Do not crash on empty reverse member options

Calling a LDAP{Add,Remove}ReverseMember with an empty reverse_member caused an internal error, because empty values are converted to None, which is then iterated. Use an empty list instead of None (or other false falues, of which we only use the empty list). https://fedorahosted.org/freeipa/ticket/2681
author: Petr Viktorin <pviktori@redhat.com> 2012-04-27 07:15:56 -0400
committer: Martin Kosek <mkosek@redhat.com> 2012-05-07 17:21:58 +0200
commit: 0206dbe79502dd06b9c44622ead4635e430e3620 (patch)
tree: ce241048b05e5d385c51c2b0218adf9aa7253fe7
parent: c45174d68009076781431ad13a51bd454f6e3ce8 (diff)
download: freeipa.git-0206dbe79502dd06b9c44622ead4635e430e3620.tar.gz
freeipa.git-0206dbe79502dd06b9c44622ead4635e430e3620.tar.xz
freeipa.git-0206dbe79502dd06b9c44622ead4635e430e3620.zip
3 files changed, 88 insertions, 2 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index d37a20d1..5a8013ef 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -1966,7 +1966,7 @@ class LDAPAddReverseMember(LDAPModReverseMember):
         entry_start = self.api.Command[self.show_command](keys[-1])['result']
         completed = 0
         failed = {'member': {self.reverse_attr: []}}
-        for attr in options.get(self.reverse_attr, []):
+        for attr in options.get(self.reverse_attr) or []:
             try:
                 options = {'%s' % self.member_attr: keys[-1]}
                 try:
@@ -2073,7 +2073,7 @@ class LDAPRemoveReverseMember(LDAPModReverseMember):
         entry_start = self.api.Command[self.show_command](keys[-1])['result']
         completed = 0
         failed = {'member': {self.reverse_attr: []}}
-        for attr in options.get(self.reverse_attr, []):
+        for attr in options.get(self.reverse_attr) or []:
             try:
                 options = {'%s' % self.member_attr: keys[-1]}
                 try:
diff --git a/tests/test_xmlrpc/test_privilege_plugin.py b/tests/test_xmlrpc/test_privilege_plugin.py
index eb812068..d8d9b22a 100644
--- a/tests/test_xmlrpc/test_privilege_plugin.py
+++ b/tests/test_xmlrpc/test_privilege_plugin.py
@@ -348,6 +348,50 @@ class test_privilege(Declarative):
 
 
         dict(
+            desc='Add zero permissions to %r' % privilege1,
+            command=('privilege_add_permission', [privilege1],
+                dict(permission=None),
+            ),
+            expected=dict(
+                completed=0,
+                failed=dict(
+                    member=dict(
+                        permission=[],
+                    ),
+                ),
+                result={
+                    'dn': lambda x: DN(x) == privilege1_dn,
+                    'cn': [privilege1],
+                    'description': [u'New desc 1'],
+                    'memberof_permission': [permission2],
+                }
+            ),
+        ),
+
+
+        dict(
+            desc='Remove zero permissions from %r' % privilege1,
+            command=('privilege_remove_permission', [privilege1],
+                dict(permission=None),
+            ),
+            expected=dict(
+                completed=0,
+                failed=dict(
+                    member=dict(
+                        permission=[],
+                    ),
+                ),
+                result={
+                    'dn': lambda x: DN(x) == privilege1_dn,
+                    'cn': [privilege1],
+                    'description': [u'New desc 1'],
+                    'memberof_permission': [permission2],
+                }
+            ),
+        ),
+
+
+        dict(
             desc='Delete %r' % privilege1,
             command=('privilege_del', [privilege1], {}),
             expected=dict(
diff --git a/tests/test_xmlrpc/test_role_plugin.py b/tests/test_xmlrpc/test_role_plugin.py
index 62bc6ead..e2bd28cd 100644
--- a/tests/test_xmlrpc/test_role_plugin.py
+++ b/tests/test_xmlrpc/test_role_plugin.py
@@ -202,6 +202,48 @@ class test_role(Declarative):
 
 
         dict(
+            desc='Add zero privileges to role %r' % role1,
+            command=('role_add_privilege', [role1], dict(privilege=None)
+            ),
+            expected=dict(
+                completed=0,
+                failed=dict(
+                    member=dict(
+                        privilege=[],
+                    ),
+                ),
+                result={
+                    'dn': lambda x: DN(x) == role1_dn,
+                    'cn': [role1],
+                    'description': [u'role desc 1'],
+                    'memberof_privilege': [privilege1],
+                }
+            ),
+        ),
+
+
+        dict(
+            desc='Remove zero privileges from role %r' % role1,
+            command=('role_remove_privilege', [role1], dict(privilege=None)
+            ),
+            expected=dict(
+                completed=0,
+                failed=dict(
+                    member=dict(
+                        privilege=[],
+                    ),
+                ),
+                result={
+                    'dn': lambda x: DN(x) == role1_dn,
+                    'cn': [role1],
+                    'description': [u'role desc 1'],
+                    'memberof_privilege': [privilege1],
+                }
+            ),
+        ),
+
+
+        dict(
             desc='Add member %r to %r' % (group1, role1),
             command=('role_add_member', [role1], dict(group=group1)),
             expected=dict(
author	Petr Viktorin <pviktori@redhat.com>	2012-04-27 07:15:56 -0400
committer	Martin Kosek <mkosek@redhat.com>	2012-05-07 17:21:58 +0200
commit	0206dbe79502dd06b9c44622ead4635e430e3620 (patch)
tree	ce241048b05e5d385c51c2b0218adf9aa7253fe7
parent	c45174d68009076781431ad13a51bd454f6e3ce8 (diff)
download	freeipa.git-0206dbe79502dd06b9c44622ead4635e430e3620.tar.gz freeipa.git-0206dbe79502dd06b9c44622ead4635e430e3620.tar.xz freeipa.git-0206dbe79502dd06b9c44622ead4635e430e3620.zip