Bug 430021 - XML-RPC validation
Summary: XML-RPC validation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 1.0
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: freeipa10 429034
TreeView+ depends on / blocked
 
Reported: 2008-01-24 06:58 UTC by Chandrasekar Kannan
Modified: 2012-03-27 07:14 UTC (History)
5 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-27 07:14:34 UTC
Embargoed:

Attachments (Terms of Use)
do more input type checking (27.16 KB, patch)
2008-02-29 15:58 UTC, Rob Crittenden 		no flags Details | Diff
View All

Description Chandrasekar Kannan 2008-01-24 06:58:03 UTC 
Ticket #131 (assigned task)

Opened 2 months ago

Last modified 1 month ago
XML-RPC validation
Reported by: 	rcritten 	Assigned to: 	rcritten (accepted)
Priority: 	major 	Milestone: 	release-1
Component: 	ipa-server 	Version: 	1.0
Keywords: 		Cc: 	
Description ¶

Little to no validation is done on incoming data to the XML-RPC layer. This needs to be reviewed.

Here are some specific things:

- Check for uniqueness of a uidNumber if it changes - Enforce certain data types on some fields:

    * uidNumber and gidNumber are integers
    * e-mail addr is well-formed
    * login name is legal 

- Some fields should be required (user-configurable too?) - Don't allow the krbprincipalname field to change unless doing an RDN change - There are also surely other generic validations to be done and this should easily support plugins that may require specific things.
Attachments

freeipa-432-valid.patch (3.9 kB) - added by rcritten on 2007-11-30 11:30:22.
    verify that the default users group exists
freeipa-502-cleanup.patch (32.9 kB) - added by rcritten on 2007-12-11 12:15:47.
    See the next entry for details
freeipa-573-norealm.patch (0.9 kB) - added by rcritten on 2008-01-07 11:53:00.
    In add_service_principal() don't let the user pass in the realm

Change History
2007-11-30 11:29:40 changed by rcritten ¶

    * status changed from new to assigned.

2007-11-30 11:30:22 changed by rcritten

    * attachment freeipa-432-valid.patch added.

verify that the default users group exists
2007-12-05 11:44:10 changed by kmacmill ¶

    * milestone changed from milestone-6 to release-1.

2007-12-11 12:15:47 changed by rcritten

    * attachment freeipa-502-cleanup.patch added.

See the next entry for details
2007-12-11 12:16:01 changed by rcritten ¶

This does the following:

- Makes the old argument optional on update_*. If it doesn't exist the current record is looked up and used for comparison. - Checks for existence of required arguments (not always data type, that may come next) - Fix a slew of errors reported by pychecker - Converted some things from C-isms to be more python-ish (return True instead of 1)
2008-01-07 11:53:00 changed by rcritten

    * attachment freeipa-573-norealm.patch added.

In add_service_principal() don't let the user pass in the realm
Comment 3 Rob Crittenden 2008-02-29 15:58:49 UTC 
Created attachment 296372 [details]
do more input type checking
Comment 4 Rob Crittenden 2008-03-03 14:58:59 UTC 
Committed in change set 702
Comment 5 Yi Zhang 2008-04-07 17:10:59 UTC 
a comprehensive test will be perform in next release

qa verified, bug closed
build used: 4-7-2008 daily build
Note You need to log in before you can comment on or make changes to this bug.