mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Don't crash when searching with empty relationship options
Empty sequences (and sequences of empty strings) are normalized to None, but the member filter code expected a list. This patch extends a test for missing options to also catch false values. The functional change is from `if param_name in options:` to `if options.get(param_name):`; the rest of the patch is code de-duplication and tests. These are CSV params with csv_skipspace set, so on the CLI, empty set is given as a string with just spaces and commas (including the empty string). https://fedorahosted.org/freeipa/ticket/2479
This commit is contained in:
parent
17ba58aa4b
commit
e9d68a7b00
@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
|
||||
relationship = self.obj.relationships.get(
|
||||
attr, ['member', '', 'no_']
|
||||
)
|
||||
param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name))
|
||||
if param_name in options:
|
||||
dns = []
|
||||
for pkey in options[param_name]:
|
||||
dns.append(ldap_obj.get_dn(pkey))
|
||||
flt = ldap.make_filter_from_attr(
|
||||
attr, dns, ldap.MATCH_ALL
|
||||
)
|
||||
filter = ldap.combine_filters(
|
||||
(filter, flt), ldap.MATCH_ALL
|
||||
)
|
||||
param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name))
|
||||
if param_name in options:
|
||||
dns = []
|
||||
for pkey in options[param_name]:
|
||||
dns.append(ldap_obj.get_dn(pkey))
|
||||
flt = ldap.make_filter_from_attr(
|
||||
attr, dns, ldap.MATCH_NONE
|
||||
)
|
||||
filter = ldap.combine_filters(
|
||||
(filter, flt), ldap.MATCH_ALL
|
||||
)
|
||||
# Handle positive (MATCH_ALL) and negative (MATCH_NONE)
|
||||
# searches similarly
|
||||
param_prefixes = relationship[1:] # e.g. ('in_', 'not_in_')
|
||||
rules = ldap.MATCH_ALL, ldap.MATCH_NONE
|
||||
for param_prefix, rule in zip(param_prefixes, rules):
|
||||
param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name))
|
||||
if options.get(param_name):
|
||||
dns = []
|
||||
for pkey in options[param_name]:
|
||||
dns.append(ldap_obj.get_dn(pkey))
|
||||
flt = ldap.make_filter_from_attr(attr, dns, rule)
|
||||
filter = ldap.combine_filters(
|
||||
(filter, flt), ldap.MATCH_ALL
|
||||
)
|
||||
return filter
|
||||
|
||||
has_output_params = global_output_params
|
||||
|
@ -396,6 +396,43 @@ class test_netgroup(Declarative):
|
||||
),
|
||||
|
||||
|
||||
dict(
|
||||
desc='Search for netgroups using no_user',
|
||||
command=('netgroup_find', [], dict(no_user=user1)),
|
||||
expected=dict(
|
||||
count=2,
|
||||
truncated=False,
|
||||
summary=u'2 netgroups matched',
|
||||
result=[
|
||||
{
|
||||
'dn': fuzzy_netgroupdn,
|
||||
'cn': [netgroup2],
|
||||
'description': [u'Test netgroup 2'],
|
||||
'nisdomainname': [u'%s' % api.env.domain],
|
||||
},
|
||||
{
|
||||
'dn': fuzzy_netgroupdn,
|
||||
'memberhost_host': (host1,),
|
||||
'memberhost_hostgroup': (hostgroup1,),
|
||||
'cn': [netgroup1],
|
||||
'description': [u'Test netgroup 1'],
|
||||
'nisdomainname': [u'%s' % api.env.domain],
|
||||
},
|
||||
],
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc="Check %r doesn't match when searching for %s" % (netgroup1, user1),
|
||||
command=('netgroup_find', [], dict(user=user1)),
|
||||
expected=dict(
|
||||
count=0,
|
||||
truncated=False,
|
||||
summary=u'0 netgroups matched',
|
||||
result=[],
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Add user %r to netgroup %r' % (user1, netgroup1),
|
||||
command=(
|
||||
@ -428,6 +465,23 @@ class test_netgroup(Declarative):
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc="Check %r doesn't match when searching for no %s" % (netgroup1, user1),
|
||||
command=('netgroup_find', [], dict(no_user=user1)),
|
||||
expected=dict(
|
||||
count=1,
|
||||
truncated=False,
|
||||
summary=u'1 netgroup matched',
|
||||
result=[
|
||||
{
|
||||
'dn': fuzzy_netgroupdn,
|
||||
'cn': [netgroup2],
|
||||
'description': [u'Test netgroup 2'],
|
||||
'nisdomainname': [u'%s' % api.env.domain],
|
||||
},
|
||||
],
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Add group %r to netgroup %r' % (group1, netgroup1),
|
||||
@ -752,6 +806,60 @@ class test_netgroup(Declarative):
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Search for %r using user' % netgroup1,
|
||||
command=('netgroup_find', [], dict(user=user1)),
|
||||
expected=dict(
|
||||
count=1,
|
||||
truncated=False,
|
||||
summary=u'1 netgroup matched',
|
||||
result=[
|
||||
{
|
||||
'dn': fuzzy_netgroupdn,
|
||||
'memberhost_host': (host1,),
|
||||
'memberhost_hostgroup': (hostgroup1,),
|
||||
'memberuser_user': (user1,),
|
||||
'memberuser_group': (group1,),
|
||||
'member_netgroup': (netgroup2,),
|
||||
'cn': [netgroup1],
|
||||
'description': [u'Test netgroup 1'],
|
||||
'nisdomainname': [u'%s' % api.env.domain],
|
||||
'externalhost': [u'unknown'],
|
||||
},
|
||||
],
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Search for all netgroups using empty memberuser',
|
||||
command=('netgroup_find', [], dict(memberuser=None)),
|
||||
expected=dict(
|
||||
count=2,
|
||||
truncated=False,
|
||||
summary=u'2 netgroups matched',
|
||||
result=[
|
||||
{
|
||||
'dn': fuzzy_netgroupdn,
|
||||
'memberhost_host': (host1,),
|
||||
'memberhost_hostgroup': (hostgroup1,),
|
||||
'memberuser_user': (user1,),
|
||||
'memberuser_group': (group1,),
|
||||
'member_netgroup': (netgroup2,),
|
||||
'cn': [netgroup1],
|
||||
'description': [u'Test netgroup 1'],
|
||||
'nisdomainname': [u'%s' % api.env.domain],
|
||||
'externalhost': [u'unknown'],
|
||||
},
|
||||
{
|
||||
'dn': fuzzy_netgroupdn,
|
||||
'memberof_netgroup': (netgroup1,),
|
||||
'cn': [netgroup2],
|
||||
'description': [u'Test netgroup 2'],
|
||||
'nisdomainname': [u'%s' % api.env.domain],
|
||||
},
|
||||
],
|
||||
),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Update %r' % netgroup1,
|
||||
|
Loading…
Reference in New Issue
Block a user