Hide Forgot
Description of problem: ipa netgroup-add should not allow commas in value for --nisdomain option. # ipa netgroup-add mynetgroup1 --desc=description1 --nisdomain=testone,testtwo ---------------------------- Added netgroup "mynetgroup1" ---------------------------- Netgroup name: mynetgroup1 Description: description1 NIS domain name: testone,testtwo IPA unique ID: 5e7e205e-5efe-11e1-a7d2-5254008638a1 # ipa netgroup-add-member mynetgroup1 --hosts=one,two Netgroup name: mynetgroup1 Description: description1 NIS domain name: testone,testtwo External host: one, two ------------------------- Number of members added 2 ------------------------- Looking at the triple with ypcat: # ypcat -k -d $DOMAIN -h $MASTER netgroup mynetgroup1 (two,-,testone,testtwo) (one,-,testone,testtwo) Version-Release number of selected component (if applicable): 389-ds-base-1.2.10.1-1.el6.x86_64 389-ds-base-libs-1.2.10.1-1.el6.x86_64 ipa-server-2.2.0-102.20120220T2339zgit7fe095c.el6.x86_64 How reproducible: always Steps to Reproduce: 1. <setup ipa server> 2. kinit admin 3. ipa netgroup-add mytestng1 --desc=test --nisdomain=test1,test2 4. ipa netgroup-add-member mytestng1 --hosts=one,two 5. ipa netgroup-show mytestng1 And to test with ypcat: 6. ipa-compat-manage enable 7. ipa-nis-manage enable 8. service rpcbind restart 9. service dirsrv restart 10. yum install yp-tools 11. ypcat -k -d <domainname> -h localhost netgroup | grep mytestng1 Actual results: # ipa netgroup-add mytestng1 --desc=test --nisdomain=test1,test2 -------------------------- Added netgroup "mytestng1" -------------------------- Netgroup name: mytestng1 Description: test NIS domain name: test1,test2 IPA unique ID: 4e315802-5f02-11e1-8113-5254008638a1 # ipa netgroup-add-member mytestng1 --hosts=one,two Netgroup name: mytestng1 Description: test NIS domain name: test1,test2 External host: one, two ------------------------- Number of members added 2 ------------------------- # ipa netgroup-show mytestng1 Netgroup name: mytestng1 Description: test NIS domain name: test1,test2 External host: two, one # ypcat -k -d $DOMAIN -h localhost netgroup | grep mytestng1 mytestng1 (two,-,test1,test2) (one,-,test1,test2) Expected results: I'd expect some type of error like invalid character or only one value is allowed. Additional info: Other special characters seem to be allowed as well: # ipa netgroup-add mytestng2 --desc=desc2 --nisdomain=seven^\|\!\@\#\$\%\&\*\)\( -------------------------- Added netgroup "mytestng2" -------------------------- Netgroup name: mytestng2 Description: desc2 NIS domain name: seven^|!@#$%&*)( IPA unique ID: ab77f718-5f03-11e1-803b-5254008638a1 # ipa netgroup-add-member mytestng2 --users=admin Netgroup name: mytestng2 Description: desc2 NIS domain name: seven^|!@#$%&*)( Member User: admin ------------------------- Number of members added 1 ------------------------- # ypcat -k -d $DOMAIN -h $MASTER netgroup|grep mytestng2 mytestng2 (-,admin,seven^|!@#$%&*)() /var/log/httpd/error_log entry: [Fri Feb 24 10:16:14 2012] [error] ipa: INFO: admin: netgroup_add(u'mytestng1', description=u'test', nisdomainname=u'test1,test2', all=False, raw=False, version=u'2.26'): SUCCESS This same underlying issue can be seen with ipa netgroup-mod: # ipa netgroup-mod mytestng1 --setattr=nisdomainname=one,two,three ----------------------------- Modified netgroup "mytestng1" ----------------------------- Netgroup name: mytestng1 Description: test NIS domain name: one,two,three # ipa netgroup-mod mytestng1 --nisdomain=five,six ----------------------------- Modified netgroup "mytestng1" ----------------------------- Netgroup name: mytestng1 Description: test NIS domain name: five,six
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2448
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/5cfee2338d548035151926c5c235f3426fca0499 ipa-2-2: https://fedorahosted.org/freeipa/changeset/df0e73a5dbfb4ad09a74c930f4d7e6d0721e5c9b
Verified. Version :: ipa-server-2.2.0-7.el6.x86_64 Automated Test Results :: # netgroup_bz_797237 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: netgroup_bz_797237: ipa netgroup-add and netgroup-mod --nisdomain should not allow commas :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'ipa netgroup-add netgroup_bz_797237_1 --desc=desc1 --nisdomain=test1,test2 > /tmp/errormsg.out 2>&1' :: [ PASS ] :: BZ 797237 not found for netgroup-add with comma ipa: ERROR: netgroup_bz_797237_1: netgroup not found :: [ PASS ] :: Running 'ipa netgroup-del netgroup_bz_797237_1' :: [ PASS ] :: Running 'ipa netgroup-add netgroup_bz_797237_2 --desc=desc2 --nisdomain=test^\|\!\@\#$\%\&\*\)\( > /tmp/errormsg.out 2>&1' :: [ PASS ] :: BZ 797237 not found for netgroup-add --nisdomain with other invalid chars ipa: ERROR: netgroup_bz_797237_2: netgroup not found :: [ PASS ] :: Running 'ipa netgroup-del netgroup_bz_797237_2' ------------------------------------- Added netgroup "netgroup_bz_797237_3" ------------------------------------- Netgroup name: netgroup_bz_797237_3 Description: desc3 NIS domain name: testrelm.com IPA unique ID: 4d5f9166-7e9a-11e1-8f5c-5254003c4d38 :: [ PASS ] :: Running 'ipa netgroup-add netgroup_bz_797237_3 --desc=desc3' :: [ PASS ] :: Running 'ipa netgroup-mod netgroup_bz_797237_3 --nisdomain=test3,test4 > /tmp/errormsg.out 2>&1' :: [ PASS ] :: BZ 797237 not found for netgroup-mod --nisdomain with comma. --------------------------------------- Deleted netgroup "netgroup_bz_797237_3" --------------------------------------- :: [ PASS ] :: Running 'ipa netgroup-del netgroup_bz_797237_3' ------------------------------------- Added netgroup "netgroup_bz_797237_4" ------------------------------------- Netgroup name: netgroup_bz_797237_4 Description: desc4 NIS domain name: testrelm.com IPA unique ID: 50922a06-7e9a-11e1-b284-5254003c4d38 :: [ PASS ] :: Running 'ipa netgroup-add netgroup_bz_797237_4 --desc=desc4' :: [ PASS ] :: Running 'ipa netgroup-mod netgroup_bz_797237_4 --setattr=nisdomainname=test5,test6 > /tmp/errormsg.out 2>&1' :: [ PASS ] :: BZ 797237 not found for netgroup-mod --setattr=nisdomainname with comma. --------------------------------------- Deleted netgroup "netgroup_bz_797237_4" --------------------------------------- :: [ PASS ] :: Running 'ipa netgroup-del netgroup_bz_797237_4' ------------------------------------- Added netgroup "netgroup_bz_797237_5" ------------------------------------- Netgroup name: netgroup_bz_797237_5 Description: desc5 NIS domain name: testrelm.com IPA unique ID: 547b8a40-7e9a-11e1-936e-5254003c4d38 :: [ PASS ] :: Running 'ipa netgroup-add netgroup_bz_797237_5 --desc=desc5' :: [ PASS ] :: Running 'ipa netgroup-mod netgroup_bz_797237_5 --setattr=nisdomain=test^\|\!\@\#$\%\&\*\)\( > /tmp/errormsg.out 2>&1' :: [ PASS ] :: BZ 797237 not found for netgroup-add --nisdomain with other invalid chars --------------------------------------- Deleted netgroup "netgroup_bz_797237_5" --------------------------------------- :: [ PASS ] :: Running 'ipa netgroup-del netgroup_bz_797237_5' Manual Test Results :: # ipa netgroup-add netgroup1 --desc=test --nisdomain=one,two ipa: ERROR: invalid 'nisdomain': may only include letters, numbers, _, -, and . # ipa netgroup-add netgroup1 --desc=test -------------------------- Added netgroup "netgroup1" -------------------------- Netgroup name: netgroup1 Description: test NIS domain name: testrelm.com IPA unique ID: 6728013c-7e9a-11e1-afe3-5254003c4d38 # ipa netgroup-mod netgroup1 --nisdomain=one,two ipa: ERROR: invalid 'nisdomain': may only include letters, numbers, _, -, and . #
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html