From 6932146c7ce6be2b604fd68d4ae6450ce784a80f Mon Sep 17 00:00:00 2001
From: coulbeck <coulbeck@localhost>
Date: Tue, 27 Mar 2007 21:05:16 +0000
Subject: [PATCH] Fix for issue #1458 (regression in ACI DN wildcards).

---
 opends/src/server/org/opends/server/authorization/dseecompat/Target.java                                 |    2 
 opends/src/server/org/opends/server/authorization/dseecompat/PatternDN.java                              |   26 +++++++++++++
 opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetTestCase.java |   37 ++++++++++++++++++
 3 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/PatternDN.java b/opends/src/server/org/opends/server/authorization/dseecompat/PatternDN.java
index 7428a38..8cc5f2c 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/PatternDN.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/PatternDN.java
@@ -103,6 +103,32 @@
   }
 
   /**
+   * Create a new DN pattern matcher to match a suffix.
+   * @param pattern The suffix pattern string.
+   * @throws org.opends.server.types.DirectoryException If the pattern string
+   * is not valid.
+   * @return A new DN pattern matcher.
+   */
+  public static PatternDN decodeSuffix(String pattern) throws DirectoryException
+  {
+    AttributeType fakeType =
+         DirectoryServer.getAttributeType(PATTERN_DN_FAKE_TYPE_NAME);
+    if (fakeType == null)
+    {
+       fakeType =
+            DirectoryServer.getDefaultAttributeType(PATTERN_DN_FAKE_TYPE_NAME);
+    }
+
+    SearchFilter filter;
+    DN patternDN = DN.decode(pattern);
+    String filterStr = PATTERN_DN_FAKE_TYPE_NAME + "=*" +
+         patternDN.toNormalizedString();
+    filter=SearchFilter.createFilterFromString(filterStr);
+
+    return new PatternDN(fakeType, filter);
+  }
+
+  /**
    * Determine whether a given DN matches this pattern.
    * @param dn The DN to be matched.
    * @return true if the DN matches the pattern.
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/Target.java b/opends/src/server/org/opends/server/authorization/dseecompat/Target.java
index 509aaaf..444e52e 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/Target.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/Target.java
@@ -89,7 +89,7 @@
           LDAPURL targetURL =  LDAPURL.decode(target, false);
           if(targetURL.getRawBaseDN().indexOf("*") != -1) {
               this.isPattern=true;
-              patternDN = PatternDN.decode(targetURL.getRawBaseDN());
+              patternDN = PatternDN.decodeSuffix(targetURL.getRawBaseDN());
           } else {
               urlDN=targetURL.getBaseDN();
               if(!urlDN.isDescendantOf(aciDN)) {
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetTestCase.java
index c932d94..12d00fe 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetTestCase.java
@@ -132,10 +132,45 @@
 //              "uid=bjensen,ou=people,dc=example,dc=com",
 //         },
          // </FAIL>
+         {
+              "ou=aci branch,o=ACI Tests,dc=example,dc=com",
+              "(target=\"ldap:///ou=Peo*,ou=aci branch, o=ACI Tests," +
+                   "dc=example,dc=com\")(targetattr=\"*\")" +
+                   "(version 3.0; acl \"add_aci3\"; allow" +
+                   "(search,read) userdn=\"ldap:///all\";)",
+              "uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
+                   "dc=example,dc=com",
+         },
+         {
+              "ou=aci branch,o=ACI Tests,dc=example,dc=com",
+              "(target=\"ldap:///ou=*eople,ou=aci branch,o=ACI Tests," +
+                   "dc=example,dc=com\")(targetattr=\"*\")" +
+                   "(version 3.0; acl \"add_aci3\"; allow" +
+                   "(search,read) userdn=\"ldap:///all\";)",
+              "uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
+                   "dc=example,dc=com",
+         },
+         {
+              "ou=aci branch,o=ACI Tests,dc=example,dc=com",
+              "(target=\"ldap:///ou=Pe*le,ou=aci branch,o=ACI Tests," +
+                   "dc=example,dc=com\")(targetattr=\"*\")" +
+                   "(version 3.0; acl \"add_aci3\"; allow" +
+                   "(search,read) userdn=\"ldap:///all\";)",
+              "uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
+                   "dc=example,dc=com",
+         },
+         {
+              "ou=aci branch,o=ACI Tests,dc=example,dc=com",
+              "(target=\"ldap:///ou=Pe*l*,ou=aci branch,o=ACI Tests," +
+                   "dc=example,dc=com\")(targetattr=\"*\")" +
+                   "(version 3.0; acl \"add_aci3\"; allow" +
+                   "(search,read) userdn=\"ldap:///all\";)",
+              "uid=scarter,ou=People,ou=aci branch,o=ACI Tests," +
+                   "dc=example,dc=com",
+         },
     };
   }
 
-
   @DataProvider
   public Object[][] nonApplicableTargets()
   {

--
Gitblit v1.10.0