diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-03-09 04:45:15 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-03-13 23:28:53 -0400 |
commit | e9d68a7b001d23a7bac7cbf52e270c0723f1f69d (patch) | |
tree | f424c9aaf2983c559b75399dae4f383335e8ccfc /ipalib/plugins/baseldap.py | |
parent | 17ba58aa4b6d59b159754351631165a9de61718a (diff) | |
download | freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.gz freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.xz freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.zip |
Don't crash when searching with empty relationship options
Empty sequences (and sequences of empty strings) are normalized
to None, but the member filter code expected a list.
This patch extends a test for missing options to also catch
false values.
The functional change is from `if param_name in options:` to
`if options.get(param_name):`; the rest of the patch is code
de-duplication and tests.
These are CSV params with csv_skipspace set, so on the CLI, empty
set is given as a string with just spaces and commas (including
the empty string).
https://fedorahosted.org/freeipa/ticket/2479
Diffstat (limited to 'ipalib/plugins/baseldap.py')
-rw-r--r-- | ipalib/plugins/baseldap.py | 36 |
1 files changed, 14 insertions, 22 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index cf5d8d20e..9562ff987 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): relationship = self.obj.relationships.get( attr, ['member', '', 'no_'] ) - param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) - if param_name in options: - dns = [] - for pkey in options[param_name]: - dns.append(ldap_obj.get_dn(pkey)) - flt = ldap.make_filter_from_attr( - attr, dns, ldap.MATCH_ALL - ) - filter = ldap.combine_filters( - (filter, flt), ldap.MATCH_ALL - ) - param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) - if param_name in options: - dns = [] - for pkey in options[param_name]: - dns.append(ldap_obj.get_dn(pkey)) - flt = ldap.make_filter_from_attr( - attr, dns, ldap.MATCH_NONE - ) - filter = ldap.combine_filters( - (filter, flt), ldap.MATCH_ALL - ) + # Handle positive (MATCH_ALL) and negative (MATCH_NONE) + # searches similarly + param_prefixes = relationship[1:] # e.g. ('in_', 'not_in_') + rules = ldap.MATCH_ALL, ldap.MATCH_NONE + for param_prefix, rule in zip(param_prefixes, rules): + param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name)) + if options.get(param_name): + dns = [] + for pkey in options[param_name]: + dns.append(ldap_obj.get_dn(pkey)) + flt = ldap.make_filter_from_attr(attr, dns, rule) + filter = ldap.combine_filters( + (filter, flt), ldap.MATCH_ALL + ) return filter has_output_params = global_output_params |