150 lines
5.0 KiB
Diff
150 lines
5.0 KiB
Diff
From 61d82ef842e0e4e013937bf05d7f640be2d2fc09 Mon Sep 17 00:00:00 2001
|
|
From: tbordaz <tbordaz@redhat.com>
|
|
Date: Wed, 16 Dec 2020 16:30:28 +0100
|
|
Subject: [PATCH 5/6] Issue 4480 - Unexpected info returned to ldap request
|
|
(#4491)
|
|
|
|
Bug description:
|
|
If the bind entry does not exist, the bind result info
|
|
reports that 'No such entry'. It should not give any
|
|
information if the target entry exists or not
|
|
|
|
Fix description:
|
|
Does not return any additional information during a bind
|
|
|
|
relates: https://github.com/389ds/389-ds-base/issues/4480
|
|
|
|
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
|
|
|
|
Platforms tested: F31
|
|
---
|
|
dirsrvtests/tests/suites/basic/basic_test.py | 112 +++++++++++++++++++
|
|
1 file changed, 112 insertions(+)
|
|
|
|
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
|
|
index 1ae82dcdd..02b73ee85 100644
|
|
--- a/dirsrvtests/tests/suites/basic/basic_test.py
|
|
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
|
|
@@ -1400,6 +1400,118 @@ def test_dscreate_multiple_dashes_name(dscreate_long_instance):
|
|
assert not dscreate_long_instance.exists()
|
|
|
|
|
|
+@pytest.fixture(scope="module", params=('c=uk', 'cn=test_user', 'dc=example,dc=com', 'o=south', 'ou=sales', 'wrong=some_value'))
|
|
+def dscreate_test_rdn_value(request):
|
|
+ template_file = "/tmp/dssetup.inf"
|
|
+ template_text = f"""[general]
|
|
+config_version = 2
|
|
+# This invalid hostname ...
|
|
+full_machine_name = localhost.localdomain
|
|
+# Means we absolutely require this.
|
|
+strict_host_checking = False
|
|
+# In tests, we can be run in containers, NEVER trust
|
|
+# that systemd is there, or functional in any capacity
|
|
+systemd = False
|
|
+
|
|
+[slapd]
|
|
+instance_name = test_different_rdn
|
|
+root_dn = cn=directory manager
|
|
+root_password = someLongPassword_123
|
|
+# We do not have access to high ports in containers,
|
|
+# so default to something higher.
|
|
+port = 38999
|
|
+secure_port = 63699
|
|
+
|
|
+[backend-userroot]
|
|
+create_suffix_entry = True
|
|
+suffix = {request.param}
|
|
+"""
|
|
+
|
|
+ with open(template_file, "w") as template_fd:
|
|
+ template_fd.write(template_text)
|
|
+
|
|
+ # Unset PYTHONPATH to avoid mixing old CLI tools and new lib389
|
|
+ tmp_env = os.environ
|
|
+ if "PYTHONPATH" in tmp_env:
|
|
+ del tmp_env["PYTHONPATH"]
|
|
+
|
|
+ def fin():
|
|
+ os.remove(template_file)
|
|
+ if request.param != "wrong=some_value":
|
|
+ try:
|
|
+ subprocess.check_call(['dsctl', 'test_different_rdn', 'remove', '--do-it'])
|
|
+ except subprocess.CalledProcessError as e:
|
|
+ log.fatal(f"Failed to remove test instance Error ({e.returncode}) {e.output}")
|
|
+ else:
|
|
+ log.info("Wrong RDN is passed, instance not created")
|
|
+ request.addfinalizer(fin)
|
|
+ return template_file, tmp_env, request.param,
|
|
+
|
|
+
|
|
+@pytest.mark.skipif(not get_user_is_root() or ds_is_older('1.4.0.0'),
|
|
+ reason="This test is only required with new admin cli, and requires root.")
|
|
+@pytest.mark.bz1807419
|
|
+@pytest.mark.ds50928
|
|
+def test_dscreate_with_different_rdn(dscreate_test_rdn_value):
|
|
+ """Test that dscreate works with different RDN attributes as suffix
|
|
+
|
|
+ :id: 77ed6300-6a2f-4e79-a862-1f1105f1e3ef
|
|
+ :parametrized: yes
|
|
+ :setup: None
|
|
+ :steps:
|
|
+ 1. Create template file for dscreate with different RDN attributes as suffix
|
|
+ 2. Create instance using template file
|
|
+ 3. Create instance with 'wrong=some_value' as suffix's RDN attribute
|
|
+ :expectedresults:
|
|
+ 1. Should succeeds
|
|
+ 2. Should succeeds
|
|
+ 3. Should fail
|
|
+ """
|
|
+ try:
|
|
+ subprocess.check_call([
|
|
+ 'dscreate',
|
|
+ 'from-file',
|
|
+ dscreate_test_rdn_value[0]
|
|
+ ], env=dscreate_test_rdn_value[1])
|
|
+ except subprocess.CalledProcessError as e:
|
|
+ log.fatal(f"dscreate failed! Error ({e.returncode}) {e.output}")
|
|
+ if dscreate_test_rdn_value[2] != "wrong=some_value":
|
|
+ assert False
|
|
+ else:
|
|
+ assert True
|
|
+
|
|
+def test_bind_invalid_entry(topology_st):
|
|
+ """Test the failing bind does not return information about the entry
|
|
+
|
|
+ :id: 5cd9b083-eea6-426b-84ca-83c26fc49a6f
|
|
+
|
|
+ :setup: Standalone instance
|
|
+
|
|
+ :steps:
|
|
+ 1: bind as non existing entry
|
|
+ 2: check that bind info does not report 'No such entry'
|
|
+
|
|
+ :expectedresults:
|
|
+ 1: pass
|
|
+ 2: pass
|
|
+ """
|
|
+
|
|
+ topology_st.standalone.restart()
|
|
+ INVALID_ENTRY="cn=foooo,%s" % DEFAULT_SUFFIX
|
|
+ try:
|
|
+ topology_st.standalone.simple_bind_s(INVALID_ENTRY, PASSWORD)
|
|
+ except ldap.LDAPError as e:
|
|
+ log.info('test_bind_invalid_entry: Failed to bind as %s (expected)' % INVALID_ENTRY)
|
|
+ log.info('exception description: ' + e.args[0]['desc'])
|
|
+ if 'info' in e.args[0]:
|
|
+ log.info('exception info: ' + e.args[0]['info'])
|
|
+ assert e.args[0]['desc'] == 'Invalid credentials'
|
|
+ assert 'info' not in e.args[0]
|
|
+ pass
|
|
+
|
|
+ log.info('test_bind_invalid_entry: PASSED')
|
|
+
|
|
+
|
|
if __name__ == '__main__':
|
|
# Run isolated
|
|
# -s for DEBUG mode
|
|
--
|
|
2.26.2
|
|
|