Bug 458488 - rhds80 RFE - Console doesn't type-check input for schema-defined INTEGER attributes
rhds80 RFE - Console doesn't type-check input for schema-defined INTEGER attr...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - Configuration (Show other bugs)
8.0
All Linux
high Severity high
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
: FutureFeature
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
 
Reported: 2008-08-08 16:15 EDT by Issue Tracker
Modified: 2015-01-04 18:33 EST (History)
6 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-29 19:06:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (7.84 KB, patch)
2008-12-09 12:33 EST, Rich Megginson
no flags Details | Diff
cvs commit log (512 bytes, text/plain)
2008-12-09 21:53 EST, Rich Megginson
no flags Details

  None (edit)
Comment 4 Rich Megginson 2008-12-09 11:46:40 EST
One more question - should the console allow a value of "0" for uid number and/or gid number?

1) Console should allow an explicit value of "0" for uid and gid number - no warning
2) Console should allow an explicit value of "0" for uid and gid number, and should present a warning dialog to the user
3) Console should prevent a value of "0"
Comment 5 Rich Megginson 2008-12-09 12:33:30 EST
Created attachment 326368 [details]
diffs
Comment 6 Chris Evich 2008-12-09 12:40:02 EST
In my [very] humble opinion, #2 is the right thing to do.  

However, in general non-numeric entry into a schema defined numeric attribute needs to return an error.  As per the RFC, this is to be enforced client-side (i.e. in the console).
Comment 7 Rich Megginson 2008-12-09 12:51:30 EST
(In reply to comment #6)
> In my [very] humble opinion, #2 is the right thing to do.  
> 
> However, in general non-numeric entry into a schema defined numeric attribute
> needs to return an error.  As per the RFC, this is to be enforced client-side
> (i.e. in the console).

Ok.  In general, except for the Advanced... attribute editor, the console is too "big" to enforce this console wide.  That's why I focused on uidNumber and gidNumber for this particular problem.  I will also fix the Advanced... editor.  Are there any other specific fields that need to be fixed?
Comment 8 Chris Evich 2008-12-09 13:41:13 EST
Ahh, gotcha.  In the simple user and group edit dialogs, no, those are the most important.  Thanks :)
Comment 9 Rich Megginson 2008-12-09 16:51:53 EST
The Advanced... editor classes (DSEntryPanel and AttributeEditor) don't have any provision for input validation.  There are different editors based on attribute name (objectclass,jpegPhoto) and syntax (binary), but there is nothing that will enable/disable the OK button and/or show you visual indication of field status (e.g. as in the Configuration tab panels).  It would take a bit of work to add that.

For generic validation based on syntax, there are some problems.
1) Since the DS does disallow non-syntax values, and users may have taken advantage of this, even by editing the value via ldapmodify, you could find yourself in the situation where the Advanced editor does not work for a specific attribute/value
2) For integer fields, would need to have the ability to specify a different range (min, max vals) for each field based on attribute name e.g. uidNumber should disallow negative numbers, and warn for a value of 0 - other fields might allow a value of -1 to mean "unlimited" or something like that

So I'm reluctant to add all of this for 8.1.  But, even with the above fix, the user can still go into the Advanced editor and edit uidNumber to a non-integer value.
Comment 10 Rich Megginson 2008-12-09 21:53:50 EST
Created attachment 326445 [details]
cvs commit log

Reviewed by: nhosoi (Thanks!)
Fix Description: Fixed for posix uidNumber and gidNumber.  Non numeric or negative values will be rejected.  If the user specifies an explicit value of 0, a warning dialog will ask if the user really wants to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes
Comment 11 Jenny Galipeau 2009-03-16 09:23:17 EDT
fix verified - RHEL 5 DS 8.1
errors:
The uidNumber field must have a numeric value.
The gidNumber field must have a numberic value.
The uidNumber field does not have a valid value. (negative number)

warning:
The value 0 is for privileged users only.
Assigning this value to a user will give this user privileged access.
Do you really want to use this value?
Comment 12 Chandrasekar Kannan 2009-04-29 19:06:01 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html

Note You need to log in before you can comment on or make changes to this bug.