|
 |
9f2552 |
From d037688c072c4cb84fbf9b2a6cb24927f7950605 Mon Sep 17 00:00:00 2001
|
|
|
9f2552 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
9f2552 |
Date: Wed, 20 Oct 2021 10:04:06 -0400
|
|
|
9f2552 |
Subject: [PATCH 04/12] Issue 4956 - Automember allows invalid regex, and does
|
|
|
9f2552 |
not log proper error
|
|
|
9f2552 |
|
|
|
9f2552 |
Bug Description: The server was detecting an invalid automember
|
|
|
9f2552 |
regex, but it did not reject it, and it did not
|
|
|
9f2552 |
log which regex rule was invalid.
|
|
|
9f2552 |
|
|
|
9f2552 |
Fix Description: By properly rejecting the invalid regex will also
|
|
|
9f2552 |
trigger the proper error logging to occur.
|
|
|
9f2552 |
|
|
|
9f2552 |
relates: https://github.com/389ds/389-ds-base/issues/4956
|
|
|
9f2552 |
|
|
|
9f2552 |
Reviewed by: tbordaz & spichugi(Thanks!!)
|
|
|
9f2552 |
---
|
|
|
9f2552 |
.../automember_plugin/configuration_test.py | 49 +++++++++++++++++--
|
|
|
9f2552 |
ldap/servers/plugins/automember/automember.c | 1 +
|
|
|
9f2552 |
2 files changed, 46 insertions(+), 4 deletions(-)
|
|
|
9f2552 |
|
|
|
9f2552 |
diff --git a/dirsrvtests/tests/suites/automember_plugin/configuration_test.py b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
|
|
|
9f2552 |
index 0f9cc49dc..4a6b596db 100644
|
|
|
9f2552 |
--- a/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
|
|
|
9f2552 |
+++ b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
|
|
|
9f2552 |
@@ -1,21 +1,20 @@
|
|
|
9f2552 |
# --- BEGIN COPYRIGHT BLOCK ---
|
|
|
9f2552 |
-# Copyright (C) 2019 Red Hat, Inc.
|
|
|
9f2552 |
+# Copyright (C) 2021 Red Hat, Inc.
|
|
|
9f2552 |
# All rights reserved.
|
|
|
9f2552 |
#
|
|
|
9f2552 |
# License: GPL (version 3 or any later version).
|
|
|
9f2552 |
# See LICENSE for details.
|
|
|
9f2552 |
# --- END COPYRIGHT BLOCK ---
|
|
|
9f2552 |
|
|
|
9f2552 |
+import ldap
|
|
|
9f2552 |
import os
|
|
|
9f2552 |
import pytest
|
|
|
9f2552 |
-
|
|
|
9f2552 |
from lib389.topologies import topology_st as topo
|
|
|
9f2552 |
from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions, MemberOfPlugin
|
|
|
9f2552 |
-import ldap
|
|
|
9f2552 |
+from lib389._constants import DEFAULT_SUFFIX
|
|
|
9f2552 |
|
|
|
9f2552 |
pytestmark = pytest.mark.tier1
|
|
|
9f2552 |
|
|
|
9f2552 |
-
|
|
|
9f2552 |
@pytest.mark.bz834056
|
|
|
9f2552 |
def test_configuration(topo):
|
|
|
9f2552 |
"""
|
|
|
9f2552 |
@@ -52,6 +51,48 @@ def test_configuration(topo):
|
|
|
9f2552 |
'"cn=SuffDef1,ou=autouserGroups,cn=config" '
|
|
|
9f2552 |
'can not be a child of the plugin config area "cn=config"')
|
|
|
9f2552 |
|
|
|
9f2552 |
+def test_invalid_regex(topo):
|
|
|
9f2552 |
+ """Test invalid regex is properly reportedin the error log
|
|
|
9f2552 |
+
|
|
|
9f2552 |
+ :id: a6d89f84-ec76-4871-be96-411d051800b1
|
|
|
9f2552 |
+ :setup: Standalone Instance
|
|
|
9f2552 |
+ :steps:
|
|
|
9f2552 |
+ 1. Setup automember
|
|
|
9f2552 |
+ 2. Add invalid regex
|
|
|
9f2552 |
+ 3. Error log reports useful message
|
|
|
9f2552 |
+ :expectedresults:
|
|
|
9f2552 |
+ 1. Success
|
|
|
9f2552 |
+ 2. Success
|
|
|
9f2552 |
+ 3. Success
|
|
|
9f2552 |
+ """
|
|
|
9f2552 |
+ REGEX_DN = "cn=regex1,cn=testregex,cn=auto membership plugin,cn=plugins,cn=config"
|
|
|
9f2552 |
+ REGEX_VALUE = "cn=*invalid*"
|
|
|
9f2552 |
+ REGEX_ESC_VALUE = "cn=\\*invalid\\*"
|
|
|
9f2552 |
+ GROUP_DN = "cn=demo_group,ou=groups," + DEFAULT_SUFFIX
|
|
|
9f2552 |
+
|
|
|
9f2552 |
+ AutoMembershipPlugin(topo.standalone).remove_all("nsslapd-pluginConfigArea")
|
|
|
9f2552 |
+ automemberplugin = AutoMembershipPlugin(topo.standalone)
|
|
|
9f2552 |
+
|
|
|
9f2552 |
+ automember_prop = {
|
|
|
9f2552 |
+ 'cn': 'testRegex',
|
|
|
9f2552 |
+ 'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX,
|
|
|
9f2552 |
+ 'autoMemberFilter': 'objectclass=*',
|
|
|
9f2552 |
+ 'autoMemberDefaultGroup': GROUP_DN,
|
|
|
9f2552 |
+ 'autoMemberGroupingAttr': 'member:dn',
|
|
|
9f2552 |
+ }
|
|
|
9f2552 |
+ automember_defs = AutoMembershipDefinitions(topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config")
|
|
|
9f2552 |
+ automember_def = automember_defs.create(properties=automember_prop)
|
|
|
9f2552 |
+ automember_def.add_regex_rule("regex1", GROUP_DN, include_regex=[REGEX_VALUE])
|
|
|
9f2552 |
+
|
|
|
9f2552 |
+ automemberplugin.enable()
|
|
|
9f2552 |
+ topo.standalone.restart()
|
|
|
9f2552 |
+
|
|
|
9f2552 |
+ # Check errors log for invalid message
|
|
|
9f2552 |
+ ERR_STR1 = "automember_parse_regex_rule - Unable to parse regex rule"
|
|
|
9f2552 |
+ ERR_STR2 = f"Skipping invalid inclusive regex rule in rule entry \"{REGEX_DN}\" \\(rule = \"{REGEX_ESC_VALUE}\"\\)"
|
|
|
9f2552 |
+ assert topo.standalone.searchErrorsLog(ERR_STR1)
|
|
|
9f2552 |
+ assert topo.standalone.searchErrorsLog(ERR_STR2)
|
|
|
9f2552 |
+
|
|
|
9f2552 |
|
|
|
9f2552 |
if __name__ == "__main__":
|
|
|
9f2552 |
CURRENT_FILE = os.path.realpath(__file__)
|
|
|
9f2552 |
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
|
|
|
9f2552 |
index 39350ad53..b92b89bd5 100644
|
|
|
9f2552 |
--- a/ldap/servers/plugins/automember/automember.c
|
|
|
9f2552 |
+++ b/ldap/servers/plugins/automember/automember.c
|
|
|
9f2552 |
@@ -1217,6 +1217,7 @@ automember_parse_regex_rule(char *rule_string)
|
|
|
9f2552 |
"automember_parse_regex_rule - Unable to parse "
|
|
|
9f2552 |
"regex rule (invalid regex). Error \"%s\".\n",
|
|
|
9f2552 |
recomp_result ? recomp_result : "unknown");
|
|
|
9f2552 |
+ goto bail;
|
|
|
9f2552 |
}
|
|
|
9f2552 |
|
|
|
9f2552 |
/* Validation has passed, so create the regex rule struct and fill it in.
|
|
|
9f2552 |
--
|
|
|
9f2552 |
2.31.1
|
|
|
9f2552 |
|