Don't crash when searching with empty relationship options

Empty sequences (and sequences of empty strings) are normalized to None, but the member filter code expected a list. This patch extends a test for missing options to also catch false values. The functional change is from `if param_name in options:` to `if options.get(param_name):`; the rest of the patch is code de-duplication and tests. These are CSV params with csv_skipspace set, so on the CLI, empty set is given as a string with just spaces and commas (including the empty string). https://fedorahosted.org/freeipa/ticket/2479
author: Petr Viktorin <pviktori@redhat.com> 2012-03-09 04:45:15 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2012-03-13 23:28:53 -0400
commit: e9d68a7b001d23a7bac7cbf52e270c0723f1f69d (patch)
tree: f424c9aaf2983c559b75399dae4f383335e8ccfc /ipalib/plugins/baseldap.py
parent: 17ba58aa4b6d59b159754351631165a9de61718a (diff)
download: freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.gz
freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.xz
freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.zip
1 files changed, 14 insertions, 22 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index cf5d8d20e..9562ff987 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
                 relationship = self.obj.relationships.get(
                     attr, ['member', '', 'no_']
                 )
-                param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name))
-                if param_name in options:
-                    dns = []
-                    for pkey in options[param_name]:
-                        dns.append(ldap_obj.get_dn(pkey))
-                    flt = ldap.make_filter_from_attr(
-                        attr, dns, ldap.MATCH_ALL
-                    )
-                    filter = ldap.combine_filters(
-                        (filter, flt), ldap.MATCH_ALL
-                    )
-                param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name))
-                if param_name in options:
-                    dns = []
-                    for pkey in options[param_name]:
-                        dns.append(ldap_obj.get_dn(pkey))
-                    flt = ldap.make_filter_from_attr(
-                        attr, dns, ldap.MATCH_NONE
-                    )
-                    filter = ldap.combine_filters(
-                        (filter, flt), ldap.MATCH_ALL
-                    )
+                # Handle positive (MATCH_ALL) and negative (MATCH_NONE)
+                # searches similarly
+                param_prefixes = relationship[1:]  # e.g. ('in_', 'not_in_')
+                rules = ldap.MATCH_ALL, ldap.MATCH_NONE
+                for param_prefix, rule in zip(param_prefixes, rules):
+                    param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name))
+                    if options.get(param_name):
+                        dns = []
+                        for pkey in options[param_name]:
+                            dns.append(ldap_obj.get_dn(pkey))
+                        flt = ldap.make_filter_from_attr(attr, dns, rule)
+                        filter = ldap.combine_filters(
+                            (filter, flt), ldap.MATCH_ALL
+                        )
         return filter
 
     has_output_params = global_output_params
author	Petr Viktorin <pviktori@redhat.com>	2012-03-09 04:45:15 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2012-03-13 23:28:53 -0400
commit	e9d68a7b001d23a7bac7cbf52e270c0723f1f69d (patch)
tree	f424c9aaf2983c559b75399dae4f383335e8ccfc /ipalib/plugins/baseldap.py
parent	17ba58aa4b6d59b159754351631165a9de61718a (diff)
download	freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.gz freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.tar.xz freeipa-e9d68a7b001d23a7bac7cbf52e270c0723f1f69d.zip