Bug 670670 - internal error triggered by empty filter string in ipa permission-add
Summary: internal error triggered by empty filter string in ipa permission-add
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 2.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-18 23:13 UTC by Yi Zhang
Modified: 2015-01-04 23:45 UTC (History)
3 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-28 09:41:03 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Yi Zhang 2011-01-18 23:13:48 UTC 
Description of problem:
Run this command:
ipa permission-add testonly --desc testonly --attrs=uidnumber --permissions=read,write --filter=
(Please note: filter has empty string as parameter)

trigger ipa server through "internal error"


Version-Release number of selected component (if applicable):ipa-server-2.0-0.2011011115gitc778919.fc14.i686


How reproducible: always


Steps to Reproduce:
1. Install ipa-server
2. kinit as admin
3. run "ipa permission-add testonly --desc testonly --attrs=uidnumber --permissions=read,write --filter="

  
Actual results:
[yi@dhcp-137 ipa-delegation]$ ipa permission-add testonly --desc testonly --attrs=uidnumber --permissions=read,write --filter=
ipa: ERROR: an internal error has occurred

Expected results:


Additional info:
---------- httpd error log ----------
[Tue Jan 18 15:06:11 2011] [error] ipa: ERROR: non-public: AttributeError: 'NoneType' object has no attribute 'startswith'
[Tue Jan 18 15:06:11 2011] [error] Traceback (most recent call last):
[Tue Jan 18 15:06:11 2011] [error]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 211, in wsgi_execute
[Tue Jan 18 15:06:11 2011] [error]     result = self.Command[name](*args, **options)
[Tue Jan 18 15:06:11 2011] [error]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 417, in __call__
[Tue Jan 18 15:06:11 2011] [error]     ret = self.run(*args, **options)
[Tue Jan 18 15:06:11 2011] [error]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 696, in run
[Tue Jan 18 15:06:11 2011] [error]     return self.execute(*args, **options)
[Tue Jan 18 15:06:11 2011] [error]   File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 536, in execute
[Tue Jan 18 15:06:11 2011] [error]     ldap, dn, entry_attrs, attrs_list, *keys, **options
[Tue Jan 18 15:06:11 2011] [error]   File "/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py", line 167, in pre_callback
[Tue Jan 18 15:06:11 2011] [error]     raise e
[Tue Jan 18 15:06:11 2011] [error] AttributeError: 'NoneType' object has no attribute 'startswith'
Comment 1 Dmitri Pal 2011-01-19 17:09:30 UTC 
https://fedorahosted.org/freeipa/ticket/808
Comment 2 Rob Crittenden 2011-01-21 15:49:23 UTC 
master: fc28fae03fd1510d571a5011ef9d712c7778e578

This also adds some basic filter validation. Note that a filter that looks strange is not necessarily bad. For example, this is a perfectly valid filter: cn=

Useful? No, but legal.
Note You need to log in before you can comment on or make changes to this bug.