amoralej / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 years ago
Clone

Blame SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch

a2f18f
From a8e885d2d69381adc483d1a506b9f1e739a507f5 Mon Sep 17 00:00:00 2001
a2f18f
From: Mark Reynolds <mreynolds@redhat.com>
a2f18f
Date: Wed, 8 Jul 2015 17:21:57 -0400
a2f18f
Subject: [PATCH 12/20] Ticket 48013 - Inconsistent behaviour of DS when LDAP
a2f18f
 Sync is used with an invalid cookie
a2f18f
a2f18f
Bug Description:  Some invalid cookies are treated as errors, while others are not.
a2f18f
a2f18f
Fix Description:  Perform the cookie parsing and validation in the same step. This
a2f18f
                  gives consistent results.
a2f18f
a2f18f
https://fedorahosted.org/389/ticket/48013
a2f18f
a2f18f
Reviewed by: nhosoi(Thanks!)
a2f18f
a2f18f
(cherry picked from commit fdf46817fcc3b334bd477316d253bc18f243c0f6)
a2f18f
(cherry picked from commit 41dff5ba7a6368bfb2d8a2057dd5ba5b6a91d175)
a2f18f
---
a2f18f
 dirsrvtests/tickets/ticket48013_test.py  | 134 +++++++++++++++++++++++++++++++
a2f18f
 ldap/servers/plugins/sync/sync_refresh.c |   7 +-
a2f18f
 2 files changed, 138 insertions(+), 3 deletions(-)
a2f18f
 create mode 100644 dirsrvtests/tickets/ticket48013_test.py
a2f18f
a2f18f
diff --git a/dirsrvtests/tickets/ticket48013_test.py b/dirsrvtests/tickets/ticket48013_test.py
a2f18f
new file mode 100644
a2f18f
index 0000000..0ccdeba
a2f18f
--- /dev/null
a2f18f
+++ b/dirsrvtests/tickets/ticket48013_test.py
a2f18f
@@ -0,0 +1,134 @@
a2f18f
+import os
a2f18f
+import sys
a2f18f
+import time
a2f18f
+import ldap
a2f18f
+import logging
a2f18f
+import pytest
a2f18f
+import pyasn1
a2f18f
+import pyasn1_modules
a2f18f
+import ldap,ldapurl
a2f18f
+from ldap.ldapobject import SimpleLDAPObject
a2f18f
+from ldap.syncrepl import SyncreplConsumer
a2f18f
+from lib389 import DirSrv, Entry, tools, tasks
a2f18f
+from lib389.tools import DirSrvTools
a2f18f
+from lib389._constants import *
a2f18f
+from lib389.properties import *
a2f18f
+from lib389.tasks import *
a2f18f
+from lib389.utils import *
a2f18f
+
a2f18f
+logging.getLogger(__name__).setLevel(logging.DEBUG)
a2f18f
+log = logging.getLogger(__name__)
a2f18f
+
a2f18f
+installation1_prefix = None
a2f18f
+
a2f18f
+
a2f18f
+class TopologyStandalone(object):
a2f18f
+    def __init__(self, standalone):
a2f18f
+        standalone.open()
a2f18f
+        self.standalone = standalone
a2f18f
+
a2f18f
+
a2f18f
+class SyncObject(SimpleLDAPObject, SyncreplConsumer):
a2f18f
+    def __init__(self, uri):
a2f18f
+        # Init the ldap connection
a2f18f
+        SimpleLDAPObject.__init__(self, uri)
a2f18f
+
a2f18f
+    def sync_search(self, test_cookie):
a2f18f
+        self.syncrepl_search('dc=example,dc=com', ldap.SCOPE_SUBTREE,
a2f18f
+                             filterstr='(objectclass=*)', mode='refreshOnly',
a2f18f
+                             cookie=test_cookie)
a2f18f
+
a2f18f
+    def poll(self):
a2f18f
+        self.syncrepl_poll(all=1)
a2f18f
+
a2f18f
+
a2f18f
+@pytest.fixture(scope="module")
a2f18f
+def topology(request):
a2f18f
+    global installation1_prefix
a2f18f
+    if installation1_prefix:
a2f18f
+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
a2f18f
+
a2f18f
+    # Creating standalone instance ...
a2f18f
+    standalone = DirSrv(verbose=False)
a2f18f
+    args_instance[SER_HOST] = HOST_STANDALONE
a2f18f
+    args_instance[SER_PORT] = PORT_STANDALONE
a2f18f
+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
a2f18f
+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
a2f18f
+    args_standalone = args_instance.copy()
a2f18f
+    standalone.allocate(args_standalone)
a2f18f
+    instance_standalone = standalone.exists()
a2f18f
+    if instance_standalone:
a2f18f
+        standalone.delete()
a2f18f
+    standalone.create()
a2f18f
+    standalone.open()
a2f18f
+
a2f18f
+    # Clear out the tmp dir
a2f18f
+    standalone.clearTmpDir(__file__)
a2f18f
+
a2f18f
+    return TopologyStandalone(standalone)
a2f18f
+
a2f18f
+
a2f18f
+def test_ticket48013(topology):
a2f18f
+    '''
a2f18f
+    Content Synchonization: Test that invalid cookies are caught
a2f18f
+    '''
a2f18f
+
a2f18f
+    cookies = ('#', '##', 'a#a#a', 'a#a#1')
a2f18f
+
a2f18f
+    # Enable dynamic plugins
a2f18f
+    try:
a2f18f
+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', 'on')])
a2f18f
+    except ldap.LDAPError as e:
a2f18f
+        ldap.error('Failed to enable dynamic plugin!' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    # Enable retro changelog
a2f18f
+    topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
a2f18f
+
a2f18f
+    # Enbale content sync plugin
a2f18f
+    topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)
a2f18f
+
a2f18f
+    # Set everything up
a2f18f
+    ldap_url = ldapurl.LDAPUrl('ldap://localhost:31389')
a2f18f
+    ldap_connection = SyncObject(ldap_url.initializeUrl())
a2f18f
+
a2f18f
+    # Authenticate
a2f18f
+    try:
a2f18f
+        ldap_connection.simple_bind_s(DN_DM, PASSWORD)
a2f18f
+    except ldap.LDAPError as e:
a2f18f
+        print('Login to LDAP server failed: %s' % e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    # Test invalid cookies
a2f18f
+    for invalid_cookie in cookies:
a2f18f
+        log.info('Testing cookie: %s' % invalid_cookie)
a2f18f
+        try:
a2f18f
+            ldap_connection.sync_search(invalid_cookie)
a2f18f
+            ldap_connection.poll()
a2f18f
+            log.fatal('Invalid cookie accepted!')
a2f18f
+            assert False
a2f18f
+        except Exception as e:
a2f18f
+            log.info('Invalid cookie correctly rejected: %s' % e.message['info'])
a2f18f
+            pass
a2f18f
+
a2f18f
+    # Success
a2f18f
+    log.info('Test complete')
a2f18f
+
a2f18f
+
a2f18f
+def test_ticket48013_final(topology):
a2f18f
+    topology.standalone.delete()
a2f18f
+    log.info('Testcase PASSED')
a2f18f
+
a2f18f
+
a2f18f
+def run_isolated():
a2f18f
+    global installation1_prefix
a2f18f
+    installation1_prefix = None
a2f18f
+
a2f18f
+    topo = topology(True)
a2f18f
+    test_ticket48013(topo)
a2f18f
+    test_ticket48013_final(topo)
a2f18f
+
a2f18f
+
a2f18f
+if __name__ == '__main__':
a2f18f
+    run_isolated()
a2f18f
+
a2f18f
diff --git a/ldap/servers/plugins/sync/sync_refresh.c b/ldap/servers/plugins/sync/sync_refresh.c
a2f18f
index 1ae2604..beb87ab 100644
a2f18f
--- a/ldap/servers/plugins/sync/sync_refresh.c
a2f18f
+++ b/ldap/servers/plugins/sync/sync_refresh.c
a2f18f
@@ -113,9 +113,10 @@ int sync_srch_refresh_pre_search(Slapi_PBlock *pb)
a2f18f
 			 * 	-- return e-syncRefreshRequired if the data referenced in the cookie are no
a2f18f
 			 * 		longer in the history
a2f18f
 			*/
a2f18f
-			if (cookie && 
a2f18f
-				( client_cookie = sync_cookie_parse (cookie))) {
a2f18f
-				if (sync_cookie_isvalid(client_cookie, session_cookie)) {
a2f18f
+			if (cookie) {
a2f18f
+				if ((client_cookie = sync_cookie_parse (cookie)) &&
a2f18f
+				    sync_cookie_isvalid(client_cookie, session_cookie))
a2f18f
+				{
a2f18f
 					rc = sync_refresh_update_content(pb, client_cookie, session_cookie);
a2f18f
 					if (rc == 0) 
a2f18f
 						entries_sent = 1;
a2f18f
-- 
a2f18f
1.9.3
a2f18f