.py | 42 +++++++++++++++++++++ 3 files changed, 88 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index d37a20d1f..5a8013efc 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1966,7 +1966,7 @@ class LDAPAddReverseMember(LDAPModReverseMember): entry_start = self.api.Command[self.show_command](keys[-1])['result'] completed = 0 failed = {'member': {self.reverse_attr: []}} - for attr in options.get(self.reverse_attr, []): + for attr in options.get(self.reverse_attr) or []: try: options = {'%s' % self.member_attr: keys[-1]} try: @@ -2073,7 +2073,7 @@ class LDAPRemoveReverseMember(LDAPModReverseMember): entry_start = self.api.Command[self.show_command](keys[-1])['result'] completed = 0 failed = {'member': {self.reverse_attr: []}} - for attr in options.get(self.reverse_attr, []): + for attr in options.get(self.reverse_attr) or []: try: options = {'%s' % self.member_attr: keys[-1]} try: diff --git a/tests/test_xmlrpc/test_privilege_plugin.py b/tests/test_xmlrpc/test_privilege_plugin.py index eb8120684..d8d9b22a6 100644 --- a/tests/test_xmlrpc/test_privilege_plugin.py +++ b/tests/test_xmlrpc/test_privilege_plugin.py @@ -347,6 +347,50 @@ class test_privilege(Declarative): ), + dict( + desc='Add zero permissions to %r' % privilege1, + command=('privilege_add_permission', [privilege1], + dict(permission=None), + ), + expected=dict( + completed=0, + failed=dict( + member=dict( + permission=[], + ), + ), + result={ + 'dn': lambda x: DN(x) == privilege1_dn, + 'cn': [privilege1], + 'description': [u'New desc 1'], + 'memberof_permission': [permission2], + } + ), + ), + + + dict( + desc='Remove zero permissions from %r' % privilege1, + command=('privilege_remove_permission', [privilege1], + dict(permission=None), + ), + expected=dict( + completed=0, + failed=dict( + member=dict( + permission=[], + ), + ), + result={ + 'dn': lambda x: DN(x) == privilege1_dn, + 'cn': [privilege1], + 'description': [u'New desc 1'], + 'memberof_permission': [permission2], + } + ), + ), + + dict( desc='Delete %r' % privilege1, command=('privilege_del', [privilege1], {}), diff --git a/tests/test_xmlrpc/test_role_plugin.py b/tests/test_xmlrpc/test_role_plugin.py index 62bc6eade..e2bd28cd6 100644 --- a/tests/test_xmlrpc/test_role_plugin.py +++ b/tests/test_xmlrpc/test_role_plugin.py @@ -201,6 +201,48 @@ class test_role(Declarative): ), + dict( + desc='Add zero privileges to role %r' % role1, + command=('role_add_privilege', [role1], dict(privilege=None) + ), + expected=dict( + completed=0, + failed=dict( + member=dict( + privilege=[], + ), + ), + result={ + 'dn': lambda x: DN(x) == role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], + 'memberof_privilege': [privilege1], + } + ), + ), + + + dict( + desc='Remove zero privileges from role %r' % role1, + command=('role_remove_privilege', [role1], dict(privilege=None) + ), + expected=dict( + completed=0, + failed=dict( + member=dict( + privilege=[], + ), + ), + result={ + 'dn': lambda x: DN(x) == role1_dn, + 'cn': [role1], + 'description': [u'role desc 1'], + 'memberof_privilege': [privilege1], + } + ), + ), + + dict( desc='Add member %r to %r' % (group1, role1), command=('role_add_member', [role1], dict(group=group1)),