From 36660f00bf11f89c632f581d6f82b7383b1aa190 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 26 Jan 2023 08:16:49 -0500
Subject: [PATCH 4/5] Issue 5497 - boolean attributes should be case
 insensitive

Description:  Boolean values are supposed to be case insensitive, but in our
              code it is senstiive even though the code is in the "cis" file.

relates: https://github.com/389ds/389-ds-base/issues/5497

Reviewed by: spichugi(Thanks!)
---
 .../tests/suites/syntax/acceptance_test.py    | 248 ++++++++++++++++++
 ldap/servers/plugins/syntaxes/cis.c           |   4 +-
 2 files changed, 250 insertions(+), 2 deletions(-)
 create mode 100644 dirsrvtests/tests/suites/syntax/acceptance_test.py

diff --git a/dirsrvtests/tests/suites/syntax/acceptance_test.py b/dirsrvtests/tests/suites/syntax/acceptance_test.py
new file mode 100644
index 000000000..807936892
--- /dev/null
+++ b/dirsrvtests/tests/suites/syntax/acceptance_test.py
@@ -0,0 +1,248 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2023 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+
+import ldap
+import pytest
+import os
+from lib389.schema import Schema
+from lib389.config import Config
+from lib389.idm.user import UserAccounts
+from lib389.idm.group import Group, Groups
+from lib389._constants import DEFAULT_SUFFIX
+from lib389.topologies import log, topology_st as topo
+
+pytestmark = pytest.mark.tier0
+
+log = log.getChild(__name__)
+
+
+@pytest.fixture(scope="function")
+def validate_syntax_off(topo, request):
+    config = Config(topo.standalone)
+    config.replace("nsslapd-syntaxcheck", "off")
+
+    def fin():
+        config.replace("nsslapd-syntaxcheck", "on")
+    request.addfinalizer(fin)
+
+
+def test_valid(topo, validate_syntax_off):
+    """Test syntax-validate task with valid entries
+
+    :id: ec402a5b-bfb1-494d-b751-71b0d31a4d83
+    :setup: Standalone instance
+    :steps:
+        1. Set nsslapd-syntaxcheck to off
+        2. Clean error log
+        3. Run syntax validate task
+        4. Assert that there are no errors in the error log
+        5. Set nsslapd-syntaxcheck to on
+    :expectedresults:
+        1. It should succeed
+        2. It should succeed
+        3. It should succeed
+        4. It should succeed
+        5. It should succeed
+    """
+
+    inst = topo.standalone
+
+    log.info('Clean the error log')
+    inst.deleteErrorLogs()
+
+    schema = Schema(inst)
+    log.info('Attempting to add task entry...')
+    validate_task = schema.validate_syntax(DEFAULT_SUFFIX)
+    validate_task.wait()
+    exitcode = validate_task.get_exit_code()
+    assert exitcode == 0
+    error_lines = inst.ds_error_log.match('.*Found 0 invalid entries.*')
+    assert (len(error_lines) == 1)
+    log.info('Found 0 invalid entries - Success')
+
+
+def test_invalid_uidnumber(topo, validate_syntax_off):
+    """Test syntax-validate task with invalid uidNumber attribute value
+
+    :id: 30fdcae6-ffa6-4ec4-8da9-6fb138fc1828
+    :setup: Standalone instance
+    :steps:
+        1. Set nsslapd-syntaxcheck to off
+        2. Clean error log
+        3. Add a user with uidNumber attribute set to an invalid value (string)
+        4. Run syntax validate task
+        5. Assert that there is corresponding error in the error log
+        6. Set nsslapd-syntaxcheck to on
+    :expectedresults:
+        1. It should succeed
+        2. It should succeed
+        3. It should succeed
+        4. It should succeed
+        5. It should succeed
+        6. It should succeed
+    """
+
+    inst = topo.standalone
+
+    log.info('Clean the error log')
+    inst.deleteErrorLogs()
+
+    users = UserAccounts(inst, DEFAULT_SUFFIX)
+    users.create_test_user(uid="invalid_value")
+
+    schema = Schema(inst)
+    log.info('Attempting to add task entry...')
+    validate_task = schema.validate_syntax(DEFAULT_SUFFIX)
+    validate_task.wait()
+    exitcode = validate_task.get_exit_code()
+    assert exitcode == 0
+    error_lines = inst.ds_error_log.match('.*uidNumber: value #0 invalid per syntax.*')
+    assert (len(error_lines) == 1)
+    log.info('Found an invalid entry with wrong uidNumber - Success')
+
+
+def test_invalid_dn_syntax_crash(topo):
+    """Add an entry with an escaped space, restart the server, and try to delete
+    it.  In this case the DN is not correctly parsed and causes cache revert to
+    to dereference a NULL pointer.  So the delete can fail as long as the server
+    does not crash.
+
+    :id: 62d87272-dfb8-4627-9ca1-dbe33082caf8
+    :setup: Standalone Instance
+    :steps:
+        1. Add entry with leading escaped space in the RDN
+        2. Restart the server so the entry is rebuilt from the database
+        3. Delete the entry
+        4. The server should still be running
+    :expectedresults:
+        1. Success
+        2. Success
+        3. Success
+        4. Success
+    """
+
+        # Create group
+    groups = Groups(topo.standalone, DEFAULT_SUFFIX)
+    group = groups.create(properties={'cn': ' test'})
+
+    # Restart the server
+    topo.standalone.restart()
+
+    # Delete group
+    try:
+        group.delete()
+    except ldap.NO_SUCH_OBJECT:
+        # This is okay in this case as we are only concerned about a crash
+        pass
+
+    # Make sure server is still running
+    groups.list()
+
+
+@pytest.mark.parametrize("props, rawdn", [
+                         ({'cn': ' leadingSpace'}, "cn=\\20leadingSpace,ou=Groups,dc=example,dc=com"),
+                         ({'cn': 'trailingSpace '}, "cn=trailingSpace\\20,ou=Groups,dc=example,dc=com")])
+def test_dn_syntax_spaces_delete(topo,  props,  rawdn):
+    """Test that an entry with a space as the first character in the DN can be
+    deleted without error.  We also want to make sure the indexes are properly
+    updated by repeatedly adding and deleting the entry, and that the entry cache
+    is properly maintained.
+
+    :id: b993f37c-c2b0-4312-992c-a9048ff98965
+    :customerscenario: True
+    :parametrized: yes
+    :setup: Standalone Instance
+    :steps:
+        1. Create a group with a DN that has a space as the first/last
+           character.
+        2. Delete group
+        3. Add group
+        4. Modify group
+        5. Restart server and modify entry
+        6. Delete group
+        7. Add group back
+        8. Delete group using specific DN
+    :expectedresults:
+        1. Success
+        2. Success
+        3. Success
+        4. Success
+        5. Success
+        6. Success
+        7. Success
+        8. Success
+    """
+
+    # Create group
+    groups = Groups(topo.standalone, DEFAULT_SUFFIX)
+    group = groups.create(properties=props.copy())
+
+    # Delete group (verifies DN/RDN parsing works and cache is correct)
+    group.delete()
+
+    # Add group again (verifies entryrdn index was properly updated)
+    groups = Groups(topo.standalone, DEFAULT_SUFFIX)
+    group = groups.create(properties=props.copy())
+
+    # Modify the group (verifies dn/rdn parsing is correct)
+    group.replace('description', 'escaped space group')
+
+    # Restart the server.  This will pull the entry from the database and
+    # convert it into a cache entry, which is different than how a client
+    # first adds an entry and is put into the cache before being written to
+    # disk.
+    topo.standalone.restart()
+
+    # Make sure we can modify the entry (verifies cache entry was created
+    # correctly)
+    group.replace('description', 'escaped space group after restart')
+
+    # Make sure it can still be deleted (verifies cache again).
+    group.delete()
+
+    # Add it back so we can delete it using a specific DN (sanity test to verify
+    # another DN/RDN parsing variation).
+    groups = Groups(topo.standalone, DEFAULT_SUFFIX)
+    group = groups.create(properties=props.copy())
+    group = Group(topo.standalone, dn=rawdn)
+    group.delete()
+
+
+def test_boolean_case(topo):
+    """Test that we can a boolean value in any case
+
+       :id: 56777c1d-b058-41e1-abd5-87a6f1512db2
+       :customerscenario: True
+       :setup: Standalone Instance
+       :steps:
+           1. Create test user
+           2. Add boolean attribute value that is lowercase "false"
+       :expectedresults:
+           1. Success
+           2. Success
+    """
+    inst = topo.standalone
+    users  = UserAccounts(inst, DEFAULT_SUFFIX)
+    user = users.create_test_user(uid=1011)
+
+    user.add('objectclass', 'extensibleObject')
+    user.add('pamsecure', 'false')
+    user.replace('pamsecure', 'FALSE')
+    user.replace('pamsecure', 'true')
+    user.replace('pamsecure', 'TRUE')
+
+    # Test some invalid syntax
+    with pytest.raises(ldap.INVALID_SYNTAX):
+        user.replace('pamsecure', 'blah')
+
+
+if __name__ == '__main__':
+    # Run isolated
+    # -s for DEBUG mode
+    CURRENT_FILE = os.path.realpath(__file__)
+    pytest.main("-s %s" % CURRENT_FILE)
diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c
index e1242e3f4..c9274f37f 100644
--- a/ldap/servers/plugins/syntaxes/cis.c
+++ b/ldap/servers/plugins/syntaxes/cis.c
@@ -853,12 +853,12 @@ boolean_validate(
      */
     if (val != NULL) {
         if (val->bv_len == 4) {
-            if (strncmp(val->bv_val, "TRUE", 4) != 0) {
+            if (strncasecmp(val->bv_val, "TRUE", 4) != 0) {
                 rc = 1;
                 goto exit;
             }
         } else if (val->bv_len == 5) {
-            if (strncmp(val->bv_val, "FALSE", 5) != 0) {
+            if (strncasecmp(val->bv_val, "FALSE", 5) != 0) {
                 rc = 1;
                 goto exit;
             }
-- 
2.39.1