Skip to content
Commits on Source (123)
Expand all Hide whitespace changes
Inline Side-by-side
.cargo/config 0 → 100644
View file @ 90506d34
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "./vendor"
.gitignore
View file @ 90506d34
......@@ -225,8 +225,10 @@ html/
src/lib389/dist/
src/lib389/man/
src/libsds/target/
src/librslapd/target/
dist
venv
.idea
src/cockpit/389-console/cockpit_dist/
src/cockpit/389-console/node_modules/
ldap/servers/slapd/rust-slapi-private.h
Makefile.am
View file @ 90506d34
This diff is collapsed.
README.md
View file @ 90506d34
......@@ -27,15 +27,19 @@ Building
./configure --enable-debug --with-openldap --enable-cmocka --enable-asan
make
make lib389
make check
sudo make install
sudo make lib389-install
Testing
-------
make check
sudo py.test -s 389-ds-base/dirsrvtests/tests/suites/basic/
To debug the make check item's, you'll need libtool to help:
libtool --mode=execute gdb /home/william/build/ds/test_slapd
More information
----------------
......
VERSION.sh
View file @ 90506d34
......@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=4
VERSION_MAINT=1.6
VERSION_MAINT=2.4
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL=
VERSION_DATE=$(date -u +%Y%m%d)
......
configure.ac
View file @ 90506d34
......@@ -85,37 +85,40 @@ AC_CHECK_FUNCS([clock_gettime], [], AC_MSG_ERROR([unable to locate required symb
LT_LIB_DLLOAD
# Optional rust component support.
AC_MSG_CHECKING(for --enable-rust-offline)
AC_ARG_ENABLE(rust_offline, AS_HELP_STRING([--enable-rust-offline], [Enable rust building offline. you MUST have run vendor! (default: no)]),
[], [ enable_rust_offline=no ])
AC_MSG_RESULT($enable_rust_offline)
AM_CONDITIONAL([RUST_ENABLE_OFFLINE],[test "$enable_rust_offline" = yes])
AC_MSG_CHECKING(for --enable-rust)
AC_ARG_ENABLE(rust, AS_HELP_STRING([--enable-rust], [Enable rust language features (default: no)]),
[
[], [ enable_rust=no ])
AC_MSG_RESULT($enable_rust)
if test "$enable_rust" = yes -o "$enable_rust_offline" = yes; then
AC_CHECK_PROG(CARGO, [cargo], [yes], [no])
AC_CHECK_PROG(RUSTC, [rustc], [yes], [no])
AS_IF([test "$CARGO" != "yes" -o "$RUSTC" != "yes"], [
AC_MSG_FAILURE("Rust based plugins cannot be built cargo=$CARGO rustc=$RUSTC")
])
with_rust=yes
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
])
AM_CONDITIONAL([RUST_ENABLE],[test -n "$with_rust"])
fi
AM_CONDITIONAL([RUST_ENABLE],[test "$enable_rust" = yes -o "$enable_rust_offline" = yes])
AC_MSG_CHECKING(for --enable-debug)
AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug], [Enable debug features (default: no)]),
[
AC_MSG_RESULT(yes)
[], [ enable_debug=no ])
AC_MSG_RESULT($enable_debug)
if test "$enable_debug" = yes ; then
debug_defs="-DDEBUG -DMCC_DEBUG"
debug_cflags="-g3 -O0"
debug_cxxflags="-g3 -O0"
debug_rust_defs="-C debuginfo=2"
cargo_defs=""
rust_target_dir="debug"
with_debug=yes
],
[
AC_MSG_RESULT(no)
else
debug_defs=""
# set the default safe CFLAGS that would be set by AC_PROG_CC otherwise
debug_cflags="-g -O2"
......@@ -123,104 +126,98 @@ AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug], [Enable debug features (de
debug_rust_defs="-C debuginfo=2"
cargo_defs="--release"
rust_target_dir="release"
])
fi
AC_SUBST([debug_defs])
AC_SUBST([debug_cflags])
AC_SUBST([debug_cxxflags])
AC_SUBST([debug_rust_defs])
AC_SUBST([cargo_defs])
AC_SUBST([rust_target_dir])
AM_CONDITIONAL([DEBUG],[test -n "$with_debug"])
AM_CONDITIONAL([DEBUG],[test "$enable_debug" = yes])
AC_MSG_CHECKING(for --enable-asan)
AC_ARG_ENABLE(asan, AS_HELP_STRING([--enable-asan], [Enable gcc/clang address sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
[], [ enable_asan=no ])
AC_MSG_RESULT($enable_asan)
if test "$enable_asan" = yes ; then
asan_cflags="-fsanitize=address -fno-omit-frame-pointer -lasan"
asan_rust_defs="-Z sanitizer=address"
],
[
AC_MSG_RESULT(no)
else
asan_cflags=""
asan_rust_defs=""
])
fi
AC_SUBST([asan_cflags])
AC_SUBST([asan_rust_defs])
AM_CONDITIONAL(enable_asan,test "$enable_asan" = "yes")
AC_MSG_CHECKING(for --enable-msan)
AC_ARG_ENABLE(msan, AS_HELP_STRING([--enable-msan], [Enable gcc/clang memory sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
[], [ enable_msan=no ])
AC_MSG_RESULT($enable_msan)
if test "$enable_msan" = yes ; then
msan_cflags="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer"
msan_rust_defs="-Z sanitizer=memory"
],
[
AC_MSG_RESULT(no)
else
msan_cflags=""
msan_rust_defs=""
])
fi
AC_SUBST([msan_cflags])
AC_SUBST([msan_rust_defs])
AM_CONDITIONAL(enable_msan,test "$enable_msan" = "yes")
AC_MSG_CHECKING(for --enable-tsan)
AC_ARG_ENABLE(tsan, AS_HELP_STRING([--enable-tsan], [Enable gcc/clang thread sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
[], [ enable_tsan=no ])
AC_MSG_RESULT($enable_tsan)
if test "$enable_tsan" = yes ; then
tsan_cflags="-fsanitize=thread -fno-omit-frame-pointer"
tsan_rust_defs="-Z sanitizer=thread"
],
[
AC_MSG_RESULT(no)
else
tsan_cflags=""
tsan_rust_defs=""
])
fi
AC_SUBST([tsan_cflags])
AC_SUBST([tsan_rust_defs])
AM_CONDITIONAL(enable_tsan,test "$enable_tsan" = "yes")
AC_MSG_CHECKING(for --enable-ubsan)
AC_ARG_ENABLE(ubsan, AS_HELP_STRING([--enable-tsan], [Enable gcc/clang undefined behaviour sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
[], [ enable_ubsan=no ])
AC_MSG_RESULT($enable_ubsan)
if test "$enable_ubsan" = yes ; then
ubsan_cflags="-fsanitize=undefined -fno-omit-frame-pointer"
ubsan_rust_defs=""
],
[
AC_MSG_RESULT(no)
else
ubsan_cflags=""
ubsan_rust_defs=""
])
fi
AC_SUBST([ubsan_cflags])
AC_SUBST([ubsan_rust_defs])
AM_CONDITIONAL(enable_ubsan,test "$enable_ubsan" = "yes")
AM_CONDITIONAL(with_sanitizer,test "$enable_asan" = "yes" -o "$enable_msan" = "yes" -o "$enable_tsan" = "yes" -o "$enable_ubsan" = "yes")
# Enable CLANG
AC_MSG_CHECKING(for --enable-clang)
AC_ARG_ENABLE(clang, AS_HELP_STRING([--enable-clang], [Enable clang (default: no)]),
[
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
])
[], [ enable_clang=no ])
AC_MSG_RESULT($enable_clang)
AM_CONDITIONAL(CLANG_ENABLE,test "$enable_clang" = "yes")
# Enable Perl
if test -z "$enable_perl" ; then
enable_perl=no
AC_MSG_CHECKING(for --enable-legacy)
AC_ARG_ENABLE(legacy, AS_HELP_STRING([--enable-legacy], [Enable deprecated legacy functionality (default: no)]),
[], [ enable_legacy=no ])
AC_MSG_RESULT($enable_legacy)
AC_SUBST([enable_legacy])
AM_CONDITIONAL(ENABLE_LEGACY,test "$enable_legacy" = "yes")
if test "$enable_legacy" = yes ; then
enable_perl=yes
fi
AC_MSG_CHECKING(for --enable-perl)
AC_ARG_ENABLE(perl, AS_HELP_STRING([--enable-perl], [Enable deprecated legacy perl and shell scripts (default: no)]),
[
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
])
AC_ARG_ENABLE(perl, AS_HELP_STRING([--enable-perl], [Enable deprecated legacy perl scripts (default: no)]),
[], [ enable_perl=no ])
AC_MSG_RESULT($enable_perl)
AC_SUBST([enable_perl])
AM_CONDITIONAL(ENABLE_PERL,test "$enable_perl" = "yes")
......@@ -228,54 +225,45 @@ AM_CONDITIONAL(ENABLE_PERL,test "$enable_perl" = "yes")
AM_CONDITIONAL([RPM_HARDEND_CC], [test -f /usr/lib/rpm/redhat/redhat-hardened-cc1])
AC_MSG_CHECKING(for --enable-gcc-security)
AC_ARG_ENABLE(gcc-security, AS_HELP_STRING([--enable-gcc-security], [Enable gcc secure compilation options (default: no)]),
[
AC_MSG_RESULT(yes)
AM_COND_IF([RPM_HARDEND_CC],
[ gccsec_cflags="-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " ],
[ gccsec_cflags="-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security" ]
)
],
[
[], [ enable_gcc_security=no ])
AC_MSG_RESULT($enable_gcc_security)
if test "$enable_gcc_security" = yes ; then
gccsec_cflags="-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security"
else
# Without this, -fPIC doesn't work on generic fedora builds, --disable-gcc-sec.
AC_MSG_RESULT(no)
AM_COND_IF([RPM_HARDEND_CC],
[ gccsec_cflags="-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" ],
[ gccsec_cflags="" ]
)
])
gccsec_cflags=""
fi
AM_COND_IF([RPM_HARDEND_CC],
[ gccsec_cflags="$gccsec_flags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" ],
[])
AC_SUBST([gccsec_cflags])
# Pull in profiling.
AC_MSG_CHECKING(for --enable-profiling)
AC_ARG_ENABLE(profiling, AS_HELP_STRING([--enable-profiling], [Enable gcov profiling features (default: no)]),
[
AC_MSG_RESULT(yes)
[], [ enable_profiling=no ])
AC_MSG_RESULT($enable_profiling)
if test "$enable_profiling" = yes ; then
profiling_defs="-fprofile-arcs -ftest-coverage -g3 -O0"
profiling_links="-lgcov --coverage"
],
[
AC_MSG_RESULT(no)
else
profiling_defs=""
profiling_links=""
])
fi
AC_SUBST([profiling_defs])
AC_SUBST([profiling_links])
# these enables are for optional or experimental features
if test -z "$enable_pam_passthru" ; then
enable_pam_passthru=yes # if not set on cmdline, set default
fi
AC_MSG_CHECKING(for --enable-pam-passthru)
AC_ARG_ENABLE(pam-passthru,
AS_HELP_STRING([--enable-pam-passthru],
[enable the PAM passthrough auth plugin (default: yes)]))
[enable the PAM passthrough auth plugin (default: yes)]),
[], [ enable_pam_passthru=yes ])
AC_MSG_RESULT($enable_pam_passthru)
if test "$enable_pam_passthru" = yes ; then
# check for pam header file used by plugins/pass_passthru/pam_ptimpl.c
AC_CHECK_HEADER([security/pam_appl.h], [], [AC_MSG_ERROR([Missing header file security/pam_appl.h])])
AC_MSG_RESULT(yes)
AC_DEFINE([ENABLE_PAM_PASSTHRU], [1], [enable the pam passthru auth plugin])
else
AC_MSG_RESULT(no)
fi
AM_CONDITIONAL(enable_pam_passthru,test "$enable_pam_passthru" = "yes")
......@@ -892,9 +880,6 @@ AC_SUBST(ldaplib_defs)
AC_SUBST(ldaptool_bindir)
AC_SUBST(ldaptool_opts)
AC_SUBST(plainldif_opts)
AC_SUBST(nunc_stans_inc)
AC_SUBST(nunc_stans_lib)
AC_SUBST(nunc_stans_libdir)
AC_SUBST(localrundir)
AC_SUBST(brand)
......@@ -913,7 +898,7 @@ AC_DEFINE([LDAP_ERROR_LOGGING], [1], [LDAP error logging flag])
# AC_CONFIG_FILES([ldap/admin/src/defaults.inf])
AC_CONFIG_FILES([src/pkgconfig/dirsrv.pc src/pkgconfig/nunc-stans.pc src/pkgconfig/libsds.pc src/pkgconfig/svrcore.pc])
AC_CONFIG_FILES([src/pkgconfig/dirsrv.pc src/pkgconfig/libsds.pc src/pkgconfig/svrcore.pc])
AC_CONFIG_FILES([Makefile rpm/389-ds-base.spec ])
......
debian/389-ds-base-dev.install
View file @ 90506d34
......@@ -2,7 +2,6 @@ usr/include/dirsrv/*
usr/include/svrcore.h
usr/lib/*/dirsrv/libldaputil.so
usr/lib/*/dirsrv/libns-dshttpd.so
usr/lib/*/dirsrv/libnunc-stans.so
usr/lib/*/dirsrv/libslapd.so
usr/lib/*/dirsrv/libsds.so
usr/lib/*/libsvrcore.so
......
debian/389-ds-base-libs.install
View file @ 90506d34
usr/lib/*/dirsrv/libldaputil.so.*
usr/lib/*/dirsrv/libnunc-stans.so.*
usr/lib/*/dirsrv/libns-dshttpd-*.so
usr/lib/*/dirsrv/libsds.so.*
usr/lib/*/dirsrv/libslapd.so.*
......
debian/changelog
View file @ 90506d34
389-ds-base (1.4.2.4-1) unstable; urgency=medium
* New upstream release.
- CVE-2019-14824 deref plugin displays restricted attributes
(Closes: #944150)
* fix-obsolete-target.diff: Dropped, obsolete
drop-old-man.diff: Refreshed
* control: Add python3-packaging to build-depends and python3-lib389 depends.
* dev,libs.install: Nunc-stans got dropped.
* source/local-options: Add some files to diff-ignore.
* rules: Refresh list of files to purge.
* rules: Update dh_auto_clean override.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 27 Nov 2019 00:00:59 +0200
389-ds-base (1.4.1.6-4) unstable; urgency=medium
* tests: Redirect stderr to stdout.
......
debian/control
View file @ 90506d34
......@@ -32,6 +32,7 @@ Build-Depends:
python3-argcomplete,
python3-argparse-manpage,
python3-ldap,
python3-packaging,
python3-selinux,
python3-sepolicy,
python3-setuptools,
......@@ -147,6 +148,7 @@ Depends: ${misc:Depends}, ${python3:Depends},
python3-argcomplete,
python3-dateutil,
python3-ldap,
python3-packaging,
python3-pyasn1,
python3-pyasn1-modules,
python3-pytest,
......
debian/patches/drop-old-man.diff
View file @ 90506d34
--- a/Makefile.am
+++ b/Makefile.am
@@ -928,69 +928,20 @@ include_HEADERS = src/svrcore/src/svrcor
# man pages
#------------------------
dist_man_MANS = man/man1/dbscan.1 \
- man/man1/cl-dump.1 \
- man/man1/cl-dump.pl.1 \
- man/man1/dbgen.pl.1 \
man/man1/ds-logpipe.py.1 \
man/man1/ds-replcheck.1 \
- man/man1/infadd.1 \
man/man1/ldap-agent.1 \
man/man1/ldclt.1 \
- man/man1/ldif.1 \
man/man1/logconv.pl.1 \
- man/man1/migratecred.1 \
- man/man1/mmldif.1 \
man/man1/pwdhash.1 \
- man/man1/repl-monitor.1 \
- man/man1/repl-monitor.pl.1 \
- man/man1/rsearch.1 \
man/man1/readnsstate.1 \
man/man5/99user.ldif.5 \
- man/man8/migrate-ds.pl.8 \
man/man8/ns-slapd.8 \
- man/man8/restart-dirsrv.8 \
- man/man8/setup-ds.pl.8 \
- man/man8/start-dirsrv.8 \
- man/man8/stop-dirsrv.8 \
- man/man8/status-dirsrv.8 \
- man/man8/bak2db.8 \
- man/man8/bak2db.pl.8 \
man/man5/certmap.conf.5 \
- man/man8/cleanallruv.pl.8 \
- man/man8/dbverify.8 \
- man/man8/db2bak.8 \
- man/man8/db2bak.pl.8 \
- man/man8/db2ldif.8 \
- man/man8/db2ldif.pl.8 \
- man/man8/db2index.8 \
- man/man8/db2index.pl.8 \
- man/man8/fixup-linkedattrs.pl.8 \
- man/man8/fixup-memberof.pl.8 \
- man/man8/ldif2db.8 \
- man/man8/ldif2db.pl.8 \
- man/man8/dbmon.sh.8 \
man/man5/dirsrv.5 \
man/man5/dirsrv.systemd.5 \
- man/man8/dn2rdn.8 \
- man/man8/ldif2ldap.8 \
- man/man8/monitor.8 \
- man/man8/ns-accountstatus.pl.8 \
- man/man8/ns-newpwpolicy.pl.8 \
- man/man8/ns-activate.pl.8 \
- man/man8/ns-inactivate.pl.8 \
- man/man8/remove-ds.pl.8 \
- man/man8/restoreconfig.8 \
- man/man8/saveconfig.8 \
- man/man8/schema-reload.pl.8 \
man/man5/slapd-collations.conf.5 \
- man/man8/suffix2instance.8 \
- man/man8/syntax-validate.pl.8 \
- man/man5/template-initconfig.5 \
- man/man8/upgradednformat.8 \
- man/man8/upgradedb.8 \
- man/man8/usn-tombstone-cleanup.pl.8 \
- man/man8/vlvindex.8 \
- man/man8/verify-db.pl.8
+ man/man5/template-initconfig.5
@@ -973,53 +973,6 @@ dist_man_MANS += \
man/man1/mmldif.1 \
man/man1/rsearch.1
endif
-if ENABLE_PERL
-dist_man_MANS += man/man1/cl-dump.1 \
- man/man1/cl-dump.pl.1 \
- man/man1/dbgen.pl.1 \
- man/man1/repl-monitor.1 \
- man/man1/repl-monitor.pl.1 \
- man/man8/migrate-ds.pl.8 \
- man/man8/restart-dirsrv.8 \
- man/man8/setup-ds.pl.8 \
- man/man8/start-dirsrv.8 \
- man/man8/stop-dirsrv.8 \
- man/man8/status-dirsrv.8 \
- man/man8/bak2db.8 \
- man/man8/bak2db.pl.8 \
- man/man8/cleanallruv.pl.8 \
- man/man8/dbverify.8 \
- man/man8/db2bak.8 \
- man/man8/db2bak.pl.8 \
- man/man8/db2ldif.8 \
- man/man8/db2ldif.pl.8 \
- man/man8/db2index.8 \
- man/man8/db2index.pl.8 \
- man/man8/fixup-linkedattrs.pl.8 \
- man/man8/fixup-memberof.pl.8 \
- man/man8/ldif2db.8 \
- man/man8/ldif2db.pl.8 \
- man/man8/dbmon.sh.8 \
- man/man8/dn2rdn.8 \
- man/man8/ldif2ldap.8 \
- man/man8/monitor.8 \
- man/man8/ns-accountstatus.pl.8 \
- man/man8/ns-newpwpolicy.pl.8 \
- man/man8/ns-activate.pl.8 \
- man/man8/ns-inactivate.pl.8 \
- man/man8/remove-ds.pl.8 \
- man/man8/restoreconfig.8 \
- man/man8/saveconfig.8 \
- man/man8/schema-reload.pl.8 \
- man/man8/suffix2instance.8 \
- man/man8/syntax-validate.pl.8 \
- man/man8/upgradednformat.8 \
- man/man8/upgradedb.8 \
- man/man8/usn-tombstone-cleanup.pl.8 \
- man/man8/vlvindex.8 \
- man/man8/verify-db.pl.8 \
- man/man5/template-initconfig.5
-endif
#------------------------
# updates
debian/patches/fix-obsolete-target.diff deleted 100644 → 0
View file @ 160e4c95
--- a/wrappers/systemd-snmp.service.in
+++ b/wrappers/systemd-snmp.service.in
@@ -5,7 +5,7 @@
# systemctl (re)start dirsrv-snmp.service
[Unit]
Description=@capbrand@ Directory Server SNMP Subagent.
-After=syslog.target network.target
+After=network.target
[Service]
Type=forking
--- a/wrappers/systemd.group.in
+++ b/wrappers/systemd.group.in
@@ -1,6 +1,6 @@
[Unit]
Description=@capbrand@ Directory Server
-After=chronyd.service ntpd.service network-online.target syslog.target
+After=chronyd.service ntpd.service network-online.target
Before=radiusd.service
[Install]
debian/patches/series
View file @ 90506d34
fix-obsolete-target.diff
fix-saslpath.diff
fix-systemctl-path.diff
CVE-2017-15135.patch
......
debian/rules
View file @ 90506d34
......@@ -10,33 +10,8 @@ endif
# Keep track of files we don't install
NOT_INSTALLED := \
usr/bin/infadd \
usr/bin/repl-monitor \
usr/bin/mmldif \
usr/bin/migratecred \
usr/bin/rsearch \
usr/bin/ldif \
usr/bin/cl-dump \
usr/sbin/bak2db \
usr/sbin/db2bak \
usr/sbin/db2index \
usr/sbin/db2ldif \
usr/sbin/dbmon.sh \
usr/sbin/dbverify \
usr/sbin/dn2rdn \
usr/sbin/ldif2db \
usr/sbin/ldif2ldap \
usr/sbin/monitor \
usr/sbin/restart-dirsrv \
usr/sbin/restoreconfig \
usr/sbin/saveconfig \
usr/sbin/start-dirsrv \
usr/sbin/status-dirsrv \
usr/sbin/stop-dirsrv \
usr/sbin/suffix2instance \
usr/sbin/upgradedb \
usr/sbin/upgradednformat \
usr/sbin/vlvindex
usr/bin/cl-dump
REALFILE = \
bin/ds-logpipe.py \
......@@ -52,6 +27,8 @@ override_dh_auto_clean:
rm -f aclocal.m4 config.* ltmain.sh m4/libtool.m4 m4/lt*.m4
rm -f ldap/servers/snmp/ldap-agent.conf
rm -rf src/lib389/build src/lib389/lib389.egg-info
find src/lib389/ -name '__pycache__' -exec rm -rf '{}' ';'
rm -f src/lib389/man/*.8
override_dh_auto_configure:
dh_auto_configure -- \
......
debian/source/local-options 0 → 100644
View file @ 90506d34
extend-diff-ignore = dirsrvtests/tests/suites/ds_logs/ds_logs_test.py|dirsrvtests/tests/suites/mapping_tree/referral_during_tot_init_test.py|src/lib389/lib389/utils.py
dirsrvtests/conftest.py
View file @ 90506d34
import subprocess
import logging
import pytest
import shutil
import glob
import os
from lib389.paths import Paths
from enum import Enum
pkgs = ['389-ds-base', 'nss', 'nspr', 'openldap', 'cyrus-sasl']
p = Paths()
class FIPSState(Enum):
ENABLED = 'enabled'
......@@ -34,7 +38,7 @@ def is_fips():
return FIPSState.NOT_AVAILABLE
state = None
with open('/proc/sys/crypto/fips_enabled', 'r') as f:
state = f.readline()
state = f.readline().strip()
if state == '1':
return FIPSState.ENABLED
else:
......@@ -61,11 +65,38 @@ def pytest_report_header(config):
return header
@pytest.mark.optionalhook
def pytest_html_results_table_header(cells):
cells.pop()
@pytest.mark.optionalhook
def pytest_html_results_table_row(report, cells):
cells.pop()
@pytest.fixture(scope="function", autouse=True)
def log_test_name_to_journald(request):
if p.with_systemd:
def log_current_test():
subprocess.Popen("echo $PYTEST_CURRENT_TEST | systemd-cat -t pytest", stdin=subprocess.PIPE, shell=True)
log_current_test()
request.addfinalizer(log_current_test)
return log_test_name_to_journald
@pytest.fixture(scope="function", autouse=True)
def rotate_xsan_logs(request):
if p.asan_enabled:
xsan_logs_dir = f'{p.run_dir}/bak'
if not os.path.exists(xsan_logs_dir):
os.mkdir(xsan_logs_dir)
else:
for f in glob.glob(f'{p.run_dir}/ns-slapd-*san*'):
shutil.move(f, xsan_logs_dir)
return rotate_xsan_logs
@pytest.hookimpl(hookwrapper=True)
def pytest_runtest_makereport(item, call):
pytest_html = item.config.pluginmanager.getplugin('html')
outcome = yield
report = outcome.get_result()
extra = getattr(report, 'extra', [])
if report.when == 'call' and pytest_html is not None:
for f in glob.glob(f'{p.run_dir}/ns-slapd-*san*'):
with open(f) as asan_report:
text = asan_report.read()
extra.append(pytest_html.extras.text(text, name=os.path.basename(f)))
report.extra = extra
dirsrvtests/tests/stress/search/simple.py 0 → 100644
View file @ 90506d34
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2019 William Brown <william@blackhats.net.au>
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
from lib389.topologies import topology_st
from lib389.dbgen import dbgen
from lib389.ldclt import Ldclt
from lib389.tasks import ImportTask
from lib389._constants import DEFAULT_SUFFIX
def test_stress_search_simple(topology_st):
"""Test a simple stress test of searches on the directory server.
:id: 3786d01c-ea03-4655-a4f9-450693c75863
:setup: Standalone Instance
:steps:
1. Create test users
2. Import them
3. Stress test!
:expectedresults:
1. Success
2. Success
3. Results are written to /tmp
"""
inst = topology_st.standalone
inst.config.set("nsslapd-verify-filter-schema", "off")
# Bump idllimit to test OR worst cases.
from lib389.config import LDBMConfig
lconfig = LDBMConfig(inst)
# lconfig.set("nsslapd-idlistscanlimit", '20000')
# lconfig.set("nsslapd-lookthroughlimit", '20000')
ldif_dir = inst.get_ldif_dir()
import_ldif = ldif_dir + '/basic_import.ldif'
dbgen(inst, 10000, import_ldif, DEFAULT_SUFFIX)
r = ImportTask(inst)
r.import_suffix_from_ldif(ldiffile=import_ldif, suffix=DEFAULT_SUFFIX)
r.wait()
# Run a small to warm up the server's caches ...
l = Ldclt(inst)
l.search_loadtest(DEFAULT_SUFFIX, "(mail=XXXX@example.com)", rounds=1)
# Now do it for realsies!
# l.search_loadtest(DEFAULT_SUFFIX, "(|(mail=XXXX@example.com)(nonexist=foo))", rounds=10)
l.search_loadtest(DEFAULT_SUFFIX, "(mail=XXXX@example.com)", rounds=10)
dirsrvtests/tests/suites/acl/acivattr_test.py
View file @ 90506d34
......@@ -15,7 +15,7 @@ from lib389.cos import CosTemplate, CosClassicDefinition
from lib389.topologies import topology_st as topo
from lib389.idm.nscontainer import nsContainer
from lib389.idm.domain import Domain
from lib389.idm.role import FilterRoles
from lib389.idm.role import FilteredRoles
pytestmark = pytest.mark.tier1
......@@ -55,7 +55,7 @@ def _add_user(request, topo):
ou = OrganizationalUnit(topo.standalone, "ou=sales,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'sales'})
roles = FilterRoles(topo.standalone, DNBASE)
roles = FilteredRoles(topo.standalone, DNBASE)
roles.create(properties={'cn':'FILTERROLEENGROLE', 'nsRoleFilter':'cn=eng*'})
roles.create(properties={'cn': 'FILTERROLESALESROLE', 'nsRoleFilter': 'cn=sales*'})
......
dirsrvtests/tests/suites/acl/default_aci_allows_self_write.py 0 → 100644
View file @ 90506d34
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2019 William Brown <william@blackhats.net.au>
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
import pytest
from lib389.idm.user import nsUserAccounts, UserAccounts
from lib389.topologies import topology_st as topology
from lib389.paths import Paths
from lib389.utils import ds_is_older
from lib389._constants import *
default_paths = Paths()
pytestmark = pytest.mark.tier1
USER_PASSWORD = "some test password"
NEW_USER_PASSWORD = "some new password"
@pytest.mark.skipif(default_paths.perl_enabled or ds_is_older('1.4.2.0'), reason="Default aci's in older versions do not support this functionality")
def test_acl_default_allow_self_write_nsuser(topology):
"""
Testing nsusers can self write and self read. This it a sanity test
so that our default entries have their aci's checked.
:id: 4f0fb01a-36a6-430c-a2ee-ebeb036bd951
:setup: Standalone instance
:steps:
1. Testing comparison of two different users.
:expectedresults:
1. Should fail to compare
"""
topology.standalone.enable_tls()
nsusers = nsUserAccounts(topology.standalone, DEFAULT_SUFFIX)
# Create a user as dm.
user = nsusers.create(properties={
'uid': 'test_nsuser',
'cn': 'test_nsuser',
'displayName': 'testNsuser',
'legalName': 'testNsuser',
'uidNumber': '1001',
'gidNumber': '1001',
'homeDirectory': '/home/testnsuser',
'userPassword': USER_PASSWORD,
})
# Create a new con and bind as the user.
user_conn = user.bind(USER_PASSWORD)
user_nsusers = nsUserAccounts(user_conn, DEFAULT_SUFFIX)
self_ent = user_nsusers.get(dn=user.dn)
# Can we self read x,y,z
check = self_ent.get_attrs_vals_utf8([
'uid',
'cn',
'displayName',
'legalName',
'uidNumber',
'gidNumber',
'homeDirectory',
])
for k in check.values():
# Could we read the values?
assert(isinstance(k, list))
assert(len(k) > 0)
# Can we self change a,b,c
self_ent.ensure_attr_state({
'legalName': ['testNsuser_update'],
'displayName': ['testNsuser_update'],
'nsSshPublicKey': ['testkey'],
})
# self change pw
self_ent.change_password(USER_PASSWORD, NEW_USER_PASSWORD)
@pytest.mark.skipif(default_paths.perl_enabled or ds_is_older('1.4.2.0'), reason="Default aci's in older versions do not support this functionality")
def test_acl_default_allow_self_write_user(topology):
"""
Testing users can self write and self read. This it a sanity test
so that our default entries have their aci's checked.
:id: 4c52321b-f473-4c32-a1d5-489b138cd199
:setup: Standalone instance
:steps:
1. Testing comparison of two different users.
:expectedresults:
1. Should fail to compare
"""
topology.standalone.enable_tls()
users = UserAccounts(topology.standalone, DEFAULT_SUFFIX)
# Create a user as dm.
user = users.create(properties={
'uid': 'test_user',
'cn': 'test_user',
'sn': 'User',
'uidNumber': '1002',
'gidNumber': '1002',
'homeDirectory': '/home/testuser',
'userPassword': USER_PASSWORD,
})
# Create a new con and bind as the user.
user_conn = user.bind(USER_PASSWORD)
user_users = UserAccounts(user_conn, DEFAULT_SUFFIX)
self_ent = user_users.get(dn=user.dn)
# Can we self read x,y,z
check = self_ent.get_attrs_vals_utf8([
'uid',
'cn',
'sn',
'uidNumber',
'gidNumber',
'homeDirectory',
])
for (a, k) in check.items():
print(a)
# Could we read the values?
assert(isinstance(k, list))
assert(len(k) > 0)
# Self change pw
self_ent.change_password(USER_PASSWORD, NEW_USER_PASSWORD)