|
 |
26521d |
From 94702aa0f07dcea5b7ebe7886b2fdc9ab0092cf4 Mon Sep 17 00:00:00 2001
|
|
|
26521d |
From: Ludwig Krispenz <lkrispen@redhat.com>
|
|
|
26521d |
Date: Thu, 21 Feb 2019 16:54:52 +0100
|
|
|
26521d |
Subject: [PATCH] Ticket 50234 - one level search returns not matching entry
|
|
|
26521d |
|
|
|
26521d |
Bug: if in a onelevel search the IDList for the parentid is smaller than the filter
|
|
|
26521d |
threshold and smaller than the list generated by the search filter
|
|
|
26521d |
then the intersection is aborted and all children are returned.
|
|
|
26521d |
|
|
|
26521d |
Fix: In the above case we need to set the flag that the filter evaluation
|
|
|
26521d |
cannot be bypassed
|
|
|
26521d |
|
|
|
26521d |
Reviewed by: William, Thierry. Thanks
|
|
|
26521d |
---
|
|
|
26521d |
dirsrvtests/tests/tickets/ticket50234_test.py | 70 +++++++++++++++++++
|
|
|
26521d |
ldap/servers/slapd/back-ldbm/idl_set.c | 1 +
|
|
|
26521d |
2 files changed, 71 insertions(+)
|
|
|
26521d |
create mode 100644 dirsrvtests/tests/tickets/ticket50234_test.py
|
|
|
26521d |
|
|
|
26521d |
diff --git a/dirsrvtests/tests/tickets/ticket50234_test.py b/dirsrvtests/tests/tickets/ticket50234_test.py
|
|
|
26521d |
new file mode 100644
|
|
|
26521d |
index 000000000..c605c4531
|
|
|
26521d |
--- /dev/null
|
|
|
26521d |
+++ b/dirsrvtests/tests/tickets/ticket50234_test.py
|
|
|
26521d |
@@ -0,0 +1,70 @@
|
|
|
26521d |
+# --- BEGIN COPYRIGHT BLOCK ---
|
|
|
26521d |
+# Copyright (C) 2019 Red Hat, Inc.
|
|
|
26521d |
+# All rights reserved.
|
|
|
26521d |
+#
|
|
|
26521d |
+# License: GPL (version 3 or any later version).
|
|
|
26521d |
+# See LICENSE for details.
|
|
|
26521d |
+# --- END COPYRIGHT BLOCK ---
|
|
|
26521d |
+#
|
|
|
26521d |
+import logging
|
|
|
26521d |
+import time
|
|
|
26521d |
+import ldap
|
|
|
26521d |
+import pytest
|
|
|
26521d |
+
|
|
|
26521d |
+from lib389.topologies import topology_st
|
|
|
26521d |
+
|
|
|
26521d |
+from lib389._constants import DEFAULT_SUFFIX
|
|
|
26521d |
+
|
|
|
26521d |
+from lib389.idm.user import UserAccount, UserAccounts
|
|
|
26521d |
+from lib389.idm.organizationalunit import OrganizationalUnit
|
|
|
26521d |
+
|
|
|
26521d |
+log = logging.getLogger(__name__)
|
|
|
26521d |
+
|
|
|
26521d |
+def test_ticket50234(topology_st):
|
|
|
26521d |
+ """
|
|
|
26521d |
+ The fix for ticket 50234
|
|
|
26521d |
+
|
|
|
26521d |
+
|
|
|
26521d |
+ The test sequence is:
|
|
|
26521d |
+ - create more than 10 entries with objectclass organizational units ou=org{}
|
|
|
26521d |
+ - add an Account in one of them, eg below ou=org5
|
|
|
26521d |
+ - do searches with search base ou=org5 and search filter "objectclass=organizationalunit"
|
|
|
26521d |
+ - a subtree search should return 1 entry, the base entry
|
|
|
26521d |
+ - a onelevel search should return no entry
|
|
|
26521d |
+ """
|
|
|
26521d |
+
|
|
|
26521d |
+ log.info('Testing Ticket 50234 - onelvel search returns not matching entry')
|
|
|
26521d |
+
|
|
|
26521d |
+ for i in range(1,15):
|
|
|
26521d |
+ ou = OrganizationalUnit(topology_st.standalone, "ou=Org{},{}".format(i, DEFAULT_SUFFIX))
|
|
|
26521d |
+ ou.create(properties={'ou': 'Org'.format(i)})
|
|
|
26521d |
+
|
|
|
26521d |
+ properties = {
|
|
|
26521d |
+ 'uid': 'Jeff Vedder',
|
|
|
26521d |
+ 'cn': 'Jeff Vedder',
|
|
|
26521d |
+ 'sn': 'user',
|
|
|
26521d |
+ 'uidNumber': '1000',
|
|
|
26521d |
+ 'gidNumber': '2000',
|
|
|
26521d |
+ 'homeDirectory': '/home/' + 'JeffVedder',
|
|
|
26521d |
+ 'userPassword': 'password'
|
|
|
26521d |
+ }
|
|
|
26521d |
+ user = UserAccount(topology_st.standalone, "cn=Jeff Vedder,ou=org5,{}".format(DEFAULT_SUFFIX))
|
|
|
26521d |
+ user.create(properties=properties)
|
|
|
26521d |
+
|
|
|
26521d |
+ # in a subtree search the entry used as search base matches the filter and shoul be returned
|
|
|
26521d |
+ ent = topology_st.standalone.getEntry("ou=org5,{}".format(DEFAULT_SUFFIX), ldap.SCOPE_SUBTREE, "(objectclass=organizationalunit)")
|
|
|
26521d |
+
|
|
|
26521d |
+ # in a onelevel search the only child is an useraccount which does not match the filter
|
|
|
26521d |
+ # no entry should be returned, which would cause getEntry to raise an exception we need to handle
|
|
|
26521d |
+ found = 1
|
|
|
26521d |
+ try:
|
|
|
26521d |
+ ent = topology_st.standalone.getEntry("ou=org5,{}".format(DEFAULT_SUFFIX), ldap.SCOPE_ONELEVEL, "(objectclass=organizationalunit)")
|
|
|
26521d |
+ except ldap.NO_SUCH_OBJECT:
|
|
|
26521d |
+ found = 0
|
|
|
26521d |
+ assert (found == 0)
|
|
|
26521d |
+
|
|
|
26521d |
+if __name__ == '__main__':
|
|
|
26521d |
+ # Run isolated
|
|
|
26521d |
+ # -s for DEBUG mode
|
|
|
26521d |
+ CURRENT_FILE = os.path.realpath(__file__)
|
|
|
26521d |
+ pytest.main("-s %s" % CURRENT_FILE)
|
|
|
26521d |
diff --git a/ldap/servers/slapd/back-ldbm/idl_set.c b/ldap/servers/slapd/back-ldbm/idl_set.c
|
|
|
26521d |
index f9a900f1f..6b6586799 100644
|
|
|
26521d |
--- a/ldap/servers/slapd/back-ldbm/idl_set.c
|
|
|
26521d |
+++ b/ldap/servers/slapd/back-ldbm/idl_set.c
|
|
|
26521d |
@@ -371,6 +371,7 @@ idl_set_intersect(IDListSet *idl_set, backend *be)
|
|
|
26521d |
result_list = idl_set->head;
|
|
|
26521d |
} else if (idl_set->minimum->b_nids <= FILTER_TEST_THRESHOLD) {
|
|
|
26521d |
result_list = idl_set->minimum;
|
|
|
26521d |
+ slapi_be_set_flag(be, SLAPI_BE_FLAG_DONT_BYPASS_FILTERTEST);
|
|
|
26521d |
|
|
|
26521d |
/* Free the other IDLs which are not the minimum. */
|
|
|
26521d |
IDList *next = NULL;
|
|
|
26521d |
--
|
|
|
26521d |
2.17.2
|
|
|
26521d |
|