[389-ds-base] branch 389-ds-base-1.4.0 updated: Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new b543627 Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
b543627 is described below
commit b5436272f0697d415c25c690d4aa90620978631e
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 14:36:24 2019 -0400
Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
Bug Description: A regression was introduced some time back that changed the
behavior of how the server handled the "1.1" requested attribute
in a search request. If "1.1" was requested along with other
attributes then no attibutes were returned, but in this case "1.1"
is expected to be ignroed.
Fix Description: Only comply with "1.1" if it is the only requested attribute
relates: https://pagure.io/389-ds-base/issue/50530
Reviewed by: firstyear(Thanks!)
---
dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++++++++++---
ldap/servers/slapd/result.c | 7 +++-
2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
index 19c3478..d926f64 100644
--- a/dirsrvtests/tests/suites/basic/basic_test.py
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
'supportedLDAPVersion',
@@ -434,8 +435,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user1',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
try:
@@ -446,8 +447,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user2',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
#
@@ -597,6 +598,50 @@ def test_basic_searches(topology_st, import_example_ldif):
log.info('test_basic_searches: PASSED')
+(a)pytest.fixture(scope="module")
+def add_test_entry(topology_st, request):
+ # Add test entry
+ topology_st.standalone.add_s(Entry((USER4_DN,
+ {'objectclass': "top extensibleObject".split(),
+ 'cn': 'user1', 'uid': 'user1'})))
+
+
+search_params = [(['1.1'], 'cn', False),
+ (['1.1', 'cn'], 'cn', True),
+ (['+'], 'nsUniqueId', True),
+ (['*'], 'cn', True),
+ (['cn'], 'cn', True)]
+(a)pytest.mark.parametrize("attrs, attr, present", search_params)
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
+ """Test requested attributes in search operations.
+ :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
+ :setup: Standalone instance
+ :steps:
+ 1. Test "1.1" does not return any attributes.
+ 2. Test "1.1" is ignored if there are other requested attributes
+ 3. Test "+" returns all operational attributes
+ 4. Test "*" returns all attributes
+ 5. Test requested attributes
+
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ 4. Success
+ 5. Success
+ """
+
+ log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
+ entry = topology_st.standalone.search_s(USER4_DN,
+ ldap.SCOPE_BASE,
+ 'objectclass=top',
+ attrs)
+ if present:
+ assert entry[0].hasAttr(attr)
+ else:
+ assert not entry[0].hasAttr(attr)
+
+
def test_basic_referrals(topology_st, import_example_ldif):
"""Test LDAP server in referral mode.
@@ -741,8 +786,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
log.info('Attempting to start the server with broken dse.ldif...')
try:
topology_st.standalone.start()
- except:
- log.info('Server failed to start as expected')
+ except Exception as e:
+ log.info('Server failed to start as expected: ' + str(e))
log.info('Check the status...')
assert (not topology_st.standalone.status())
log.info('Server failed to start as expected')
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index a03ca43..4f9bda0 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
* "+" means all operational attributes (rfc3673)
* operational attributes are only retrieved if they are named
* specifically or when "+" is specified.
+ * In the case of "1.1", if there are other requested attributes
+ * then "1.1" should be ignored.
*/
/* figure out if we want all user attributes or no attributes at all */
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
alluserattrs = 1;
} else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
- noattrs = 1;
+ /* "1.1" is only valid if it's the only requested attribute */
+ if (i == 0 && attrs[1] == NULL) {
+ noattrs = 1;
+ }
} else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
alloperationalattrs = 1;
} else {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months
[389-ds-base] 01/02: Ticket 50510 - etime can contain invalid nanosecond value
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
commit f919952d2a75c1c1328236752d616686b44efe39
Author: Thierry Bordaz <tbordaz(a)redhat.com>
AuthorDate: Tue Jul 23 13:59:01 2019 +0200
Ticket 50510 - etime can contain invalid nanosecond value
Bug Description:
When computing the etime, it takes into account the nanosecond.
At border of a second, the ending nsec can be lower than starting nsec.
In such case the computation is wrong as delta=(ending_nsec - starting_nsec) is negative.
final_nsec = 1 - delta > 1sec
Fix Description:
if delta=(ending_nsec - starting_nsec) is negative
final_nsec = 1 + delta < 1sec
https://pagure.io/389-ds-base/issue/50510
Reviewed by: Mark Reynolds (Thanks!)
Platforms tested: F28
Flag Day: no
Doc impact: no
---
dirsrvtests/tests/suites/ds_logs/ds_logs_test.py | 44 ++++++++++++++++++++++++
ldap/servers/slapd/time.c | 6 ++--
2 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
index fb73a22..6f1e93c 100644
--- a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
+++ b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
@@ -186,7 +186,51 @@ def test_log_plugin_off(topology_st):
assert len(access_log_lines) > 0
assert not topology_st.standalone.ds_access_log.match('^\[.+\d{9}.+\].+')
+(a)pytest.mark.bz1732053
+(a)pytest.mark.ds50510
+def test_etime_at_border_of_second(topology_st):
+ topo = topology_st.standalone
+ # be sure to analyze only the following rapid OPs
+ topo.stop()
+ os.remove(topo.accesslog)
+ topo.start()
+
+ prog = os.path.join(topo.ds_paths.bin_dir, 'rsearch')
+
+ cmd = [prog]
+
+ # base search
+ cmd.extend(['-s', DN_CONFIG])
+
+ # scope of the search
+ cmd.extend(['-S', '0'])
+
+ # host / port
+ cmd.extend(['-h', HOST_STANDALONE])
+ cmd.extend(['-p', str(PORT_STANDALONE)])
+
+ # bound as DM to make it faster
+ cmd.extend(['-D', DN_DM])
+ cmd.extend(['-w', PASSWORD])
+
+ # filter
+ cmd.extend(['-f', "(cn=config)"])
+
+ # 2 samples SRCH
+ cmd.extend(['-C', "2"])
+
+ output = subprocess.check_output(cmd)
+ topo.stop()
+
+ # No etime with 0.199xxx (everything should be few ms)
+ invalid_etime = topo.ds_access_log.match(r'.*etime=0\.19.*')
+ if invalid_etime:
+ for i in range(len(invalid_etime)):
+ log.error('It remains invalid or weird etime: %s' % invalid_etime[i])
+ assert not invalid_etime
+
+
if __name__ == '__main__':
# Run isolated
# -s for DEBUG mode
diff --git a/ldap/servers/slapd/time.c b/ldap/servers/slapd/time.c
index 584bd1e..8048a33 100644
--- a/ldap/servers/slapd/time.c
+++ b/ldap/servers/slapd/time.c
@@ -235,8 +235,10 @@ slapi_timespec_diff(struct timespec *a, struct timespec *b, struct timespec *dif
if (nsec < 0) {
/* It's negative so take one second */
sec -= 1;
- /* And set nsec to to a whole value */
- nsec = 1000000000 - nsec;
+ /* And set nsec to to a whole value
+ * nsec is negative => nsec = 1s - abs(nsec)
+ */
+ nsec = 1000000000 + nsec;
}
diff->tv_sec = sec;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months
[389-ds-base] 02/02: Issue 50529 - LDAP server returning PWP controls in different sequence
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
commit b350d7d06c68e5861cb164bdbe29a4e5b44b96e4
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 12:07:07 2019 -0400
Issue 50529 - LDAP server returning PWP controls in different sequence
Description: The server returns password policy controls in different orders
depending on the state of grace logins. The requested control,
if any, should be returned first, followed by any controls the
server might add.
relates: https://pagure.io/389-ds-base/issue/50529
Reviewed by: mreynolds (one line commit rule)
---
ldap/servers/slapd/pw_mgmt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index befac50..ca76fc1 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -207,10 +207,10 @@ skip:
/* password expired and user exceeded limit of grace attemps.
* Send result and also the control */
- slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
if (pwresponse_req) {
slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED);
}
+ slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
"password expired!", 0, NULL);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months
[389-ds-base] 01/01: New branch 1.3.10
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
commit 6fe682f25579cbe093f0e9388d606e462fb0608b
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 12:28:32 2019 -0400
New branch 1.3.10
---
VERSION.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/VERSION.sh b/VERSION.sh
index 44c045b..71bb621 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=9.1
+VERSION_MAINT=10.1
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL=
VERSION_DATE=$(date -u +%Y%m%d)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months
[389-ds-base] 02/02: Ticket 50510 - etime can contain invalid nanosecond value
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
commit bae369e6d8b26660d9da9e1e01e955deb499a55d
Author: Thierry Bordaz <tbordaz(a)redhat.com>
AuthorDate: Tue Jul 23 13:59:01 2019 +0200
Ticket 50510 - etime can contain invalid nanosecond value
Bug Description:
When computing the etime, it takes into account the nanosecond.
At border of a second, the ending nsec can be lower than starting nsec.
In such case the computation is wrong as delta=(ending_nsec - starting_nsec) is negative.
final_nsec = 1 - delta > 1sec
Fix Description:
if delta=(ending_nsec - starting_nsec) is negative
final_nsec = 1 + delta < 1sec
https://pagure.io/389-ds-base/issue/50510
Reviewed by: Mark Reynolds (Thanks!)
Platforms tested: F28
Flag Day: no
Doc impact: no
---
dirsrvtests/tests/suites/ds_logs/ds_logs_test.py | 44 ++++++++++++++++++++++++
ldap/servers/slapd/time.c | 6 ++--
2 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
index fb73a22..6f1e93c 100644
--- a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
+++ b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
@@ -186,7 +186,51 @@ def test_log_plugin_off(topology_st):
assert len(access_log_lines) > 0
assert not topology_st.standalone.ds_access_log.match('^\[.+\d{9}.+\].+')
+(a)pytest.mark.bz1732053
+(a)pytest.mark.ds50510
+def test_etime_at_border_of_second(topology_st):
+ topo = topology_st.standalone
+ # be sure to analyze only the following rapid OPs
+ topo.stop()
+ os.remove(topo.accesslog)
+ topo.start()
+
+ prog = os.path.join(topo.ds_paths.bin_dir, 'rsearch')
+
+ cmd = [prog]
+
+ # base search
+ cmd.extend(['-s', DN_CONFIG])
+
+ # scope of the search
+ cmd.extend(['-S', '0'])
+
+ # host / port
+ cmd.extend(['-h', HOST_STANDALONE])
+ cmd.extend(['-p', str(PORT_STANDALONE)])
+
+ # bound as DM to make it faster
+ cmd.extend(['-D', DN_DM])
+ cmd.extend(['-w', PASSWORD])
+
+ # filter
+ cmd.extend(['-f', "(cn=config)"])
+
+ # 2 samples SRCH
+ cmd.extend(['-C', "2"])
+
+ output = subprocess.check_output(cmd)
+ topo.stop()
+
+ # No etime with 0.199xxx (everything should be few ms)
+ invalid_etime = topo.ds_access_log.match(r'.*etime=0\.19.*')
+ if invalid_etime:
+ for i in range(len(invalid_etime)):
+ log.error('It remains invalid or weird etime: %s' % invalid_etime[i])
+ assert not invalid_etime
+
+
if __name__ == '__main__':
# Run isolated
# -s for DEBUG mode
diff --git a/ldap/servers/slapd/time.c b/ldap/servers/slapd/time.c
index 584bd1e..8048a33 100644
--- a/ldap/servers/slapd/time.c
+++ b/ldap/servers/slapd/time.c
@@ -235,8 +235,10 @@ slapi_timespec_diff(struct timespec *a, struct timespec *b, struct timespec *dif
if (nsec < 0) {
/* It's negative so take one second */
sec -= 1;
- /* And set nsec to to a whole value */
- nsec = 1000000000 - nsec;
+ /* And set nsec to to a whole value
+ * nsec is negative => nsec = 1s - abs(nsec)
+ */
+ nsec = 1000000000 + nsec;
}
diff->tv_sec = sec;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months
[389-ds-base] 01/02: Bump version to 1.3.10
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
commit 3204c964657e8756d6740c89597f65de0933230e
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Wed Jul 31 13:44:04 2019 -0400
Bump version to 1.3.10
---
VERSION.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/VERSION.sh b/VERSION.sh
index 44c045b..71bb621 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=9.1
+VERSION_MAINT=10.1
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL=
VERSION_DATE=$(date -u +%Y%m%d)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months
[389-ds-base] branch 389-ds-base-1.4.0 updated: Issue 50529 - LDAP server returning PWP controls in different sequence
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new b6df377 Issue 50529 - LDAP server returning PWP controls in different sequence
b6df377 is described below
commit b6df3771047da5e4fe73f4d7715c006e3906770b
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 12:07:07 2019 -0400
Issue 50529 - LDAP server returning PWP controls in different sequence
Description: The server returns password policy controls in different orders
depending on the state of grace logins. The requested control,
if any, should be returned first, followed by any controls the
server might add.
relates: https://pagure.io/389-ds-base/issue/50529
Reviewed by: mreynolds (one line commit rule)
---
ldap/servers/slapd/pw_mgmt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index befac50..ca76fc1 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -207,10 +207,10 @@ skip:
/* password expired and user exceeded limit of grace attemps.
* Send result and also the control */
- slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
if (pwresponse_req) {
slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED);
}
+ slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
"password expired!", 0, NULL);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months
[389-ds-base] branch master updated: Issue 50529 - LDAP server returning PWP controls in different sequence
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch master
in repository 389-ds-base.
The following commit(s) were added to refs/heads/master by this push:
new 67c7604 Issue 50529 - LDAP server returning PWP controls in different sequence
67c7604 is described below
commit 67c7604b8d0d0ed71394381d0a232466825634f0
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 12:07:07 2019 -0400
Issue 50529 - LDAP server returning PWP controls in different sequence
Description: The server returns password policy controls in different orders
depending on the state of grace logins. The requested control,
if any, should be returned first, followed by any controls the
server might add.
relates: https://pagure.io/389-ds-base/issue/50529
Reviewed by: mreynolds (one line commit rule)
---
ldap/servers/slapd/pw_mgmt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index dd32c31..59b90df 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -204,10 +204,10 @@ skip:
/* password expired and user exceeded limit of grace attemps.
* Send result and also the control */
- slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
if (pwresponse_req) {
slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED);
}
+ slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
"password expired!", 0, NULL);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 7 months