From e9d68a7b001d23a7bac7cbf52e270c0723f1f69d Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 9 Mar 2012 04:45:15 -0500
Subject: Don't crash when searching with empty relationship options

Empty sequences (and sequences of empty strings) are normalized
to None, but the member filter code expected a list.
This patch extends a test for missing options to also catch
false values.
The functional change is from `if param_name in options:` to
`if options.get(param_name):`; the rest of the patch is code
de-duplication and tests.

These are CSV params with csv_skipspace set, so on the CLI, empty
set is given as a string with just spaces and commas (including
the empty string).

https://fedorahosted.org/freeipa/ticket/2479
---
 ipalib/plugins/baseldap.py | 36 ++++++++++++++----------------------
 1 file changed, 14 insertions(+), 22 deletions(-)

(limited to 'ipalib/plugins/baseldap.py')

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index cf5d8d20e..9562ff987 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -1744,28 +1744,20 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
                 relationship = self.obj.relationships.get(
                     attr, ['member', '', 'no_']
                 )
-                param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name))
-                if param_name in options:
-                    dns = []
-                    for pkey in options[param_name]:
-                        dns.append(ldap_obj.get_dn(pkey))
-                    flt = ldap.make_filter_from_attr(
-                        attr, dns, ldap.MATCH_ALL
-                    )
-                    filter = ldap.combine_filters(
-                        (filter, flt), ldap.MATCH_ALL
-                    )
-                param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name))
-                if param_name in options:
-                    dns = []
-                    for pkey in options[param_name]:
-                        dns.append(ldap_obj.get_dn(pkey))
-                    flt = ldap.make_filter_from_attr(
-                        attr, dns, ldap.MATCH_NONE
-                    )
-                    filter = ldap.combine_filters(
-                        (filter, flt), ldap.MATCH_ALL
-                    )
+                # Handle positive (MATCH_ALL) and negative (MATCH_NONE)
+                # searches similarly
+                param_prefixes = relationship[1:]  # e.g. ('in_', 'not_in_')
+                rules = ldap.MATCH_ALL, ldap.MATCH_NONE
+                for param_prefix, rule in zip(param_prefixes, rules):
+                    param_name = '%s%s' % (param_prefix, to_cli(ldap_obj_name))
+                    if options.get(param_name):
+                        dns = []
+                        for pkey in options[param_name]:
+                            dns.append(ldap_obj.get_dn(pkey))
+                        flt = ldap.make_filter_from_attr(attr, dns, rule)
+                        filter = ldap.combine_filters(
+                            (filter, flt), ldap.MATCH_ALL
+                        )
         return filter
 
     has_output_params = global_output_params
-- 
cgit