andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 6 months ago
Clone

Blame SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch

a2f18f
From 970672905f7ca994f1d0f92e82f4c80484796181 Mon Sep 17 00:00:00 2001
a2f18f
From: Noriko Hosoi <nhosoi@redhat.com>
a2f18f
Date: Wed, 5 Aug 2015 14:40:12 -0700
a2f18f
Subject: [PATCH 38/39] Ticket #48228 - CI test: added test cases for ticket
a2f18f
 48228
a2f18f
a2f18f
Description: wrong password check if passwordInHistory is decreased.
a2f18f
(cherry picked from commit 6b138a2091bf7d78f3bc60a13f226a39296e0f4c)
a2f18f
(cherry picked from commit e62b4815f0682845992dc9a4375e1d7c5597bfba)
a2f18f
---
a2f18f
 dirsrvtests/tickets/ticket48228_test.py | 327 ++++++++++++++++++++++++++++++++
a2f18f
 1 file changed, 327 insertions(+)
a2f18f
 create mode 100644 dirsrvtests/tickets/ticket48228_test.py
a2f18f
a2f18f
diff --git a/dirsrvtests/tickets/ticket48228_test.py b/dirsrvtests/tickets/ticket48228_test.py
a2f18f
new file mode 100644
a2f18f
index 0000000..e0595bb
a2f18f
--- /dev/null
a2f18f
+++ b/dirsrvtests/tickets/ticket48228_test.py
a2f18f
@@ -0,0 +1,327 @@
a2f18f
+# --- BEGIN COPYRIGHT BLOCK ---
a2f18f
+# Copyright (C) 2015 Red Hat, Inc.
a2f18f
+# All rights reserved.
a2f18f
+#
a2f18f
+# License: GPL (version 3 or any later version).
a2f18f
+# See LICENSE for details. 
a2f18f
+# --- END COPYRIGHT BLOCK ---
a2f18f
+#
a2f18f
+import os
a2f18f
+import sys
a2f18f
+import time
a2f18f
+import ldap
a2f18f
+import logging
a2f18f
+import pytest
a2f18f
+from lib389 import DirSrv, Entry, tools, tasks
a2f18f
+from lib389.tools import DirSrvTools
a2f18f
+from lib389._constants import *
a2f18f
+from lib389.properties import *
a2f18f
+from lib389.tasks import *
a2f18f
+
a2f18f
+log = logging.getLogger(__name__)
a2f18f
+
a2f18f
+installation_prefix = None
a2f18f
+
a2f18f
+# Assuming DEFAULT_SUFFIX is "dc=example,dc=com", otherwise it does not work... :(
a2f18f
+SUBTREE_CONTAINER = 'cn=nsPwPolicyContainer,' + DEFAULT_SUFFIX
a2f18f
+SUBTREE_PWPDN = 'cn=nsPwPolicyEntry,' + DEFAULT_SUFFIX
a2f18f
+SUBTREE_PWP = 'cn=cn\3DnsPwPolicyEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
a2f18f
+SUBTREE_COS_TMPLDN = 'cn=nsPwTemplateEntry,' + DEFAULT_SUFFIX
a2f18f
+SUBTREE_COS_TMPL = 'cn=cn\3DnsPwTemplateEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
a2f18f
+SUBTREE_COS_DEF = 'cn=nsPwPolicy_CoS,' + DEFAULT_SUFFIX
a2f18f
+
a2f18f
+USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
a2f18f
+USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
a2f18f
+
a2f18f
+class TopologyStandalone(object):
a2f18f
+    def __init__(self, standalone):
a2f18f
+        standalone.open()
a2f18f
+        self.standalone = standalone
a2f18f
+
a2f18f
+
a2f18f
+@pytest.fixture(scope="module")
a2f18f
+def topology(request):
a2f18f
+    '''
a2f18f
+        This fixture is used to standalone topology for the 'module'.
a2f18f
+    '''
a2f18f
+    global installation_prefix
a2f18f
+
a2f18f
+    if installation_prefix:
a2f18f
+        args_instance[SER_DEPLOYED_DIR] = installation_prefix
a2f18f
+
a2f18f
+    standalone = DirSrv(verbose=False)
a2f18f
+
a2f18f
+    # Args for the standalone instance
a2f18f
+    args_instance[SER_HOST] = HOST_STANDALONE
a2f18f
+    args_instance[SER_PORT] = PORT_STANDALONE
a2f18f
+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
a2f18f
+    args_standalone = args_instance.copy()
a2f18f
+    standalone.allocate(args_standalone)
a2f18f
+
a2f18f
+    # Get the status of the instance and restart it if it exists
a2f18f
+    instance_standalone = standalone.exists()
a2f18f
+
a2f18f
+    # Remove the instance
a2f18f
+    if instance_standalone:
a2f18f
+        standalone.delete()
a2f18f
+
a2f18f
+    # Create the instance
a2f18f
+    standalone.create()
a2f18f
+
a2f18f
+    # Used to retrieve configuration information (dbdir, confdir...)
a2f18f
+    standalone.open()
a2f18f
+
a2f18f
+    # clear the tmp directory
a2f18f
+    standalone.clearTmpDir(__file__)
a2f18f
+
a2f18f
+    # Here we have standalone instance up and running
a2f18f
+    return TopologyStandalone(standalone)
a2f18f
+
a2f18f
+def set_global_pwpolicy(topology, inhistory):
a2f18f
+    log.info("	+++++ Enable global password policy +++++\n")
a2f18f
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
a2f18f
+    # Enable password policy
a2f18f
+    try:
a2f18f
+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', 'on')])
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info("		Set global password history on\n")
a2f18f
+    try:
a2f18f
+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordHistory', 'on')])
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to set passwordHistory: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info("		Set global passwords in history\n")
a2f18f
+    try:
a2f18f
+        count = "%d" % inhistory
a2f18f
+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordInHistory', count)])
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to set passwordInHistory: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+def set_subtree_pwpolicy(topology):
a2f18f
+    log.info("	+++++ Enable subtree level password policy +++++\n")
a2f18f
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
a2f18f
+    log.info("		Add the container")
a2f18f
+    try:
a2f18f
+        topology.standalone.add_s(Entry((SUBTREE_CONTAINER, {'objectclass': 'top nsContainer'.split(),
a2f18f
+                                                             'cn': 'nsPwPolicyContainer'})))
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to add subtree container: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info("		Add the password policy subentry {passwordHistory: on, passwordInHistory: 6}")
a2f18f
+    try:
a2f18f
+        topology.standalone.add_s(Entry((SUBTREE_PWP, {'objectclass': 'top ldapsubentry passwordpolicy'.split(),
a2f18f
+                                                       'cn': SUBTREE_PWPDN,
a2f18f
+                                                       'passwordMustChange': 'off',
a2f18f
+                                                       'passwordExp': 'off',
a2f18f
+                                                       'passwordHistory': 'on',
a2f18f
+                                                       'passwordInHistory': '6',
a2f18f
+                                                       'passwordMinAge': '0',
a2f18f
+                                                       'passwordChange': 'on',
a2f18f
+                                                       'passwordStorageScheme': 'clear'})))
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to add passwordpolicy: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info("		Add the COS template")
a2f18f
+    try:
a2f18f
+        topology.standalone.add_s(Entry((SUBTREE_COS_TMPL, {'objectclass': 'top ldapsubentry costemplate extensibleObject'.split(),
a2f18f
+                                                            'cn': SUBTREE_PWPDN,
a2f18f
+                                                            'cosPriority': '1',
a2f18f
+                                                            'cn': SUBTREE_COS_TMPLDN,
a2f18f
+                                                            'pwdpolicysubentry': SUBTREE_PWP})))
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to add COS template: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info("		Add the COS definition")
a2f18f
+    try:
a2f18f
+        topology.standalone.add_s(Entry((SUBTREE_COS_DEF, {'objectclass': 'top ldapsubentry cosSuperDefinition cosPointerDefinition'.split(),
a2f18f
+                                                           'cn': SUBTREE_PWPDN,
a2f18f
+                                                           'costemplatedn': SUBTREE_COS_TMPL,
a2f18f
+                                                           'cosAttribute': 'pwdpolicysubentry default operational-default'})))
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to add COS def: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+def check_passwd_inhistory(topology, user, cpw, passwd):
a2f18f
+    inhistory = 0
a2f18f
+    log.info("		Bind as {%s,%s}" % (user, cpw))
a2f18f
+    topology.standalone.simple_bind_s(user, cpw)
a2f18f
+    try:
a2f18f
+        topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', passwd)])
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.info('		The password ' + passwd + ' of user' + USER1_DN + ' in history: error ' + e.message['desc'])
a2f18f
+        inhistory = 1
a2f18f
+    return inhistory
a2f18f
+
a2f18f
+def update_passwd(topology, user, passwd, times):
a2f18f
+    cpw = passwd
a2f18f
+    loop = 0
a2f18f
+    while loop < times:
a2f18f
+        log.info("		Bind as {%s,%s}" % (user, cpw))
a2f18f
+        topology.standalone.simple_bind_s(user, cpw)
a2f18f
+        cpw = 'password%d' % loop
a2f18f
+        try:
a2f18f
+            topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw)])
a2f18f
+        except ldap.LDAPError, e:
a2f18f
+            log.fatal('test_ticket48228: Failed to update the password ' + cpw + ' of user ' + user + ': error ' + e.message['desc'])
a2f18f
+            assert False
a2f18f
+        loop += 1
a2f18f
+
a2f18f
+    # checking the first password, which is supposed to be in history
a2f18f
+    inhistory = check_passwd_inhistory(topology, user, cpw, passwd)
a2f18f
+    assert inhistory == 1
a2f18f
+
a2f18f
+def test_ticket48228_test_global_policy(topology):
a2f18f
+    """
a2f18f
+    Check global password policy
a2f18f
+    """
a2f18f
+
a2f18f
+    log.info('	Set inhistory = 6')
a2f18f
+    set_global_pwpolicy(topology, 6)
a2f18f
+
a2f18f
+    log.info('	Bind as directory manager')
a2f18f
+    log.info("Bind as %s" % DN_DM)
a2f18f
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
a2f18f
+
a2f18f
+    log.info('	Add an entry' + USER1_DN)
a2f18f
+    try:
a2f18f
+        topology.standalone.add_s(Entry((USER1_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
a2f18f
+                                     'sn': '1',
a2f18f
+                                     'cn': 'user 1',
a2f18f
+                                     'uid': 'user1',
a2f18f
+                                     'givenname': 'user',
a2f18f
+                                     'mail': 'user1@example.com',
a2f18f
+                                     'userpassword': 'password'})))
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.fatal('test_ticket48228: Failed to add user' + USER1_DN + ': error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info('	Update the password of ' + USER1_DN + ' 6 times')
a2f18f
+    update_passwd(topology, USER1_DN, 'password', 6)
a2f18f
+
a2f18f
+    log.info('	Set inhistory = 4')
a2f18f
+    set_global_pwpolicy(topology, 4)
a2f18f
+
a2f18f
+    log.info('	checking the first password, which is supposed NOT to be in history any more')
a2f18f
+    cpw = 'password%d' % 5
a2f18f
+    tpw = 'password'
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
a2f18f
+    assert inhistory == 0
a2f18f
+
a2f18f
+    log.info('	checking the second password, which is supposed NOT to be in history any more')
a2f18f
+    cpw = tpw
a2f18f
+    tpw = 'password%d' % 0
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
a2f18f
+    assert inhistory == 0
a2f18f
+
a2f18f
+    log.info('	checking the second password, which is supposed NOT to be in history any more')
a2f18f
+    cpw = tpw
a2f18f
+    tpw = 'password%d' % 1
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
a2f18f
+    assert inhistory == 0
a2f18f
+
a2f18f
+    log.info('	checking the third password, which is supposed to be in history')
a2f18f
+    cpw = tpw
a2f18f
+    tpw = 'password%d' % 2
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
a2f18f
+    assert inhistory == 1
a2f18f
+
a2f18f
+    log.info("Global policy was successfully verified.")
a2f18f
+
a2f18f
+def test_ticket48228_test_subtree_policy(topology):
a2f18f
+    """
a2f18f
+    Check subtree level password policy
a2f18f
+    """
a2f18f
+
a2f18f
+    log.info('	Set inhistory = 6')
a2f18f
+    set_subtree_pwpolicy(topology)
a2f18f
+
a2f18f
+    log.info('	Bind as directory manager')
a2f18f
+    log.info("Bind as %s" % DN_DM)
a2f18f
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
a2f18f
+
a2f18f
+    log.info('	Add an entry' + USER2_DN)
a2f18f
+    try:
a2f18f
+        topology.standalone.add_s(Entry((USER2_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
a2f18f
+                                     'sn': '2',
a2f18f
+                                     'cn': 'user 2',
a2f18f
+                                     'uid': 'user2',
a2f18f
+                                     'givenname': 'user',
a2f18f
+                                     'mail': 'user2@example.com',
a2f18f
+                                     'userpassword': 'password'})))
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.fatal('test_ticket48228: Failed to add user' + USER2_DN + ': error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info('	Update the password of ' + USER2_DN + ' 6 times')
a2f18f
+    update_passwd(topology, USER2_DN, 'password', 6)
a2f18f
+
a2f18f
+    log.info('	Set inhistory = 4')
a2f18f
+    topology.standalone.simple_bind_s(DN_DM, PASSWORD)
a2f18f
+    try:
a2f18f
+        topology.standalone.modify_s(SUBTREE_PWP, [(ldap.MOD_REPLACE, 'passwordInHistory', '4')])
a2f18f
+    except ldap.LDAPError, e:
a2f18f
+        log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
a2f18f
+        assert False
a2f18f
+
a2f18f
+    log.info('	checking the first password, which is supposed NOT to be in history any more')
a2f18f
+    cpw = 'password%d' % 5
a2f18f
+    tpw = 'password'
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
a2f18f
+    assert inhistory == 0
a2f18f
+
a2f18f
+    log.info('	checking the second password, which is supposed NOT to be in history any more')
a2f18f
+    cpw = tpw
a2f18f
+    tpw = 'password%d' % 0
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
a2f18f
+    assert inhistory == 0
a2f18f
+
a2f18f
+    log.info('	checking the second password, which is supposed NOT to be in history any more')
a2f18f
+    cpw = tpw
a2f18f
+    tpw = 'password%d' % 1
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
a2f18f
+    assert inhistory == 0
a2f18f
+
a2f18f
+    log.info('	checking the third password, which is supposed to be in history')
a2f18f
+    cpw = tpw
a2f18f
+    tpw = 'password%d' % 2
a2f18f
+    inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
a2f18f
+    assert inhistory == 1
a2f18f
+
a2f18f
+    log.info("Subtree level policy was successfully verified.")
a2f18f
+
a2f18f
+def test_ticket48228_final(topology):
a2f18f
+    topology.standalone.delete()
a2f18f
+    log.info('Testcase PASSED')
a2f18f
+
a2f18f
+def run_isolated():
a2f18f
+    '''
a2f18f
+        run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
a2f18f
+        To run isolated without py.test, you need to
a2f18f
+            - edit this file and comment '@pytest.fixture' line before 'topology' function.
a2f18f
+            - set the installation prefix
a2f18f
+            - run this program
a2f18f
+    '''
a2f18f
+    global installation_prefix
a2f18f
+    installation_prefix = None
a2f18f
+
a2f18f
+    topo = topology(True)
a2f18f
+    log.info('Testing Ticket 48228 - wrong password check if passwordInHistory is decreased')
a2f18f
+
a2f18f
+    test_ticket48228_test_global_policy(topo)
a2f18f
+
a2f18f
+    test_ticket48228_test_subtree_policy(topo)
a2f18f
+
a2f18f
+    test_ticket48228_final(topo)
a2f18f
+
a2f18f
+
a2f18f
+if __name__ == '__main__':
a2f18f
+    run_isolated()
a2f18f
+
a2f18f
-- 
a2f18f
1.9.3
a2f18f