Bug 853931
| Summary: | Possible to set invalid macros in Macro ACIs | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Ján Rusnačko <jrusnack> |
| Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Sankar Ramalingam <sramling> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | jgalipea, nhosoi, nkinder |
| Target Milestone: | rc | ||
| Target Release: | 7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.3.1.6-4.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 13:19:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ján Rusnačko
2012-09-03 10:48:00 UTC
We are not going to fix this in RHEL 6. Pushing out to RHEL 7. Upstream ticket: https://fedorahosted.org/389/ticket/449 Re-opening, as the tp22 and tp25 acceptance test cases in acl/macro-acis/syntax.sh are failing.
The tp22 test for macro ACIs tries to set a macro using $ATTR instead of $attr. It expects this to be rejected with a syntax violation (err=21). The code in DS actually allows the "attr" macro keyword in any case:
------------------------------------------------------------------
In __aclp__sanity_check_acltxt:
} else if ((s = strstr(word, "($")) || (s = strstr(word, "[$"))) {
if ((0 != strncasecmp(s, ACL_RULE_MACRO_DN_KEY,
sizeof(ACL_RULE_MACRO_DN_KEY) - 1)) &&
(0 != strncasecmp(s, ACL_RULE_MACRO_DN_LEVELS_KEY,
sizeof(ACL_RULE_MACRO_DN_LEVELS_KEY) - 1)) &&
(0 != strncasecmp(s, ACL_RULE_MACRO_ATTR_KEY,
sizeof(ACL_RULE_MACRO_ATTR_KEY) - 1))) {
slapi_ch_free ( (void **) &newstr );
return ACL_SYNTAX_ERR;
}
------------------------------------------------------------------
Allowing the macro keywords to be specified in any case seems fine to me (and more useful/tolerant). I am concerned that we aren't so tolerant of case in evaluating the acis though. In acllas.c, we use strstr() to check for the macro keywords:
------------------------------------------------------------------
if ((strstr (user, ACL_RULE_MACRO_DN_KEY) != NULL) ||
(strstr (user, ACL_RULE_MACRO_DN_LEVELS_KEY) != NULL) ||
(strstr (user, ACL_RULE_MACRO_ATTR_KEY) != NULL)) {
------------------------------------------------------------------
We need to make the code in acllas.c more tolerant of case by using strcasestr(). We will need to adjust the expected result in tp22 in acl/macro-acis/syntax.sh to expect rc=0.
Also, tp25 still fails in acl/macro-acis/syntax.sh. It expects us to reject "$attr..description" with err=21, but we allow it. We should reject this due to the extra '.' character.
moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata). When the errata is created, the bugs should be automatically moved back to ON_QA. All ACI tests are passing on RHEL 7 daily acceptance with 389-ds-base-1.3.1.6-8.el7. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |