yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1358330] [NEW] Error on _ldap_get_list without attrlist value

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Marcos Lobo <1358330@xxxxxxxxxxxxxxxxxx>
Date: Mon, 18 Aug 2014 14:38:36 -0000
Reply-to: Bug 1358330 <1358330@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

Using keystone from master branch (keystone-2014.2.dev170.g2e49770) and
configured with LDAP backend. Now, If you try this command:

$ keystone tenant-list
Authorization Failed: An unexpected error prevented the server from fulfilling your request: 'utf8' codec can't decode byte 0x97 in position 2: invalid start byte (Disable debug mode to suppress these details.) (HTTP 500)

The _ldap_get_list (/keystone/common/ldap/core.py) function has a
problem when the attrlist attribute is None. This function raises an
error like:

2014-08-18 16:19:31.861 26110 ERROR keystone.common.wsgi [-] 'utf8' codec can't decode byte 0x97 in position 2: invalid start byte
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 214, in __call__
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     result = method(context, **params)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 99, in authenticate
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     context, auth)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 300, in _authenticate_local
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, tenant_id)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 379, in _get_project_roles_and_ref
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, tenant_id)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 186, in get_roles_for_user_and_project
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_role_list = _get_user_project_roles(user_id, project_ref)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 167, in _get_user_project_roles
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     tenant_id=project_ref['id'])
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 131, in _get_metadata
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     tenant_id)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 107, in _get_roles_for_just_user_and_project
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     (self.project._id_to_dn(tenant_id))
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 555, in get_role_assignments
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     roles = self._ldap_get_list(tenant_dn, ldap.SCOPE_ONELEVEL)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 1422, in _ldap_get_list
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return conn.search_s(search_base, scope, query, attrlist)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 926, in search_s
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     py_result = convert_ldap_result(ldap_result)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in convert_ldap_result
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values in six.iteritems(attrs))))
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in <genexpr>
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values in six.iteritems(attrs))))
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 123, in ldap2py
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return utf8_decode(val)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 84, in utf8_decode
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return _utf8_decoder(value)[0]
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib64/python2.6/encodings/utf_8.py", line 16, in decode
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return codecs.utf_8_decode(input, errors, True)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi UnicodeDecodeError: 'utf8' codec can't decode byte 0x97 in position 2: invalid start byte

The problem is attrlist attribute is not validated before to send it to
LDAP search.

** Affects: keystone
     Importance: Undecided
     Assignee: Marcos Lobo (marcos-fermin-lobo)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1358330

Title:
  Error on _ldap_get_list without attrlist value

Status in OpenStack Identity (Keystone):
  In Progress

Bug description:
  Using keystone from master branch (keystone-2014.2.dev170.g2e49770)
  and configured with LDAP backend. Now, If you try this command:

  $ keystone tenant-list
  Authorization Failed: An unexpected error prevented the server from fulfilling your request: 'utf8' codec can't decode byte 0x97 in position 2: invalid start byte (Disable debug mode to suppress these details.) (HTTP 500)

  The _ldap_get_list (/keystone/common/ldap/core.py) function has a
  problem when the attrlist attribute is None. This function raises an
  error like:

  2014-08-18 16:19:31.861 26110 ERROR keystone.common.wsgi [-] 'utf8' codec can't decode byte 0x97 in position 2: invalid start byte
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi Traceback (most recent call last):
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 214, in __call__
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     result = method(context, **params)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 99, in authenticate
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     context, auth)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 300, in _authenticate_local
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, tenant_id)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 379, in _get_project_roles_and_ref
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, tenant_id)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 186, in get_roles_for_user_and_project
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_role_list = _get_user_project_roles(user_id, project_ref)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 167, in _get_user_project_roles
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     tenant_id=project_ref['id'])
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 131, in _get_metadata
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     tenant_id)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 107, in _get_roles_for_just_user_and_project
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     (self.project._id_to_dn(tenant_id))
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 555, in get_role_assignments
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     roles = self._ldap_get_list(tenant_dn, ldap.SCOPE_ONELEVEL)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 1422, in _ldap_get_list
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return conn.search_s(search_base, scope, query, attrlist)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 926, in search_s
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     py_result = convert_ldap_result(ldap_result)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in convert_ldap_result
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values in six.iteritems(attrs))))
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in <genexpr>
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values in six.iteritems(attrs))))
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 123, in ldap2py
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return utf8_decode(val)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 84, in utf8_decode
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return _utf8_decoder(value)[0]
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File "/usr/lib64/python2.6/encodings/utf_8.py", line 16, in decode
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return codecs.utf_8_decode(input, errors, True)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi UnicodeDecodeError: 'utf8' codec can't decode byte 0x97 in position 2: invalid start byte

  The problem is attrlist attribute is not validated before to send it
  to LDAP search.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1358330/+subscriptions
Follow ups

[Bug 1358330] [NEW] Error on _ldap_get_list without attrlist value
From: Marcos Lobo, 2014-08-18
References

[Bug 1358330] [NEW] Error on _ldap_get_list without attrlist value
From: Marcos Lobo, 2014-08-18