1 file changed, 92 insertions(+), 23 deletions(-)
New commits:
commit 005850477362e6304fa06448309d7c588e9601ce
Author: William Brown <firstyear@redhat.com>
Date: Mon May 30 13:33:41 2016 +1000
Ticket 48855 - Add basic pwdPolicy tests
Bug Description: There were no password policy tests in the features section.
Fix Description: Add the initial test that checks for password syntax enforcment
https://fedorahosted.org/389/ticket/48855
Author: wibrown
Review by: mreynolds (Thanks!)
diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_test.py
index 9ceb62c..653d033 100644
--- a/dirsrvtests/tests/suites/password/pwdPolicy_test.py
+++ b/dirsrvtests/tests/suites/password/pwdPolicy_test.py
@@ -21,23 +21,38 @@ from lib389.tasks import *
logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
-installation1_prefix = None
+from lib389.config import RSA, Encryption, Config
+
+DEBUGGING = False
+
+USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX
+
+if DEBUGGING:
+ logging.getLogger(__name__).setLevel(logging.DEBUG)
+else:
+ logging.getLogger(__name__).setLevel(logging.INFO)
+
+
+log = logging.getLogger(__name__)
class TopologyStandalone(object):
+ """The DS Topology Class"""
def __init__(self, standalone):
+ """Init"""
standalone.open()
self.standalone = standalone
@pytest.fixture(scope="module")
def topology(request):
- global installation1_prefix
- if installation1_prefix:
- args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+ """Create DS Deployment"""
# Creating standalone instance ...
- standalone = DirSrv(verbose=False)
+ if DEBUGGING:
+ standalone = DirSrv(verbose=True)
+ else:
+ standalone = DirSrv(verbose=False)
args_instance[SER_HOST] = HOST_STANDALONE
args_instance[SER_PORT] = PORT_STANDALONE
args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
@@ -50,33 +65,87 @@ def topology(request):
standalone.create()
standalone.open()
+ # Deploy certs
+ # This is a trick. The nss db that ships with DS is broken
+ for f in ('key3.db', 'cert8.db', 'key4.db', 'cert9.db', 'secmod.db', 'pkcs11.txt'):
+ try:
+ os.remove("%s/%s" % (topology.standalone.confdir, f ))
+ except:
+ pass
+
+ assert(standalone.nss_ssl.reinit() is True)
+ assert(standalone.nss_ssl.create_rsa_ca() is True)
+ assert(standalone.nss_ssl.create_rsa_key_and_cert() is True)
+
+ # Say that we accept the cert
+ # Connect again!
+
+ # Enable the SSL options
+ standalone.rsa.create()
+ standalone.rsa.set('nsSSLPersonalitySSL', 'Server-Cert')
+ standalone.rsa.set('nsSSLToken', 'internal (software)')
+ standalone.rsa.set('nsSSLActivation', 'on')
+
+ standalone.config.set('nsslapd-secureport', PORT_STANDALONE2)
+ standalone.config.set('nsslapd-security', 'on')
+
+ standalone.restart()
+
+
+ def fin():
+ """If we are debugging just stop the instances, otherwise remove
+ them
+ """
+ if DEBUGGING:
+ standalone.stop()
+ else:
+ standalone.delete()
+
+ request.addfinalizer(fin)
+
# Clear out the tmp dir
standalone.clearTmpDir(__file__)
return TopologyStandalone(standalone)
+def _create_user(inst):
+ inst.add_s(Entry((
+ USER_DN, {
+ 'objectClass': 'top account simplesecurityobject'.split(),
+ 'uid': 'user',
+ 'userpassword': 'password'
+ })))
+
-def test_pwdPolicy_init(topology):
+def test_pwdPolicy_constraint(topology):
'''
- Init the test suite (if necessary)
+ Password policy test: Ensure that on a password change, the policy is
+ enforced correctly.
'''
- return
-
-def test_pwdPolicy_final(topology):
- topology.standalone.delete()
- log.info('Password Policy test suite PASSED')
-
-
-def run_isolated():
- global installation1_prefix
- installation1_prefix = None
-
- topo = topology(True)
- test_pwdPolicy_init(topo)
- test_pwdPolicy_final(topo)
+ # Create a user
+ _create_user(topology.standalone)
+ # Set the password policy globally
+ topology.standalone.config.set('passwordMinLength', '10')
+ topology.standalone.config.set('passwordMinDigits', '2')
+ topology.standalone.config.set('passwordCheckSyntax', 'on')
+ topology.standalone.config.set('nsslapd-pwpolicy-local', 'off')
+ # Now open a new ldap connection with TLS
+ userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
+ userconn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap. OPT_X_TLS_NEVER )
+ userconn.start_tls_s()
+ userconn.simple_bind_s(USER_DN, 'password')
+ # This should have an exception!
+ try:
+ userconn.passwd_s(USER_DN, 'password', 'password1')
+ assert(False)
+ except ldap.CONSTRAINT_VIOLATION:
+ assert(True)
+ # Change the password to something invalid!
if __name__ == '__main__':
- run_isolated()
-
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
No comments:
Post a Comment