Skip to content

Commit 3b1e8a4

Browse files
marle3003marle3003
committed
fix logging error
add test
1 parent ad2e068 commit 3b1e8a4

2 files changed

Lines changed: 89 additions & 24 deletions

File tree

providers/directory/search.go

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@ import (
66
"encoding/base64"
77
"encoding/binary"
88
"fmt"
9-
"github.com/brianvoe/gofakeit/v6"
10-
log "github.com/sirupsen/logrus"
119
"math"
1210
"mokapi/ldap"
1311
"mokapi/runtime/events"
@@ -17,6 +15,9 @@ import (
1715
"strings"
1816
"time"
1917
"unicode"
18+
19+
"github.com/brianvoe/gofakeit/v6"
20+
log "github.com/sirupsen/logrus"
2021
)
2122

2223
type predicate func(entry Entry) bool
@@ -375,7 +376,10 @@ func (p *parser) equal(name, value string) (predicate, error) {
375376
return v == s
376377
}
377378
case "activeDirectoryObjectSidMatch", "0.0.0.0":
378-
v, _ := sidToBytes(value)
379+
v, err := sidToBytes(value)
380+
if err != nil {
381+
return nil, fmt.Errorf("invalid SID '%v': %v", value, err)
382+
}
379383
f = func(s string) bool {
380384
b := []byte(s)
381385
return bytes.Equal(b, v) || value == s
@@ -571,16 +575,16 @@ func sidToBytes(sid string) ([]byte, error) {
571575
}
572576
authId, authIdErr := strconv.ParseUint(parts[1], 10, 32)
573577
if authIdErr != nil {
574-
return nil, fmt.Errorf("invalid uint value %v at position: %v", parts[1], 1)
578+
return nil, fmt.Errorf("invalid uint value '%v' at position: %v", parts[1], 1)
575579
}
576580
if authId > 255 {
577-
return nil, fmt.Errorf("IdentifierAuthority value %v out of byte range (0-255) at position: %v", parts[1], 1)
581+
return nil, fmt.Errorf("IdentifierAuthority value '%v' out of byte range (0-255) at position: %v", parts[1], 1)
578582
}
579583
result = append(result, byte(authId))
580584
for i, part := range parts[2:] {
581585
val, valErr := strconv.ParseUint(part, 10, 32)
582586
if valErr != nil {
583-
return nil, fmt.Errorf("invalid uint value %v at position: %v", part, i)
587+
return nil, fmt.Errorf("invalid uint value '%v' at position: %v", part, i)
584588
}
585589
b := make([]byte, 4)
586590
binary.LittleEndian.PutUint32(b, uint32(val))

providers/directory/search_test.go

Lines changed: 79 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ import (
44
"encoding/hex"
55
"encoding/json"
66
"fmt"
7-
"github.com/stretchr/testify/require"
87
"mokapi/config/dynamic"
98
"mokapi/config/dynamic/dynamictest"
109
"mokapi/engine/enginetest"
@@ -15,14 +14,17 @@ import (
1514
"mokapi/try"
1615
"strings"
1716
"testing"
17+
18+
"github.com/sirupsen/logrus/hooks/test"
19+
"github.com/stretchr/testify/require"
1820
)
1921

2022
func TestSearch_Schema(t *testing.T) {
2123
testcases := []struct {
2224
name string
2325
input string
2426
reader dynamic.Reader
25-
test func(t *testing.T, h ldap.Handler, err error)
27+
test func(t *testing.T, h ldap.Handler, log *test.Hook, err error)
2628
}{
2729
{
2830
name: "caseIgnoreMatch",
@@ -31,7 +33,7 @@ func TestSearch_Schema(t *testing.T) {
3133
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 2.5.4.3 NAME 'cn' DESC 'Common Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )")},
3234
"file:/users.ldif": {Raw: []byte("dn: cn=user\ncn: UsEr")},
3335
}},
34-
test: func(t *testing.T, h ldap.Handler, err error) {
36+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
3537
require.NoError(t, err)
3638

3739
rr := ldaptest.NewRecorder()
@@ -51,7 +53,7 @@ func TestSearch_Schema(t *testing.T) {
5153
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'User ID' \n EQUALITY integerMatch \n SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )")},
5254
"file:/users.ldif": {Raw: []byte("dn: cn=user\nuidNumber: 1001")},
5355
}},
54-
test: func(t *testing.T, h ldap.Handler, err error) {
56+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
5557
require.NoError(t, err)
5658

5759
rr := ldaptest.NewRecorder()
@@ -71,7 +73,7 @@ func TestSearch_Schema(t *testing.T) {
7173
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.4.1.99999.1.1 NAME 'customBinaryAttribute'\n DESC 'Example attribute storing raw binary data'\n EQUALITY octetStringMatch\n SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )")},
7274
"file:/users.ldif": {Raw: []byte("dn: cn=user\ncustomBinaryAttribute:: bXlTZWNyZXREYXRh")},
7375
}},
74-
test: func(t *testing.T, h ldap.Handler, err error) {
76+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
7577
require.NoError(t, err)
7678

7779
rr := ldaptest.NewRecorder()
@@ -91,7 +93,7 @@ func TestSearch_Schema(t *testing.T) {
9193
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.4.1.99999.1.1 NAME 'customBinaryAttribute'\n DESC 'Example attribute storing raw binary data'\n EQUALITY octetStringMatch\n SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )")},
9294
"file:/users.ldif": {Raw: []byte("dn: cn=user\ncustomBinaryAttribute:: bXlTZWNyZXREYXRh")},
9395
}},
94-
test: func(t *testing.T, h ldap.Handler, err error) {
96+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
9597
require.NoError(t, err)
9698

9799
rr := ldaptest.NewRecorder()
@@ -111,7 +113,7 @@ func TestSearch_Schema(t *testing.T) {
111113
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.4.1.99999.2.1 NAME 'isActive'\n DESC 'Indicates whether a user is active or not'\n EQUALITY booleanMatch\n SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )")},
112114
"file:/users.ldif": {Raw: []byte("dn: cn=user\nisActive: TRUE")},
113115
}},
114-
test: func(t *testing.T, h ldap.Handler, err error) {
116+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
115117
require.NoError(t, err)
116118

117119
rr := ldaptest.NewRecorder()
@@ -131,7 +133,7 @@ func TestSearch_Schema(t *testing.T) {
131133
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.4.1.99999.2.1 NAME 'isActive'\n DESC 'Indicates whether a user is active or not'\n EQUALITY booleanMatch\n SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )")},
132134
"file:/users.ldif": {Raw: []byte("dn: cn=user\nisActive: TRUE")},
133135
}},
134-
test: func(t *testing.T, h ldap.Handler, err error) {
136+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
135137
require.NoError(t, err)
136138

137139
rr := ldaptest.NewRecorder()
@@ -151,7 +153,7 @@ func TestSearch_Schema(t *testing.T) {
151153
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.4.1.99999.1.1\n NAME 'phoneNumber'\n DESC 'A phone number as a numeric string'\n EQUALITY numericStringMatch\n SYNTAX 1.3.6.1.4.1.1466.115.121.1.36\n SINGLE-VALUE )")},
152154
"file:/users.ldif": {Raw: []byte("dn: cn=user\nphoneNumber: 00123456789")},
153155
}},
154-
test: func(t *testing.T, h ldap.Handler, err error) {
156+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
155157
require.NoError(t, err)
156158

157159
rr := ldaptest.NewRecorder()
@@ -171,7 +173,7 @@ func TestSearch_Schema(t *testing.T) {
171173
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.4.1.99999.1.1\n NAME 'phoneNumber'\n DESC 'A phone number as a numeric string'\n EQUALITY numericStringMatch\n SYNTAX 1.3.6.1.4.1.1466.115.121.1.36\n SINGLE-VALUE )")},
172174
"file:/users.ldif": {Raw: []byte("dn: cn=user\nphoneNumber: 00123456789")},
173175
}},
174-
test: func(t *testing.T, h ldap.Handler, err error) {
176+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
175177
require.NoError(t, err)
176178

177179
rr := ldaptest.NewRecorder()
@@ -191,7 +193,7 @@ func TestSearch_Schema(t *testing.T) {
191193
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 1.3.6.1.4.1.99999.1.3\n NAME 'managerDN'\n DESC 'A manager distinguished name (DN)'\n EQUALITY distinguishedNameMatch\n SYNTAX 1.3.6.1.4.1.1466.115.121.1.12\n SINGLE-VALUE )")},
192194
"file:/users.ldif": {Raw: []byte("dn: cn=user\nmanagerDN: cn=manager1,ou=employees,dc=example,dc=com")},
193195
}},
194-
test: func(t *testing.T, h ldap.Handler, err error) {
196+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
195197
require.NoError(t, err)
196198

197199
rr := ldaptest.NewRecorder()
@@ -211,7 +213,7 @@ func TestSearch_Schema(t *testing.T) {
211213
"file:/schema.ldif": {Raw: []byte("dn: \nsubschemaSubentry: cn=schema\n\ndn: cn=schema\nattributeTypes: ( 2.5.4.20\n NAME 'telephoneNumber'\n DESC 'Telephone number'\n EQUALITY telephoneNumberMatch \n SYNTAX 1.3.6.1.4.1.1466.115.121.1.50\n SINGLE-VALUE )")},
212214
"file:/users.ldif": {Raw: []byte("dn: cn=user\ntelephoneNumber: +1 555 123 4567")},
213215
}},
214-
test: func(t *testing.T, h ldap.Handler, err error) {
216+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
215217
require.NoError(t, err)
216218

217219
rr := ldaptest.NewRecorder()
@@ -230,7 +232,7 @@ func TestSearch_Schema(t *testing.T) {
230232
reader: &dynamictest.Reader{Data: map[string]*dynamic.Config{
231233
"file:/users.ldif": {Raw: []byte("dn: cn=user\nobjectSid:: AQUAAAAAAAUVAAAAF8sUcR3r8QcekDXQw9wAAA==")},
232234
}},
233-
test: func(t *testing.T, h ldap.Handler, err error) {
235+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
234236
require.NoError(t, err)
235237

236238
rr := ldaptest.NewRecorder()
@@ -265,7 +267,7 @@ dn: cn=user2
265267
objectSid:: AQUAAAAAAAUVAAAAF8sUcR3r8QcekDXQw9wAAA==
266268
`)},
267269
}},
268-
test: func(t *testing.T, h ldap.Handler, err error) {
270+
test: func(t *testing.T, h ldap.Handler, _ *test.Hook, err error) {
269271
require.NoError(t, err)
270272

271273
rr := ldaptest.NewRecorder()
@@ -279,21 +281,80 @@ objectSid:: AQUAAAAAAAUVAAAAF8sUcR3r8QcekDXQw9wAAA==
279281
require.Equal(t, "cn=user1", res.Results[0].Dn)
280282
},
281283
},
284+
{
285+
name: "ldap filter objectSid using AD style with invalid authId",
286+
input: `{ "files": [ "./users.ldif" ] }`,
287+
reader: &dynamictest.Reader{Data: map[string]*dynamic.Config{
288+
"file:/users.ldif": {Raw: []byte(`
289+
dn:
290+
namingContexts: dc=example_domain_name
291+
subschemaSubentry: cn=schema
292+
293+
dn: cn=schema
294+
objectClass: top
295+
objectClass: subschema
296+
attributeTypes: ( 1.2.3.4.5.6.7.8 NAME 'objectSid' DESC 'objectSid' EQUALITY activeDirectoryObjectSidMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
297+
`)},
298+
}},
299+
test: func(t *testing.T, h ldap.Handler, log *test.Hook, err error) {
300+
require.NoError(t, err)
301+
302+
rr := ldaptest.NewRecorder()
303+
h.ServeLDAP(rr, ldaptest.NewRequest(0, &ldap.SearchRequest{
304+
Scope: ldap.ScopeWholeSubtree,
305+
Filter: fmt.Sprintf("(objectSid=S-1-foo-21-1234567890-1234567890-1234567890-1001)"),
306+
}))
307+
res := rr.Message.(*ldap.SearchResponse)
308+
309+
require.Len(t, res.Results, 0)
310+
require.Len(t, log.Entries, 2)
311+
require.Equal(t, "ldap: filter syntax error: invalid SID 'S-1-foo-21-1234567890-1234567890-1234567890-1001': invalid uint value 'foo' at position: 1", log.Entries[1].Message)
312+
},
313+
},
314+
{
315+
name: "ldap filter objectSid using AD style with authId to high",
316+
input: `{ "files": [ "./users.ldif" ] }`,
317+
reader: &dynamictest.Reader{Data: map[string]*dynamic.Config{
318+
"file:/users.ldif": {Raw: []byte(`
319+
dn:
320+
namingContexts: dc=example_domain_name
321+
subschemaSubentry: cn=schema
322+
323+
dn: cn=schema
324+
objectClass: top
325+
objectClass: subschema
326+
attributeTypes: ( 1.2.3.4.5.6.7.8 NAME 'objectSid' DESC 'objectSid' EQUALITY activeDirectoryObjectSidMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
327+
`)},
328+
}},
329+
test: func(t *testing.T, h ldap.Handler, log *test.Hook, err error) {
330+
require.NoError(t, err)
331+
332+
rr := ldaptest.NewRecorder()
333+
h.ServeLDAP(rr, ldaptest.NewRequest(0, &ldap.SearchRequest{
334+
Scope: ldap.ScopeWholeSubtree,
335+
Filter: fmt.Sprintf("(objectSid=S-1-300-21-1234567890-1234567890-1234567890-1001)"),
336+
}))
337+
res := rr.Message.(*ldap.SearchResponse)
338+
339+
require.Len(t, res.Results, 0)
340+
require.Len(t, log.Entries, 2)
341+
require.Equal(t, "ldap: filter syntax error: invalid SID 'S-1-300-21-1234567890-1234567890-1234567890-1001': IdentifierAuthority value '300' out of byte range (0-255) at position: 1", log.Entries[1].Message)
342+
},
343+
},
282344
}
283345

284-
t.Parallel()
285346
for _, tc := range testcases {
286347
tc := tc
287348
t.Run(tc.name, func(t *testing.T) {
288-
t.Parallel()
349+
hook := test.NewGlobal()
289350

290351
var c *directory.Config
291352
err := json.Unmarshal([]byte(tc.input), &c)
292353
if err != nil {
293-
tc.test(t, nil, err)
354+
tc.test(t, nil, hook, err)
294355
} else {
295356
err = c.Parse(&dynamic.Config{Data: c, Info: dynamic.ConfigInfo{Url: try.MustUrl("file:/foo.yml")}}, tc.reader)
296-
tc.test(t, directory.NewHandler(c, enginetest.NewEngine(), &eventstest.Handler{}), err)
357+
tc.test(t, directory.NewHandler(c, enginetest.NewEngine(), &eventstest.Handler{}), hook, err)
297358
}
298359
})
299360
}

0 commit comments

Comments
 (0)