Bug 458488 - rhds80 RFE - Console doesn't type-check input for schema-defined INTEGER attributes
Summary: rhds80 RFE - Console doesn't type-check input for schema-defined INTEGER attr...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - Configuration
Version: 8.0
Hardware: All
OS: Linux
high
high
Target Milestone: ---
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 249650 FDS1.2.0
TreeView+ depends on / blocked
 
Reported: 2008-08-08 20:15 UTC by Issue Tracker
Modified: 2018-10-20 03:13 UTC (History)
6 users (show)

Fixed In Version: 8.1
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-29 23:06:01 UTC


Attachments (Terms of Use)
diffs (7.84 KB, patch)
2008-12-09 17:33 UTC, Rich Megginson
no flags Details | Diff
cvs commit log (512 bytes, text/plain)
2008-12-10 02:53 UTC, Rich Megginson
no flags Details

Comment 4 Rich Megginson 2008-12-09 16:46:40 UTC
One more question - should the console allow a value of "0" for uid number and/or gid number?

1) Console should allow an explicit value of "0" for uid and gid number - no warning
2) Console should allow an explicit value of "0" for uid and gid number, and should present a warning dialog to the user
3) Console should prevent a value of "0"

Comment 5 Rich Megginson 2008-12-09 17:33:30 UTC
Created attachment 326368 [details]
diffs

Comment 6 Chris Evich 2008-12-09 17:40:02 UTC
In my [very] humble opinion, #2 is the right thing to do.  

However, in general non-numeric entry into a schema defined numeric attribute needs to return an error.  As per the RFC, this is to be enforced client-side (i.e. in the console).

Comment 7 Rich Megginson 2008-12-09 17:51:30 UTC
(In reply to comment #6)
> In my [very] humble opinion, #2 is the right thing to do.  
> 
> However, in general non-numeric entry into a schema defined numeric attribute
> needs to return an error.  As per the RFC, this is to be enforced client-side
> (i.e. in the console).

Ok.  In general, except for the Advanced... attribute editor, the console is too "big" to enforce this console wide.  That's why I focused on uidNumber and gidNumber for this particular problem.  I will also fix the Advanced... editor.  Are there any other specific fields that need to be fixed?

Comment 8 Chris Evich 2008-12-09 18:41:13 UTC
Ahh, gotcha.  In the simple user and group edit dialogs, no, those are the most important.  Thanks :)

Comment 9 Rich Megginson 2008-12-09 21:51:53 UTC
The Advanced... editor classes (DSEntryPanel and AttributeEditor) don't have any provision for input validation.  There are different editors based on attribute name (objectclass,jpegPhoto) and syntax (binary), but there is nothing that will enable/disable the OK button and/or show you visual indication of field status (e.g. as in the Configuration tab panels).  It would take a bit of work to add that.

For generic validation based on syntax, there are some problems.
1) Since the DS does disallow non-syntax values, and users may have taken advantage of this, even by editing the value via ldapmodify, you could find yourself in the situation where the Advanced editor does not work for a specific attribute/value
2) For integer fields, would need to have the ability to specify a different range (min, max vals) for each field based on attribute name e.g. uidNumber should disallow negative numbers, and warn for a value of 0 - other fields might allow a value of -1 to mean "unlimited" or something like that

So I'm reluctant to add all of this for 8.1.  But, even with the above fix, the user can still go into the Advanced editor and edit uidNumber to a non-integer value.

Comment 10 Rich Megginson 2008-12-10 02:53:50 UTC
Created attachment 326445 [details]
cvs commit log

Reviewed by: nhosoi (Thanks!)
Fix Description: Fixed for posix uidNumber and gidNumber.  Non numeric or negative values will be rejected.  If the user specifies an explicit value of 0, a warning dialog will ask if the user really wants to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes

Comment 11 Jenny Severance 2009-03-16 13:23:17 UTC
fix verified - RHEL 5 DS 8.1
errors:
The uidNumber field must have a numeric value.
The gidNumber field must have a numberic value.
The uidNumber field does not have a valid value. (negative number)

warning:
The value 0 is for privileged users only.
Assigning this value to a user will give this user privileged access.
Do you really want to use this value?

Comment 12 Chandrasekar Kannan 2009-04-29 23:06:01 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html


Note You need to log in before you can comment on or make changes to this bug.