See commit message. https://fedorahosted.org/freeipa/ticket/2479
-- PetrĀ³
From 074afddae80c7f1851f54324e746ed6a01b878f2 Mon Sep 17 00:00:00 2001 From: Petr Viktorin <pvikt...@redhat.com> Date: Fri, 9 Mar 2012 04:45:15 -0500 Subject: [PATCH] Don't crash when searching with empty relationship options Empty sequences (and sequences of empty strings) are normalized to None, but the member filter code expected a list. This patch extends a test for missing options to also catch false values. The functional change is from `if param_name in options:` to `if options.get(param_name):`; the rest of the patch is code de-duplication and tests. These are CSV params with csv_skipspace set, so on the CLI, empty set is given as a string with just spaces and commas (including the empty string). https://fedorahosted.org/freeipa/ticket/2479 --- ipalib/plugins/baseldap.py | 36 ++++------ tests/test_xmlrpc/test_netgroup_plugin.py | 108 +++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+), 22 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index c0f25479a1460cec9b46db7f10da837d07103887..184480915f2b869ff54863e99ae4047ca0e6701f 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): relationship = self.obj.relationships.get( attr, ['member', '', 'no_'] ) - param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) - if param_name in options: - dns = [] - for pkey in options[param_name]: - dns.append(ldap_obj.get_dn(pkey)) - flt = ldap.make_filter_from_attr( - attr, dns, ldap.MATCH_ALL - ) - filter = ldap.combine_filters( - (filter, flt), ldap.MATCH_ALL - ) - param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) - if param_name in options: - dns = [] - for pkey in options[param_name]: - dns.append(ldap_obj.get_dn(pkey)) - flt = ldap.make_filter_from_attr( - attr, dns, ldap.MATCH_NONE - ) - filter = ldap.combine_filters( - (filter, flt), ldap.MATCH_ALL - ) + # Handle positive (MATCH_ALL) and negative (MATCH_NONE) + # searches similarly + param_prefixes = relationship[1:] # e.g. ('in_', 'not_in_') + rules = ldap.MATCH_ALL, ldap.MATCH_NONE + for param_prefix, rule in zip(param_prefixes, rules): + param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name)) + if options.get(param_name): + dns = [] + for pkey in options[param_name]: + dns.append(ldap_obj.get_dn(pkey)) + flt = ldap.make_filter_from_attr(attr, dns, rule) + filter = ldap.combine_filters( + (filter, flt), ldap.MATCH_ALL + ) return filter has_output_params = global_output_params diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py index 1c6b94bd20027bc3c7e550322ae27a5a05bfe426..c40b01ad623f1566ce98f60e1254b43d539752bb 100644 --- a/tests/test_xmlrpc/test_netgroup_plugin.py +++ b/tests/test_xmlrpc/test_netgroup_plugin.py @@ -397,6 +397,43 @@ class test_netgroup(Declarative): dict( + desc='Search for netgroups using no_user', + command=('netgroup_find', [], dict(no_user=user1)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + { + 'dn': fuzzy_netgroupdn, + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), + + dict( + desc="Check %r doesn't match when searching for %s" % (netgroup1, user1), + command=('netgroup_find', [], dict(user=user1)), + expected=dict( + count=0, + truncated=False, + summary=u'0 netgroups matched', + result=[], + ), + ), + + dict( desc='Add user %r to netgroup %r' % (user1, netgroup1), command=( 'netgroup_add_member', [netgroup1], dict(user=user1) @@ -428,6 +465,23 @@ class test_netgroup(Declarative): ), ), + dict( + desc="Check %r doesn't match when searching for no %s" % (netgroup1, user1), + command=('netgroup_find', [], dict(no_user=user1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), dict( desc='Add group %r to netgroup %r' % (group1, netgroup1), @@ -752,6 +806,60 @@ class test_netgroup(Declarative): ), ), + dict( + desc='Search for %r using user' % netgroup1, + command=('netgroup_find', [], dict(user=user1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'memberuser_user': (user1,), + 'memberuser_group': (group1,), + 'member_netgroup': (netgroup2,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [u'unknown'], + }, + ], + ), + ), + + dict( + desc='Search for all netgroups using empty memberuser', + command=('netgroup_find', [], dict(memberuser=None)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'memberuser_user': (user1,), + 'memberuser_group': (group1,), + 'member_netgroup': (netgroup2,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [u'unknown'], + }, + { + 'dn': fuzzy_netgroupdn, + 'memberof_netgroup': (netgroup1,), + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), dict( desc='Update %r' % netgroup1, -- 1.7.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel