#47662 Better input argument validation and error messages for db2index and db2index.pl.
Closed: wontfix 6 years ago Opened 10 years ago by nkinder.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1049190

Description of problem:
Better input argument validation and error messages for db2index and
db2index.pl.

Version-Release number of selected component (if applicable):
[root@dhcp201-149 basic]# rpm -qa | grep 389
389-adminutil-1.1.15-3.fc19.1.x86_64
389-admin-1.1.31-1.fc19.2.x86_64
389-admin-console-doc-1.1.8-5.fc19.noarch
389-console-1.1.7-4.fc19.noarch
389-ds-base-1.3.1.6-12.el7.x86_64
389-admin-console-1.1.8-5.fc19.noarch
389-ds-console-doc-1.2.7-2.fc19.noarch
389-dsgw-1.1.10-1.fc19.x86_64
389-ds-base-libs-1.3.1.6-12.el7.x86_64
389-ds-console-1.2.7-2.fc19.noarch
389-ds-1.2.2-4.fc19.noarch


How reproducible:
Always

Steps to Reproduce:
Test Case 1:: Difference in results for same thing
=====================================================
 [root@dhcp201-149 ~]# db2index -n userRoot -t cn:eq sub
[06/Jan/2014:15:00:28 +051800] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[06/Jan/2014:15:00:28 +051800] - check_and_set_import_cache: pagesize: 4096,
pages: 479602, procpages: 53190
[06/Jan/2014:15:00:28 +051800] - Import allocates 767360KB import cache.
[06/Jan/2014:15:00:28 +051800] - userRoot: Indexing attribute: cn
[06/Jan/2014:15:00:28 +051800] - userRoot: Finished indexing.
[06/Jan/2014:15:00:28 +051800] - All database threads now stopped

[root@dhcp201-149 ~]# db2index.pl -v -D "cn=Directory Manager" -w Secret123 -n
userRoot -t mail:eq sub
Usage: db2index.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename
} [-P protocol]
                   -n backendname [-t
attributeName[:indextypes[:matchingrules]]] [-T vlvTag] [-v] [-h]

Test Case 2 :: Difference in results for same thing
=====================================================
[root@dhcp201-149 ~]# db2index -n userRoot -t givenname:eq, sub
[06/Jan/2014:15:05:35 +051800] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[06/Jan/2014:15:05:35 +051800] - check_and_set_import_cache: pagesize: 4096,
pages: 479602, procpages: 53189
[06/Jan/2014:15:05:35 +051800] - Import allocates 767360KB import cache.
[06/Jan/2014:15:05:35 +051800] - userRoot: Indexing attribute: givenname
[06/Jan/2014:15:05:35 +051800] - userRoot: Finished indexing.
[06/Jan/2014:15:05:35 +051800] - All database threads now stopped

[root@dhcp201-149 ~]# db2index.pl -v -D "cn=Directory Manager" -w Secret123 -n
userRoot -t mail:eq, sub
Usage: db2index.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename
} [-P protocol]
                   -n backendname [-t
attributeName[:indextypes[:matchingrules]]] [-T vlvTag] [-v] [-h]


Actual results:
1. -t attribute:type, type AND -t attribute:type type gives different output
for db2index and db2index.pl.
2. In both cases Index does not get created.

Expected results:
Proper error message and validation required.

Additional info:
Found this bug while testing https://bugzilla.redhat.com/show_bug.cgi?id=918695

f000528..d4eadae master -> master
commit d4eadae
Author: Mark Reynolds mreynolds@redhat.com
Date: Fri Dec 9 15:16:38 2016 -0500

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.6.0

7 years ago

During the bug verification, a regression was found.

In the db2ldif tool, option '-a' is completely ignored.

Command: [root@qeos-249 tmp]# /usr/lib64/dirsrv/slapd-deftestinst/db2ldif -1 -n attrcrypt.com -E -a /ldifstorage/export2.ldif

Expected results:
Exported ldif file: /ldifstorage/export2.ldif
[10/Apr/2017:04:20:03.869235411 -0400] SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.
ldiffile: /ldifstorage/export2.ldif
[10/Apr/2017:04:20:03.882845190 -0400] attrcrypt - _back_crypt_crypto_op decrypt (16)
[10/Apr/2017:04:20:03.883384879 -0400] export attrcrypt.com: Processed 3 entries (100%).
[10/Apr/2017:04:20:03.883808312 -0400] All database threads now stopped

Actual results:
Exported ldif file: /var/lib/dirsrv/slapd-deftestinst/ldif/deftestinst-2017_04_10_041941.ldif
[10/Apr/2017:04:19:41.945090565 -0400] SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password.
ldiffile: /var/lib/dirsrv/slapd-deftestinst/ldif/deftestinst-2017_04_10_041941.ldif
[10/Apr/2017:04:19:41.959166887 -0400] attrcrypt - _back_crypt_crypto_op decrypt (16)
[10/Apr/2017:04:19:41.959848923 -0400] export attrcrypt.com: Processed 3 entries (100%).
[10/Apr/2017:04:19:41.960353583 -0400] All database threads now stopped

Additional information:
In the ldap/admin/src/scripts/db2ldif.in, on the line 133 command 'shift $(($OPTIND - 1))' happens. It causes that '$@' doesn't contain parameters anymore.
Because of this, on line 159, command make_ldiffile $@ returns one predefined line every time.

It is possible that some other scripts were affected too.

Metadata Update from @spichugi:
- Issue close_status updated to: None (was: Fixed)

6 years ago

Metadata Update from @spichugi:
- Issue status updated to: Open (was: Closed)

6 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to review (was: ack)

6 years ago

(sorry, I could not find it in the previous review...)

Metadata Update from @nhosoi:
- Custom field reviewstatus adjusted to ack (was: review)

6 years ago

(sorry, I could not find it in the previous review...)

Don't apologize, it's not obvious that this line strips it

shift $(($OPTIND - 1))

Thanks for reviewing again!

f5e4b8a..1b5a578 master -> master

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

One more regression was found.
In ldap/admin/src/scripts/db2index.in:

74 if [ -z $servid ] && [ $# -eq 0 ]; then
75     idxall=1
76 elif [ "$servid" ] && [ $# -eq 2 ]; then
77     idxall=1
78 elif [ -z $benameopt ] && [ -z $includeSuffix ]; then
79     print_usage=1
80 fi
81 if [ -z $servid ] && [ $# -lt 2 ]; then
82     print_usage=1
83 elif [ -n "$servid" ] && [ $# -lt 4 ]; then
84     print_usage=1
85 elif [ -n "$servid" ] && [ $# -eq 4 ]; then
86     idxall=1
87 fi

We use "$#" after we've shifted the parameters with "shift $(($OPTIND - 1))".
It causes an incorrect behaviour like:

db2index -Z slapd-s1 -n userRoot -t entryrdn # Prints a usage, though it should work

Also, I've checked all other scripts and they don't have this issue.

Metadata Update from @spichugi:
- Issue status updated to: Open (was: Closed)

6 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to review (was: ack)

6 years ago

Looks good, seems like a simple fix. Thanks for this.

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to ack (was: review)

6 years ago

683737b..46011e2 master -> master

f84cdfd..d518a45 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/999

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

3 years ago

Login to comment on this ticket.

Metadata