freeipa

Clone
Source Code
GIT

#7958 traceback in idview
Closed: fixed 5 years ago by cheimes. Opened 5 years ago by rcritten.

Closed: fixed
Reopen Issue

Issue

Reported in irc by Sokol trying to look at idviews. He repaired the issue by removing and re-adding all views.

== /var/log/httpd/error_log ==
[Tue May 21 22:14:32.778871 2019] [:warn] [pid 2153:tid 139938951522048] [client 172.22.10.142:57218] failed to set perms (3140) on file (/run/ipa/ccaches/louis.abel2@IPA.EXAMPLE.COM)!, referer: https://phx-entl01.ipa.example.com/ipa/ui/
[Tue May 21 22:14:33.187218 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] ipa: ERROR: non-public: TypeError: ord() expected string of length 1, but int found
[Tue May 21 22:14:33.187276 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] Traceback (most recent call last):
[Tue May 21 22:14:33.187283 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute
[Tue May 21 22:14:33.187287 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] result = command(args, options)
[Tue May 21 22:14:33.187291 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in call
[Tue May 21 22:14:33.187319 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] return self.__do_call(*args, options)
[Tue May 21 22:14:33.187324 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
[Tue May 21 22:14:33.187328 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] ret = self.run(args, options)
[Tue May 21 22:14:33.187332 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
[Tue May 21 22:14:33.187335 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] return self.execute(*args, options)
[Tue May 21 22:14:33.187339 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 2072, in execute
[Tue May 21 22:14:33.187343 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] self, ldap, entries, truncated, args, options
[Tue May 21 22:14:33.187347 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/idviews.py", line 1176, in post_callback
[Tue May 21 22:14:33.187351 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] ldap, entries, truncated, *args, options)
[Tue May 21 22:14:33.187365 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/idviews.py", line 873, in post_callback
[Tue May 21 22:14:33.187502 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] self.obj.convert_anchor_to_human_readable_form(entry, *options)
[Tue May 21 22:14:33.187509 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/idviews.py", line 745, in convert_anchor_to_human_readable_form
[Tue May 21 22:14:33.187520 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] anchor
[Tue May 21 22:14:33.187524 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/idviews.py", line 644, in resolve_anchor_to_object_name
[Tue May 21 22:14:33.187528 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] name = domain_validator.get_trusted_domain_object_from_sid(sid)
[Tue May 21 22:14:33.187537 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib/python3.6/site-packages/ipaserver/dcerpc.py", line 497, in get_trusted_domain_object_from_sid
[Tue May 21 22:14:33.187611 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] 2 # 2 means every character needs to be escaped
[Tue May 21 22:14:33.187616 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] File "/usr/lib64/python3.6/site-packages/ldap/filter.py", line 36, in escape_filter_chars
[Tue May 21 22:14:33.187620 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] r.append("\\%02x" % ord(c))
[Tue May 21 22:14:33.187627 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] TypeError: ord() expected string of length 1, but int found
[Tue May 21 22:14:33.187637 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218]
[Tue May 21 22:14:33.187993 2019] [wsgi:error] [pid 2147:tid 139939151333120] [remote 172.22.10.142:57218] ipa: INFO: [jsonserver_session] louis.abel2@IPA.EXAMPLE.COM: idoverrideuser_find('Default Trust View', '', sizelimit=0, version='2.230'): InternalError
[description of the issue]

I believe exact ID View name is required which caused the assert.
elif escape_mode==2:
for c in assertion_value:
r.append("\%02x" % ord(c)) <<<<<<<< ord() asserted

ord() will assert with TypeError when string length is more than 1. Example:
c=97 #TypeError: ord() expected string of length 1, but int found

I tried different combination of ID View names but cannot repro.
Edited 5 years ago by amitkumar25nov

The call is failing because security.dom_sid(sid).__ndr_pack__() return bytes but escape_filter_chars only works on text.

>>> from ldap.filter import escape_filter_chars
>>> from samba.dcerpc.security import dom_sid
>>> d = dom_sid("S-1-5-21-12345")
>>> d.__ndr_pack__()
b'\x01\x02\x00\x00\x00\x00\x00\x05\x15\x00\x00\x0090\x00\x00'
>>> escape_filter_chars(d.__ndr_pack__(), 2)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.7/site-packages/ldap/filter.py", line 36, in escape_filter_chars
    r.append("\\%02x" % ord(c))
TypeError: ord() expected string of length 1, but int found

Variant 2 of escape_filter_chars is trivial to implement for bytes. The escaping represents every byte as backslash hex encoded item, e.g. r'\39' for '9'.

>>> escaped_sid = "".join("\\%02x" % b for b in d.__ndr_pack__())
>>> escaped_sid
'\\01\\02\\00\\00\\00\\00\\00\\05\\15\\00\\00\\00\\39\\30\\00\\00'

Metadata Update from @cheimes:
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.8.4
- Issue tagged with: py3
5 years ago

Metadata Update from @cheimes:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1782169
5 years ago

Issue linked to Bugzilla: Bug 1782169

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/4014
- Issue assigned to cheimes
5 years ago

master:

  • c30a0c2 Fix get_trusted_domain_object_from_sid()

ipa-4-8:

  • 9462e4c Fix get_trusted_domain_object_from_sid()

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Log in to comment on this ticket.

Metadata

py3

None
None
normal
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/4014
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.