Don't crash when searching with empty relationship options

Empty sequences (and sequences of empty strings) are normalized
to None, but the member filter code expected a list.
This patch extends a test for missing options to also catch
false values.
The functional change is from `if param_name in options:` to
`if options.get(param_name):`; the rest of the patch is code
de-duplication and tests.

These are CSV params with csv_skipspace set, so on the CLI, empty
set is given as a string with just spaces and commas (including
the empty string).

https://fedorahosted.org/freeipa/ticket/2479
This commit is contained in:
Petr Viktorin 2012-03-09 04:45:15 -05:00 committed by Rob Crittenden
parent 17ba58aa4b
commit e9d68a7b00
2 changed files with 122 additions and 22 deletions

View File

@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
relationship = self.obj.relationships.get(
attr, ['member', '', 'no_']
)
param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name))
if param_name in options:
dns = []
for pkey in options[param_name]:
dns.append(ldap_obj.get_dn(pkey))
flt = ldap.make_filter_from_attr(
attr, dns, ldap.MATCH_ALL
)
filter = ldap.combine_filters(
(filter, flt), ldap.MATCH_ALL
)
param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name))
if param_name in options:
dns = []
for pkey in options[param_name]:
dns.append(ldap_obj.get_dn(pkey))
flt = ldap.make_filter_from_attr(
attr, dns, ldap.MATCH_NONE
)
filter = ldap.combine_filters(
(filter, flt), ldap.MATCH_ALL
)
# Handle positive (MATCH_ALL) and negative (MATCH_NONE)
# searches similarly
param_prefixes = relationship[1:] # e.g. ('in_', 'not_in_')
rules = ldap.MATCH_ALL, ldap.MATCH_NONE
for param_prefix, rule in zip(param_prefixes, rules):
param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name))
if options.get(param_name):
dns = []
for pkey in options[param_name]:
dns.append(ldap_obj.get_dn(pkey))
flt = ldap.make_filter_from_attr(attr, dns, rule)
filter = ldap.combine_filters(
(filter, flt), ldap.MATCH_ALL
)
return filter
has_output_params = global_output_params

View File

@ -396,6 +396,43 @@ class test_netgroup(Declarative):
),
dict(
desc='Search for netgroups using no_user',
command=('netgroup_find', [], dict(no_user=user1)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc="Check %r doesn't match when searching for %s" % (netgroup1, user1),
command=('netgroup_find', [], dict(user=user1)),
expected=dict(
count=0,
truncated=False,
summary=u'0 netgroups matched',
result=[],
),
),
dict(
desc='Add user %r to netgroup %r' % (user1, netgroup1),
command=(
@ -428,6 +465,23 @@ class test_netgroup(Declarative):
),
),
dict(
desc="Check %r doesn't match when searching for no %s" % (netgroup1, user1),
command=('netgroup_find', [], dict(no_user=user1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Add group %r to netgroup %r' % (group1, netgroup1),
@ -752,6 +806,60 @@ class test_netgroup(Declarative):
),
),
dict(
desc='Search for %r using user' % netgroup1,
command=('netgroup_find', [], dict(user=user1)),
expected=dict(
count=1,
truncated=False,
summary=u'1 netgroup matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
},
],
),
),
dict(
desc='Search for all netgroups using empty memberuser',
command=('netgroup_find', [], dict(memberuser=None)),
expected=dict(
count=2,
truncated=False,
summary=u'2 netgroups matched',
result=[
{
'dn': fuzzy_netgroupdn,
'memberhost_host': (host1,),
'memberhost_hostgroup': (hostgroup1,),
'memberuser_user': (user1,),
'memberuser_group': (group1,),
'member_netgroup': (netgroup2,),
'cn': [netgroup1],
'description': [u'Test netgroup 1'],
'nisdomainname': [u'%s' % api.env.domain],
'externalhost': [u'unknown'],
},
{
'dn': fuzzy_netgroupdn,
'memberof_netgroup': (netgroup1,),
'cn': [netgroup2],
'description': [u'Test netgroup 2'],
'nisdomainname': [u'%s' % api.env.domain],
},
],
),
),
dict(
desc='Update %r' % netgroup1,