rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0002-Issue-50530-Directory-Server-not-RFC-4511-compliant-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   458e05c72cbcea753309c7d8a14a1b1f1f0e5d10
  2.   SOURCES
  3.   0002-Issue-50530-Directory-Server-not-RFC-4511-compliant-.patch
Blob History Raw
458e05 
From 51ea1d34b861dfffb12fbe6be4e23d9342fd0fe2 Mon Sep 17 00:00:00 2001
458e05 
From: Mark Reynolds <mreynolds@redhat.com>
458e05 
Date: Fri, 2 Aug 2019 14:36:24 -0400
458e05 
Subject: [PATCH] Issue 50530 - Directory Server not RFC 4511 compliant with
458e05 
 requested attr "1.1"
458e05
458e05 
Bug Description:  A regression was introduced some time back that changed the
458e05 
                  behavior of how the server handled the "1.1" requested attribute
458e05 
                  in a search request.  If "1.1" was requested along with other
458e05 
                  attributes then no attibutes were returned, but in this case "1.1"
458e05 
                  is expected to be ignroed.
458e05
458e05 
Fix Description:  Only comply with "1.1" if it is the only requested attribute
458e05
458e05 
relates: https://pagure.io/389-ds-base/issue/50530
458e05
458e05 
Reviewed by: firstyear(Thanks!)
458e05 
---
458e05 
 dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++---
458e05 
 ldap/servers/slapd/result.c                  |  7 ++-
458e05 
 2 files changed, 57 insertions(+), 7 deletions(-)
458e05
458e05 
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
458e05 
index 0f7536b63..cea4f6bfe 100644
458e05 
--- a/dirsrvtests/tests/suites/basic/basic_test.py
458e05 
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
458e05 
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
458e05 
 USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
458e05 
 USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
458e05 
 USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
458e05 
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
458e05
458e05 
 ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
458e05 
                          'supportedLDAPVersion',
458e05 
@@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif):
458e05 
                                              'uid': 'user1',
458e05 
                                              'userpassword': PASSWORD})))
458e05 
     except ldap.LDAPError as e:
458e05 
-        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
458e05 
-                  + ': error ' + e.message['desc'])
458e05 
+        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
458e05 
+                  ': error ' + e.message['desc'])
458e05 
         assert False
458e05
458e05 
     try:
458e05 
@@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif):
458e05 
                                              'uid': 'user2',
458e05 
                                              'userpassword': PASSWORD})))
458e05 
     except ldap.LDAPError as e:
458e05 
-        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
458e05 
-                  + ': error ' + e.message['desc'])
458e05 
+        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
458e05 
+                  ': error ' + e.message['desc'])
458e05 
         assert False
458e05
458e05 
     #
458e05 
@@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif):
458e05 
     log.info('test_basic_searches: PASSED')
458e05
458e05
458e05 
+@pytest.fixture(scope="module")
458e05 
+def add_test_entry(topology_st, request):
458e05 
+    # Add test entry
458e05 
+    topology_st.standalone.add_s(Entry((USER4_DN,
458e05 
+                                        {'objectclass': "top extensibleObject".split(),
458e05 
+                                         'cn': 'user1', 'uid': 'user1'})))
458e05 
+
458e05 
+
458e05 
+search_params = [(['1.1'], 'cn', False),
458e05 
+                 (['1.1', 'cn'], 'cn', True),
458e05 
+                 (['+'], 'nsUniqueId', True),
458e05 
+                 (['*'], 'cn', True),
458e05 
+                 (['cn'], 'cn', True)]
458e05 
+@pytest.mark.parametrize("attrs, attr, present", search_params)
458e05 
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
458e05 
+    """Test requested attributes in search operations.
458e05 
+    :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
458e05 
+    :setup: Standalone instance
458e05 
+    :steps:
458e05 
+         1. Test "1.1" does not return any attributes.
458e05 
+         2. Test "1.1" is ignored if there are other requested attributes
458e05 
+         3. Test "+" returns all operational attributes
458e05 
+         4. Test "*" returns all attributes
458e05 
+         5. Test requested attributes
458e05 
+
458e05 
+    :expectedresults:
458e05 
+         1. Success
458e05 
+         2. Success
458e05 
+         3. Success
458e05 
+         4. Success
458e05 
+         5. Success
458e05 
+    """
458e05 
+
458e05 
+    log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
458e05 
+    entry = topology_st.standalone.search_s(USER4_DN,
458e05 
+                                            ldap.SCOPE_BASE,
458e05 
+                                            'objectclass=top',
458e05 
+                                            attrs)
458e05 
+    if present:
458e05 
+        assert entry[0].hasAttr(attr)
458e05 
+    else:
458e05 
+        assert not entry[0].hasAttr(attr)
458e05 
+
458e05 
+
458e05 
 def test_basic_referrals(topology_st, import_example_ldif):
458e05 
     """Test LDAP server in referral mode.
458e05
458e05 
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
458e05 
     log.info('Attempting to start the server with broken dse.ldif...')
458e05 
     try:
458e05 
         topology_st.standalone.start()
458e05 
-    except:
458e05 
-        log.info('Server failed to start as expected')
458e05 
+    except Exception as e:
458e05 
+        log.info('Server failed to start as expected: ' + str(e))
458e05 
     log.info('Check the status...')
458e05 
     assert (not topology_st.standalone.status())
458e05 
     log.info('Server failed to start as expected')
458e05 
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
458e05 
index d9f431cc5..34ddd8566 100644
458e05 
--- a/ldap/servers/slapd/result.c
458e05 
+++ b/ldap/servers/slapd/result.c
458e05 
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
458e05 
      * "+" means all operational attributes (rfc3673)
458e05 
      * operational attributes are only retrieved if they are named
458e05 
      * specifically or when "+" is specified.
458e05 
+     * In the case of "1.1", if there are other requested attributes
458e05 
+     * then "1.1" should be ignored.
458e05 
      */
458e05
458e05 
     /* figure out if we want all user attributes or no attributes at all */
458e05 
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
458e05 
             if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
458e05 
                 alluserattrs = 1;
458e05 
             } else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
458e05 
-                noattrs = 1;
458e05 
+                /* "1.1" is only valid if it's the only requested attribute */
458e05 
+                if (i == 0 && attrs[1] == NULL) {
458e05 
+                    noattrs = 1;
458e05 
+                }
458e05 
             } else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
458e05 
                 alloperationalattrs = 1;
458e05 
             } else {
458e05 
--
458e05 
2.21.0
458e05

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation