zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0048-Issue-50530-Directory-Server-not-RFC-4511-compliant-.patch

47a30d
From c629c7ffe35bb2a09ad4dfa60d56fb01a51915d0 Mon Sep 17 00:00:00 2001
47a30d
From: Mark Reynolds <mreynolds@redhat.com>
47a30d
Date: Fri, 2 Aug 2019 14:36:24 -0400
47a30d
Subject: [PATCH] Issue 50530 - Directory Server not RFC 4511 compliant with
47a30d
 requested attr "1.1"
47a30d
47a30d
Bug Description:  A regression was introduced some time back that changed the
47a30d
                  behavior of how the server handled the "1.1" requested attribute
47a30d
                  in a search request.  If "1.1" was requested along with other
47a30d
                  attributes then no attibutes were returned, but in this case "1.1"
47a30d
                  is expected to be ignroed.
47a30d
47a30d
Fix Description:  Only comply with "1.1" if it is the only requested attribute
47a30d
47a30d
relates: https://pagure.io/389-ds-base/issue/50530
47a30d
47a30d
Reviewed by: firstyear(Thanks!)
47a30d
---
47a30d
 dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++---
47a30d
 ldap/servers/slapd/result.c                  |  7 ++-
47a30d
 2 files changed, 57 insertions(+), 7 deletions(-)
47a30d
47a30d
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
47a30d
index 0f7536b63..cea4f6bfe 100644
47a30d
--- a/dirsrvtests/tests/suites/basic/basic_test.py
47a30d
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
47a30d
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
47a30d
 USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
47a30d
 USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
47a30d
 USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
47a30d
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
47a30d
 
47a30d
 ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
47a30d
                          'supportedLDAPVersion',
47a30d
@@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif):
47a30d
                                              'uid': 'user1',
47a30d
                                              'userpassword': PASSWORD})))
47a30d
     except ldap.LDAPError as e:
47a30d
-        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
47a30d
-                  + ': error ' + e.message['desc'])
47a30d
+        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
47a30d
+                  ': error ' + e.message['desc'])
47a30d
         assert False
47a30d
 
47a30d
     try:
47a30d
@@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif):
47a30d
                                              'uid': 'user2',
47a30d
                                              'userpassword': PASSWORD})))
47a30d
     except ldap.LDAPError as e:
47a30d
-        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
47a30d
-                  + ': error ' + e.message['desc'])
47a30d
+        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
47a30d
+                  ': error ' + e.message['desc'])
47a30d
         assert False
47a30d
 
47a30d
     #
47a30d
@@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif):
47a30d
     log.info('test_basic_searches: PASSED')
47a30d
 
47a30d
 
47a30d
+@pytest.fixture(scope="module")
47a30d
+def add_test_entry(topology_st, request):
47a30d
+    # Add test entry
47a30d
+    topology_st.standalone.add_s(Entry((USER4_DN,
47a30d
+                                        {'objectclass': "top extensibleObject".split(),
47a30d
+                                         'cn': 'user1', 'uid': 'user1'})))
47a30d
+
47a30d
+
47a30d
+search_params = [(['1.1'], 'cn', False),
47a30d
+                 (['1.1', 'cn'], 'cn', True),
47a30d
+                 (['+'], 'nsUniqueId', True),
47a30d
+                 (['*'], 'cn', True),
47a30d
+                 (['cn'], 'cn', True)]
47a30d
+@pytest.mark.parametrize("attrs, attr, present", search_params)
47a30d
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
47a30d
+    """Test requested attributes in search operations.
47a30d
+    :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
47a30d
+    :setup: Standalone instance
47a30d
+    :steps:
47a30d
+         1. Test "1.1" does not return any attributes.
47a30d
+         2. Test "1.1" is ignored if there are other requested attributes
47a30d
+         3. Test "+" returns all operational attributes
47a30d
+         4. Test "*" returns all attributes
47a30d
+         5. Test requested attributes
47a30d
+
47a30d
+    :expectedresults:
47a30d
+         1. Success
47a30d
+         2. Success
47a30d
+         3. Success
47a30d
+         4. Success
47a30d
+         5. Success
47a30d
+    """
47a30d
+
47a30d
+    log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
47a30d
+    entry = topology_st.standalone.search_s(USER4_DN,
47a30d
+                                            ldap.SCOPE_BASE,
47a30d
+                                            'objectclass=top',
47a30d
+                                            attrs)
47a30d
+    if present:
47a30d
+        assert entry[0].hasAttr(attr)
47a30d
+    else:
47a30d
+        assert not entry[0].hasAttr(attr)
47a30d
+
47a30d
+
47a30d
 def test_basic_referrals(topology_st, import_example_ldif):
47a30d
     """Test LDAP server in referral mode.
47a30d
 
47a30d
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
47a30d
     log.info('Attempting to start the server with broken dse.ldif...')
47a30d
     try:
47a30d
         topology_st.standalone.start()
47a30d
-    except:
47a30d
-        log.info('Server failed to start as expected')
47a30d
+    except Exception as e:
47a30d
+        log.info('Server failed to start as expected: ' + str(e))
47a30d
     log.info('Check the status...')
47a30d
     assert (not topology_st.standalone.status())
47a30d
     log.info('Server failed to start as expected')
47a30d
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
47a30d
index 393b3f6cd..61e7a70f9 100644
47a30d
--- a/ldap/servers/slapd/result.c
47a30d
+++ b/ldap/servers/slapd/result.c
47a30d
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
47a30d
      * "+" means all operational attributes (rfc3673)
47a30d
      * operational attributes are only retrieved if they are named
47a30d
      * specifically or when "+" is specified.
47a30d
+     * In the case of "1.1", if there are other requested attributes
47a30d
+     * then "1.1" should be ignored.
47a30d
      */
47a30d
 
47a30d
     /* figure out if we want all user attributes or no attributes at all */
47a30d
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
47a30d
             if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
47a30d
                 alluserattrs = 1;
47a30d
             } else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
47a30d
-                noattrs = 1;
47a30d
+                /* "1.1" is only valid if it's the only requested attribute */
47a30d
+                if (i == 0 && attrs[1] == NULL) {
47a30d
+                    noattrs = 1;
47a30d
+                }
47a30d
             } else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
47a30d
                 alloperationalattrs = 1;
47a30d
             } else {
47a30d
-- 
47a30d
2.21.1
47a30d