Bug 770952

Summary: Adding a netgroup with a "+" in the name that overlaps hostgroup causes crash
Product: [Retired] freeIPA Reporter: James Cape <jamescape777>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED UPSTREAM QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.1CC: benl, dpal, jgalipea
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 772043 (view as bug list) Environment:
Last Closed: 2012-02-27 22:18:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 772043    

Description James Cape 2011-12-30 13:36:02 UTC 
Description of problem:

When you create an NIS netgroup named +(hostgroup), 389 crashes and then crashes on startup (last log item is a note about database recovery).

Version-Release number of selected component (if applicable):

2.1.4-3.fc16.x86_64 (from updates-testing as of 2011-12-29)

How reproducible:

Haven't tried on a test setup, consistently crashed, however.

Steps to Reproduce:
1. Create a hostgroup "buildserv"
2. Add a server to it
3. Create a sudo command-group "software-install" that mirrors the standard SOFTWARE cmnd_alias.
4. Create a sudo rule "developers_buildserv" which allows members of the "developers" group to run softare on the host named "+buildserv"
5. Create an NIS netgroup "+buildserv"

Actual results:

389 crashes, crashes again when restarting.

Expected results:

The server refuses to create +buildserv, lets you know you're doing something dumb.

Additional info:

The corrective action was:

1. Use db2ldif to dump the database to LDIF
2. Manually edit the dump to rename the "buildserv" netgroup
3. Re-import with ldif2db
4. Delete the host group
5. Delete the netgroup
6. Re-add the host group.
Comment 1 Dmitri Pal 2012-01-05 18:15:12 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2221
Comment 2 Rob Crittenden 2012-02-27 22:18:21 UTC 
Allowed characters are a-z, 0-9, -, _ and .

Also restricting hostgroup names with same list.

Fixed upstream

master: 7d7322de2eb0de61ea917d03662452d3efa4c834

ipa-2-2: 85462d063453f8614b63eddbba568fed034b0037