IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't crash when searching with empty relationship options

Browse Source 
Empty sequences (and sequences of empty strings) are normalized
to None, but the member filter code expected a list.
This patch extends a test for missing options to also catch
false values.
The functional change is from `if param_name in options:` to
`if options.get(param_name):`; the rest of the patch is code
de-duplication and tests.

These are CSV params with csv_skipspace set, so on the CLI, empty
set is given as a string with just spaces and commas (including
the empty string).

https://fedorahosted.org/freeipa/ticket/2479
This commit is contained in:
Petr Viktorin 2012-03-09 04:45:15 -05:00 committed by Rob Crittenden
parent 17ba58aa4b
commit e9d68a7b00
2 changed files with 122 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
ipalib/plugins/baseldap.py
View File

@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
relationship = self.obj.relationships.get(
attr, ['member', '', 'no_']
)
param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name))
if param_name in options:
dns = []
for pkey in options[param_name]:
dns.append(ldap_obj.get_dn(pkey))
flt = ldap.make_filter_from_attr(
attr, dns, ldap.MATCH_ALL
)
filter = ldap.combine_filters(
(filter, flt), ldap.MATCH_ALL
)
param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name))
if param_name in options:
dns = []
for pkey in options[param_name]:
dns.append(ldap_obj.get_dn(pkey))
flt = ldap.make_filter_from_attr(
attr, dns, ldap.MATCH_NONE
)
filter = ldap.combine_filters(
(filter, flt), ldap.MATCH_ALL
)
# Handle positive (MATCH_ALL) and negative (MATCH_NONE)
# searches similarly
param_prefixes = relationship[1:] # e.g. ('in_', 'not_in_')
rules = ldap.MATCH_ALL, ldap.MATCH_NONE
for param_prefix, rule in zip(param_prefixes, rules):
param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name))
if options.get(param_name):
dns = []
for pkey in options[param_name]:
dns.append(ldap_obj.get_dn(pkey))
flt = ldap.make_filter_from_attr(attr, dns, rule)
filter = ldap.combine_filters(
(filter, flt), ldap.MATCH_ALL
)
return filter
has_output_params = global_output_params

108
tests/test_xmlrpc/test_netgroup_plugin.py
View File

@ -396,6 +396,43 @@ class test_netgroup(Declarative):
),
dict(
desc='Search for netgroups using no_user',
command=('netgroup_find', [], dict(no_user=user1)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc="Check %r doesn't match when searching for %s" % (netgroup1, user1),
command=('netgroup_find', [], dict(user=user1)),
expected=dict(
count=0,
truncated=False,
summary=u'0 netgroups matched',
result=[],
),
),
dict(
desc='Add user %r to netgroup %r' % (user1, netgroup1),
command=(
@ -428,6 +465,23 @@ class test_netgroup(Declarative):
),
),
dict(
desc="Check %r doesn't match when searching for no %s" % (netgroup1, user1),
command=('netgroup_find', [], dict(no_user=user1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Add group %r to netgroup %r' % (group1, netgroup1),
@ -752,6 +806,60 @@ class test_netgroup(Declarative):
),
),
dict(
desc='Search for %r using user' % netgroup1,
command=('netgroup_find', [], dict(user=user1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
},
],
),
),
dict(
desc='Search for all netgroups using empty memberuser',
command=('netgroup_find', [], dict(memberuser=None)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
},
{
'dn': fuzzy_netgroupdn,
'memberof_netgroup': (netgroup1,),
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Update %r' % netgroup1,