389-ds-base/0006-Issue-6227-dsconf-schema-does-not-show-inChain-match.patch

From cf6cdd05b7ddab36a0196d614b7a28b4372cf801 Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Mon, 24 Jun 2024 13:41:35 +0200
Subject: [PATCH] Issue 6227 - dsconf schema does not show inChain matching
 rule (#6228)

Bug description:
	The registered inChain MR does defined any matching rule
	syntax (mr_syntax).
	When dsconf reads the matching rules (read_schema_dse)
	it only reports those which have OID and SYNTAX.
	As a consequence InChain was not reported.

Fix description:
	The syntax defines that assersion syntax that is
	distinguished name. Add this syntax to the register
	struct

relates: #6227

Reviewed by: Pierre Rogier (Thanks !)
---
 .../tests/suites/filter/inchain_test.py       | 19 +++++++++++++++++++
 ldap/servers/plugins/syntaxes/inchain.c       |  4 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/dirsrvtests/tests/suites/filter/inchain_test.py b/dirsrvtests/tests/suites/filter/inchain_test.py
index c650b9374..d1d276edf 100644
--- a/dirsrvtests/tests/suites/filter/inchain_test.py
+++ b/dirsrvtests/tests/suites/filter/inchain_test.py
@@ -15,6 +15,7 @@ from lib389._constants import DEFAULT_SUFFIX, PW_DM, PLUGIN_MEMBER_OF
 from lib389.topologies import topology_st as topo
 from lib389.plugins import MemberOfPlugin
 
+from lib389.schema import Schema
 from lib389.idm.user import UserAccount, UserAccounts
 from lib389.idm.account import Accounts
 from lib389.idm.account import Anonymous
@@ -812,6 +813,24 @@ def test_invalid_assertion(topo):
     memberof = topo.standalone.search_s(DEFAULT_SUFFIX, SCOPE_SUBTREE, "(member:%s:=%s)" % (INCHAIN_OID, user))
     assert len(memberof) == 0
 
+def test_check_dsconf_matchingrule(topo):
+    """Test that the matching rule 'inchain' is listed by dsconf
+
+    :id: b8dd4049-ccec-4316-bc9c-5aa5c5afcfbd
+    :setup: Standalone Instance
+    :steps:
+        1. fetch matching rules from the schema
+        2. Checks that matching rules contains inchaineMatch matching rule
+    :expectedresults:
+        1. Success
+        2. Success
+    """
+    schema = Schema(topo.standalone)
+    mrs = [ f"{mr.oid} {mr.names[0]}" for mr in schema.get_matchingrules() if len(mr.names) > 0 ]
+    for mr in mrs:
+        log.info("retrieved matching rules are: %s", mr)
+    assert '1.2.840.113556.1.4.1941 inchainMatch' in mrs
+
 if __name__ == "__main__":
     CURRENT_FILE = os.path.realpath(__file__)
     pytest.main("-s -v %s" % CURRENT_FILE)
diff --git a/ldap/servers/plugins/syntaxes/inchain.c b/ldap/servers/plugins/syntaxes/inchain.c
index 52d0c4994..df19c973b 100644
--- a/ldap/servers/plugins/syntaxes/inchain.c
+++ b/ldap/servers/plugins/syntaxes/inchain.c
@@ -38,7 +38,7 @@ static char *names[] = {"inchain", "inchain", LDAP_MATCHING_RULE_IN_CHAIN_OID, 0
 static Slapi_PluginDesc pdesc = {"inchain-matching-rule", VENDOR, DS_PACKAGE_VERSION,
                                  "inchain matching rule plugin"};
 
-static const char *inchainMatch_names[] = {"inchainMatch", "1.2.840.113556.1.4.1941", NULL};
+static const char *inchainMatch_names[] = {"inchainMatch", LDAP_MATCHING_RULE_IN_CHAIN_OID, NULL};
 
 static struct mr_plugin_def mr_plugin_table[] = {
     {
@@ -64,7 +64,7 @@ static struct mr_plugin_def mr_plugin_table[] = {
             "the AVA comparisons evaluate to Undefined and the remaining AVA "
             "comparisons return TRUE then the distinguishedNameMatch rule "
             "evaluates to Undefined.",
-            NULL,
+            DN_SYNTAX_OID,
             0,
             NULL /* dn only for now */
         },       /* matching rule desc */
-- 
2.45.2
Bump version to 2.5.1-2 Resolves: RHEL-44324 - unauthenticated user can trigger a DoS by sending a specific extended search request Resolves: RHEL-40946 - Malformed userPassword hash may cause Denial of Service Resolves: RHEL-33087 - dsconf schema does not show inChain matching rule Resolves: RHEL-28177 - Malformed userPassword may cause crash at do_modify in slapd/modify.c Resolves: RHEL-25070 - nsslapd-haproxy-trusted-ip is not in schema 2024-07-09 21:35:04 +00:00			`From cf6cdd05b7ddab36a0196d614b7a28b4372cf801 Mon Sep 17 00:00:00 2001`
			`From: tbordaz <tbordaz@redhat.com>`
			`Date: Mon, 24 Jun 2024 13:41:35 +0200`
			`Subject: [PATCH] Issue 6227 - dsconf schema does not show inChain matching`
			`rule (#6228)`

			`Bug description:`
			`The registered inChain MR does defined any matching rule`
			`syntax (mr_syntax).`
			`When dsconf reads the matching rules (read_schema_dse)`
			`it only reports those which have OID and SYNTAX.`
			`As a consequence InChain was not reported.`

			`Fix description:`
			`The syntax defines that assersion syntax that is`
			`distinguished name. Add this syntax to the register`
			`struct`

			`relates: #6227`

			`Reviewed by: Pierre Rogier (Thanks !)`
			`---`
			`.../tests/suites/filter/inchain_test.py \| 19 +++++++++++++++++++`
			`ldap/servers/plugins/syntaxes/inchain.c \| 4 ++--`
			`2 files changed, 21 insertions(+), 2 deletions(-)`

			`diff --git a/dirsrvtests/tests/suites/filter/inchain_test.py b/dirsrvtests/tests/suites/filter/inchain_test.py`
			`index c650b9374..d1d276edf 100644`
			`--- a/dirsrvtests/tests/suites/filter/inchain_test.py`
			`+++ b/dirsrvtests/tests/suites/filter/inchain_test.py`
			`@@ -15,6 +15,7 @@ from lib389._constants import DEFAULT_SUFFIX, PW_DM, PLUGIN_MEMBER_OF`
			`from lib389.topologies import topology_st as topo`
			`from lib389.plugins import MemberOfPlugin`

			`+from lib389.schema import Schema`
			`from lib389.idm.user import UserAccount, UserAccounts`
			`from lib389.idm.account import Accounts`
			`from lib389.idm.account import Anonymous`
			`@@ -812,6 +813,24 @@ def test_invalid_assertion(topo):`
			`memberof = topo.standalone.search_s(DEFAULT_SUFFIX, SCOPE_SUBTREE, "(member:%s:=%s)" % (INCHAIN_OID, user))`
			`assert len(memberof) == 0`

			`+def test_check_dsconf_matchingrule(topo):`
			`+ """Test that the matching rule 'inchain' is listed by dsconf`
			`+`
			`+ :id: b8dd4049-ccec-4316-bc9c-5aa5c5afcfbd`
			`+ :setup: Standalone Instance`
			`+ :steps:`
			`+ 1. fetch matching rules from the schema`
			`+ 2. Checks that matching rules contains inchaineMatch matching rule`
			`+ :expectedresults:`
			`+ 1. Success`
			`+ 2. Success`
			`+ """`
			`+ schema = Schema(topo.standalone)`
			`+ mrs = [ f"{mr.oid} {mr.names[0]}" for mr in schema.get_matchingrules() if len(mr.names) > 0 ]`
			`+ for mr in mrs:`
			`+ log.info("retrieved matching rules are: %s", mr)`
			`+ assert '1.2.840.113556.1.4.1941 inchainMatch' in mrs`
			`+`
			`if __name__ == "__main__":`
			`CURRENT_FILE = os.path.realpath(__file__)`
			`pytest.main("-s -v %s" % CURRENT_FILE)`
			`diff --git a/ldap/servers/plugins/syntaxes/inchain.c b/ldap/servers/plugins/syntaxes/inchain.c`
			`index 52d0c4994..df19c973b 100644`
			`--- a/ldap/servers/plugins/syntaxes/inchain.c`
			`+++ b/ldap/servers/plugins/syntaxes/inchain.c`
			`@@ -38,7 +38,7 @@ static char *names[] = {"inchain", "inchain", LDAP_MATCHING_RULE_IN_CHAIN_OID, 0`
			`static Slapi_PluginDesc pdesc = {"inchain-matching-rule", VENDOR, DS_PACKAGE_VERSION,`
			`"inchain matching rule plugin"};`

			`-static const char *inchainMatch_names[] = {"inchainMatch", "1.2.840.113556.1.4.1941", NULL};`
			`+static const char *inchainMatch_names[] = {"inchainMatch", LDAP_MATCHING_RULE_IN_CHAIN_OID, NULL};`

			`static struct mr_plugin_def mr_plugin_table[] = {`
			`{`
			`@@ -64,7 +64,7 @@ static struct mr_plugin_def mr_plugin_table[] = {`
			`"the AVA comparisons evaluate to Undefined and the remaining AVA "`
			`"comparisons return TRUE then the distinguishedNameMatch rule "`
			`"evaluates to Undefined.",`
			`- NULL,`
			`+ DN_SYNTAX_OID,`
			`0,`
			`NULL /* dn only for now */`
			`}, /* matching rule desc */`
			`--`
			`2.45.2`