[Yahoo-eng-team] [Bug 1358330] [NEW] Error on _ldap_get_list without attrlist value

Mon, 18 Aug 2014 07:46:49 -0700 

Public bug reported:

Using keystone from master branch (keystone-2014.2.dev170.g2e49770) and
configured with LDAP backend. Now, If you try this command:

$ keystone tenant-list
Authorization Failed: An unexpected error prevented the server from fulfilling 
your request: 'utf8' codec can't decode byte 0x97 in position 2: invalid start 
byte (Disable debug mode to suppress these details.) (HTTP 500)

The _ldap_get_list (/keystone/common/ldap/core.py) function has a
problem when the attrlist attribute is None. This function raises an
error like:

2014-08-18 16:19:31.861 26110 ERROR keystone.common.wsgi [-] 'utf8' codec can't 
decode byte 0x97 in position 2: invalid start byte
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi Traceback (most recent 
call last):
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 214, in 
__call__
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     result = 
method(context, **params)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 99, in 
authenticate
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     context, auth)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 300, in 
_authenticate_local
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, tenant_id)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 379, in 
_get_project_roles_and_ref
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, tenant_id)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 186, in 
get_roles_for_user_and_project
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_role_list = 
_get_user_project_roles(user_id, project_ref)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 167, in 
_get_user_project_roles
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     
tenant_id=project_ref['id'])
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 
131, in _get_metadata
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     tenant_id)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 
107, in _get_roles_for_just_user_and_project
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     
(self.project._id_to_dn(tenant_id))
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 
555, in get_role_assignments
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     roles = 
self._ldap_get_list(tenant_dn, ldap.SCOPE_ONELEVEL)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 1422, in 
_ldap_get_list
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
conn.search_s(search_base, scope, query, attrlist)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 926, in 
search_s
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     py_result = 
convert_ldap_result(ldap_result)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in 
convert_ldap_result
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values 
in six.iteritems(attrs))))
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in 
<genexpr>
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values 
in six.iteritems(attrs))))
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 123, in 
ldap2py
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
utf8_decode(val)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 84, in 
utf8_decode
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
_utf8_decoder(value)[0]
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib64/python2.6/encodings/utf_8.py", line 16, in decode
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
codecs.utf_8_decode(input, errors, True)
2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi UnicodeDecodeError: 
'utf8' codec can't decode byte 0x97 in position 2: invalid start byte

The problem is attrlist attribute is not validated before to send it to
LDAP search.

** Affects: keystone
     Importance: Undecided
     Assignee: Marcos Lobo (marcos-fermin-lobo)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1358330

Title:
  Error on _ldap_get_list without attrlist value

Status in OpenStack Identity (Keystone):
  In Progress

Bug description:
  Using keystone from master branch (keystone-2014.2.dev170.g2e49770)
  and configured with LDAP backend. Now, If you try this command:

  $ keystone tenant-list
  Authorization Failed: An unexpected error prevented the server from 
fulfilling your request: 'utf8' codec can't decode byte 0x97 in position 2: 
invalid start byte (Disable debug mode to suppress these details.) (HTTP 500)

  The _ldap_get_list (/keystone/common/ldap/core.py) function has a
  problem when the attrlist attribute is None. This function raises an
  error like:

  2014-08-18 16:19:31.861 26110 ERROR keystone.common.wsgi [-] 'utf8' codec 
can't decode byte 0x97 in position 2: invalid start byte
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi Traceback (most 
recent call last):
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 214, in 
__call__
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     result = 
method(context, **params)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 99, in 
authenticate
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     context, auth)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 300, in 
_authenticate_local
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, 
tenant_id)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 379, in 
_get_project_roles_and_ref
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_id, 
tenant_id)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 186, in 
get_roles_for_user_and_project
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     user_role_list = 
_get_user_project_roles(user_id, project_ref)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/core.py", line 167, in 
_get_user_project_roles
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     
tenant_id=project_ref['id'])
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 
131, in _get_metadata
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     tenant_id)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 
107, in _get_roles_for_just_user_and_project
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     
(self.project._id_to_dn(tenant_id))
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/assignment/backends/ldap.py", line 
555, in get_role_assignments
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     roles = 
self._ldap_get_list(tenant_dn, ldap.SCOPE_ONELEVEL)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 1422, in 
_ldap_get_list
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
conn.search_s(search_base, scope, query, attrlist)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 926, in 
search_s
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     py_result = 
convert_ldap_result(ldap_result)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in 
convert_ldap_result
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values 
in six.iteritems(attrs))))
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 154, in 
<genexpr>
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     for kind, values 
in six.iteritems(attrs))))
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 123, in 
ldap2py
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
utf8_decode(val)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib/python2.6/site-packages/keystone/common/ldap/core.py", line 84, in 
utf8_decode
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
_utf8_decoder(value)[0]
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi   File 
"/usr/lib64/python2.6/encodings/utf_8.py", line 16, in decode
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi     return 
codecs.utf_8_decode(input, errors, True)
  2014-08-18 16:19:31.861 26110 TRACE keystone.common.wsgi UnicodeDecodeError: 
'utf8' codec can't decode byte 0x97 in position 2: invalid start byte

  The problem is attrlist attribute is not validated before to send it
  to LDAP search.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1358330/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to