andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
7a6e0a
From 6458f3cb9a959dd6ad9f8cadc236289715a99979 Mon Sep 17 00:00:00 2001
7a6e0a
From: Mark Reynolds <mreynolds@redhat.com>
7a6e0a
Date: Wed, 20 Oct 2021 10:04:06 -0400
7a6e0a
Subject: [PATCH 2/4] Issue 4956 - Automember allows invalid regex, and does
7a6e0a
 not log proper error
7a6e0a
7a6e0a
Bug Description:  The server was detecting an invalid automember
7a6e0a
                  regex, but it did not reject it, and it did not
7a6e0a
                  log which regex rule was invalid.
7a6e0a
7a6e0a
Fix Description:  By properly rejecting the invalid regex will also
7a6e0a
                  trigger the proper error logging to occur.
7a6e0a
7a6e0a
relates: https://github.com/389ds/389-ds-base/issues/4956
7a6e0a
7a6e0a
Reviewed by: tbordaz & spichugi(Thanks!!)
7a6e0a
---
7a6e0a
 .../automember_plugin/configuration_test.py   | 63 +++++++++++++++++++
7a6e0a
 ldap/servers/plugins/automember/automember.c  |  1 +
7a6e0a
 2 files changed, 64 insertions(+)
7a6e0a
 create mode 100644 dirsrvtests/tests/suites/automember_plugin/configuration_test.py
7a6e0a
7a6e0a
diff --git a/dirsrvtests/tests/suites/automember_plugin/configuration_test.py b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
7a6e0a
new file mode 100644
7a6e0a
index 000000000..fc7c15c45
7a6e0a
--- /dev/null
7a6e0a
+++ b/dirsrvtests/tests/suites/automember_plugin/configuration_test.py
7a6e0a
@@ -0,0 +1,63 @@
7a6e0a
+# --- BEGIN COPYRIGHT BLOCK ---
7a6e0a
+# Copyright (C) 2021 Red Hat, Inc.
7a6e0a
+# All rights reserved.
7a6e0a
+#
7a6e0a
+# License: GPL (version 3 or any later version).
7a6e0a
+# See LICENSE for details.
7a6e0a
+# --- END COPYRIGHT BLOCK ---
7a6e0a
+
7a6e0a
+import ldap
7a6e0a
+import os
7a6e0a
+import pytest
7a6e0a
+from lib389.topologies import topology_st as topo
7a6e0a
+from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions, MemberOfPlugin
7a6e0a
+from lib389._constants import DEFAULT_SUFFIX
7a6e0a
+
7a6e0a
+pytestmark = pytest.mark.tier1
7a6e0a
+
7a6e0a
+def test_invalid_regex(topo):
7a6e0a
+    """Test invalid regex is properly reportedin the error log
7a6e0a
+
7a6e0a
+    :id: a6d89f84-ec76-4871-be96-411d051800b1
7a6e0a
+    :setup: Standalone Instance
7a6e0a
+    :steps:
7a6e0a
+        1. Setup automember
7a6e0a
+        2. Add invalid regex
7a6e0a
+        3. Error log reports useful message
7a6e0a
+    :expectedresults:
7a6e0a
+        1. Success
7a6e0a
+        2. Success
7a6e0a
+        3. Success
7a6e0a
+    """
7a6e0a
+    REGEX_DN = "cn=regex1,cn=testregex,cn=auto membership plugin,cn=plugins,cn=config"
7a6e0a
+    REGEX_VALUE = "cn=*invalid*"
7a6e0a
+    REGEX_ESC_VALUE = "cn=\\*invalid\\*"
7a6e0a
+    GROUP_DN = "cn=demo_group,ou=groups,"  + DEFAULT_SUFFIX
7a6e0a
+
7a6e0a
+    AutoMembershipPlugin(topo.standalone).remove_all("nsslapd-pluginConfigArea")
7a6e0a
+    automemberplugin = AutoMembershipPlugin(topo.standalone)
7a6e0a
+
7a6e0a
+    automember_prop = {
7a6e0a
+        'cn': 'testRegex',
7a6e0a
+        'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX,
7a6e0a
+        'autoMemberFilter': 'objectclass=*',
7a6e0a
+        'autoMemberDefaultGroup': GROUP_DN,
7a6e0a
+        'autoMemberGroupingAttr': 'member:dn',
7a6e0a
+    }
7a6e0a
+    automember_defs = AutoMembershipDefinitions(topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config")
7a6e0a
+    automember_def = automember_defs.create(properties=automember_prop)
7a6e0a
+    automember_def.add_regex_rule("regex1", GROUP_DN, include_regex=[REGEX_VALUE])
7a6e0a
+
7a6e0a
+    automemberplugin.enable()
7a6e0a
+    topo.standalone.restart()
7a6e0a
+
7a6e0a
+    # Check errors log for invalid message
7a6e0a
+    ERR_STR1 = "automember_parse_regex_rule - Unable to parse regex rule"
7a6e0a
+    ERR_STR2 = "Skipping invalid inclusive regex rule in rule entry \"%s\" \\(rule = \"%s\"\\)" % (REGEX_DN, REGEX_ESC_VALUE)
7a6e0a
+    assert topo.standalone.searchErrorsLog(ERR_STR1)
7a6e0a
+    assert topo.standalone.searchErrorsLog(ERR_STR2)
7a6e0a
+
7a6e0a
+
7a6e0a
+if __name__ == "__main__":
7a6e0a
+    CURRENT_FILE = os.path.realpath(__file__)
7a6e0a
+    pytest.main("-s -v %s" % CURRENT_FILE)
7a6e0a
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
7a6e0a
index 24fd874aa..d06c6375e 100644
7a6e0a
--- a/ldap/servers/plugins/automember/automember.c
7a6e0a
+++ b/ldap/servers/plugins/automember/automember.c
7a6e0a
@@ -1224,6 +1224,7 @@ automember_parse_regex_rule(char *rule_string)
7a6e0a
                       "automember_parse_regex_rule - Unable to parse "
7a6e0a
                       "regex rule (invalid regex).  Error \"%s\".\n",
7a6e0a
                       recomp_result ? recomp_result : "unknown");
7a6e0a
+        goto bail;
7a6e0a
     }
7a6e0a
 
7a6e0a
     /* Validation has passed, so create the regex rule struct and fill it in.
7a6e0a
-- 
7a6e0a
2.31.1
7a6e0a