From eed2073f6f7bed7df0327b9fc0f2d410975d5332 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 4 Jul 2014 16:58:11 +0200
Subject: LDAP: Try all attributes when saving an entry
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The same LDAP attribute might be used several times for the same user or
group attribute. For instance, some servers have a global "ID" number
that should be used for both UID and GID. However, our
sdap_parse_entry() function only copied the LDAP attribute to the first
matching sysdb attribute.

This patch adds a second nested loop that checks if any of the other
LDAP attributes are eligible.

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 src/tests/cmocka/test_sdap.c | 55 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

(limited to 'src/tests/cmocka')

diff --git a/src/tests/cmocka/test_sdap.c b/src/tests/cmocka/test_sdap.c
index 3990d7a3e..8fdf1a4a2 100644
--- a/src/tests/cmocka/test_sdap.c
+++ b/src/tests/cmocka/test_sdap.c
@@ -372,6 +372,58 @@ void test_parse_no_attrs(void **state)
     talloc_free(attrs);
 }
 
+void test_parse_dups(void **state)
+{
+    int ret;
+    struct sysdb_attrs *attrs;
+    struct parse_test_ctx *test_ctx = talloc_get_type_abort(*state,
+                                                      struct parse_test_ctx);
+    struct mock_ldap_entry test_dupattr_user;
+    struct sdap_attr_map *map;
+    int i;
+
+    const char *oc_values[] = { "posixAccount", NULL };
+    const char *uid_values[] = { "1234", NULL };
+    struct mock_ldap_attr test_dupattr_attrs[] = {
+        { .name = "objectClass", .values = oc_values },
+        { .name = "idNumber", .values = uid_values },
+        { NULL, NULL }
+    };
+
+    test_dupattr_user.dn = "cn=dupuser,dc=example,dc=com";
+    test_dupattr_user.attrs = test_dupattr_attrs;
+    set_entry_parse(&test_dupattr_user);
+
+    ret = sdap_copy_map(test_ctx, rfc2307_user_map, SDAP_OPTS_USER, &map);
+    assert_int_equal(ret, ERR_OK);
+    /* Set both uidNumber and gidNumber to idNumber */
+    for (i = 0; i < SDAP_OPTS_USER; i++) {
+        if (map[i].name == NULL) continue;
+
+        if (strcmp(map[i].name, "uidNumber") == 0
+             || strcmp(map[i].name, "gidNumber") == 0) {
+            map[i].name = discard_const("idNumber");
+        }
+    }
+
+    ret = sdap_parse_entry(test_ctx, &test_ctx->sh, &test_ctx->sm,
+                           map, SDAP_OPTS_USER,
+                           &attrs, NULL, false);
+    assert_int_equal(ret, ERR_OK);
+
+    assert_int_equal(attrs->num, 3);
+
+    /* Every entry has a DN */
+    assert_entry_has_attr(attrs, SYSDB_ORIG_DN,
+                          "cn=dupuser,dc=example,dc=com");
+    /* Test the single-valued attribute */
+    assert_entry_has_attr(attrs, SYSDB_UIDNUM, "1234");
+    assert_entry_has_attr(attrs, SYSDB_GIDNUM, "1234");
+
+    talloc_free(map);
+    talloc_free(attrs);
+}
+
 /* Negative test - objectclass doesn't match the map */
 void test_parse_bad_oc(void **state)
 {
@@ -493,6 +545,9 @@ int main(int argc, const char *argv[])
         unit_test_setup_teardown(test_parse_no_attrs,
                                  parse_entry_test_setup,
                                  parse_entry_test_teardown),
+        unit_test_setup_teardown(test_parse_dups,
+                                 parse_entry_test_setup,
+                                 parse_entry_test_teardown),
         /* Negative tests */
         unit_test_setup_teardown(test_parse_no_oc,
                                  parse_entry_test_setup,
-- 
cgit