This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.8 in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.3.8 by this push: new 071b13e Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1" 071b13e is described below
commit 071b13ee6ef5251fea8e40fbe2d162b6c69d7d69 Author: Mark Reynolds mreynolds@redhat.com AuthorDate: Fri Aug 2 14:36:24 2019 -0400
Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
Bug Description: A regression was introduced some time back that changed the behavior of how the server handled the "1.1" requested attribute in a search request. If "1.1" was requested along with other attributes then no attibutes were returned, but in this case "1.1" is expected to be ignroed.
Fix Description: Only comply with "1.1" if it is the only requested attribute
relates: https://pagure.io/389-ds-base/issue/50530
Reviewed by: firstyear(Thanks!) --- dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++++++++++--- ldap/servers/slapd/result.c | 7 +++- 2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py index dc366cd..1e0b4d1 100644 --- a/dirsrvtests/tests/suites/basic/basic_test.py +++ b/dirsrvtests/tests/suites/basic/basic_test.py @@ -28,6 +28,7 @@ log = logging.getLogger(__name__) USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX +USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
ROOTDSE_DEF_ATTR_LIST = ('namingContexts', 'supportedLDAPVersion', @@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif): 'uid': 'user1', 'userpassword': PASSWORD}))) except ldap.LDAPError as e: - log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN - + ': error ' + e.message['desc']) + log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN + + ': error ' + e.message['desc']) assert False
try: @@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif): 'uid': 'user2', 'userpassword': PASSWORD}))) except ldap.LDAPError as e: - log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN - + ': error ' + e.message['desc']) + log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN + + ': error ' + e.message['desc']) assert False
# @@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif): log.info('test_basic_searches: PASSED')
+@pytest.fixture(scope="module") +def add_test_entry(topology_st, request): + # Add test entry + topology_st.standalone.add_s(Entry((USER4_DN, + {'objectclass': "top extensibleObject".split(), + 'cn': 'user1', 'uid': 'user1'}))) + + +search_params = [(['1.1'], 'cn', False), + (['1.1', 'cn'], 'cn', True), + (['+'], 'nsUniqueId', True), + (['*'], 'cn', True), + (['cn'], 'cn', True)] +@pytest.mark.parametrize("attrs, attr, present", search_params) +def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present): + """Test requested attributes in search operations. + :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e + :setup: Standalone instance + :steps: + 1. Test "1.1" does not return any attributes. + 2. Test "1.1" is ignored if there are other requested attributes + 3. Test "+" returns all operational attributes + 4. Test "*" returns all attributes + 5. Test requested attributes + + :expectedresults: + 1. Success + 2. Success + 3. Success + 4. Success + 5. Success + """ + + log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present)) + entry = topology_st.standalone.search_s(USER4_DN, + ldap.SCOPE_BASE, + 'objectclass=top', + attrs) + if present: + assert entry[0].hasAttr(attr) + else: + assert not entry[0].hasAttr(attr) + + def test_basic_referrals(topology_st, import_example_ldif): """Test LDAP server in referral mode.
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif): log.info('Attempting to start the server with broken dse.ldif...') try: topology_st.standalone.start() - except: - log.info('Server failed to start as expected') + except Exception as e: + log.info('Server failed to start as expected: ' + str(e)) log.info('Check the status...') assert (not topology_st.standalone.status()) log.info('Server failed to start as expected') diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c index d9f431c..34ddd85 100644 --- a/ldap/servers/slapd/result.c +++ b/ldap/servers/slapd/result.c @@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext( * "+" means all operational attributes (rfc3673) * operational attributes are only retrieved if they are named * specifically or when "+" is specified. + * In the case of "1.1", if there are other requested attributes + * then "1.1" should be ignored. */
/* figure out if we want all user attributes or no attributes at all */ @@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext( if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) { alluserattrs = 1; } else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) { - noattrs = 1; + /* "1.1" is only valid if it's the only requested attribute */ + if (i == 0 && attrs[1] == NULL) { + noattrs = 1; + } } else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) { alloperationalattrs = 1; } else {
389-commits@lists.fedoraproject.org