diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-03-09 04:45:15 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-03-13 23:28:53 -0400 |
commit | e9d68a7b001d23a7bac7cbf52e270c0723f1f69d (patch) | |
tree | f424c9aaf2983c559b75399dae4f383335e8ccfc | |
parent | 17ba58aa4b6d59b159754351631165a9de61718a (diff) | |
download | freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.gz freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.xz freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.zip |
Don't crash when searching with empty relationship options
Empty sequences (and sequences of empty strings) are normalized
to None, but the member filter code expected a list.
This patch extends a test for missing options to also catch
false values.
The functional change is from `if param_name in options:` to
`if options.get(param_name):`; the rest of the patch is code
de-duplication and tests.
These are CSV params with csv_skipspace set, so on the CLI, empty
set is given as a string with just spaces and commas (including
the empty string).
https://fedorahosted.org/freeipa/ticket/2479
-rw-r--r-- | ipalib/plugins/baseldap.py | 36 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_netgroup_plugin.py | 108 |
2 files changed, 122 insertions, 22 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index cf5d8d20e..9562ff987 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): relationship = self.obj.relationships.get( attr, ['member', '', 'no_'] ) - param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) - if param_name in options: - dns = [] - for pkey in options[param_name]: - dns.append(ldap_obj.get_dn(pkey)) - flt = ldap.make_filter_from_attr( - attr, dns, ldap.MATCH_ALL - ) - filter = ldap.combine_filters( - (filter, flt), ldap.MATCH_ALL - ) - param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) - if param_name in options: - dns = [] - for pkey in options[param_name]: - dns.append(ldap_obj.get_dn(pkey)) - flt = ldap.make_filter_from_attr( - attr, dns, ldap.MATCH_NONE - ) - filter = ldap.combine_filters( - (filter, flt), ldap.MATCH_ALL - ) + # Handle positive (MATCH_ALL) and negative (MATCH_NONE) + # searches similarly + param_prefixes = relationship[1:] # e.g. ('in_', 'not_in_') + rules = ldap.MATCH_ALL, ldap.MATCH_NONE + for param_prefix, rule in zip(param_prefixes, rules): + param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name)) + if options.get(param_name): + dns = [] + for pkey in options[param_name]: + dns.append(ldap_obj.get_dn(pkey)) + flt = ldap.make_filter_from_attr(attr, dns, rule) + filter = ldap.combine_filters( + (filter, flt), ldap.MATCH_ALL + ) return filter has_output_params = global_output_params diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py index 1c6b94bd2..c40b01ad6 100644 --- a/tests/test_xmlrpc/test_netgroup_plugin.py +++ b/tests/test_xmlrpc/test_netgroup_plugin.py @@ -397,6 +397,43 @@ class test_netgroup(Declarative): dict( + desc='Search for netgroups using no_user', + command=('netgroup_find', [], dict(no_user=user1)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + { + 'dn': fuzzy_netgroupdn, + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), + + dict( + desc="Check %r doesn't match when searching for %s" % (netgroup1, user1), + command=('netgroup_find', [], dict(user=user1)), + expected=dict( + count=0, + truncated=False, + summary=u'0 netgroups matched', + result=[], + ), + ), + + dict( desc='Add user %r to netgroup %r' % (user1, netgroup1), command=( 'netgroup_add_member', [netgroup1], dict(user=user1) @@ -428,6 +465,23 @@ class test_netgroup(Declarative): ), ), + dict( + desc="Check %r doesn't match when searching for no %s" % (netgroup1, user1), + command=('netgroup_find', [], dict(no_user=user1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), dict( desc='Add group %r to netgroup %r' % (group1, netgroup1), @@ -752,6 +806,60 @@ class test_netgroup(Declarative): ), ), + dict( + desc='Search for %r using user' % netgroup1, + command=('netgroup_find', [], dict(user=user1)), + expected=dict( + count=1, + truncated=False, + summary=u'1 netgroup matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'memberuser_user': (user1,), + 'memberuser_group': (group1,), + 'member_netgroup': (netgroup2,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [u'unknown'], + }, + ], + ), + ), + + dict( + desc='Search for all netgroups using empty memberuser', + command=('netgroup_find', [], dict(memberuser=None)), + expected=dict( + count=2, + truncated=False, + summary=u'2 netgroups matched', + result=[ + { + 'dn': fuzzy_netgroupdn, + 'memberhost_host': (host1,), + 'memberhost_hostgroup': (hostgroup1,), + 'memberuser_user': (user1,), + 'memberuser_group': (group1,), + 'member_netgroup': (netgroup2,), + 'cn': [netgroup1], + 'description': [u'Test netgroup 1'], + 'nisdomainname': [u'%s' % api.env.domain], + 'externalhost': [u'unknown'], + }, + { + 'dn': fuzzy_netgroupdn, + 'memberof_netgroup': (netgroup1,), + 'cn': [netgroup2], + 'description': [u'Test netgroup 2'], + 'nisdomainname': [u'%s' % api.env.domain], + }, + ], + ), + ), dict( desc='Update %r' % netgroup1, |