From 51ea1d34b861dfffb12fbe6be4e23d9342fd0fe2 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 2 Aug 2019 14:36:24 -0400
Subject: [PATCH] Issue 50530 - Directory Server not RFC 4511 compliant with
 requested attr "1.1"

Bug Description:  A regression was introduced some time back that changed the
                  behavior of how the server handled the "1.1" requested attribute
                  in a search request.  If "1.1" was requested along with other
                  attributes then no attibutes were returned, but in this case "1.1"
                  is expected to be ignroed.

Fix Description:  Only comply with "1.1" if it is the only requested attribute

relates: https://pagure.io/389-ds-base/issue/50530

Reviewed by: firstyear(Thanks!)
---
 dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++---
 ldap/servers/slapd/result.c                  |  7 ++-
 2 files changed, 57 insertions(+), 7 deletions(-)

diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
index 0f7536b63..cea4f6bfe 100644
--- a/dirsrvtests/tests/suites/basic/basic_test.py
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
 USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
 USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
 USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
 
 ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
                          'supportedLDAPVersion',
@@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif):
                                              'uid': 'user1',
                                              'userpassword': PASSWORD})))
     except ldap.LDAPError as e:
-        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
-                  + ': error ' + e.message['desc'])
+        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+                  ': error ' + e.message['desc'])
         assert False
 
     try:
@@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif):
                                              'uid': 'user2',
                                              'userpassword': PASSWORD})))
     except ldap.LDAPError as e:
-        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
-                  + ': error ' + e.message['desc'])
+        log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+                  ': error ' + e.message['desc'])
         assert False
 
     #
@@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif):
     log.info('test_basic_searches: PASSED')
 
 
+@pytest.fixture(scope="module")
+def add_test_entry(topology_st, request):
+    # Add test entry
+    topology_st.standalone.add_s(Entry((USER4_DN,
+                                        {'objectclass': "top extensibleObject".split(),
+                                         'cn': 'user1', 'uid': 'user1'})))
+
+
+search_params = [(['1.1'], 'cn', False),
+                 (['1.1', 'cn'], 'cn', True),
+                 (['+'], 'nsUniqueId', True),
+                 (['*'], 'cn', True),
+                 (['cn'], 'cn', True)]
+@pytest.mark.parametrize("attrs, attr, present", search_params)
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
+    """Test requested attributes in search operations.
+    :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
+    :setup: Standalone instance
+    :steps:
+         1. Test "1.1" does not return any attributes.
+         2. Test "1.1" is ignored if there are other requested attributes
+         3. Test "+" returns all operational attributes
+         4. Test "*" returns all attributes
+         5. Test requested attributes
+
+    :expectedresults:
+         1. Success
+         2. Success
+         3. Success
+         4. Success
+         5. Success
+    """
+
+    log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
+    entry = topology_st.standalone.search_s(USER4_DN,
+                                            ldap.SCOPE_BASE,
+                                            'objectclass=top',
+                                            attrs)
+    if present:
+        assert entry[0].hasAttr(attr)
+    else:
+        assert not entry[0].hasAttr(attr)
+
+
 def test_basic_referrals(topology_st, import_example_ldif):
     """Test LDAP server in referral mode.
 
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
     log.info('Attempting to start the server with broken dse.ldif...')
     try:
         topology_st.standalone.start()
-    except:
-        log.info('Server failed to start as expected')
+    except Exception as e:
+        log.info('Server failed to start as expected: ' + str(e))
     log.info('Check the status...')
     assert (not topology_st.standalone.status())
     log.info('Server failed to start as expected')
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index d9f431cc5..34ddd8566 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
      * "+" means all operational attributes (rfc3673)
      * operational attributes are only retrieved if they are named
      * specifically or when "+" is specified.
+     * In the case of "1.1", if there are other requested attributes
+     * then "1.1" should be ignored.
      */
 
     /* figure out if we want all user attributes or no attributes at all */
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
             if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
                 alluserattrs = 1;
             } else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
-                noattrs = 1;
+                /* "1.1" is only valid if it's the only requested attribute */
+                if (i == 0 && attrs[1] == NULL) {
+                    noattrs = 1;
+                }
             } else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
                 alloperationalattrs = 1;
             } else {
-- 
2.21.0