|
|
a2f18f |
From 0536984f7b3e9d6e143936b0eda92b510f63d304 Mon Sep 17 00:00:00 2001
|
|
|
a2f18f |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
a2f18f |
Date: Tue, 4 Aug 2015 12:15:31 -0400
|
|
|
a2f18f |
Subject: [PATCH 33/39] Ticket 47810 - memberOf plugin not properly rejecting
|
|
|
a2f18f |
updates
|
|
|
a2f18f |
|
|
|
a2f18f |
Bug Description: When the memberOf plugin tries to add memberOf attribute to
|
|
|
a2f18f |
an entry during a mod-replace on a group, even though the
|
|
|
a2f18f |
update to the user entry fails, but plugin still allows
|
|
|
a2f18f |
the member to be added to the group.
|
|
|
a2f18f |
|
|
|
a2f18f |
Fix Description: During a mod/replace check and return an error if the member
|
|
|
a2f18f |
update fails.
|
|
|
a2f18f |
|
|
|
a2f18f |
https://fedorahosted.org/389/ticket/47810
|
|
|
a2f18f |
|
|
|
a2f18f |
Reviewed by: nhosoi(Thanks!)
|
|
|
a2f18f |
|
|
|
a2f18f |
(cherry picked from commit eb54f03e240402a4bd16f9cde1d66539805f56ea)
|
|
|
a2f18f |
(cherry picked from commit b4b6adcec7d810c7893fd9cb888fa906b9ffa836)
|
|
|
a2f18f |
---
|
|
|
a2f18f |
dirsrvtests/suites/betxns/betxn_test.py | 64 +++++++++++++++++++++++++++++++-
|
|
|
a2f18f |
ldap/servers/plugins/memberof/memberof.c | 13 ++++---
|
|
|
a2f18f |
2 files changed, 70 insertions(+), 7 deletions(-)
|
|
|
a2f18f |
|
|
|
a2f18f |
diff --git a/dirsrvtests/suites/betxns/betxn_test.py b/dirsrvtests/suites/betxns/betxn_test.py
|
|
|
a2f18f |
index 93c4c31..5da6e50 100644
|
|
|
a2f18f |
--- a/dirsrvtests/suites/betxns/betxn_test.py
|
|
|
a2f18f |
+++ b/dirsrvtests/suites/betxns/betxn_test.py
|
|
|
a2f18f |
@@ -3,7 +3,7 @@
|
|
|
a2f18f |
# All rights reserved.
|
|
|
a2f18f |
#
|
|
|
a2f18f |
# License: GPL (version 3 or any later version).
|
|
|
a2f18f |
-# See LICENSE for details.
|
|
|
a2f18f |
+# See LICENSE for details.
|
|
|
a2f18f |
# --- END COPYRIGHT BLOCK ---
|
|
|
a2f18f |
#
|
|
|
a2f18f |
import os
|
|
|
a2f18f |
@@ -174,6 +174,67 @@ def test_betxn_attr_uniqueness(topology):
|
|
|
a2f18f |
log.info('test_betxn_attr_uniqueness: PASSED')
|
|
|
a2f18f |
|
|
|
a2f18f |
|
|
|
a2f18f |
+def test_betxn_memberof(topology):
|
|
|
a2f18f |
+ ENTRY1_DN = 'cn=group1,' + DEFAULT_SUFFIX
|
|
|
a2f18f |
+ ENTRY2_DN = 'cn=group2,' + DEFAULT_SUFFIX
|
|
|
a2f18f |
+ PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config'
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Enable and configure memberOf plugin
|
|
|
a2f18f |
+ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ topology.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')])
|
|
|
a2f18f |
+ except ldap.LDAPError, e:
|
|
|
a2f18f |
+ log.fatal('test_betxn_memberof: Failed to update config(member): error ' + e.message['desc'])
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Add our test entries
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ topology.standalone.add_s(Entry((ENTRY1_DN, {'objectclass': "top groupofnames".split(),
|
|
|
a2f18f |
+ 'cn': 'group1'})))
|
|
|
a2f18f |
+ except ldap.LDAPError, e:
|
|
|
a2f18f |
+ log.error('test_betxn_memberof: Failed to add group1:' +
|
|
|
a2f18f |
+ ENTRY1_DN + ', error ' + e.message['desc'])
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ topology.standalone.add_s(Entry((ENTRY2_DN, {'objectclass': "top groupofnames".split(),
|
|
|
a2f18f |
+ 'cn': 'group1'})))
|
|
|
a2f18f |
+ except ldap.LDAPError, e:
|
|
|
a2f18f |
+ log.error('test_betxn_memberof: Failed to add group2:' +
|
|
|
a2f18f |
+ ENTRY2_DN + ', error ' + e.message['desc'])
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ #
|
|
|
a2f18f |
+ # Test mod replace
|
|
|
a2f18f |
+ #
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Add group2 to group1 - it should fail with objectclass violation
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_REPLACE, 'member', ENTRY2_DN)])
|
|
|
a2f18f |
+ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+ except ldap.LDAPError, e:
|
|
|
a2f18f |
+ log.info('test_betxn_memberof: Group2 was correctly rejected (mod replace): error ' + e.message['desc'])
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ #
|
|
|
a2f18f |
+ # Test mod add
|
|
|
a2f18f |
+ #
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ # Add group2 to group1 - it should fail with objectclass violation
|
|
|
a2f18f |
+ try:
|
|
|
a2f18f |
+ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_ADD, 'member', ENTRY2_DN)])
|
|
|
a2f18f |
+ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
|
|
|
a2f18f |
+ assert False
|
|
|
a2f18f |
+ except ldap.LDAPError, e:
|
|
|
a2f18f |
+ log.info('test_betxn_memberof: Group2 was correctly rejected (mod add): error ' + e.message['desc'])
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ #
|
|
|
a2f18f |
+ # Done
|
|
|
a2f18f |
+ #
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+ log.info('test_betxn_memberof: PASSED')
|
|
|
a2f18f |
+
|
|
|
a2f18f |
+
|
|
|
a2f18f |
def test_betxn_final(topology):
|
|
|
a2f18f |
topology.standalone.delete()
|
|
|
a2f18f |
log.info('betxn test suite PASSED')
|
|
|
a2f18f |
@@ -187,6 +248,7 @@ def run_isolated():
|
|
|
a2f18f |
test_betxn_init(topo)
|
|
|
a2f18f |
test_betxt_7bit(topo)
|
|
|
a2f18f |
test_betxn_attr_uniqueness(topo)
|
|
|
a2f18f |
+ test_betxn_memberof(topo)
|
|
|
a2f18f |
test_betxn_final(topo)
|
|
|
a2f18f |
|
|
|
a2f18f |
|
|
|
a2f18f |
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
|
|
|
a2f18f |
index 144285b..da52bc8 100644
|
|
|
a2f18f |
--- a/ldap/servers/plugins/memberof/memberof.c
|
|
|
a2f18f |
+++ b/ldap/servers/plugins/memberof/memberof.c
|
|
|
a2f18f |
@@ -2373,6 +2373,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
|
|
|
a2f18f |
struct slapi_entry *post_e = NULL;
|
|
|
a2f18f |
Slapi_Attr *pre_attr = 0;
|
|
|
a2f18f |
Slapi_Attr *post_attr = 0;
|
|
|
a2f18f |
+ int rc = 0;
|
|
|
a2f18f |
int i = 0;
|
|
|
a2f18f |
|
|
|
a2f18f |
slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
|
|
|
a2f18f |
@@ -2449,14 +2450,14 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
|
|
|
a2f18f |
in pre, not in post, delete from entry
|
|
|
a2f18f |
not in pre, in post, add to entry
|
|
|
a2f18f |
*/
|
|
|
a2f18f |
- while(pre_index < pre_total || post_index < post_total)
|
|
|
a2f18f |
+ while(rc == 0 && (pre_index < pre_total || post_index < post_total))
|
|
|
a2f18f |
{
|
|
|
a2f18f |
if(pre_index == pre_total)
|
|
|
a2f18f |
{
|
|
|
a2f18f |
/* add the rest of post */
|
|
|
a2f18f |
slapi_sdn_set_normdn_byref(sdn,
|
|
|
a2f18f |
slapi_value_get_string(post_array[post_index]));
|
|
|
a2f18f |
- memberof_add_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
+ rc = memberof_add_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
|
|
|
a2f18f |
post_index++;
|
|
|
a2f18f |
}
|
|
|
a2f18f |
@@ -2465,7 +2466,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
|
|
|
a2f18f |
/* delete the rest of pre */
|
|
|
a2f18f |
slapi_sdn_set_normdn_byref(sdn,
|
|
|
a2f18f |
slapi_value_get_string(pre_array[pre_index]));
|
|
|
a2f18f |
- memberof_del_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
+ rc = memberof_del_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
|
|
|
a2f18f |
pre_index++;
|
|
|
a2f18f |
}
|
|
|
a2f18f |
@@ -2482,7 +2483,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
|
|
|
a2f18f |
/* delete pre array */
|
|
|
a2f18f |
slapi_sdn_set_normdn_byref(sdn,
|
|
|
a2f18f |
slapi_value_get_string(pre_array[pre_index]));
|
|
|
a2f18f |
- memberof_del_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
+ rc = memberof_del_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
|
|
|
a2f18f |
pre_index++;
|
|
|
a2f18f |
}
|
|
|
a2f18f |
@@ -2491,7 +2492,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
|
|
|
a2f18f |
/* add post array */
|
|
|
a2f18f |
slapi_sdn_set_normdn_byref(sdn,
|
|
|
a2f18f |
slapi_value_get_string(post_array[post_index]));
|
|
|
a2f18f |
- memberof_add_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
+ rc = memberof_add_one(pb, config, group_sdn, sdn);
|
|
|
a2f18f |
|
|
|
a2f18f |
post_index++;
|
|
|
a2f18f |
}
|
|
|
a2f18f |
@@ -2509,7 +2510,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
|
|
|
a2f18f |
}
|
|
|
a2f18f |
}
|
|
|
a2f18f |
|
|
|
a2f18f |
- return 0;
|
|
|
a2f18f |
+ return rc;
|
|
|
a2f18f |
}
|
|
|
a2f18f |
|
|
|
a2f18f |
/* memberof_load_array()
|
|
|
a2f18f |
--
|
|
|
a2f18f |
1.9.3
|
|
|
a2f18f |
|