Merge pull request #28 from openstandia/fix

fix: Improve normalization of pwdFailureTime
openstandia · Jun 9, 2022 · 17bf9eb · 17bf9eb
2 parents 8386036 + 4a23238
commit 17bf9eb
Show file tree

Hide file tree

Showing 8 changed files with 69 additions and 11 deletions.
diff --git a/handler_search_dse.go b/handler_search_dse.go
@@ -84,9 +84,11 @@ func handleSearchDSE(s *Server, w ldap.ResponseWriter, m *ldap.Message) {
 	if isOperationalAttributesRequested(r) {
 		for k, v := range searchEntry.GetOperationalAttrsOrig() {
 			if _, ok := sentAttrs[k]; !ok {
-				for _, vv := range v {
-					e.AddAttribute(message.AttributeDescription(k), message.AttributeValue(vv))
+				av := make([]message.AttributeValue, len(v))
+				for i, vv := range v {
+					av[i] = message.AttributeValue(vv)
 				}
+				e.AddAttribute(message.AttributeDescription(k), av...)
 			}
 		}
 	}

diff --git a/handler_search_generic.go b/handler_search_generic.go
@@ -232,9 +232,11 @@ func responseEntry(s *Server, w ldap.ResponseWriter, m *ldap.Message, r message.
 			}
 
 			if _, ok := sentAttrs[k]; !ok {
-				for _, vv := range v {
-					e.AddAttribute(message.AttributeDescription(k), message.AttributeValue(vv))
+				av := make([]message.AttributeValue, len(v))
+				for i, vv := range v {
+					av[i] = message.AttributeValue(vv)
 				}
+				e.AddAttribute(message.AttributeDescription(k), av...)
 			}
 		}
 	}

diff --git a/handler_search_rootdn.go b/handler_search_rootdn.go
@@ -94,9 +94,11 @@ func handleSearchRootDN(s *Server, w ldap.ResponseWriter, m *ldap.Message) {
 	if isOperationalAttributesRequested(r) {
 		for k, v := range searchEntry.GetOperationalAttrsOrig() {
 			if _, ok := sentAttrs[k]; !ok {
-				for _, vv := range v {
-					e.AddAttribute(message.AttributeDescription(k), message.AttributeValue(vv))
+				av := make([]message.AttributeValue, len(v))
+				for i, vv := range v {
+					av[i] = message.AttributeValue(vv)
 				}
+				e.AddAttribute(message.AttributeDescription(k), av...)
 			}
 		}
 	}

diff --git a/handler_search_schema.go b/handler_search_schema.go
@@ -105,9 +105,11 @@ func handleSearchSubschema(s *Server, w ldap.ResponseWriter, m *ldap.Message) {
 	if isOperationalAttributesRequested(r) {
 		for k, v := range searchEntry.GetOperationalAttrsOrig() {
 			if _, ok := sentAttrs[k]; !ok {
-				for _, vv := range v {
-					e.AddAttribute(message.AttributeDescription(k), message.AttributeValue(vv))
+				av := make([]message.AttributeValue, len(v))
+				for i, vv := range v {
+					av[i] = message.AttributeValue(vv)
 				}
+				e.AddAttribute(message.AttributeDescription(k), av...)
 			}
 		}
 	}

diff --git a/integration_test.go b/integration_test.go
@@ -1060,6 +1060,48 @@ func TestOperationalAttributesMigration(t *testing.T) {
 	runTestCases(t, tcs)
 }
 
+func TesPwdFailureTimeNano(t *testing.T) {
+	type A []string
+	type M map[string][]string
+
+	testServer.config.MigrationEnabled = true
+	testServer.LoadSchema()
+
+	tcs := []Command{
+		Conn{},
+		Bind{"cn=Manager", "secret", &AssertResponse{}},
+		AddDC("example", "dc=com"),
+		AddOU("Users"),
+		Add{
+			"uid=user1", "ou=Users",
+			M{
+				"objectClass":  A{"inetOrgPerson"},
+				"cn":           A{"user1"},
+				"sn":           A{"user1"},
+				"userPassword": A{SSHA("password1")},
+				"entryUUID":    A{"0b05df74-1219-495d-9d95-dc0c05e00aa9"},
+			},
+			nil,
+		},
+		ModifyReplace{
+			"uid=user1", "ou=Users",
+			M{
+				"pwdFailureTime": A{"20220607064255.621183Z", "20220607064255.742441Z"},
+			},
+			&AssertEntry{
+				expectAttrs: M{
+					"pwdFailureTime": A{
+						"20220607064255.621183Z",
+						"20220607064255.742441Z",
+					},
+				},
+			},
+		},
+	}
+
+	runTestCases(t, tcs)
+}
+
 func TestAssociation(t *testing.T) {
 	type A []string
 	type M map[string][]string

diff --git a/schema.go b/schema.go
@@ -901,3 +901,7 @@ func (s *AttributeType) IsNumberOrdering() bool {
 		s.Ordering == "numericStringOrderingMatch" ||
 		s.Ordering == "UUIDOrderingMatch"
 }
+
+func (s *AttributeType) IsNanoFormat() bool {
+	return s.Name == "pwdFailureTime"
+}
diff --git a/test_util.go b/test_util.go
@@ -400,7 +400,7 @@ func (a AssertEntry) AssertEntry(conn *ldap.Conn, err error, rdn, baseDN string,
 	if err != nil {
 		return xerrors.Errorf("Unexpected error response when previous operation. rdn: %s, err: %w", rdn, err)
 	}
-	sr, err := searchEntry(conn, "", baseDN, ldap.ScopeWholeSubtree, fmt.Sprintf("(%s)", rdn), nil)
+	sr, err := searchEntry(conn, "", baseDN, ldap.ScopeWholeSubtree, fmt.Sprintf("(%s)", rdn), []string{"*", "+"})
 	if err != nil {
 		return xerrors.Errorf("Unexpected error when searching the entry. err: %w", err)
 	}
@@ -416,7 +416,7 @@ func (a AssertEntry) AssertEntry(conn *ldap.Conn, err error, rdn, baseDN string,
 	for k, expect := range expectAttrs {
 		actual := sr.Entries[0].GetAttributeValues(k)
 		if !reflect.DeepEqual(expect, actual) {
-			return xerrors.Errorf("Unexpected entry attr [%s]. want = [%v] got = %d", k, expect, actual)
+			return xerrors.Errorf("Unexpected entry attr [%s]. want = [%v] got = %v", k, expect, actual)
 		}
 	}
 	return nil

diff --git a/util.go b/util.go
@@ -422,7 +422,11 @@ func normalizeGeneralizedTime(s *AttributeType, value string, index int) (int64,
 	if err != nil {
 		return 0, NewInvalidPerSyntax(s.Name, index)
 	}
-	return t.Unix(), nil
+	if s.IsNanoFormat() {
+		return t.UnixNano(), nil
+	} else {
+		return t.Unix(), nil
+	}
 }
 
 func normalizeBoolean(s *AttributeType, value string, index int) (string, error) {