From 61d82ef842e0e4e013937bf05d7f640be2d2fc09 Mon Sep 17 00:00:00 2001

From: tbordaz <tbordaz@redhat.com>

Date: Wed, 16 Dec 2020 16:30:28 +0100

Subject: [PATCH 5/6] Issue 4480 - Unexpected info returned to ldap request

 (#4491)

Bug description:

	If the bind entry does not exist, the bind result info

        reports that 'No such entry'. It should not give any

        information if the target entry exists or not

Fix description:

	Does not return any additional information during a bind

relates: https://github.com/389ds/389-ds-base/issues/4480

Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)

Platforms tested:  F31

---

 dirsrvtests/tests/suites/basic/basic_test.py | 112 +++++++++++++++++++

 1 file changed, 112 insertions(+)

diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py

index 1ae82dcdd..02b73ee85 100644

--- a/dirsrvtests/tests/suites/basic/basic_test.py

+++ b/dirsrvtests/tests/suites/basic/basic_test.py

@@ -1400,6 +1400,118 @@ def test_dscreate_multiple_dashes_name(dscreate_long_instance):

     assert not dscreate_long_instance.exists()

+@pytest.fixture(scope="module", params=('c=uk', 'cn=test_user', 'dc=example,dc=com', 'o=south', 'ou=sales', 'wrong=some_value'))

+def dscreate_test_rdn_value(request):

+    template_file = "/tmp/dssetup.inf"

+    template_text = f"""[general]

+config_version = 2

+# This invalid hostname ...

+full_machine_name = localhost.localdomain

+# Means we absolutely require this.

+strict_host_checking = False

+# In tests, we can be run in containers, NEVER trust

+# that systemd is there, or functional in any capacity

+systemd = False

+

+[slapd]

+instance_name = test_different_rdn

+root_dn = cn=directory manager

+root_password = someLongPassword_123

+# We do not have access to high ports in containers,

+# so default to something higher.

+port = 38999

+secure_port = 63699

+

+[backend-userroot]

+create_suffix_entry = True

+suffix = {request.param}

+"""

+

+    with open(template_file, "w") as template_fd:

+        template_fd.write(template_text)

+

+    # Unset PYTHONPATH to avoid mixing old CLI tools and new lib389

+    tmp_env = os.environ

+    if "PYTHONPATH" in tmp_env:

+        del tmp_env["PYTHONPATH"]

+

+    def fin():

+        os.remove(template_file)

+        if request.param != "wrong=some_value":

+            try:

+                subprocess.check_call(['dsctl', 'test_different_rdn', 'remove', '--do-it'])

+            except subprocess.CalledProcessError as e:

+                log.fatal(f"Failed to remove test instance  Error ({e.returncode}) {e.output}")

+        else:

+            log.info("Wrong RDN is passed, instance not created")

+    request.addfinalizer(fin)

+    return template_file, tmp_env, request.param,

+

+

+@pytest.mark.skipif(not get_user_is_root() or ds_is_older('1.4.0.0'),

+                    reason="This test is only required with new admin cli, and requires root.")

+@pytest.mark.bz1807419

+@pytest.mark.ds50928

+def test_dscreate_with_different_rdn(dscreate_test_rdn_value):

+    """Test that dscreate works with different RDN attributes as suffix

+

+    :id: 77ed6300-6a2f-4e79-a862-1f1105f1e3ef

+    :parametrized: yes

+    :setup: None

+    :steps:

+        1. Create template file for dscreate with different RDN attributes as suffix

+        2. Create instance using template file

+        3. Create instance with 'wrong=some_value' as suffix's RDN attribute

+    :expectedresults:

+        1. Should succeeds

+        2. Should succeeds

+        3. Should fail

+    """

+    try:

+        subprocess.check_call([

+            'dscreate',

+            'from-file',

+            dscreate_test_rdn_value[0]

+        ], env=dscreate_test_rdn_value[1])

+    except subprocess.CalledProcessError as e:

+        log.fatal(f"dscreate failed!  Error ({e.returncode}) {e.output}")

+        if  dscreate_test_rdn_value[2] != "wrong=some_value":

+            assert False

+        else:

+            assert True

+

+def test_bind_invalid_entry(topology_st):

+    """Test the failing bind does not return information about the entry

+

+    :id: 5cd9b083-eea6-426b-84ca-83c26fc49a6f

+

+    :setup: Standalone instance

+

+    :steps:

+    1: bind as non existing entry

+    2: check that bind info does not report 'No such entry'

+

+    :expectedresults:

+    1: pass

+    2: pass

+    """

+

+    topology_st.standalone.restart()

+    INVALID_ENTRY="cn=foooo,%s" % DEFAULT_SUFFIX

+    try:

+        topology_st.standalone.simple_bind_s(INVALID_ENTRY, PASSWORD)

+    except ldap.LDAPError as e:

+        log.info('test_bind_invalid_entry: Failed to bind as %s (expected)' % INVALID_ENTRY)

+        log.info('exception description: ' + e.args[0]['desc'])

+        if 'info' in e.args[0]:

+            log.info('exception info: ' + e.args[0]['info'])

+        assert e.args[0]['desc'] == 'Invalid credentials'

+        assert 'info' not in e.args[0]

+        pass

+

+    log.info('test_bind_invalid_entry: PASSED')

+

+

 if __name__ == '__main__':

     # Run isolated

     # -s for DEBUG mode

-- 

2.26.2