|
 |
a3727e |
From 51ea1d34b861dfffb12fbe6be4e23d9342fd0fe2 Mon Sep 17 00:00:00 2001
|
|
|
a3727e |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
a3727e |
Date: Fri, 2 Aug 2019 14:36:24 -0400
|
|
|
a3727e |
Subject: [PATCH] Issue 50530 - Directory Server not RFC 4511 compliant with
|
|
|
a3727e |
requested attr "1.1"
|
|
|
a3727e |
|
|
|
a3727e |
Bug Description: A regression was introduced some time back that changed the
|
|
|
a3727e |
behavior of how the server handled the "1.1" requested attribute
|
|
|
a3727e |
in a search request. If "1.1" was requested along with other
|
|
|
a3727e |
attributes then no attibutes were returned, but in this case "1.1"
|
|
|
a3727e |
is expected to be ignroed.
|
|
|
a3727e |
|
|
|
a3727e |
Fix Description: Only comply with "1.1" if it is the only requested attribute
|
|
|
a3727e |
|
|
|
a3727e |
relates: https://pagure.io/389-ds-base/issue/50530
|
|
|
a3727e |
|
|
|
a3727e |
Reviewed by: firstyear(Thanks!)
|
|
|
a3727e |
---
|
|
|
a3727e |
dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++---
|
|
|
a3727e |
ldap/servers/slapd/result.c | 7 ++-
|
|
|
a3727e |
2 files changed, 57 insertions(+), 7 deletions(-)
|
|
|
a3727e |
|
|
|
a3727e |
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
|
|
|
a3727e |
index 0f7536b63..cea4f6bfe 100644
|
|
|
a3727e |
--- a/dirsrvtests/tests/suites/basic/basic_test.py
|
|
|
a3727e |
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
|
|
|
a3727e |
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
|
|
|
a3727e |
USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
|
|
|
a3727e |
USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
|
|
|
a3727e |
USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
|
|
|
a3727e |
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
|
|
|
a3727e |
|
|
|
a3727e |
ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
|
|
|
a3727e |
'supportedLDAPVersion',
|
|
|
a3727e |
@@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif):
|
|
|
a3727e |
'uid': 'user1',
|
|
|
a3727e |
'userpassword': PASSWORD})))
|
|
|
a3727e |
except ldap.LDAPError as e:
|
|
|
a3727e |
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
|
|
|
a3727e |
- + ': error ' + e.message['desc'])
|
|
|
a3727e |
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
|
|
|
a3727e |
+ ': error ' + e.message['desc'])
|
|
|
a3727e |
assert False
|
|
|
a3727e |
|
|
|
a3727e |
try:
|
|
|
a3727e |
@@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif):
|
|
|
a3727e |
'uid': 'user2',
|
|
|
a3727e |
'userpassword': PASSWORD})))
|
|
|
a3727e |
except ldap.LDAPError as e:
|
|
|
a3727e |
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
|
|
|
a3727e |
- + ': error ' + e.message['desc'])
|
|
|
a3727e |
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
|
|
|
a3727e |
+ ': error ' + e.message['desc'])
|
|
|
a3727e |
assert False
|
|
|
a3727e |
|
|
|
a3727e |
#
|
|
|
a3727e |
@@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif):
|
|
|
a3727e |
log.info('test_basic_searches: PASSED')
|
|
|
a3727e |
|
|
|
a3727e |
|
|
|
a3727e |
+@pytest.fixture(scope="module")
|
|
|
a3727e |
+def add_test_entry(topology_st, request):
|
|
|
a3727e |
+ # Add test entry
|
|
|
a3727e |
+ topology_st.standalone.add_s(Entry((USER4_DN,
|
|
|
a3727e |
+ {'objectclass': "top extensibleObject".split(),
|
|
|
a3727e |
+ 'cn': 'user1', 'uid': 'user1'})))
|
|
|
a3727e |
+
|
|
|
a3727e |
+
|
|
|
a3727e |
+search_params = [(['1.1'], 'cn', False),
|
|
|
a3727e |
+ (['1.1', 'cn'], 'cn', True),
|
|
|
a3727e |
+ (['+'], 'nsUniqueId', True),
|
|
|
a3727e |
+ (['*'], 'cn', True),
|
|
|
a3727e |
+ (['cn'], 'cn', True)]
|
|
|
a3727e |
+@pytest.mark.parametrize("attrs, attr, present", search_params)
|
|
|
a3727e |
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
|
|
|
a3727e |
+ """Test requested attributes in search operations.
|
|
|
a3727e |
+ :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
|
|
|
a3727e |
+ :setup: Standalone instance
|
|
|
a3727e |
+ :steps:
|
|
|
a3727e |
+ 1. Test "1.1" does not return any attributes.
|
|
|
a3727e |
+ 2. Test "1.1" is ignored if there are other requested attributes
|
|
|
a3727e |
+ 3. Test "+" returns all operational attributes
|
|
|
a3727e |
+ 4. Test "*" returns all attributes
|
|
|
a3727e |
+ 5. Test requested attributes
|
|
|
a3727e |
+
|
|
|
a3727e |
+ :expectedresults:
|
|
|
a3727e |
+ 1. Success
|
|
|
a3727e |
+ 2. Success
|
|
|
a3727e |
+ 3. Success
|
|
|
a3727e |
+ 4. Success
|
|
|
a3727e |
+ 5. Success
|
|
|
a3727e |
+ """
|
|
|
a3727e |
+
|
|
|
a3727e |
+ log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
|
|
|
a3727e |
+ entry = topology_st.standalone.search_s(USER4_DN,
|
|
|
a3727e |
+ ldap.SCOPE_BASE,
|
|
|
a3727e |
+ 'objectclass=top',
|
|
|
a3727e |
+ attrs)
|
|
|
a3727e |
+ if present:
|
|
|
a3727e |
+ assert entry[0].hasAttr(attr)
|
|
|
a3727e |
+ else:
|
|
|
a3727e |
+ assert not entry[0].hasAttr(attr)
|
|
|
a3727e |
+
|
|
|
a3727e |
+
|
|
|
a3727e |
def test_basic_referrals(topology_st, import_example_ldif):
|
|
|
a3727e |
"""Test LDAP server in referral mode.
|
|
|
a3727e |
|
|
|
a3727e |
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
|
|
|
a3727e |
log.info('Attempting to start the server with broken dse.ldif...')
|
|
|
a3727e |
try:
|
|
|
a3727e |
topology_st.standalone.start()
|
|
|
a3727e |
- except:
|
|
|
a3727e |
- log.info('Server failed to start as expected')
|
|
|
a3727e |
+ except Exception as e:
|
|
|
a3727e |
+ log.info('Server failed to start as expected: ' + str(e))
|
|
|
a3727e |
log.info('Check the status...')
|
|
|
a3727e |
assert (not topology_st.standalone.status())
|
|
|
a3727e |
log.info('Server failed to start as expected')
|
|
|
a3727e |
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
|
|
|
a3727e |
index d9f431cc5..34ddd8566 100644
|
|
|
a3727e |
--- a/ldap/servers/slapd/result.c
|
|
|
a3727e |
+++ b/ldap/servers/slapd/result.c
|
|
|
a3727e |
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
|
|
|
a3727e |
* "+" means all operational attributes (rfc3673)
|
|
|
a3727e |
* operational attributes are only retrieved if they are named
|
|
|
a3727e |
* specifically or when "+" is specified.
|
|
|
a3727e |
+ * In the case of "1.1", if there are other requested attributes
|
|
|
a3727e |
+ * then "1.1" should be ignored.
|
|
|
a3727e |
*/
|
|
|
a3727e |
|
|
|
a3727e |
/* figure out if we want all user attributes or no attributes at all */
|
|
|
a3727e |
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
|
|
|
a3727e |
if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
|
|
|
a3727e |
alluserattrs = 1;
|
|
|
a3727e |
} else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
|
|
|
a3727e |
- noattrs = 1;
|
|
|
a3727e |
+ /* "1.1" is only valid if it's the only requested attribute */
|
|
|
a3727e |
+ if (i == 0 && attrs[1] == NULL) {
|
|
|
a3727e |
+ noattrs = 1;
|
|
|
a3727e |
+ }
|
|
|
a3727e |
} else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
|
|
|
a3727e |
alloperationalattrs = 1;
|
|
|
a3727e |
} else {
|
|
|
a3727e |
--
|
|
|
a3727e |
2.21.0
|
|
|
a3727e |
|