Bug 853931
Summary: | Possible to set invalid macros in Macro ACIs | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ján Rusnačko <jrusnack> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Sankar Ramalingam <sramling> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | jgalipea, nhosoi, nkinder |
Target Milestone: | rc | ||
Target Release: | 7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.1.6-4.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 13:19:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ján Rusnačko
2012-09-03 10:48:00 UTC
We are not going to fix this in RHEL 6. Pushing out to RHEL 7. Upstream ticket: https://fedorahosted.org/389/ticket/449 Re-opening, as the tp22 and tp25 acceptance test cases in acl/macro-acis/syntax.sh are failing. The tp22 test for macro ACIs tries to set a macro using $ATTR instead of $attr. It expects this to be rejected with a syntax violation (err=21). The code in DS actually allows the "attr" macro keyword in any case: ------------------------------------------------------------------ In __aclp__sanity_check_acltxt: } else if ((s = strstr(word, "($")) || (s = strstr(word, "[$"))) { if ((0 != strncasecmp(s, ACL_RULE_MACRO_DN_KEY, sizeof(ACL_RULE_MACRO_DN_KEY) - 1)) && (0 != strncasecmp(s, ACL_RULE_MACRO_DN_LEVELS_KEY, sizeof(ACL_RULE_MACRO_DN_LEVELS_KEY) - 1)) && (0 != strncasecmp(s, ACL_RULE_MACRO_ATTR_KEY, sizeof(ACL_RULE_MACRO_ATTR_KEY) - 1))) { slapi_ch_free ( (void **) &newstr ); return ACL_SYNTAX_ERR; } ------------------------------------------------------------------ Allowing the macro keywords to be specified in any case seems fine to me (and more useful/tolerant). I am concerned that we aren't so tolerant of case in evaluating the acis though. In acllas.c, we use strstr() to check for the macro keywords: ------------------------------------------------------------------ if ((strstr (user, ACL_RULE_MACRO_DN_KEY) != NULL) || (strstr (user, ACL_RULE_MACRO_DN_LEVELS_KEY) != NULL) || (strstr (user, ACL_RULE_MACRO_ATTR_KEY) != NULL)) { ------------------------------------------------------------------ We need to make the code in acllas.c more tolerant of case by using strcasestr(). We will need to adjust the expected result in tp22 in acl/macro-acis/syntax.sh to expect rc=0. Also, tp25 still fails in acl/macro-acis/syntax.sh. It expects us to reject "$attr..description" with err=21, but we allow it. We should reject this due to the extra '.' character. moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata). When the errata is created, the bugs should be automatically moved back to ON_QA. All ACI tests are passing on RHEL 7 daily acceptance with 389-ds-base-1.3.1.6-8.el7. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |