From 340b81a59cee365e7300e57c1ca5f4866373954c Mon Sep 17 00:00:00 2001

From: tbordaz <tbordaz@redhat.com>

Date: Wed, 16 Dec 2020 16:30:28 +0100

Subject: [PATCH 1/4] Issue 4480 - Unexpected info returned to ldap request

 (#4491)

Bug description:

	If the bind entry does not exist, the bind result info

        reports that 'No such entry'. It should not give any

        information if the target entry exists or not

Fix description:

	Does not return any additional information during a bind

relates: https://github.com/389ds/389-ds-base/issues/4480

Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)

Platforms tested:  F31

---

 dirsrvtests/tests/suites/basic/basic_test.py | 30 ++++++++++++++++++++

 ldap/servers/slapd/back-ldbm/ldbm_config.c   |  2 +-

 ldap/servers/slapd/result.c                  |  2 +-

 3 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py

index 120207321..e9afa1e7e 100644

--- a/dirsrvtests/tests/suites/basic/basic_test.py

+++ b/dirsrvtests/tests/suites/basic/basic_test.py

@@ -1400,6 +1400,36 @@ def test_dscreate_multiple_dashes_name(dscreate_long_instance):

     assert not dscreate_long_instance.exists()

+def test_bind_invalid_entry(topology_st):

+    """Test the failing bind does not return information about the entry

+

+    :id: 5cd9b083-eea6-426b-84ca-83c26fc49a6f

+

+    :setup: Standalone instance

+

+    :steps:

+    1: bind as non existing entry

+    2: check that bind info does not report 'No such entry'

+

+    :expectedresults:

+    1: pass

+    2: pass

+    """

+

+    topology_st.standalone.restart()

+    INVALID_ENTRY="cn=foooo,%s" % DEFAULT_SUFFIX

+    try:

+        topology_st.standalone.simple_bind_s(INVALID_ENTRY, PASSWORD)

+    except ldap.LDAPError as e:

+        log.info('test_bind_invalid_entry: Failed to bind as %s (expected)' % INVALID_ENTRY)

+        log.info('exception description: ' + e.args[0]['desc'])

+        if 'info' in e.args[0]:

+            log.info('exception info: ' + e.args[0]['info'])

+        assert e.args[0]['desc'] == 'Invalid credentials'

+        assert 'info' not in e.args[0]

+        pass

+

+    log.info('test_bind_invalid_entry: PASSED')

 if __name__ == '__main__':

     # Run isolated

diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c b/ldap/servers/slapd/back-ldbm/ldbm_config.c

index 88c186359..dee5fc088 100644

--- a/ldap/servers/slapd/back-ldbm/ldbm_config.c

+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c

@@ -1266,7 +1266,7 @@ ldbm_config_search_entry_callback(Slapi_PBlock *pb __attribute__((unused)),

             if (attrs) {

                 for (size_t i = 0; attrs[i]; i++) {

                     if (ldbm_config_moved_attr(attrs[i])) {

-                        slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "at least one required attribute has been moved to the BDB scecific configuration entry");

+                        slapi_pblock_set(pb, SLAPI_RESULT_TEXT, "at least one required attribute has been moved to the BDB scecific configuration entry");

                         break;

                     }

                 }

diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c

index 61efb6f8d..40c5dcc57 100644

--- a/ldap/servers/slapd/result.c

+++ b/ldap/servers/slapd/result.c

@@ -355,7 +355,7 @@ send_ldap_result_ext(

     if (text) {

         pbtext = text;

     } else {

-        slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &pbtext);

+        slapi_pblock_get(pb, SLAPI_RESULT_TEXT, &pbtext);

     }

     if (operation == NULL) {

-- 

2.26.2