Bug 430021 - XML-RPC validation
XML-RPC validation
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
Depends On:
Blocks: freeipa10 429034
  Show dependency treegraph
Reported: 2008-01-24 01:58 EST by Chandrasekar Kannan
Modified: 2012-03-27 03:14 EDT (History)
5 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-27 03:14:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
do more input type checking (27.16 KB, patch)
2008-02-29 10:58 EST, Rob Crittenden
no flags Details | Diff

  None (edit)
Description Chandrasekar Kannan 2008-01-24 01:58:03 EST
Ticket #131 (assigned task)

Opened 2 months ago

Last modified 1 month ago
XML-RPC validation
Reported by: 	rcritten 	Assigned to: 	rcritten (accepted)
Priority: 	major 	Milestone: 	release-1
Component: 	ipa-server 	Version: 	1.0
Keywords: 		Cc: 	
Description ¶

Little to no validation is done on incoming data to the XML-RPC layer. This needs to be reviewed.

Here are some specific things:

- Check for uniqueness of a uidNumber if it changes - Enforce certain data types on some fields:

    * uidNumber and gidNumber are integers
    * e-mail addr is well-formed
    * login name is legal 

- Some fields should be required (user-configurable too?) - Don't allow the krbprincipalname field to change unless doing an RDN change - There are also surely other generic validations to be done and this should easily support plugins that may require specific things.

freeipa-432-valid.patch (3.9 kB) - added by rcritten on 2007-11-30 11:30:22.
    verify that the default users group exists
freeipa-502-cleanup.patch (32.9 kB) - added by rcritten on 2007-12-11 12:15:47.
    See the next entry for details
freeipa-573-norealm.patch (0.9 kB) - added by rcritten on 2008-01-07 11:53:00.
    In add_service_principal() don't let the user pass in the realm

Change History
2007-11-30 11:29:40 changed by rcritten ¶

    * status changed from new to assigned.

2007-11-30 11:30:22 changed by rcritten

    * attachment freeipa-432-valid.patch added.

verify that the default users group exists
2007-12-05 11:44:10 changed by kmacmill ¶

    * milestone changed from milestone-6 to release-1.

2007-12-11 12:15:47 changed by rcritten

    * attachment freeipa-502-cleanup.patch added.

See the next entry for details
2007-12-11 12:16:01 changed by rcritten ¶

This does the following:

- Makes the old argument optional on update_*. If it doesn't exist the current record is looked up and used for comparison. - Checks for existence of required arguments (not always data type, that may come next) - Fix a slew of errors reported by pychecker - Converted some things from C-isms to be more python-ish (return True instead of 1)
2008-01-07 11:53:00 changed by rcritten

    * attachment freeipa-573-norealm.patch added.

In add_service_principal() don't let the user pass in the realm
Comment 3 Rob Crittenden 2008-02-29 10:58:49 EST
Created attachment 296372 [details]
do more input type checking
Comment 4 Rob Crittenden 2008-03-03 09:58:59 EST
Committed in change set 702
Comment 5 Yi Zhang 2008-04-07 13:10:59 EDT
a comprehensive test will be perform in next release

qa verified, bug closed
build used: 4-7-2008 daily build

Note You need to log in before you can comment on or make changes to this bug.