rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0004-Issue-4956-Automember-allows-invalid-regex-and-does-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   51b5b9f9be1e8d5a4e51af73c7b7180c00163a86
  2.   SOURCES
  3.   0004-Issue-4956-Automember-allows-invalid-regex-and-does-.patch
Blob History Raw
51b5b9 
From d037688c072c4cb84fbf9b2a6cb24927f7950605 Mon Sep 17 00:00:00 2001
51b5b9 
From: Mark Reynolds <mreynolds@redhat.com>
51b5b9 
Date: Wed, 20 Oct 2021 10:04:06 -0400
51b5b9 
Subject: [PATCH 04/12] Issue 4956 - Automember allows invalid regex, and does
51b5b9 
 not log proper error
51b5b9
51b5b9 
Bug Description:  The server was detecting an invalid automember
51b5b9 
                  regex, but it did not reject it, and it did not
51b5b9 
                  log which regex rule was invalid.
51b5b9
51b5b9 
Fix Description:  By properly rejecting the invalid regex will also
51b5b9 
                  trigger the proper error logging to occur.
51b5b9
51b5b9 
relates: https://github.com/389ds/389-ds-base/issues/4956
51b5b9
51b5b9 
Reviewed by: tbordaz & spichugi(Thanks!!)
51b5b9 
---
51b5b9 
 .../automember_plugin/configuration_test.py   | 49 +++++++++++++++++--
51b5b9 
 ldap/servers/plugins/automember/automember.c  |  1 +
51b5b9 
 2 files changed, 46 insertions(+), 4 deletions(-)
51b5b9
51b5b9 
diff --git a/dirsrvtests/tests/suites/automember_plugin/configuration_test.py b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
51b5b9 
index 0f9cc49dc..4a6b596db 100644
51b5b9 
--- a/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
51b5b9 
+++ b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
51b5b9 
@@ -1,21 +1,20 @@
51b5b9 
 # --- BEGIN COPYRIGHT BLOCK ---
51b5b9 
-# Copyright (C) 2019 Red Hat, Inc.
51b5b9 
+# Copyright (C) 2021 Red Hat, Inc.
51b5b9 
 # All rights reserved.
51b5b9 
 #
51b5b9 
 # License: GPL (version 3 or any later version).
51b5b9 
 # See LICENSE for details.
51b5b9 
 # --- END COPYRIGHT BLOCK ---
51b5b9
51b5b9 
+import ldap
51b5b9 
 import os
51b5b9 
 import pytest
51b5b9 
-
51b5b9 
 from lib389.topologies import topology_st as topo
51b5b9 
 from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions, MemberOfPlugin
51b5b9 
-import ldap
51b5b9 
+from lib389._constants import DEFAULT_SUFFIX
51b5b9
51b5b9 
 pytestmark = pytest.mark.tier1
51b5b9
51b5b9 
-
51b5b9 
 @pytest.mark.bz834056
51b5b9 
 def test_configuration(topo):
51b5b9 
     """
51b5b9 
@@ -52,6 +51,48 @@ def test_configuration(topo):
51b5b9 
                                               '"cn=SuffDef1,ou=autouserGroups,cn=config" '
51b5b9 
                                               'can not be a child of the plugin config area "cn=config"')
51b5b9
51b5b9 
+def test_invalid_regex(topo):
51b5b9 
+    """Test invalid regex is properly reportedin the error log
51b5b9 
+
51b5b9 
+    :id: a6d89f84-ec76-4871-be96-411d051800b1
51b5b9 
+    :setup: Standalone Instance
51b5b9 
+    :steps:
51b5b9 
+        1. Setup automember
51b5b9 
+        2. Add invalid regex
51b5b9 
+        3. Error log reports useful message
51b5b9 
+    :expectedresults:
51b5b9 
+        1. Success
51b5b9 
+        2. Success
51b5b9 
+        3. Success
51b5b9 
+    """
51b5b9 
+    REGEX_DN = "cn=regex1,cn=testregex,cn=auto membership plugin,cn=plugins,cn=config"
51b5b9 
+    REGEX_VALUE = "cn=*invalid*"
51b5b9 
+    REGEX_ESC_VALUE = "cn=\\*invalid\\*"
51b5b9 
+    GROUP_DN = "cn=demo_group,ou=groups,"  + DEFAULT_SUFFIX
51b5b9 
+
51b5b9 
+    AutoMembershipPlugin(topo.standalone).remove_all("nsslapd-pluginConfigArea")
51b5b9 
+    automemberplugin = AutoMembershipPlugin(topo.standalone)
51b5b9 
+
51b5b9 
+    automember_prop = {
51b5b9 
+        'cn': 'testRegex',
51b5b9 
+        'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX,
51b5b9 
+        'autoMemberFilter': 'objectclass=*',
51b5b9 
+        'autoMemberDefaultGroup': GROUP_DN,
51b5b9 
+        'autoMemberGroupingAttr': 'member:dn',
51b5b9 
+    }
51b5b9 
+    automember_defs = AutoMembershipDefinitions(topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config")
51b5b9 
+    automember_def = automember_defs.create(properties=automember_prop)
51b5b9 
+    automember_def.add_regex_rule("regex1", GROUP_DN, include_regex=[REGEX_VALUE])
51b5b9 
+
51b5b9 
+    automemberplugin.enable()
51b5b9 
+    topo.standalone.restart()
51b5b9 
+
51b5b9 
+    # Check errors log for invalid message
51b5b9 
+    ERR_STR1 = "automember_parse_regex_rule - Unable to parse regex rule"
51b5b9 
+    ERR_STR2 = f"Skipping invalid inclusive regex rule in rule entry \"{REGEX_DN}\" \\(rule = \"{REGEX_ESC_VALUE}\"\\)"
51b5b9 
+    assert topo.standalone.searchErrorsLog(ERR_STR1)
51b5b9 
+    assert topo.standalone.searchErrorsLog(ERR_STR2)
51b5b9 
+
51b5b9
51b5b9 
 if __name__ == "__main__":
51b5b9 
     CURRENT_FILE = os.path.realpath(__file__)
51b5b9 
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
51b5b9 
index 39350ad53..b92b89bd5 100644
51b5b9 
--- a/ldap/servers/plugins/automember/automember.c
51b5b9 
+++ b/ldap/servers/plugins/automember/automember.c
51b5b9 
@@ -1217,6 +1217,7 @@ automember_parse_regex_rule(char *rule_string)
51b5b9 
                       "automember_parse_regex_rule - Unable to parse "
51b5b9 
                       "regex rule (invalid regex).  Error \"%s\".\n",
51b5b9 
                       recomp_result ? recomp_result : "unknown");
51b5b9 
+        goto bail;
51b5b9 
     }
51b5b9
51b5b9 
     /* Validation has passed, so create the regex rule struct and fill it in.
51b5b9 
--
51b5b9 
2.31.1
51b5b9

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation