From c0fa459d8d285e2087461a9cb4eec60e6349f6a1 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Tue, 17 Apr 2007 21:15:25 +0000
Subject: [PATCH] Fix ACI dns bind rule keyword to be more compatible with dsee. Issue 462.

---
 opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java |   30 ++++++++++++++++++++++++++++++
 1 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java
index 5028fd7..d28050c 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java
@@ -237,6 +237,7 @@
   private static final String BIND_RULE_IP_NOT_MISC_AND_LOCALHOST = "ip!=\"72.5.124.61,127.0.0.1\"";
   private static final String BIND_RULE_DNS_LOCALHOST = "dns=\"localhost\"";
   private static final String BIND_RULE_DNS_NOT_LOCALHOST = "dns!=\"localhost\"";
+  private static final String BIND_RULE_DNS_ALL= "dns=\"*\"";
 
   private static final String BIND_RULE_THIS_HOUR = getTimeOfDayRuleNextHour();
   private static final String BIND_RULE_PREVIOUS_HOUR = getTimeOfDayRulePreviousHour();
@@ -465,6 +466,9 @@
   private static final String ALLOW_ALL_TO_NON_DNS_LOCALHOST =
           buildAciValue("name", "allow all to non localhost", "targetattr", "*", "allow(all)", BIND_RULE_DNS_NOT_LOCALHOST);
 
+  private static final String ALLOW_ALL_TO_DNS_ALL =
+          buildAciValue("name", "allow all to dns all", "targetattr", "*", "allow(all)", BIND_RULE_DNS_ALL);
+
   private static final String DENY_ALL_TO_DNS_LOCALHOST =
           buildAciValue("name", "deny all to localhost", "targetattr", "*", "deny(all)", BIND_RULE_DNS_LOCALHOST);
 
@@ -1142,6 +1146,10 @@
  String GROUP1_GROUPDN_MODS =  makeAddAciLdif(OU_LEAF_DN,
                                          ALLOW_SEARCH_TO_GROUP1_GROUPDN);
 
+  //Aci to test dns="*".
+  private static final
+ String DNS_ALL_ACI =  makeAddAciLdif(OU_LEAF_DN, ALLOW_ALL_TO_DNS_ALL);
+
   // ou=leaf,ou=inner,ou=acitest,dc=example,dc=com and everything under it
   private static final String LEAF_OU_FULL_LDIF__SEARCH_TESTS =
     LEAF_OU_LDIF__SEARCH_TESTS +
@@ -1878,6 +1886,28 @@
   }
 
   /**
+   * Test ACI using dns="*" bind rule pattern. Search should succeed.
+   * @throws Throwable  If the search doesn't return any entries.
+   */
+  @Test()
+   public void testDNSWildCard()  throws Throwable {
+        SingleSearchParams userParam =
+            new SingleSearchParams(LEVEL_1_USER_DN,
+                                   "pa$$word", LEVEL_3_USER_DN,
+                                   OBJECTCLASS_STAR, SCOPE_BASE,
+                                   null, null, null);
+        try {
+            addEntries(BASIC_LDIF__GROUP_SEARCH_TESTS, DIR_MGR_DN, DIR_MGR_PW);
+            modEntries(DNS_ALL_ACI, DIR_MGR_DN, DIR_MGR_PW);
+            String userResults = ldapSearch(userParam.getLdapSearchArgs());
+            Assert.assertFalse(userResults.equals(""));
+        } catch(Throwable e) {
+                throw e;
+        }
+ }
+
+
+  /**
   * Test group and role bind rule ACI keywords. Both groupdn and roledn keywords
   * funnel through the same code so the results should be the same.
   * @throws Throwable

--
Gitblit v1.10.0