Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 816624 - ipa privilege-remove-permission with blank permission throws internal error
Summary: ipa privilege-remove-permission with blank permission throws internal error
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.2
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-26 14:20 UTC by Namita Soman
Modified: 2013-08-19 15:20 UTC (History)
2 users (show)

Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-21 09:11:56 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0528 normal SHIPPED_LIVE Low: ipa security, bug fix and enhancement update 2013-02-21 08:22:21 UTC

Description Namita Soman 2012-04-26 14:20:36 UTC
Description of problem:
# ipa privilege-add "Add User"
Description: Add user
--------------------------
Added privilege "Add User"
--------------------------
  Privilege name: Add User
  Description: Add user

# ipa privilege-add-permission --permissions="add hbac rule, delete hbac rule, modify hbac rule" "Add User"
  Privilege name: Add User
  Description: Add user
  Permissions: Add HBAC rule, Delete HBAC rule, Modify HBAC rule
-----------------------------
Number of permissions added 3
-----------------------------


# ipa privilege-remove-permission --permissions="" "Add User"
ipa: ERROR: an internal error has occurred


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-11.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. Follow steps above

  
Actual results:
ipa: ERROR: an internal error has occurred

Expected results:
better error

Additional info:
[Thu Apr 26 10:14:43 2012] [error] ipa: INFO: admin@TESTRELM.COM: privilege_remove_permission(u'Add User', all=False, raw=False, version=u'2.34', permission=None): TypeError
[Thu Apr 26 10:15:24 2012] [error] ipa: INFO: admin@TESTRELM.COM: privilege_add_permission(u'Add User', all=False, raw=False, version=u'2.34', permission=(u'add hbac rule', u'delete hbac rule', u'modify hbac rule')): SUCCESS
[Thu Apr 26 10:15:29 2012] [error] ipa: ERROR: non-public: TypeError: 'NoneType' object is not iterable
[Thu Apr 26 10:15:29 2012] [error] Traceback (most recent call last):
[Thu Apr 26 10:15:29 2012] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 320, in wsgi_execute
[Thu Apr 26 10:15:29 2012] [error]     result = self.Command[name](*args, **options)
[Thu Apr 26 10:15:29 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Thu Apr 26 10:15:29 2012] [error]     ret = self.run(*args, **options)
[Thu Apr 26 10:15:29 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 716, in run
[Thu Apr 26 10:15:29 2012] [error]     return self.execute(*args, **options)
[Thu Apr 26 10:15:29 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 2142, in execute
[Thu Apr 26 10:15:29 2012] [error]     for attr in options.get(self.reverse_attr, []):
[Thu Apr 26 10:15:29 2012] [error] TypeError: 'NoneType' object is not iterable
[Thu Apr 26 10:15:29 2012] [error] ipa: INFO: admin@TESTRELM.COM: privilege_remove_permission(u'Add User', all=False, raw=False, version=u'2.34', permission=None): TypeError

Comment 1 Namita Soman 2012-04-26 14:25:53 UTC
Similar error log for passing blank permission when using  privilege-add-permission
ipa privilege-add-permission --permissions="" "Add User"


[Thu Apr 26 10:23:21 2012] [error] ipa: ERROR: non-public: TypeError: 'NoneType' object is not iterable
[Thu Apr 26 10:23:21 2012] [error] Traceback (most recent call last):
[Thu Apr 26 10:23:21 2012] [error]   File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 320, in wsgi_execute
[Thu Apr 26 10:23:21 2012] [error]     result = self.Command[name](*args, **options)
[Thu Apr 26 10:23:21 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Thu Apr 26 10:23:21 2012] [error]     ret = self.run(*args, **options)
[Thu Apr 26 10:23:21 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 716, in run
[Thu Apr 26 10:23:21 2012] [error]     return self.execute(*args, **options)
[Thu Apr 26 10:23:21 2012] [error]   File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 2029, in execute
[Thu Apr 26 10:23:21 2012] [error]     for attr in options.get(self.reverse_attr, []):
[Thu Apr 26 10:23:21 2012] [error] TypeError: 'NoneType' object is not iterable
[Thu Apr 26 10:23:21 2012] [error] ipa: INFO: admin@TESTRELM.COM: privilege_add_permission(u'Add User', all=False, raw=False, version=u'2.34', permission=None): TypeError

Comment 3 Namita Soman 2012-04-26 14:36:22 UTC
To keep track...similar errors for:
# ipa role-add-privilege --privileges="" "helpdesk" --all
ipa: ERROR: an internal error has occurred

# ipa role-remove-privilege --privileges="" "helpdesk" --all
ipa: ERROR: an internal error has occurred

Comment 4 Martin Kosek 2012-04-26 14:41:16 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2681

Comment 5 Martin Kosek 2012-05-07 15:23:00 UTC
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/0206dbe79502dd06b9c44622ead4635e430e3620

Comment 8 Namita Soman 2012-11-26 17:29:54 UTC
Verified using  ipa-server-3.0.0-8.el6.x86_64

Automation test results:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-privilege-cli-1018 - add blank permission to privilege (bug 816624)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Verify message for Add User
:: [   PASS   ] :: File '/tmp/tmp.2fm5O9W9H8/ipaprivilege_nonexistentperm.log' should contain 'Number of permissions added 0'
:: [11:08:38] ::  Executing: ipa privilege-add-permission --permissions="" "Add User"
  Privilege name: Add User
  Description: Add User
  Permissions: delete hbac rule, modify hbac rule, add hbac rule
-----------------------------
Number of permissions added 0
-----------------------------
:: [11:08:39] ::  Added  to Add User successfully
:: [   PASS   ] :: Running 'cat /tmp/tmp.2fm5O9W9H8/ipaprivilege_nonexistentperm.log'

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-privilege-cli-1024 - remove blank permission from privilege (bug 816624)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Verify number of permissions removed is 0
:: [   PASS   ] :: File '/tmp/tmp.2fm5O9W9H8/ipaprivilege_nonexistentperm.log' should contain 'Number of permissions removed 0'
'd9a557f5-0df3-4fb2-830c-ebab0906168b'
ipa-privilege-cli-1024-remove-blank-permission-from-privilege-bug-816624- result: PASS

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-role-cli-1038 - add no privilege to role (bug 816624)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'addPrivilegeToRole "" "helpdesk" all > /tmp/tmp.2fm5O9W9H8/iparole_noprivilegeTorole.log 2>&1'
:: [   PASS   ] :: File '/tmp/tmp.2fm5O9W9H8/iparole_noprivilegeTorole.log' should contain 'Number of privileges added 0'
'74054a87-dc15-41a1-ba71-9bef4f703d0e'
ipa-role-cli-1038-add-no-privilege-to-role-bug-816624- result: PASS

Comment 10 errata-xmlrpc 2013-02-21 09:11:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html


Note You need to log in before you can comment on or make changes to this bug.