Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (684)
c15d1ec1
Bugzilla bug 282610: contribute the Netscape svrcore library to open
Feb 28, 2005
bfa77aae
Fixed text file line endings.
Mar 01, 2005
6c9b6426
I believe we need to define RELEASE (to svrcore) because we define RELEASE
Mar 02, 2005
cb14f8d8
Bugzilla Bug 282610: added the files used in conjunction with ntgetpin.c.
Mar 02, 2005
9880ac54
Bugzilla Bug 282610: added a README file. Describe what svrcore is and
Mar 02, 2005
12df5287
Upgraded to NSS 3.9.6.
Mar 08, 2005
f70643fb
Comment formatting changes.
Mar 08, 2005
88447d16
Import NSS 3.9.3 instead. We canceled the plan to release NSS 3.9.6 this
Mar 09, 2005
22875e57
Upgraded to NSPR 4.6 and NSS 3.10.2.
Nov 16, 2005
886581f3
added .spec file for building RPM - package is svrcore-devel - a script...
Jan 06, 2006
d3d85838
remove svrcore-config
Jan 12, 2006
d8165344
added Windows build instructions - fixed spec file - added patch file for...
Feb 01, 2006
2fa85dee
Bug: 334561
May 11, 2006
db0ed858
fixes from Nathan to fix the rpm build script
May 24, 2006
5ab8d3be
bump version to 4.0.2; now using HEAD of mozilla/security/coreconf which has...
Jun 22, 2006
b28f5bbf
remove patch file copying
Jun 22, 2006
5f09b899
added LICENSE file; renamed svrcore.spec to svrcore-devel.spec and made other...
Jun 23, 2006
4e8d94ae
do not erase source tarball
Jun 23, 2006
54cb5c0c
bump spec revision to 2
Jun 26, 2006
1abb01b0
Bump spec rev to 3
Jul 13, 2006
358afb2b
Bug 236613: change to MPL/LGPL/GPL tri-license.
Dec 11, 2006
4c2f1bae
Resolves: bug 363168
Dec 14, 2006
db13dd4c
Resolves: bug 299995
Dec 14, 2006
7ee36812
Make sure all copyrights/licenses are the mpl/gpl/lgpl tri-license
Mar 13, 2007
c5599fad
ADD README file.
Apr 06, 2016
a0ae37a7
Merge branch 'master' of
ssh://pagure.io/svrcore
Apr 07, 2016
fc21da39
Ticket 389ds #48450 - Implement systemd password support for svrcore
Apr 07, 2016
c0cdb1aa
Ticket 48450 - Updates to configure and autotools
Apr 07, 2016
cf65c356
Ticket 48450 - Add example driver for svrcore.
Apr 07, 2016
1731600c
SVRCORE issue 1 - Update svrcore license
Apr 07, 2016
73fc7604
Ticket 3 - headers contain ifdef blocks that should be removed.
Apr 08, 2016
e7152719
Update svrcore tools to make releases easier to conduct.
Apr 08, 2016
5df6f4b0
Ticket 5 - Integrate asan support for code quality checking
Apr 14, 2016
ecc39933
Ticket 10 - Use after free
Apr 14, 2016
da5bbc5c
Ticket 7 - Incorrect result check
Apr 14, 2016
c52cb926
Ticket 6 - Resource leak in systemd ask pass
Apr 14, 2016
e248c0c5
Ticket 8 - Coverity compiler warnings
Apr 14, 2016
b594b41e
Ticket 9 - Coverity deadcode
Apr 14, 2016
e1417431
Ticket 12 - update spec to match fedora 4.1.0
Apr 14, 2016
f49c3c40
Release 4.1.1 of svrcore
Apr 14, 2016
57028d1c
Bug 1329002 - SVRCORE - Fixing coverity issues.
Apr 21, 2016
2e211a68
Release 4.1.2 of svrcore
Apr 21, 2016
ed490d14
Ticket 14 - svrcore does not detect tty
Jul 19, 2016
2e8ffb5e
Ticket 16 - with systemd should unset have systemd if pkgconfig not found
Oct 04, 2016
20a4942f
Ticket 17 - update stdc to c99 to match other projects
Oct 07, 2016
cae89035
Ticket 18 - Remove configure outputs
Oct 25, 2016
bc12b6d5
Bump version to 4.1.3
Mar 10, 2017
f40c937d
Bump version to 1.4.0
Sep 22, 2017
8fc58fd2
Revise VERSION number
Sep 22, 2017
6b1cbc8f
Ticket: 49180 - errors log filled with attrlist_replace - attr_replace
Sep 26, 2017
83f04fe8
Ticket: 49180 - add CI test
Sep 27, 2017
af723fd6
Ticket 49305 - Need to wrap atomic calls
Sep 27, 2017
e9ad5f5a
Ticket 49378 server init fails
Sep 28, 2017
1d158cd0
Ticket 48973 Indexing a ExactIA5Match attribute with a IgnoreIA5Match matching...
Sep 28, 2017
93a29584
Ticket 49305 - Need to wrap atomic calls
Sep 29, 2017
805e8f4d
Ticket 49385 - Fix coverity warnings
Oct 02, 2017
ee25b881
Ticket 49387 - pbkdf2 settings were too aggressive
Oct 03, 2017
4b41a024
Ticket 49388 - repl-monitor - matches null string many times in regex
Oct 03, 2017
a6d2c684
Ticket 49092 - Add CI test for schema-reload
Oct 03, 2017
0953e601
Ticket 49389 - unable to retrieve specific cosAttribute when subtree
Oct 04, 2017
40608484
Ticket 49320 - Activating already active role returns error 16
Oct 04, 2017
4cd1a24b
Ticket 49372 - filter optimisation improvements for common queries
Oct 05, 2017
1ff5f4a4
Ticket 49279 - remove dsktune
Oct 06, 2017
816ffee3
Ticket 49235 - pbkdf2 by default
Oct 06, 2017
0ea523c0
Ticket 49392 - memavailable not available
Oct 06, 2017
1fe2c761
Ticket 49038 - remove legacy replication - change cleanup script precedence
Oct 06, 2017
22e54fac
Bump version to 1.4.0.1
Oct 09, 2017
4929d347
Add README file
Oct 12, 2017
bf919d1d
Initial commit with DSModuleProxy.
Oct 12, 2017
2591bd60
Ticket ticket47566 - Initial import of DSadmin into 389-test repos
Oct 12, 2017
943ff787
Ticket 47568 - Rename DSAdmin class
Oct 12, 2017
3344b43b
Ticket 47578: CI tests: removal of 'sudo' and absolute path in lib389
Oct 12, 2017
b5294b46
Ticket 47584: CI tests: add backup/restore of an instance
Oct 12, 2017
deeb34e1
Ticket 47590: CI tests: add/split functions around replication
Oct 12, 2017
31f875c5
do not print ERROR message every time creating an instance
Oct 12, 2017
89e32553
need time and datetime - add str method for RUV to format RUV in a readable format
Oct 12, 2017
ff531963
cannot modify passed in args - make a deepcopy to avoid side effects
Oct 12, 2017
f52aeb5c
added agreement stop and restart methods
Oct 12, 2017
1de8c2f9
need to set correct replica type
Oct 12, 2017
13cf56fc
add convenience agreement_dn method to get a single replication agreement dn
Oct 12, 2017
e47d7002
file did not end with newline
Oct 12, 2017
016b0117
move stop and restart to agreement.pause and agreement.unpause
Oct 12, 2017
a6312f47
ignore patch files
Oct 12, 2017
cf14d5e6
Ticket 47595 - fail to detect/reinit already existing instance/backup
Oct 12, 2017
ab718daa
Change enableReplication/Replica.add interface to use role. + error handling with exception
Oct 12, 2017
764acac6
Ticket 47625 - CI lib389: DirSrv not conform to the design
Oct 12, 2017
91d16124
need package name in exception
Oct 12, 2017
a486d016
add changelog config method
Oct 12, 2017
6b4e0432
fix deprecated repl args in dirsrv class - use default timeout of 120
Oct 12, 2017
13dd2b61
Ticket 47635: MT/Backend/Suffix to be conform with the design
Oct 12, 2017
e9eff97c
Fix for running on RPM (not -- prefix)
Oct 12, 2017
eb2e1760
Make the backup (instance) directory readable by anybody
Oct 12, 2017
8808f1a9
Ticket 47652 - replica add fails: MT.list return a list not an entry
Oct 12, 2017
c412ea6b
Ticket 47600 : Replica/Agreement/Changelog not conform to the design
Oct 12, 2017
b28d8b4b
Ticket 47671 - CI lib389: allow to open a DirSrv without having to create the instance
Oct 12, 2017
ef1fd030
Ticket #47648 lib389 - add schema classes, methods
Oct 12, 2017
fbc9b868
Ticket 47695 - Add plugins/tasks/Index
Oct 12, 2017
fc73eec4
Add all the plugin names to the constants file
Oct 12, 2017
b98d6949
Ticket 47819 - Add the new precise tombstone purging config attribute
Oct 12, 2017
fa2361ff
Ticket 47845 - Add backup/restore/fixup tombstone tasks to lib389
Oct 12, 2017
Expand all
Show whitespace changes
Inline
Side-by-side
Makefile.am
View file @
94f30daf
...
...
@@ -12,11 +12,17 @@ QUOTE := $(NULLSTRING)"# a double quote"
# First, we setup the definitions from configure.ac
#
PYTHON
:=
python3
BUILDNUM
:=
$(
shell perl
$(
srcdir
)
/buildnum.pl
)
NQBUILDNUM
:=
$(
subst
\,
,
$(
subst
$(
QUOTE
)
,,
$(
BUILDNUM
)))
DEBUG_DEFINES
=
@debug_defs@
GCCSEC_DEFINES
=
@gccsec_defs@
ASAN_DEFINES
=
@asan_defs@
DEBUG_CFLAGS
=
@debug_cflags@
DEBUG_CXXFLAGS
=
@debug_cxxflags@
GCCSEC_CFLAGS
=
@gccsec_cflags@
ASAN_CFLAGS
=
@asan_cflags@
MSAN_CFLAGS
=
@msan_cflags@
TSAN_CFLAGS
=
@tsan_cflags@
UBSAN_CFLAGS
=
@ubsan_cflags@
SYSTEMD_DEFINES
=
@systemd_defs@
...
...
@@ -25,11 +31,37 @@ CMOCKA_INCLUDES = @cmocka_inc@
PROFILING_DEFINES
=
@profiling_defs@
NSPR_INCLUDES
=
@nspr_inc@
SVRCORE_INCLUDES
=
@svrcore_inc@
SASL_INCLUDES
=
@sasl_inc@
EVENT_INCLUDES
=
@event_inc@
# Not used currently
# TCMALLOC_INCLUDES = @tcmalloc_inc@
# Rust inclusions.
if
RUST_ENABLE
RUST_ON
=
1
CARGO_FLAGS
=
@cargo_defs@
RUSTC_FLAGS
=
@asan_rust_defs@ @msan_rust_defs@ @tsan_rust_defs@ @debug_rust_defs@
RUST_LDFLAGS
=
-ldl
-lpthread
-lgcc_s
-lc
-lm
-lrt
-lutil
RUST_DEFINES
=
-DRUST_ENABLE
else
RUST_ON
=
0
CARGO_FLAGS
=
RUSTC_FLAGS
=
RUST_LDFLAGS
=
RUST_DEFINES
=
endif
if
ENABLE_PERL
PERL_ON
=
1
else
PERL_ON
=
0
endif
if
CLANG_ENABLE
CLANG_ON
=
1
CLANG_LDFLAGS
=
-latomic
else
CLANG_ON
=
0
CLANG_LDFLAGS
=
endif
# We can't add the lfds includes all the time as they have a "bomb" in them that
# prevents compilation on unsupported hardware arches.
...
...
@@ -42,6 +74,8 @@ endif
NUNCSTANS_INCLUDES
=
-I
$(
srcdir
)
/src/nunc-stans/include/
NUNC_STANS_ON
=
1
SVRCORE_INCLUDES
=
-I
$(
srcdir
)
/src/svrcore/src/
# the -U undefines these symbols - should use the corresponding DS_ ones instead - see configure.ac
DS_DEFINES
=
-DBUILD_NUM
=
$(
BUILDNUM
)
-DVENDOR
=
"
\"
$(
vendor
)
\"
"
-DBRAND
=
"
\"
$(
brand
)
\"
"
-DCAPBRAND
=
"
\"
$(
capbrand
)
\"
"
\
-UPACKAGE_VERSION
-UPACKAGE_TARNAME
-UPACKAGE_STRING
-UPACKAGE_BUGREPORT
...
...
@@ -50,10 +84,32 @@ DS_INCLUDES = -I$(srcdir)/ldap/include -I$(srcdir)/ldap/servers/slapd -I$(srcdir
if
enable_asan
ASAN_ON
=
1
SANITIZER
=
ASAN
else
ASAN_ON
=
0
endif
if
enable_msan
MSAN_ON
=
1
SANITIZER
=
MSAN
else
MSAN_ON
=
0
endif
if
enable_tsan
TSAN_ON
=
1
SANITIZER
=
TSAN
else
TSAN_ON
=
0
endif
if
enable_ubsan
UBSAN_ON
=
1
SANITIZER
=
UBSAN
else
UBSAN_ON
=
0
endif
if
with_systemd
WITH_SYSTEMD
=
1
else
...
...
@@ -79,7 +135,9 @@ PATH_DEFINES = -DLOCALSTATEDIR="\"$(localstatedir)\"" -DSYSCONFDIR="\"$(sysconfd
# Now that we have all our defines in place, setup the CPPFLAGS
# These flags are the "must have" for all components
AM_CPPFLAGS
=
$(
DEBUG_DEFINES
)
$(
GCCSEC_DEFINES
)
$(
ASAN_DEFINES
)
$(
PROFILING_DEFINES
)
AM_CPPFLAGS
=
$(
DEBUG_DEFINES
)
$(
PROFILING_DEFINES
)
$(
RUST_DEFINES
)
AM_CFLAGS
=
$(
DEBUG_CFLAGS
)
$(
GCCSEC_CFLAGS
)
$(
ASAN_CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAGS
)
AM_CXXFLAGS
=
$(
DEBUG_CXXFLAGS
)
$(
GCCSEC_CFLAGS
)
$(
ASAN_CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAGS
)
# Flags for Directory Server
# WARNING: This needs a clean up, because slap.h is a horrible mess and is publically exposed!
DSPLUGIN_CPPFLAGS
=
$(
DS_DEFINES
)
$(
DS_INCLUDES
)
$(
PATH_DEFINES
)
$(
SYSTEMD_DEFINES
)
$(
NUNCSTANS_INCLUDES
)
@openldap_inc@ @ldapsdk_inc@ @nss_inc@
$(
NSPR_INCLUDES
)
@systemd_inc@
...
...
@@ -114,14 +172,13 @@ ldaplib_defs = @ldaplib_defs@
DB_LINK
=
@db_lib@
-ldb-
@db_libver@
SASL_LINK
=
@sasl_lib@
-lsasl2
SVRCORE_LINK
=
@svrcore_lib@
-lsvrcore
ICU_LINK
=
@icu_lib@
-licui18n
-licuuc
-licudata
PCRE_LINK
=
@pcre_lib@
-lpcre
NETSNMP_LINK
=
@netsnmp_lib@ @netsnmp_link@
PAM_LINK
=
-lpam
KERBEROS_LINK
=
$(
kerberos_lib
)
TCMALLOC_LINK
=
@tcmalloc_lib@
EVENT_LINK
=
@event_lib@
PW_CRACK_LINK
=
-lcrack
LIBSOCKET
=
@LIBSOCKET@
LIBNSL
=
@LIBNSL@
...
...
@@ -136,8 +193,7 @@ if HPUX
AM_LDFLAGS
=
-lpthread
else
#AM_LDFLAGS = -Wl,-z,defs
# Provide the tcmalloc links if needed
AM_LDFLAGS
=
$(
ASAN_DEFINES
)
$(
PROFILING_LINKS
)
$(
TCMALLOC_LINK
)
AM_LDFLAGS
=
$(
PW_CRACK_LINK
)
$(
RUST_LDFLAGS
)
$(
ASAN_CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAGS
)
$(
PROFILING_LINKS
)
$(
CLANG_LDFLAGS
)
endif
#end hpux
# https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html#Updating-version-info
...
...
@@ -162,7 +218,7 @@ endif #end hpux
# If any interfaces have been added since the last public release, then increment age.
# If any interfaces have been removed or changed since the last public release, then set age to 0.
SDS_LDFLAGS
=
$(
NSPR_LINK
)
-version-info
0:0:0
SDS_LDFLAGS
=
$(
NSPR_LINK
)
$(
NSS_LINK
)
-lpthread
-version-info
0:0:0
NUNCSTANS_LDFLAGS
=
$(
NSPR_LINK
)
$(
EVENT_LINK
)
-version-info
1:0:1
SLAPD_LDFLAGS
=
-version-info
1:0:1
...
...
@@ -234,7 +290,10 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \
clean-local
:
-
rm
-rf
dist
-
rm
-rf
$(
abs_top_builddir
)
/html
-
rm
-rf
$(
abs_top_builddir
)
/man
-
rm
-rf
$(
abs_top_builddir
)
/man/man3
if
RUST_ENABLE
CARGO_TARGET_DIR
=
$(
abs_top_builddir
)
/rs cargo clean
--manifest-path
=
$(
srcdir
)
/src/libsds/Cargo.toml
endif
dberrstrs.h
:
Makefile
perl
$(
srcdir
)
/ldap/servers/slapd/mkDBErrStrs.pl
-i
@db_incdir@
-o
.
...
...
@@ -266,7 +325,9 @@ updatedir = $(datadir)@updatedir@
pkgconfigdir
=
$(
libdir
)
/pkgconfig
serverincdir
=
$(
includedir
)
/@serverincdir@
gdbautoloaddir
=
$(
prefixdir
)
/share/gdb/auto-load
$(
sbindir
)
# THis has to be hardcoded to /lib - $libdir changes between lib/lib64, but
cockpitdir
=
$(
prefixdir
)
/share/cockpit@cockpitdir@
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
sysctldir
=
@prefixdir@/lib/sysctl.d
...
...
@@ -279,7 +340,6 @@ defaultgroup=@defaultgroup@
sbin_PROGRAMS
=
ns-slapd ldap-agent
bin_PROGRAMS
=
dbscan
\
dsktune
\
infadd
\
ldclt
\
ldif
\
...
...
@@ -288,7 +348,15 @@ bin_PROGRAMS = dbscan \
pwdhash
\
rsearch
server_LTLIBRARIES
=
libsds.la libnunc-stans.la libldaputil.la libslapd.la libns-dshttpd.la
# ----------------------------------------------------------------------------------------
# This odd looking definition is to keep the libraries in ORDER that they are needed. rsds
# is needed by sds, which is needed by ns. So we have a blank LTLIB, then append in order
# based on defines
# ----------------------------------------------------------------------------------------
server_LTLIBRARIES
=
libsds.la libnunc-stans.la libslapd.la libldaputil.la libns-dshttpd.la
lib_LTLIBRARIES
=
libsvrcore.la
# this is how to add optional plugins
if
enable_pam_passthru
...
...
@@ -575,14 +643,16 @@ dist_noinst_DATA = \
$(
srcdir
)
/rpm/389-ds-base.spec.in
\
$(
srcdir
)
/rpm/389-ds-base-devel.README
\
$(
srcdir
)
/rpm/389-ds-base-git.sh
\
$(
srcdir
)
/README
\
$(
srcdir
)
/README
.md
\
$(
srcdir
)
/LICENSE
\
$(
srcdir
)
/LICENSE.
*
\
$(
srcdir
)
/VERSION.sh
\
$(
srcdir
)
/setup.py.in
\
$(
srcdir
)
/wrappers/
*
.in
\
$(
srcdir
)
/wrappers/systemd.template.sysconfig
\
$(
srcdir
)
/dirsrvtests
$(
srcdir
)
/dirsrvtests
\
$(
srcdir
)
/src/lib389/setup.py
\
$(
srcdir
)
/src/lib389
if
ENABLE_PERL
dist_noinst_DATA
+=
\
...
...
@@ -682,12 +752,17 @@ systemschema_DATA = $(srcdir)/ldap/schema/00core.ldif \
schema_DATA
=
$(
srcdir
)
/ldap/schema/99user.ldif
sbin
_SCRIPTS
=
ldap/admin/src/scripts/ds_selinux_enabled
\
libexec
_SCRIPTS
=
ldap/admin/src/scripts/ds_selinux_enabled
\
ldap/admin/src/scripts/ds_selinux_port_query
\
wrappers/ds_systemd_ask_password_acl
install-data-hook
:
if
[
"
$(
srcdir
)
"
!=
"."
]
;
then
cp
-r
$(
srcdir
)
/src/cockpit src
;
fi
mkdir
-p
$(
DESTDIR
)$(
cockpitdir
)
rsync
-rupE
src/cockpit/389-console/
$(
DESTDIR
)$(
cockpitdir
)
if
ENABLE_PERL
sbin_SCRIPTS
+
=
ldap/admin/src/scripts/setup-ds.pl
\
sbin_SCRIPTS
=
ldap/admin/src/scripts/setup-ds.pl
\
ldap/admin/src/scripts/migrate-ds.pl
\
ldap/admin/src/scripts/remove-ds.pl
\
ldap/admin/src/scripts/start-dirsrv
\
...
...
@@ -843,7 +918,8 @@ mib_DATA = ldap/servers/snmp/redhat-directory.mib
pkgconfig_DATA
=
src/pkgconfig/dirsrv.pc
\
src/pkgconfig/libsds.pc
\
src/pkgconfig/nunc-stans.pc
src/pkgconfig/nunc-stans.pc
\
src/pkgconfig/svrcore.pc
#------------------------
# header files
...
...
@@ -855,15 +931,17 @@ serverinc_HEADERS = ldap/servers/plugins/replication/repl-session-plugin.h \
src/nunc-stans/include/nunc-stans.h
\
src/libsds/include/sds.h
include_HEADERS
=
src/svrcore/src/svrcore.h
#------------------------
# man pages
#------------------------
dist_man_MANS
=
man/man1/dbscan.1
\
man/man1/cl-dump.1
\
man/man1/cl-dump.pl.1
\
man/man1/dbgen.pl.1
\
man/man1/ds-logpipe.py.1
\
man/man1/ds-replcheck.1
\
man/man1/dsktune.1
\
man/man1/infadd.1
\
man/man1/ldap-agent.1
\
man/man1/ldclt.1
\
...
...
@@ -873,8 +951,10 @@ dist_man_MANS = man/man1/dbscan.1 \
man/man1/mmldif.1
\
man/man1/pwdhash.1
\
man/man1/repl-monitor.1
\
man/man1/repl-monitor.pl.1
\
man/man1/rsearch.1
\
man/man1/readnsstate.1
\
man/man5/99user.ldif.5
\
man/man8/migrate-ds.pl.8
\
man/man8/ns-slapd.8
\
man/man8/restart-dirsrv.8
\
...
...
@@ -882,23 +962,44 @@ dist_man_MANS = man/man1/dbscan.1 \
man/man8/start-dirsrv.8
\
man/man8/stop-dirsrv.8
\
man/man8/status-dirsrv.8
\
man/man8/bak2db.8 man/man8/bak2db.pl.8
\
man/man8/db2bak.8 man/man8/db2bak.pl.8
\
man/man8/db2ldif.8 man/man8/db2ldif.pl.8
\
man/man8/db2index.8 man/man8/db2index.pl.8
\
man/man8/ldif2db.8 man/man8/ldif2db.pl.8
\
man/man8/dbverify.8 man/man8/verify-db.pl.8
\
man/man8/bak2db.8
\
man/man8/bak2db.pl.8
\
man/man5/certmap.conf.5
\
man/man8/cleanallruv.pl.8
\
man/man8/dbverify.8
\
man/man8/db2bak.8
\
man/man8/db2bak.pl.8
\
man/man8/db2ldif.8
\
man/man8/db2ldif.pl.8
\
man/man8/db2index.8
\
man/man8/db2index.pl.8
\
man/man8/fixup-linkedattrs.pl.8
\
man/man8/fixup-memberof.pl.8
\
man/man8/ldif2db.8
\
man/man8/ldif2db.pl.8
\
man/man8/dbmon.sh.8
\
man/man8/dn2rdn.8 man/man8/ldif2ldap.8
\
man/man8/restoreconfig.8 man/man8/saveconfig.8
\
man/man8/suffix2instance.8 man/man8/monitor.8
\
man/man8/upgradednformat.8 man/man8/vlvindex.8
\
man/man8/cleanallruv.pl.8 man/man8/schema-reload.pl.8
\
man/man8/fixup-linkedattrs.pl.8 man/man8/fixup-memberof.pl.8
\
man/man8/syntax-validate.pl.8 man/man8/usn-tombstone-cleanup.pl.8
\
man/man8/ns-accountstatus.pl.8 man/man8/ns-newpwpolicy.pl.8
\
man/man8/ns-activate.pl.8 man/man8/ns-inactivate.pl.8
\
man/man8/upgradedb.8 man/man8/remove-ds.pl.8
man/man5/dirsrv.5
\
man/man5/dirsrv.systemd.5
\
man/man8/dn2rdn.8
\
man/man8/ldif2ldap.8
\
man/man8/monitor.8
\
man/man8/ns-accountstatus.pl.8
\
man/man8/ns-newpwpolicy.pl.8
\
man/man8/ns-activate.pl.8
\
man/man8/ns-inactivate.pl.8
\
man/man8/remove-ds.pl.8
\
man/man8/restoreconfig.8
\
man/man8/saveconfig.8
\
man/man8/schema-reload.pl.8
\
man/man5/slapd-collations.conf.5
\
man/man8/suffix2instance.8
\
man/man8/syntax-validate.pl.8
\
man/man5/template-initconfig.5
\
man/man8/upgradednformat.8
\
man/man8/upgradedb.8
\
man/man8/usn-tombstone-cleanup.pl.8
\
man/man8/vlvindex.8
\
man/man8/verify-db.pl.8
#------------------------
# updates
...
...
@@ -942,7 +1043,7 @@ update_DATA = ldap/admin/src/scripts/exampleupdate.pl \
ldap/admin/src/scripts/50telexnumbersyntaxplugin.ldif
\
ldap/admin/src/scripts/50guidesyntaxplugin.ldif
\
ldap/admin/src/scripts/50targetuniqueid.ldif
\
ldap/admin/src/scripts/
5
0removeLegacyReplication.ldif
\
ldap/admin/src/scripts/
6
0removeLegacyReplication.ldif
\
ldap/admin/src/scripts/50linkedattrsplugin.ldif
\
ldap/admin/src/scripts/50usnplugin.ldif
\
ldap/admin/src/scripts/50smd5pwdstorageplugin.ldif
\
...
...
@@ -1017,7 +1118,8 @@ libldaputil_la_SOURCES = lib/ldaputil/cert.c \
lib/ldaputil/vtable.c
libldaputil_la_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
$(
DSINTERNAL_CPPFLAGS
)
-I
$(
srcdir
)
/lib/ldaputil
libldaputil_la_LIBADD
=
libslapd.la
$(
NSS_LINK
)
$(
NSPR_LINK
)
libldaputil_la_LDFLAGS
=
$(
AM_LDFLAGS
)
#////////////////////////////////////////////////////////////////
#
...
...
@@ -1025,6 +1127,27 @@ libldaputil_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(DSINTERNAL_CPPFL
#
#////////////////////////////////////////////////////////////////
#------------------------
# libsvrcore
#------------------------
libsvrcore_la_SOURCES
=
\
src/svrcore/src/alt.c
\
src/svrcore/src/cache.c
\
src/svrcore/src/errors.c
\
src/svrcore/src/file.c
\
src/svrcore/src/ntgetpin.c
\
src/svrcore/src/ntresource.h
\
src/svrcore/src/pin.c
\
src/svrcore/src/pk11.c
\
src/svrcore/src/std.c
\
src/svrcore/src/systemd-ask-pass.c
\
src/svrcore/src/std-systemd.c
\
src/svrcore/src/user.c
libsvrcore_la_LDFLAGS
=
$(
AM_LDFLAGS
)
libsvrcore_la_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
SVRCORE_INCLUDES
)
$(
DSPLUGIN_CPPFLAGS
)
libsvrcore_la_LIBADD
=
$(
NSS_LINK
)
$(
NSPR_LINK
)
#------------------------
# libsds
#------------------------
...
...
@@ -1046,7 +1169,6 @@ libsds_la_SOURCES = src/libsds/sds/core/utils.c \
src/libsds/sds/bpt_cow/txn.c
\
src/libsds/sds/bpt_cow/verify.c
\
src/libsds/sds/queue/queue.c
\
src/libsds/sds/queue/tqueue.c
\
src/libsds/sds/queue/lqueue.c
\
src/libsds/external/csiphash/csiphash.c
\
src/libsds/sds/ht/ht.c
\
...
...
@@ -1069,6 +1191,41 @@ endif
libsds_la_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
SDS_CPPFLAGS
)
libsds_la_LDFLAGS
=
$(
AM_LDFLAGS
)
$(
SDS_LDFLAGS
)
if
RUST_ENABLE
### Why does this exist?
#
# Both cargo and autotools are really opinionated. You can't generate the correct
# outputs from cargo/rust for automake to use. But by the same token, you can't
# convince automake to use the outputs we *do* have. So instead, we manually
# create and install the .so instead.
#
# This acts like .PHONY for some reason ...
libsds_la_LDFLAGS
+=
-L
$(
abs_builddir
)
/.libs
-lrsds
libsds_la_DEPENDENCIES
=
librsds.so
librsds.so
:
src/libsds/Cargo.toml src/libsds/sds/lib.rs src/libsds/sds/tqueue.rs
CARGO_TARGET_DIR
=
$(
abs_top_builddir
)
/rs
RUSTC_BOOTSTRAP
=
1
\
cargo rustc
$(
CARGO_FLAGS
)
--verbose
--manifest-path
=
$(
srcdir
)
/src/libsds/Cargo.toml
\
--
$(
RUSTC_FLAGS
)
mkdir
-p
$(
abs_builddir
)
/.libs
cp
$(
abs_top_builddir
)
/rs/@rust_target_dir@/librsds.so
$(
abs_builddir
)
/.libs/librsds.so
dist_noinst_DATA
+=
$(
srcdir
)
/src/libsds/Cargo.toml
\
$(
srcdir
)
/src/libsds/sds/
*
.rs
# echo $(serverdir)
install-data-local
:
$(
MKDIR_P
)
$(
DESTDIR
)$(
serverdir
)
$(
INSTALL
)
-c
-m
755
$(
abs_builddir
)
/.libs/librsds.so
$(
DESTDIR
)$(
serverdir
)
/librsds.so
else
# Just build the tqueue in C.
libsds_la_SOURCES
+=
\
src/libsds/sds/queue/tqueue.c
endif
#------------------------
# libnunc-stans
#------------------------
...
...
@@ -1237,8 +1394,8 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \
ldap/servers/slapd/slapi_pal.c
\
$(
libavl_a_SOURCES
)
libslapd_la_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
$(
SASL_INCLUDES
)
@db_inc@
$(
SVRCORE_INCLUDES
)
@kerberos_inc@ @pcre_inc@
$(
SDS_CPPFLAGS
)
libslapd_la_LIBADD
=
$(
LDAPSDK_LINK
)
$(
SASL_LINK
)
$(
SVRCORE_LINK
)
$(
NSS_LINK
)
$(
NSPR_LINK
)
$(
KERBEROS_LINK
)
$(
PCRE_LINK
)
$(
THREADLIB
)
$(
SYSTEMD_LINK
)
libsds.la
libslapd_la_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
$(
SASL_INCLUDES
)
@db_inc@ @kerberos_inc@ @pcre_inc@
$(
SDS_CPPFLAGS
)
$(
SVRCORE_INCLUDES
)
libslapd_la_LIBADD
=
$(
LDAPSDK_LINK
)
$(
SASL_LINK
)
$(
NSS_LINK
)
$(
NSPR_LINK
)
$(
KERBEROS_LINK
)
$(
PCRE_LINK
)
$(
THREADLIB
)
$(
SYSTEMD_LINK
)
libsds.la
libsvrcore.la
libslapd_la_LDFLAGS
=
$(
AM_LDFLAGS
)
$(
SLAPD_LDFLAGS
)
...
...
@@ -1490,7 +1647,7 @@ libpbe_plugin_la_SOURCES = ldap/servers/plugins/rever/pbe.c \
ldap/servers/plugins/rever/rever.c
libpbe_plugin_la_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
$(
SVRCORE_INCLUDES
)
libpbe_plugin_la_LIBADD
=
libslapd.la
$(
NSS_LINK
)
libpbe_plugin_la_LIBADD
=
libslapd.la
libsvrcore.la
$(
NSS_LINK
)
libpbe_plugin_la_DEPENDENCIES
=
libslapd.la
libpbe_plugin_la_LDFLAGS
=
-avoid-version
...
...
@@ -1826,12 +1983,6 @@ dbscan_SOURCES = ldap/servers/slapd/tools/dbscan.c
dbscan_CPPFLAGS
=
@db_inc@ @nspr_inc@
$(
AM_CPPFLAGS
)
dbscan_LDADD
=
$(
NSPR_LINK
)
$(
DB_LINK
)
#------------------------
# dsktune
#------------------------
dsktune_SOURCES
=
ldap/systools/idsktune.c ldap/systools/pio.c
dsktune_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
#------------------------
# infadd
#------------------------
...
...
@@ -1886,7 +2037,7 @@ ldif_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK_NOTHR) $(SASL_LINK)
migratecred_SOURCES
=
ldap/servers/slapd/tools/migratecred.c
migratecred_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
migratecred_LDADD
=
libslapd.la
$(
NSPR_LINK
)
$(
NSS_LINK
)
$(
SVRCORE_LINK
)
$(
LDAPSDK_LINK
)
$(
SASL_LINK
)
migratecred_LDADD
=
libslapd.la
libsvrcore.la
$(
NSPR_LINK
)
$(
NSS_LINK
)
$(
LDAPSDK_LINK
)
$(
SASL_LINK
)
migratecred_DEPENDENCIES
=
libslapd.la
#------------------------
...
...
@@ -1895,7 +2046,7 @@ migratecred_DEPENDENCIES = libslapd.la
mmldif_SOURCES
=
ldap/servers/slapd/tools/mmldif.c
mmldif_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
mmldif_LDADD
=
libslapd.la
$(
NSPR_LINK
)
$(
NSS_LINK
)
$(
SVRCORE_LINK
)
$(
LDAPSDK_LINK_NOTHR
)
$(
SASL_LINK
)
mmldif_LDADD
=
libslapd.la
libsvrcore.la
$(
NSPR_LINK
)
$(
NSS_LINK
)
$(
LDAPSDK_LINK_NOTHR
)
$(
SASL_LINK
)
mmldif_DEPENDENCIES
=
libslapd.la
#------------------------
...
...
@@ -1947,9 +2098,9 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
$(
GETSOCKETPEER
)
ns_slapd_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
$(
SASL_INCLUDES
)
$(
SVRCORE_INCLUDES
)
ns_slapd_LDADD
=
libnunc-stans.la libslapd.la libldaputil.la
$(
LDAPSDK_LINK
)
$(
NSS_LINK
)
$(
LIBADD_DL
)
\
$(
NSPR_LINK
)
$(
SASL_LINK
)
$(
SVRCORE_LINK
)
$(
LIBNSL
)
$(
LIBSOCKET
)
$(
THREADLIB
)
$(
SYSTEMD_LINK
)
$(
EVENT_LINK
)
ns_slapd_DEPENDENCIES
=
libslapd.la libnunc-stans.la
ns_slapd_LDADD
=
libnunc-stans.la libslapd.la libldaputil.la
libsvrcore.la
$(
LDAPSDK_LINK
)
$(
NSS_LINK
)
$(
LIBADD_DL
)
\
$(
NSPR_LINK
)
$(
SASL_LINK
)
$(
LIBNSL
)
$(
LIBSOCKET
)
$(
THREADLIB
)
$(
SYSTEMD_LINK
)
$(
EVENT_LINK
)
ns_slapd_DEPENDENCIES
=
libslapd.la libnunc-stans.la
libldaputil.la
# We need to link ns-slapd with the C++ compiler on HP-UX since we load
# some C++ shared libraries (such as icu).
if
HPUX
...
...
@@ -1964,7 +2115,7 @@ endif
pwdhash_SOURCES
=
ldap/servers/slapd/tools/pwenc.c
pwdhash_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
DSPLUGIN_CPPFLAGS
)
pwdhash_LDADD
=
libslapd.la
$(
NSPR_LINK
)
$(
NSS_LINK
)
$(
SVRCORE_LINK
)
$(
LDAPSDK_LINK
)
$(
SASL_LINK
)
pwdhash_LDADD
=
libslapd.la
libsvrcore.la
$(
NSPR_LINK
)
$(
NSS_LINK
)
$(
LDAPSDK_LINK
)
$(
SASL_LINK
)
pwdhash_DEPENDENCIES
=
libslapd.la
#------------------------
...
...
@@ -1999,6 +2150,7 @@ TESTS = test_slapd \
test_slapd_SOURCES
=
test
/main.c
\
test
/libslapd/test.c
\
test
/libslapd/counters/atomic.c
\
test
/libslapd/filter/optimise.c
\
test
/libslapd/pblock/analytics.c
\
test
/libslapd/pblock/v3_compat.c
\
test
/libslapd/operation/v3_compat.c
\
...
...
@@ -2028,37 +2180,37 @@ test_libsds_SOURCES = src/libsds/test/test_sds.c \
src/libsds/test/test_sds_ht.c
\
src/libsds/test/test_fixtures.c
test_libsds_LDFLAGS
=
$(
ASAN_
DEFINE
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
test_libsds_LDFLAGS
=
$(
ASAN_
CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAG
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
test_libsds_LDADD
=
libsds.la
$(
NSPR_LINK
)
test_libsds_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
CMOCKA_INCLUDES
)
$(
SDS_CPPFLAGS
)
benchmark_sds_SOURCES
=
src/libsds/test/benchmark.c
\
$(
libavl_a_SOURCES
)
benchmark_sds_LDFLAGS
=
$(
ASAN_
DEFINE
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
benchmark_sds_LDFLAGS
=
$(
ASAN_
CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAG
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
benchmark_sds_LDADD
=
libsds.la
$(
NSPR_LINK
)
benchmark_sds_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
CMOCKA_INCLUDES
)
$(
SDS_CPPFLAGS
)
$(
DS_INCLUDES
)
benchmark_par_sds_SOURCES
=
src/libsds/test/benchmark_parwrap.c
\
src/libsds/test/benchmark_par.c
\
$(
libavl_a_SOURCES
)
benchmark_par_sds_LDFLAGS
=
$(
ASAN_
DEFINE
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
benchmark_par_sds_LDFLAGS
=
$(
ASAN_
CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAG
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
benchmark_par_sds_LDADD
=
libsds.la
$(
NSPR_LINK
)
benchmark_par_sds_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
CMOCKA_INCLUDES
)
$(
SDS_CPPFLAGS
)
$(
DS_INCLUDES
)
test_nuncstans_SOURCES
=
src/nunc-stans/test/test_nuncstans.c
test_nuncstans_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
CMOCKA_INCLUDES
)
$(
NUNCSTANS_CPPFLAGS
)
test_nuncstans_LDADD
=
libnunc-stans.la libsds.la
$(
NSPR_LINK
)
test_nuncstans_LDFLAGS
=
$(
ASAN_
DEFINE
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
$(
EVENT_LINK
)
test_nuncstans_LDFLAGS
=
$(
ASAN_
CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAG
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
$(
EVENT_LINK
)
test_nuncstans_stress_large_SOURCES
=
src/nunc-stans/test/test_nuncstans_stress_large.c src/nunc-stans/test/test_nuncstans_stress_core.c
test_nuncstans_stress_large_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
CMOCKA_INCLUDES
)
$(
NUNCSTANS_CPPFLAGS
)
test_nuncstans_stress_large_LDADD
=
libnunc-stans.la libsds.la
$(
NSPR_LINK
)
test_nuncstans_stress_large_LDFLAGS
=
$(
ASAN_
DEFINE
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
$(
EVENT_LINK
)
test_nuncstans_stress_large_LDFLAGS
=
$(
ASAN_
CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAG
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
$(
EVENT_LINK
)
test_nuncstans_stress_small_SOURCES
=
src/nunc-stans/test/test_nuncstans_stress_small.c src/nunc-stans/test/test_nuncstans_stress_core.c
test_nuncstans_stress_small_CPPFLAGS
=
$(
AM_CPPFLAGS
)
$(
CMOCKA_INCLUDES
)
$(
NUNCSTANS_CPPFLAGS
)
test_nuncstans_stress_small_LDADD
=
libnunc-stans.la libsds.la
$(
NSPR_LINK
)
test_nuncstans_stress_small_LDFLAGS
=
$(
ASAN_
DEFINE
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
$(
EVENT_LINK
)
test_nuncstans_stress_small_LDFLAGS
=
$(
ASAN_
CFLAGS
)
$(
MSAN_CFLAGS
)
$(
TSAN_CFLAGS
)
$(
UBSAN_CFLAG
S
)
$(
PROFILING_LINKS
)
$(
CMOCKA_LINKS
)
$(
EVENT_LINK
)
endif
...
...
@@ -2076,6 +2228,7 @@ fixupcmd = sed \
-e
's,@bindir\@,
$(
bindir
)
,g'
\
-e
's,@sbindir\@,
$(
sbindir
)
,g'
\
-e
's,@libdir\@,
$(
libdir
)
,g'
\
-e
's,@libexecdir\@,
$(
libexecdir
)
,g'
\
-e
's,@nspr_libdir\@,
$(
nspr_libdir
)
,g'
\
-e
's,@nss_libdir\@,
$(
nss_libdir
)
,g'
\
-e
's,@ldapsdk_libdir\@,
$(
ldapsdk_libdir
)
,g'
\
...
...
@@ -2102,6 +2255,7 @@ fixupcmd = sed \
-e
's,@localrundir\@,
$(
localrundir
)
,g'
\
-e
's,@infdir\@,
$(
infdir
)
,g'
\
-e
's,@mibdir\@,
$(
mibdir
)
,g'
\
-e
's,@cockpitdir\@,
$(
cockpitdir
)
,g'
\
-e
's,@templatedir\@,
$(
sampledatadir
)
,g'
\
-e
's,@systemschemadir\@,
$(
systemschemadir
)
,g'
\
-e
's,@package_name\@,
$(
PACKAGE_NAME
)
,g'
\
...
...
@@ -2114,6 +2268,10 @@ fixupcmd = sed \
-e
's,@enable_auto_dn_suffix\@,
$(
enable_auto_dn_suffix
)
,g'
\
-e
's,@enable_presence\@,
$(
enable_presence
)
,g'
\
-e
's,@enable_asan\@,
$(
ASAN_ON
)
,g'
\
-e
's,@enable_msan\@,
$(
MSAN_ON
)
,g'
\
-e
's,@enable_tsan\@,
$(
TSAN_ON
)
,g'
\
-e
's,@enable_ubsan\@,
$(
UBSAN_ON
)
,g'
\
-e
's,@SANITIZER\@,
$(
SANITIZER
)
,g'
\
-e
's,@enable_perl\@,@enable_perl@,g'
\
-e
's,@ECHO_N\@,
$(
ECHO_N
)
,g'
\
-e
's,@ECHO_C\@,
$(
ECHO_C
)
,g'
\
...
...
@@ -2175,18 +2333,15 @@ endif
if
[
!
-d
$(
dir
$@
)
]
;
then
mkdir
-p
$(
dir
$@
)
;
fi
$(
fixupcmd
)
$^
>
$@
if
enable_asan
# yes, that is an @ in the filename . . .
%/$(PACKAGE_NAME)@.service
:
%/systemd.template.asan.service.in
if
[
!
-d
$(
dir
$@
)
]
;
then
mkdir
-p
$(
dir
$@
)
;
fi
$(
fixupcmd
)
$^
>
$@
else
# yes, that is an @ in the filename . . .
%/$(PACKAGE_NAME)@.service
:
%/systemd.template.service.in
if
[
!
-d
$(
dir
$@
)
]
;
then
mkdir
-p
$(
dir
$@
)
;
fi
$(
fixupcmd
)
$^
>
$@
endif
if
[
!
-z
${
SANITIZER
}
]
;
then
\
service_template
=
$(
shell
echo
$^
|
sed
's/template/template.xsan/g'
);
\
else
\
service_template
=
$^
;
\
fi
;
\
$(
fixupcmd
)
$$
service_template
>
$@
%/$(PACKAGE_NAME).systemd
:
%/systemd.template.sysconfig
if
[
!
-d
$(
dir
$@
)
]
;
then
mkdir
-p
$(
dir
$@
)
;
fi
...
...
@@ -2219,11 +2374,17 @@ git-archive:
# Python test tests
# How will we update this to python 3?
tests
:
setup.py.in
python setup.py build
lib389
:
src/lib389/setup.py
cd
$(
srcdir
)
/src/lib389
;
$(
PYTHON
)
setup.py build
;
$(
PYTHON
)
setup.py build_manpages
lib389-install
:
lib389
cd
$(
srcdir
)
/src/lib389
;
$(
PYTHON
)
setup.py
install
--skip-build
--force
tests
:
setup.py.in lib389
$(
PYTHON
)
setup.py build
tests-install
:
tests
python
setup.py
install
$(
PYTHON
)
setup.py
install
# RPM-related tasks
...
...
@@ -2240,7 +2401,17 @@ rpmbrprep: dist-bzip2 rpmroot
cp
$(
distdir
)
.tar.bz2
$(
RPMBUILD
)
/SOURCES
cp
$(
srcdir
)
/rpm/389-ds-base-git.sh
$(
RPMBUILD
)
/SOURCES
cp
$(
srcdir
)
/rpm/389-ds-base-devel.README
$(
RPMBUILD
)
/SOURCES
sed
-e
"s/__VERSION__/
$(
RPM_VERSION
)
/"
-e
"s/__RELEASE__/
$(
RPM_RELEASE
)
/"
-e
"s/__VERSION_PREREL__/
$(
VERSION_PREREL
)
/"
-e
"s/__NUNC_STANS_ON__/
$(
NUNC_STANS_ON
)
/"
-e
"s/__ASAN_ON__/
$(
ASAN_ON
)
/"
<
$(
abs_builddir
)
/rpm/389-ds-base.spec
>
$(
RPMBUILD
)
/SPECS/389-ds-base.spec
sed
-e
"s/__VERSION__/
$(
RPM_VERSION
)
/"
\
-e
"s/__RELEASE__/
$(
RPM_RELEASE
)
/"
\
-e
"s/__VERSION_PREREL__/
$(
VERSION_PREREL
)
/"
\
-e
"s/__NUNC_STANS_ON__/
$(
NUNC_STANS_ON
)
/"
\
-e
"s/__RUST_ON__/
$(
RUST_ON
)
/"
\
-e
"s/__CLANG_ON__/
$(
CLANG_ON
)
/"
\
-e
"s/__PERL_ON__/
$(
PERL_ON
)
/"
\
-e
"s/__MSAN_ON__/
$(
MSAN_ON
)
/"
\
-e
"s/__TSAN_ON__/
$(
TSAN_ON
)
/"
\
-e
"s/__UBSAN_ON__/
$(
UBSAN_ON
)
/"
\
-e
"s/__ASAN_ON__/
$(
ASAN_ON
)
/"
<
$(
abs_builddir
)
/rpm/389-ds-base.spec
>
$(
RPMBUILD
)
/SPECS/389-ds-base.spec
# Requires rpmdevtools. Consider making this a dependancy of rpms.
rpmsources
:
rpmbrprep
...
...
@@ -2262,7 +2433,7 @@ if HAVE_DOXYGEN
doxyfile.stamp
:
cd
$(
srcdir
);
$(
DOXYGEN
)
$(
abs_top_builddir
)
/docs/slapi.doxy
rm
$(
abs_top_builddir
)
/man/man3/_
*
rm
-f
$(
abs_top_builddir
)
/man/man3/_
*
touch
doxyfile.stamp
# Add the docs to make all.
...
...
README
deleted
100644 → 0
View file @
d72a226f
=======================================================================
389 Directory Server
=======================================================================
The 389 Directory Server is subject to the terms detailed in the
license agreement file called LICENSE.
Late-breaking news and information on the 389 Directory Server is
available on our wiki page:
http://www.port389.org/
README.md
0 → 100644
View file @
94f30daf
389 Directory Server
====================
389 Directory Server is a highly usable, fully featured, reliable
and secure LDAP server implementation. It handles many of the
largest LDAP deployments in the world.
All our code has been extensively tested with sanitisation tools.
As well as a rich feature set of fail-over and backup technologies
gives administrators confidence their accounts are safe.
License
-------
The 389 Directory Server is subject to the terms detailed in the
license agreement file called LICENSE.
Late-breaking news and information on the 389 Directory Server is
available on our wiki page:
http://www.port389.org/
Building
--------
autoreconf -fiv
./configure --enable-debug --with-openldap --enable-cmocka --enable-asan
make
make lib389
make check
sudo make install
sudo make lib389-install
Testing
-------
sudo py.test -s 389-ds-base/dirsrvtests/tests/suites/basic/
More information
----------------
Please see our contributing guide online:
http://www.port389.org/docs/389ds/contributing.html
VERSION.sh
View file @
94f30daf
...
...
@@ -9,8 +9,8 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR
=
1
VERSION_MINOR
=
3
VERSION_MAINT
=
7.4
VERSION_MINOR
=
4
VERSION_MAINT
=
0.15
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL
=
VERSION_DATE
=
$(
date
-u
+%Y%m%d
)
...
...
configure.ac
View file @
94f30daf
...
...
@@ -24,8 +24,12 @@ AC_SUBST([CONSOLE_VERSION])
AM_MAINTAINER_MODE
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIRS([m4])
# Checks for programs.
: ${CXXFLAGS=""}
AC_PROG_CXX
: ${CFLAGS=""}
AC_PROG_CC
AM_PROG_CC_C_O
AM_PROG_AS
...
...
@@ -43,6 +47,7 @@ AC_CHECK_HEADERS([arpa/inet.h errno.h fcntl.h malloc.h netdb.h netinet/in.h stdl
# These are *required* headers without option.
AC_CHECK_HEADERS([inttypes.h], [], AC_MSG_ERROR([unable to locate required header inttypes.h]))
AC_CHECK_HEADERS([crack.h], [], AC_MSG_ERROR([unable to locate required header crack.h]))
# Checks for typedefs, structures, and compiler characteristics.
...
...
@@ -78,31 +83,130 @@ AC_CHECK_FUNCS([clock_gettime], [], AC_MSG_ERROR([unable to locate required symb
# This will detect if we need to add the LIBADD_DL value for us.
LT_LIB_DLLOAD
# Optional rust component support.
AC_MSG_CHECKING(for --enable-rust)
AC_ARG_ENABLE(rust, AS_HELP_STRING([--enable-rust], [Enable rust language features (default: no)]),
[
AC_CHECK_PROG(CARGO, [cargo], [yes], [no])
AC_CHECK_PROG(RUSTC, [rustc], [yes], [no])
AS_IF([test "$CARGO" != "yes" -o "$RUSTC" != "yes"], [
AC_MSG_FAILURE("Rust based plugins cannot be built cargo=$CARGO rustc=$RUSTC")
])
with_rust=yes
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
])
AM_CONDITIONAL([RUST_ENABLE],[test -n "$with_rust"])
AC_MSG_CHECKING(for --enable-debug)
AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug], [Enable debug features (default: no)]),
[
AC_MSG_RESULT(yes)
debug_defs="-g3 -DDEBUG -DMCC_DEBUG -O0"
debug_defs="-DDEBUG -DMCC_DEBUG"
debug_cflags="-g3 -O0"
debug_cxxflags="-g3 -O0"
debug_rust_defs="-C debuginfo=2"
cargo_defs=""
rust_target_dir="debug"
with_debug=yes
],
[
AC_MSG_RESULT(no)
debug_defs=""
# set the default safe CFLAGS that would be set by AC_PROG_CC otherwise
debug_cflags="-g -O2"
debug_cxxflags="-g -O2"
debug_rust_defs="-C debuginfo=2"
cargo_defs="--release"
rust_target_dir="release"
])
AC_SUBST([debug_defs])
AC_SUBST([debug_cflags])
AC_SUBST([debug_cxxflags])
AC_SUBST([debug_rust_defs])
AC_SUBST([cargo_defs])
AC_SUBST([rust_target_dir])
AM_CONDITIONAL([DEBUG],[test -n "$with_debug"])
AC_MSG_CHECKING(for --enable-asan)
AC_ARG_ENABLE(asan, AS_HELP_STRING([--enable-asan], [Enable gcc address sanitizer options (default: no)]),
AC_ARG_ENABLE(asan, AS_HELP_STRING([--enable-asan], [Enable gcc
/clang
address sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
asan_defs="-fsanitize=address -fno-omit-frame-pointer"
asan_cflags="-fsanitize=address -fno-omit-frame-pointer"
asan_rust_defs="-Z sanitizer=address"
],
[
AC_MSG_RESULT(no)
asan_defs=""
asan_cflags=""
asan_rust_defs=""
])
AC_SUBST([asan_defs])
AC_SUBST([asan_cflags])
AC_SUBST([asan_rust_defs])
AM_CONDITIONAL(enable_asan,test "$enable_asan" = "yes")
AC_MSG_CHECKING(for --enable-msan)
AC_ARG_ENABLE(msan, AS_HELP_STRING([--enable-msan], [Enable gcc/clang memory sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
msan_cflags="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer"
msan_rust_defs="-Z sanitizer=memory"
],
[
AC_MSG_RESULT(no)
msan_cflags=""
msan_rust_defs=""
])
AC_SUBST([msan_cflags])
AC_SUBST([msan_rust_defs])
AM_CONDITIONAL(enable_msan,test "$enable_msan" = "yes")
AC_MSG_CHECKING(for --enable-tsan)
AC_ARG_ENABLE(tsan, AS_HELP_STRING([--enable-tsan], [Enable gcc/clang thread sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
tsan_cflags="-fsanitize=thread -fno-omit-frame-pointer"
tsan_rust_defs="-Z sanitizer=thread"
],
[
AC_MSG_RESULT(no)
tsan_cflags=""
tsan_rust_defs=""
])
AC_SUBST([tsan_cflags])
AC_SUBST([tsan_rust_defs])
AM_CONDITIONAL(enable_tsan,test "$enable_tsan" = "yes")
AC_MSG_CHECKING(for --enable-ubsan)
AC_ARG_ENABLE(ubsan, AS_HELP_STRING([--enable-tsan], [Enable gcc/clang undefined behaviour sanitizer options (default: no)]),
[
AC_MSG_RESULT(yes)
ubsan_cflags="-fsanitize=undefined -fno-omit-frame-pointer"
ubsan_rust_defs=""
],
[
AC_MSG_RESULT(no)
ubsan_cflags=""
ubsan_rust_defs=""
])
AC_SUBST([ubsan_cflags])
AC_SUBST([ubsan_rust_defs])
AM_CONDITIONAL(enable_ubsan,test "$enable_ubsan" = "yes")
# Enable CLANG
AC_MSG_CHECKING(for --enable-clang)
AC_ARG_ENABLE(clang, AS_HELP_STRING([--enable-clang], [Enable clang (default: no)]),
[
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
])
AM_CONDITIONAL(CLANG_ENABLE,test "$enable_clang" = "yes")
# Enable Perl
if test -z "$enable_perl" ; then
enable_perl=yes
fi
...
...
@@ -124,15 +228,19 @@ AC_ARG_ENABLE(gcc-security, AS_HELP_STRING([--enable-gcc-security], [Enable gcc
[
AC_MSG_RESULT(yes)
AM_COND_IF([RPM_HARDEND_CC],
[ gccsec_
def
s="-Wall -Wp,-D_FOR
I
TY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " ],
[ gccsec_
def
s="-Wall -Wp,-D_FOR
I
TY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security" ]
[ gccsec_
cflag
s="-Wall -Wp,-D_FORT
IF
Y_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " ],
[ gccsec_
cflag
s="-Wall -Wp,-D_FORT
IF
Y_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security" ]
)
],
[
# Without this, -fPIC doesn't work on generic fedora builds, --disable-gcc-sec.
AC_MSG_RESULT(no)
gccsec_defs=""
AM_COND_IF([RPM_HARDEND_CC],
[ gccsec_cflags="-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" ],
[ gccsec_cflags="" ]
)
])
AC_SUBST([gccsec_
def
s])
AC_SUBST([gccsec_
cflag
s])
# Pull in profiling.
AC_MSG_CHECKING(for --enable-profiling)
...
...
@@ -301,6 +409,7 @@ fi
m4_include(m4/fhs.m4)
localrundir='/run'
cockpitdir=/389-console
# installation paths - by default, we store everything
# under the prefix. The with-fhs option will use /usr,
...
...
@@ -437,12 +546,12 @@ if test -n "$with_pythonexec"; then
if test "$with_pythonexec" = yes ; then
AC_MSG_ERROR([You must specify --with-pythonexec=/full/path/to/python])
elif test "$with_pythonexec" = no ; then
with_pythonexec=/usr/bin/python
2
with_pythonexec=/usr/bin/python
3
else
AC_MSG_RESULT([$with_pythonexec])
fi
else
with_pythonexec=/usr/bin/python
2
with_pythonexec=/usr/bin/python
3
fi
AC_SUBST(prefixdir)
...
...
@@ -461,9 +570,9 @@ AC_SUBST(infdir)
AC_SUBST(mibdir)
AC_SUBST(mandir)
AC_SUBST(updatedir)
AC_SUBST(defaultuser)
AC_SUBST(defaultgroup)
AC_SUBST(cockpitdir)
# check for --with-instconfigdir
AC_MSG_CHECKING(for --with-instconfigdir)
...
...
@@ -522,7 +631,7 @@ fi
if test -n "$with_pythonexec"; then
pythonexec="$with_pythonexec"
else
pythonexec='/usr/bin/
env
python
2
'
pythonexec='/usr/bin/python
3
'
fi
# Default to no atomic queue operations.
...
...
@@ -544,7 +653,6 @@ case $host in
platform="linux"
initdir='$(sysconfdir)/rc.d/init.d'
# do arch specific linux stuff here
# TCMalloc is only on i686, x86_64, ppc64 and arm, so we pick that here.
case $host in
i*86-*-linux*)
AC_DEFINE([CPU_x86], [], [cpu type x86])
...
...
@@ -733,7 +841,6 @@ m4_include(m4/openldap.m4)
m4_include(m4/mozldap.m4)
m4_include(m4/db.m4)
m4_include(m4/sasl.m4)
m4_include(m4/svrcore.m4)
m4_include(m4/icu.m4)
m4_include(m4/netsnmp.m4)
m4_include(m4/kerberos.m4)
...
...
@@ -742,7 +849,6 @@ m4_include(m4/selinux.m4)
m4_include(m4/systemd.m4)
m4_include(m4/cmocka.m4)
m4_include(m4/doxygen.m4)
m4_include(m4/tcmalloc.m4)
PACKAGE_BASE_VERSION=`echo $PACKAGE_VERSION | awk -F\. '{print $1"."$2}'`
AC_SUBST(PACKAGE_BASE_VERSION)
...
...
@@ -794,7 +900,7 @@ AC_DEFINE([LDAP_ERROR_LOGGING], [1], [LDAP error logging flag])
# AC_CONFIG_FILES([ldap/admin/src/defaults.inf])
AC_CONFIG_FILES([src/pkgconfig/dirsrv.pc src/pkgconfig/nunc-stans.pc src/pkgconfig/libsds.pc])
AC_CONFIG_FILES([src/pkgconfig/dirsrv.pc src/pkgconfig/nunc-stans.pc src/pkgconfig/libsds.pc
src/pkgconfig/svrcore.pc
])
AC_CONFIG_FILES([Makefile rpm/389-ds-base.spec ])
...
...
dirsrvtests/conftest.py
0 → 100644
View file @
94f30daf
import
subprocess
import
logging
import
pytest
import
os
from
enum
import
Enum
pkgs
=
[
'
389-ds-base
'
,
'
nss
'
,
'
nspr
'
,
'
openldap
'
,
'
cyrus-sasl
'
]
class
FIPSState
(
Enum
):
ENABLED
=
'
enabled
'
DISABLED
=
'
disabled
'
NOT_AVAILABLE
=
'
not_available
'
def
__unicode__
(
self
):
return
self
.
value
def
__str__
(
self
):
return
self
.
value
def
get_rpm_version
(
pkg
):
try
:
result
=
subprocess
.
check_output
([
'
rpm
'
,
'
-q
'
,
'
--queryformat
'
,
'
%{VERSION}-%{RELEASE}
'
,
pkg
])
except
:
result
=
b
"
not installed
"
return
result
.
decode
(
'
utf-8
'
)
def
is_fips
():
# Are we running in FIPS mode?
if
not
os
.
path
.
exists
(
'
/proc/sys/crypto/fips_enabled
'
):
return
FIPSState
.
NOT_AVAILABLE
state
=
None
with
open
(
'
/proc/sys/crypto/fips_enabled
'
,
'
r
'
)
as
f
:
state
=
f
.
readline
()
if
state
==
'
1
'
:
return
FIPSState
.
ENABLED
else
:
return
FIPSState
.
DISABLED
@pytest.fixture
(
autouse
=
True
)
def
_environment
(
request
):
if
"
_metadata
"
in
dir
(
request
.
config
):
for
pkg
in
pkgs
:
request
.
config
.
_metadata
[
pkg
]
=
get_rpm_version
(
pkg
)
request
.
config
.
_metadata
[
'
FIPS
'
]
=
is_fips
()
def
pytest_cmdline_main
(
config
):
logging
.
basicConfig
(
level
=
logging
.
DEBUG
)
def
pytest_report_header
(
config
):
header
=
""
for
pkg
in
pkgs
:
header
+=
"
%s: %s
\n
"
%
(
pkg
,
get_rpm_version
(
pkg
))
header
+=
"
FIPS: %s
"
%
is_fips
()
return
header
@pytest.mark.optionalhook
def
pytest_html_results_table_header
(
cells
):
cells
.
pop
()
@pytest.mark.optionalhook
def
pytest_html_results_table_row
(
report
,
cells
):
cells
.
pop
()
dirsrvtests/create_test.py
View file @
94f30daf
...
...
@@ -61,24 +61,45 @@ def writeFinalizer():
def
get_existing_topologies
(
inst
,
masters
,
hubs
,
consumers
):
"""
Check if the requested topology exists
"""
setup_text
=
""
if
inst
:
if
inst
==
1
:
i
=
'
st
'
setup_text
=
"
Standalone Instance
"
else
:
i
=
'
i{}
'
.
format
(
inst
)
setup_text
=
"
{} Standalone Instances
"
.
format
(
inst
)
else
:
i
=
''
if
masters
:
ms
=
'
m{}
'
.
format
(
masters
)
if
len
(
setup_text
)
>
0
:
setup_text
+=
"
,
"
if
masters
==
1
:
setup_text
+=
"
Master Instance
"
else
:
setup_text
+=
"
{} Master Instances
"
.
format
(
masters
)
else
:
ms
=
''
if
hubs
:
hs
=
'
h{}
'
.
format
(
hubs
)
if
len
(
setup_text
)
>
0
:
setup_text
+=
"
,
"
if
hubs
==
1
:
setup_text
+=
"
Hub Instance
"
else
:
setup_text
+=
"
{} Hub Instances
"
.
format
(
hubs
)
else
:
hs
=
''
if
consumers
:
cs
=
'
c{}
'
.
format
(
consumers
)
if
len
(
setup_text
)
>
0
:
setup_text
+=
"
,
"
if
consumers
==
1
:
setup_text
+=
"
Consumer Instance
"
else
:
setup_text
+=
"
{} Consumer Instances
"
.
format
(
consumers
)
else
:
cs
=
''
...
...
@@ -86,9 +107,9 @@ def get_existing_topologies(inst, masters, hubs, consumers):
# Returns True in the first element of a list, if topology was found
if
my_topology
in
dir
(
topologies
):
return
[
True
,
my_topology
]
return
[
True
,
my_topology
,
setup_text
]
else
:
return
[
False
,
my_topology
]
return
[
False
,
my_topology
,
setup_text
]
def
check_id_uniqueness
(
id_value
):
...
...
@@ -181,10 +202,11 @@ if len(sys.argv) > 0:
# Extract usable values
ticket
=
args
.
ticket
suite
=
args
.
suite
if
args
.
inst
==
'
0
'
and
args
.
masters
==
'
0
'
and
args
.
hubs
==
'
0
'
\
and
args
.
consumers
==
'
0
'
:
instances
=
1
my_topology
=
[
True
,
'
topology_st
'
]
my_topology
=
[
True
,
'
topology_st
'
,
"
Standalone Instance
"
]
else
:
instances
=
int
(
args
.
inst
)
masters
=
int
(
args
.
masters
)
...
...
@@ -192,6 +214,7 @@ if len(sys.argv) > 0:
consumers
=
int
(
args
.
consumers
)
my_topology
=
get_existing_topologies
(
instances
,
masters
,
hubs
,
consumers
)
filename
=
args
.
filename
setup_text
=
my_topology
[
2
]
# Create/open the new test script file
if
not
filename
:
...
...
@@ -210,9 +233,10 @@ if len(sys.argv) > 0:
if
my_topology
[
0
]:
topology_import
=
'
from lib389.topologies import {} as topo
\n
'
.
format
(
my_topology
[
1
])
else
:
topology_import
=
''
topology_import
=
'
from lib389.topologies import create_topology
\n
'
TEST
.
write
(
'
import logging
\n
import pytest
\n
import os
\n
'
)
TEST
.
write
(
'
from lib389._constants import *
\n
'
)
TEST
.
write
(
'
{}
\n
'
.
format
(
topology_import
))
TEST
.
write
(
'
DEBUGGING = os.getenv(
"
DEBUGGING
"
, default=False)
\n
'
)
...
...
@@ -220,7 +244,7 @@ if len(sys.argv) > 0:
TEST
.
write
(
'
logging.getLogger(__name__).setLevel(logging.DEBUG)
\n
'
)
TEST
.
write
(
'
else:
\n
'
)
TEST
.
write
(
'
logging.getLogger(__name__).setLevel(logging.INFO)
\n
'
)
TEST
.
write
(
'
log = logging.getLogger(__name__)
\n\n
\n
'
)
TEST
.
write
(
'
log = logging.getLogger(__name__)
\n\n
'
)
# Add topology function for non existing (in lib389/topologies.py) topologies only
if
not
my_topology
[
0
]:
...
...
@@ -236,7 +260,7 @@ if len(sys.argv) > 0:
topologies_str
+=
"
{} standalone instances
"
.
format
(
instances
)
# Write the 'topology function'
TEST
.
write
(
'
@pytest.fixture(scope=
"
module
"
)
\n
'
)
TEST
.
write
(
'
\n
@pytest.fixture(scope=
"
module
"
)
\n
'
)
TEST
.
write
(
'
def topo(request):
\n
'
)
TEST
.
write
(
'
"""
Create a topology with{}
"""
\n\n
'
.
format
(
topologies_str
))
TEST
.
write
(
'
topology = create_topology({
\n
'
)
...
...
@@ -255,6 +279,7 @@ if len(sys.argv) > 0:
TEST
.
write
(
'
# replicas.test(DEFAULT_SUFFIX, topology.cs[
"
consumer1
"
])
\n
'
)
writeFinalizer
()
TEST
.
write
(
'
return topology
\n\n
'
)
tc_id
=
'
0
'
while
not
check_id_uniqueness
(
tc_id
):
tc_id
=
uuid
.
uuid4
()
...
...
@@ -266,7 +291,7 @@ if len(sys.argv) > 0:
TEST
.
write
(
'
\n
def test_something(topo):
\n
'
)
TEST
.
write
(
'
"""
Specify a test case purpose or name here
\n\n
'
)
TEST
.
write
(
'
:id: {}
\n
'
.
format
(
tc_id
))
TEST
.
write
(
'
:setup:
Fill in
set
up
configuration here
\n
'
)
TEST
.
write
(
'
:setup:
'
+
setup
_text
+
'
\n
'
)
TEST
.
write
(
'
:steps:
\n
'
)
TEST
.
write
(
'
1. Fill in test case steps here
\n
'
)
TEST
.
write
(
'
2. And indent them like this (RST format requirement)
\n
'
)
...
...
@@ -289,7 +314,7 @@ if len(sys.argv) > 0:
TEST
.
write
(
'
# Run isolated
\n
'
)
TEST
.
write
(
'
# -s for DEBUG mode
\n
'
)
TEST
.
write
(
'
CURRENT_FILE = os.path.realpath(__file__)
\n
'
)
TEST
.
write
(
'
pytest.main(
"
-s
%s
"
%
CURRENT_FILE)
\n\n
'
)
TEST
.
write
(
'
pytest.main(
[
"
-s
"
,
CURRENT_FILE
]
)
\n\n
'
)
# Done, close things up
TEST
.
close
()
...
...
dirsrvtests/tests/data/ticket49441/binary.ldif
0 → 100644
View file @
94f30daf
This diff is collapsed.
Click to expand it.
dirsrvtests/tests/stress/cos/cos_scale_template_test.py
0 → 100644
View file @
94f30daf
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2017 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
import
pytest
from
lib389.topologies
import
topology_st
from
lib389.plugins
import
ClassOfServicePlugin
from
lib389.cos
import
CosIndirectDefinitions
,
CosTemplates
,
CosTemplate
from
lib389.idm.user
import
UserAccounts
,
TEST_USER_PROPERTIES
from
lib389.idm.organizationalunit
import
OrganizationalUnits
from
lib389._constants
import
DEFAULT_SUFFIX
import
time
# Given this should complete is about 0.005, this is generous.
# For the final test with 20 templates, about 0.02 is an acceptable time.
THRESHOLD
=
0.05
class
OUCosTemplate
(
CosTemplate
):
def
__init__
(
self
,
instance
,
dn
=
None
):
"""
Create a OU specific cos template to replicate a specific user setup.
This template provides ou attrs onto the target entry.
:param instance: A dirsrv instance
:type instance: DirSrv
:param dn: The dn of the template
:type dn: str
"""
super
(
OUCosTemplate
,
self
).
__init__
(
instance
,
dn
)
self
.
_rdn_attribute
=
'
ou
'
self
.
_must_attributes
=
[
'
ou
'
]
self
.
_create_objectclasses
=
[
'
top
'
,
'
cosTemplate
'
,
'
organizationalUnit
'
,
]
class
OUCosTemplates
(
CosTemplates
):
def
__init__
(
self
,
instance
,
basedn
,
rdn
=
None
):
"""
Create an OU specific cos templates to replicate a specific use setup.
This costemplates object allows access to the OUCosTemplate types.
:param instance: A dirsrv instance
:type instance: DirSrv
:param basedn: The basedn of the templates
:type basedn: str
:param rdn: The rdn of the templates
:type rdn: str
"""
super
(
OUCosTemplates
,
self
).
__init__
(
instance
,
basedn
,
rdn
)
self
.
_objectclasses
=
[
'
cosTemplate
'
,
'
organizationalUnit
'
,
]
self
.
_filterattrs
=
[
'
ou
'
]
self
.
_childobject
=
OUCosTemplate
def
test_indirect_template_scale
(
topology_st
):
"""
Test that cos templates can be added at a reasonable scale
:id: 7cbcdf22-1f9c-4222-9e76-685fe374fc20
:steps:
1. Enable COS plugin
2. Create the test user
3. Add an indirect cos template
4. Add a cos template
5. Add the user to the cos template and assert it works.
6. Add 25,000 templates to the database
7. Search the user. It should not exceed THRESHOLD.
:expected results:
1. It is enabled.
2. It is created.
3. Is is created.
4. It is created.
5. It is valid.
6. They are created.
7. It is fast.
"""
cos_plugin
=
ClassOfServicePlugin
(
topology_st
.
standalone
)
cos_plugin
.
enable
()
topology_st
.
standalone
.
restart
()
# Now create, the indirect specifier, and a user to template onto.
users
=
UserAccounts
(
topology_st
.
standalone
,
DEFAULT_SUFFIX
)
user
=
users
.
create
(
properties
=
TEST_USER_PROPERTIES
)
cos_inds
=
CosIndirectDefinitions
(
topology_st
.
standalone
,
DEFAULT_SUFFIX
)
cos_ind
=
cos_inds
.
create
(
properties
=
{
'
cn
'
:
'
cosIndirectDef
'
,
'
cosIndirectSpecifier
'
:
'
seeAlso
'
,
'
cosAttribute
'
:
[
'
ou merge-schemes
'
,
'
description merge-schemes
'
,
'
postalCode merge-schemes
'
,
],
})
ous
=
OrganizationalUnits
(
topology_st
.
standalone
,
DEFAULT_SUFFIX
)
ou_temp
=
ous
.
create
(
properties
=
{
'
ou
'
:
'
templates
'
})
cos_temps
=
OUCosTemplates
(
topology_st
.
standalone
,
ou_temp
.
dn
)
cos_temp_u
=
cos_temps
.
create
(
properties
=
{
'
ou
'
:
'
ou_temp_u
'
,
'
description
'
:
'
desc_temp_u
'
,
'
postalCode
'
:
'
0
'
})
# Edit the user to add the seeAlso ...
user
.
set
(
'
seeAlso
'
,
cos_temp_u
.
dn
)
# Now create 25,0000 templates, they *don't* need to apply to the user though!
for
i
in
range
(
1
,
25001
):
cos_temp_u
=
cos_temps
.
create
(
properties
=
{
'
ou
'
:
'
ou_temp_%s
'
%
i
,
'
description
'
:
'
desc_temp_%s
'
%
i
,
'
postalCode
'
:
'
%s
'
%
i
})
if
i
%
500
==
0
:
start_time
=
time
.
monotonic
()
u_search
=
users
.
get
(
'
testuser
'
)
attrs
=
u_search
.
get_attr_vals_utf8
(
'
postalCode
'
)
end_time
=
time
.
monotonic
()
diff_time
=
end_time
-
start_time
assert
diff_time
<
THRESHOLD
if
i
==
10000
:
# Now add our user to this template also.
user
.
add
(
'
seeAlso
'
,
cos_temp_u
.
dn
)
start_time
=
time
.
monotonic
()
attrs_after
=
u_search
.
get_attr_vals_utf8
(
'
postalCode
'
)
end_time
=
time
.
monotonic
()
diff_time
=
end_time
-
start_time
assert
(
set
(
attrs
)
<
set
(
attrs_after
))
assert
diff_time
<
THRESHOLD
dirsrvtests/tests/stress/reliabilty/reliab_7_5_test.py
View file @
94f30daf
...
...
@@ -19,6 +19,8 @@ from lib389.properties import *
from
lib389.tasks
import
*
from
lib389.utils
import
*
from
lib389.idm.directorymanager
import
DirectoryManager
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
DEBUG
)
formatter
=
logging
.
Formatter
(
'
%(asctime)s - %(name)s - %(levelname)s
'
+
'
- %(message)s
'
)
...
...
@@ -34,6 +36,7 @@ CHECK_CONVERGENCE = True
ENABLE_VALGRIND
=
False
RUNNING
=
True
DEBUGGING
=
os
.
getenv
(
'
DEBUGGING
'
,
default
=
False
)
class
TopologyReplication
(
object
):
def
__init__
(
self
,
master1
,
master2
):
...
...
@@ -50,9 +53,10 @@ def topology(request):
args_instance
[
SER_DEPLOYED_DIR
]
=
installation1_prefix
# Creating master 1...
master1
=
DirSrv
(
verbose
=
False
)
master1
=
DirSrv
(
verbose
=
DEBUGGING
)
args_instance
[
SER_HOST
]
=
HOST_MASTER_1
args_instance
[
SER_PORT
]
=
PORT_MASTER_1
args_instance
[
SER_SECURE_PORT
]
=
SECUREPORT_MASTER_1
args_instance
[
SER_SERVERID_PROP
]
=
SERVERID_MASTER_1
args_instance
[
SER_CREATION_SUFFIX
]
=
DEFAULT_SUFFIX
args_master
=
args_instance
.
copy
()
...
...
@@ -66,9 +70,10 @@ def topology(request):
replicaId
=
REPLICAID_MASTER_1
)
# Creating master 2...
master2
=
DirSrv
(
verbose
=
False
)
master2
=
DirSrv
(
verbose
=
DEBUGGING
)
args_instance
[
SER_HOST
]
=
HOST_MASTER_2
args_instance
[
SER_PORT
]
=
PORT_MASTER_2
args_instance
[
SER_SECURE_PORT
]
=
SECUREPORT_MASTER_2
args_instance
[
SER_SERVERID_PROP
]
=
SERVERID_MASTER_2
args_instance
[
SER_CREATION_SUFFIX
]
=
DEFAULT_SUFFIX
args_master
=
args_instance
.
copy
()
...
...
@@ -220,7 +225,8 @@ class AddDelUsers(threading.Thread):
idx
=
0
RDN
=
'
uid=add_del_master_
'
+
self
.
id
+
'
-
'
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
while
idx
<
NUM_USERS
:
USER_DN
=
RDN
+
str
(
idx
)
+
'
,
'
+
DEFAULT_SUFFIX
try
:
...
...
@@ -236,7 +242,7 @@ class AddDelUsers(threading.Thread):
conn
.
close
()
# Delete 5000 entries
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
idx
=
0
while
idx
<
NUM_USERS
:
USER_DN
=
RDN
+
str
(
idx
)
+
'
,
'
+
DEFAULT_SUFFIX
...
...
@@ -259,7 +265,7 @@ class ModUsers(threading.Thread):
def
run
(
self
):
# Mod existing entries
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
idx
=
0
while
idx
<
NUM_USERS
:
USER_DN
=
(
'
uid=master
'
+
self
.
id
+
'
_entry
'
+
str
(
idx
)
+
'
,
'
+
...
...
@@ -275,7 +281,7 @@ class ModUsers(threading.Thread):
conn
.
close
()
# Modrdn existing entries
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
idx
=
0
while
idx
<
NUM_USERS
:
USER_DN
=
(
'
uid=master
'
+
self
.
id
+
'
_entry
'
+
str
(
idx
)
+
'
,
'
+
...
...
@@ -290,7 +296,7 @@ class ModUsers(threading.Thread):
conn
.
close
()
# Undo modrdn to we can rerun this test
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
idx
=
0
while
idx
<
NUM_USERS
:
USER_DN
=
(
'
cn=master
'
+
self
.
id
+
'
_entry
'
+
str
(
idx
)
+
'
,
'
+
...
...
@@ -315,7 +321,7 @@ class DoSearches(threading.Thread):
def
run
(
self
):
# Equality
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
idx
=
0
while
idx
<
NUM_USERS
:
search_filter
=
(
'
(|(uid=master
'
+
self
.
id
+
'
_entry
'
+
str
(
idx
)
+
...
...
@@ -333,7 +339,7 @@ class DoSearches(threading.Thread):
conn
.
close
()
# Substring
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
idx
=
0
while
idx
<
NUM_USERS
:
search_filter
=
(
'
(|(uid=master
'
+
self
.
id
+
'
_entry
'
+
str
(
idx
)
+
...
...
@@ -360,7 +366,7 @@ class DoFullSearches(threading.Thread):
def
run
(
self
):
global
RUNNING
conn
=
self
.
inst
.
openConnection
()
conn
=
DirectoryManager
(
self
.
inst
).
bind
()
while
RUNNING
:
time
.
sleep
(
2
)
try
:
...
...
dirsrvtests/tests/stress/reliabilty/reliab_conn_test.py
View file @
94f30daf
...
...
@@ -12,8 +12,9 @@ from lib389._constants import *
from
lib389.properties
import
*
from
lib389.tasks
import
*
from
lib389.utils
import
*
from
lib389.idm.directorymanager
import
DirectoryManager
DEBUGGING
=
False
DEBUGGING
=
os
.
getenv
(
'
DEBUGGING
'
,
default
=
False
)
if
DEBUGGING
:
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
DEBUG
)
...
...
@@ -41,12 +42,10 @@ def topology(request):
"""
Create DS Deployment
"""
# Creating standalone instance ...
if
DEBUGGING
:
standalone
=
DirSrv
(
verbose
=
True
)
else
:
standalone
=
DirSrv
(
verbose
=
False
)
standalone
=
DirSrv
(
verbose
=
DEBUGGING
)
args_instance
[
SER_HOST
]
=
HOST_STANDALONE
args_instance
[
SER_PORT
]
=
PORT_STANDALONE
args_instance
[
SER_SECURE_PORT
]
=
SECUREPORT_STANDALONE
args_instance
[
SER_SERVERID_PROP
]
=
SERVERID_STANDALONE
args_instance
[
SER_CREATION_SUFFIX
]
=
DEFAULT_SUFFIX
args_standalone
=
args_instance
.
copy
()
...
...
@@ -129,7 +128,7 @@ class BindOnlyConn(threading.Thread):
global
STOP
while
idx
<
MAX_CONNS
and
not
STOP
:
try
:
conn
=
self
.
inst
.
openConnection
(
)
conn
=
DirectoryManager
(
self
.
inst
).
bind
(
connOnly
=
True
)
conn
.
unbind_s
()
time
.
sleep
(.
2
)
err_count
=
0
...
...
@@ -160,7 +159,7 @@ class IdleConn(threading.Thread):
global
STOP
while
idx
<
(
MAX_CONNS
/
10
)
and
not
STOP
:
try
:
conn
=
self
.
inst
.
openConnection
()
conn
=
self
.
inst
.
clone
()
conn
.
simple_bind_s
(
'
uid=entry0,dc=example,dc=com
'
,
'
password
'
)
conn
.
search_s
(
'
dc=example,dc=com
'
,
ldap
.
SCOPE_SUBTREE
,
'
uid=*
'
)
...
...
@@ -197,7 +196,7 @@ class LongConn(threading.Thread):
global
STOP
while
idx
<
MAX_CONNS
and
not
STOP
:
try
:
conn
=
self
.
inst
.
openConnection
()
conn
=
self
.
inst
.
clone
()
conn
.
search_s
(
'
dc=example,dc=com
'
,
ldap
.
SCOPE_SUBTREE
,
'
objectclass=*
'
)
conn
.
search_s
(
'
dc=example,dc=com
'
,
ldap
.
SCOPE_SUBTREE
,
...
...
dirsrvtests/tests/suites/acl/acl_deny_test.py
0 → 100644
View file @
94f30daf
import
logging
import
pytest
import
os
import
ldap
import
time
from
lib389._constants
import
*
from
lib389.topologies
import
topology_st
as
topo
from
lib389.idm.user
import
UserAccount
,
UserAccounts
,
TEST_USER_PROPERTIES
from
lib389.idm.domain
import
Domain
DEBUGGING
=
os
.
getenv
(
"
DEBUGGING
"
,
default
=
False
)
if
DEBUGGING
:
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
DEBUG
)
else
:
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
INFO
)
log
=
logging
.
getLogger
(
__name__
)
BIND_DN2
=
'
uid=tuser,ou=People,dc=example,dc=com
'
BIND_RDN2
=
'
tuser
'
BIND_DN
=
'
uid=tuser1,ou=People,dc=example,dc=com
'
BIND_RDN
=
'
tuser1
'
SRCH_FILTER
=
"
uid=tuser1
"
SRCH_FILTER2
=
"
uid=tuser
"
aci_list_A
=
[
'
(targetattr !=
"
userPassword
"
) (version 3.0; acl
"
Anonymous access
"
; allow (read, search, compare)userdn =
"
ldap:///anyone
"
;)
'
,
'
(targetattr =
"
*
"
) (version 3.0;acl
"
allow tuser
"
;allow (all)(userdn =
"
ldap:///uid=tuser5,ou=People,dc=example,dc=com
"
);)
'
,
'
(targetattr !=
"
uid || mail
"
) (version 3.0; acl
"
deny-attrs
"
; deny (all) (userdn =
"
ldap:///anyone
"
);)
'
,
'
(targetfilter =
"
(inetUserStatus=1)
"
) ( version 3.0; acl
"
deny-specific-entry
"
; deny(all) (userdn =
"
ldap:///anyone
"
);)
'
]
aci_list_B
=
[
'
(targetattr !=
"
userPassword
"
) (version 3.0; acl
"
Anonymous access
"
; allow (read, search, compare)userdn =
"
ldap:///anyone
"
;)
'
,
'
(targetattr !=
"
uid || mail
"
) (version 3.0; acl
"
deny-attrs
"
; deny (all) (userdn =
"
ldap:///anyone
"
);)
'
,
'
(targetfilter =
"
(inetUserStatus=1)
"
) ( version 3.0; acl
"
deny-specific-entry
"
; deny(all) (userdn =
"
ldap:///anyone
"
);)
'
]
@pytest.fixture
(
scope
=
"
module
"
)
def
aci_setup
(
topo
):
topo
.
standalone
.
log
.
info
(
"
Add {}
"
.
format
(
BIND_DN
))
user
=
UserAccount
(
topo
.
standalone
,
BIND_DN
)
user_props
=
TEST_USER_PROPERTIES
.
copy
()
user_props
.
update
({
'
sn
'
:
BIND_RDN
,
'
cn
'
:
BIND_RDN
,
'
uid
'
:
BIND_RDN
,
'
inetUserStatus
'
:
'
1
'
,
'
objectclass
'
:
'
extensibleObject
'
,
'
userpassword
'
:
PASSWORD
})
user
.
create
(
properties
=
user_props
,
basedn
=
SUFFIX
)
topo
.
standalone
.
log
.
info
(
"
Add {}
"
.
format
(
BIND_DN2
))
user2
=
UserAccount
(
topo
.
standalone
,
BIND_DN2
)
user_props
=
TEST_USER_PROPERTIES
.
copy
()
user_props
.
update
({
'
sn
'
:
BIND_RDN2
,
'
cn
'
:
BIND_RDN2
,
'
uid
'
:
BIND_RDN2
,
'
userpassword
'
:
PASSWORD
})
user2
.
create
(
properties
=
user_props
,
basedn
=
SUFFIX
)
def
test_multi_deny_aci
(
topo
,
aci_setup
):
"""
Test that mutliple deny rules work, and that they the cache properly
stores the result
:id: 294c366d-850e-459e-b5a0-3cc828ec3aca
:setup: Standalone Instance
:steps:
1. Add aci_list_A aci
'
s and verify two searches on the same connection
behave the same
2. Add aci_list_B aci
'
s and verify search fails as expected
:expectedresults:
1. Both searches do not return any entries
2. Seaches do not return any entries
"""
if
DEBUGGING
:
# Maybe add aci logging?
pass
suffix
=
Domain
(
topo
.
standalone
,
DEFAULT_SUFFIX
)
for
run
in
range
(
2
):
topo
.
standalone
.
log
.
info
(
"
Pass
"
+
str
(
run
+
1
))
# Test ACI List A
topo
.
standalone
.
log
.
info
(
"
Testing two searches behave the same...
"
)
topo
.
standalone
.
simple_bind_s
(
DN_DM
,
PASSWORD
)
suffix
.
set
(
'
aci
'
,
aci_list_A
,
ldap
.
MOD_REPLACE
)
time
.
sleep
(
1
)
topo
.
standalone
.
simple_bind_s
(
BIND_DN
,
PASSWORD
)
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 1
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 2
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as good user
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as good user
"
)
assert
False
# Bind a different user who has rights
topo
.
standalone
.
simple_bind_s
(
BIND_DN2
,
PASSWORD
)
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as good user
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as good user (2)
"
)
assert
False
if
run
>
0
:
# Second pass
topo
.
standalone
.
restart
()
# Reset ACI's and do the second test
topo
.
standalone
.
log
.
info
(
"
Testing search does not return any entries...
"
)
topo
.
standalone
.
simple_bind_s
(
DN_DM
,
PASSWORD
)
suffix
.
set
(
'
aci
'
,
aci_list_B
,
ldap
.
MOD_REPLACE
)
time
.
sleep
(
1
)
topo
.
standalone
.
simple_bind_s
(
BIND_DN
,
PASSWORD
)
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 1
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 2
"
)
assert
False
if
run
>
0
:
# Second pass
topo
.
standalone
.
restart
()
# Bind as different user who has rights
topo
.
standalone
.
simple_bind_s
(
BIND_DN2
,
PASSWORD
)
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as good user
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as good user (2)
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 1
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 2
"
)
assert
False
# back to user 1
topo
.
standalone
.
simple_bind_s
(
BIND_DN
,
PASSWORD
)
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as user1
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER2
)
if
entries
is
None
or
len
(
entries
)
==
0
:
topo
.
standalone
.
log
.
fatal
(
"
Failed to get entry as user1 (2)
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 1
"
)
assert
False
entries
=
topo
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
SRCH_FILTER
)
if
entries
and
entries
[
0
]:
topo
.
standalone
.
log
.
fatal
(
"
Incorrectly got an entry returned from search 2
"
)
assert
False
topo
.
standalone
.
log
.
info
(
"
Test PASSED
"
)
if
__name__
==
'
__main__
'
:
# Run isolated
# -s for DEBUG mode
CURRENT_FILE
=
os
.
path
.
realpath
(
__file__
)
pytest
.
main
([
"
-s
"
,
CURRENT_FILE
])
dirsrvtests/tests/suites/acl/acl_test.py
View file @
94f30daf
This diff is collapsed.
Click to expand it.
dirsrvtests/tests/suites/acl/enhanced_aci_modrnd_test.py
0 → 100644
View file @
94f30daf
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2016 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
import
pytest
from
lib389.tasks
import
*
from
lib389.utils
import
*
from
lib389.topologies
import
topology_st
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
DEBUG
)
log
=
logging
.
getLogger
(
__name__
)
CONTAINER_1_OU
=
'
test_ou_1
'
CONTAINER_2_OU
=
'
test_ou_2
'
CONTAINER_1
=
f
'
ou=
{
CONTAINER_1_OU
}
,dc=example,dc=com
'
CONTAINER_2
=
f
'
ou=
{
CONTAINER_2_OU
}
,dc=example,dc=com
'
USER_CN
=
'
test_user
'
USER_PWD
=
'
Secret123
'
USER
=
f
'
cn=
{
USER_CN
}
,
{
CONTAINER_1
}
'
@pytest.fixture
(
scope
=
"
module
"
)
def
env_setup
(
topology_st
):
"""
Adds two containers, one user and two ACI rules
"""
log
.
info
(
"
Add a container: %s
"
%
CONTAINER_1
)
topology_st
.
standalone
.
add_s
(
Entry
((
CONTAINER_1
,
{
'
objectclass
'
:
'
top
'
,
'
objectclass
'
:
'
organizationalunit
'
,
'
ou
'
:
CONTAINER_1_OU
,
})))
log
.
info
(
"
Add a container: %s
"
%
CONTAINER_2
)
topology_st
.
standalone
.
add_s
(
Entry
((
CONTAINER_2
,
{
'
objectclass
'
:
'
top
'
,
'
objectclass
'
:
'
organizationalunit
'
,
'
ou
'
:
CONTAINER_2_OU
,
})))
log
.
info
(
"
Add a user: %s
"
%
USER
)
topology_st
.
standalone
.
add_s
(
Entry
((
USER
,
{
'
objectclass
'
:
'
top person
'
.
split
(),
'
cn
'
:
USER_CN
,
'
sn
'
:
USER_CN
,
'
userpassword
'
:
USER_PWD
})))
ACI_TARGET
=
'
(targetattr=
"
*
"
)
'
ACI_ALLOW
=
'
(version 3.0; acl
"
All rights for %s
"
; allow (all)
'
%
USER
ACI_SUBJECT
=
'
userdn=
"
ldap:///%s
"
;)
'
%
USER
ACI_BODY
=
ACI_TARGET
+
ACI_ALLOW
+
ACI_SUBJECT
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ensure_bytes
(
ACI_BODY
))]
log
.
info
(
"
Add an ACI
'
allow (all)
'
by %s to the %s
"
%
(
USER
,
CONTAINER_1
))
topology_st
.
standalone
.
modify_s
(
CONTAINER_1
,
mod
)
log
.
info
(
"
Add an ACI
'
allow (all)
'
by %s to the %s
"
%
(
USER
,
CONTAINER_2
))
topology_st
.
standalone
.
modify_s
(
CONTAINER_2
,
mod
)
@pytest.mark.ds47553
def
test_enhanced_aci_modrnd
(
topology_st
,
env_setup
):
"""
Tests, that MODRDN operation is allowed,
if user has ACI right
'
(all)
'
under superior entries,
but doesn
'
t have
'
(modrdn)
'
:id: 492cf2a9-2efe-4e3b-955e-85eca61d66b9
:setup: Standalone instance
:steps:
1. Create two containers
2. Create a user within
"
ou=test_ou_1,dc=example,dc=com
"
3. Add an aci with a rule
"
cn=test_user is allowed all
"
within these containers
4. Run MODRDN operation on the
"
cn=test_user
"
and set
"
newsuperior
"
to
the
"
ou=test_ou_2,dc=example,dc=com
"
5. Check there is no user under container one (ou=test_ou_1,dc=example,dc=com)
6. Check there is a user under container two (ou=test_ou_2,dc=example,dc=com)
:expectedresults:
1. Two containers should be created
2. User should be added successfully
3. This should pass
4. This should pass
5. User should not be found under container ou=test_ou_1,dc=example,dc=com
6. User should be found under container ou=test_ou_2,dc=example,dc=com
"""
log
.
info
(
"
Bind as %s
"
%
USER
)
topology_st
.
standalone
.
simple_bind_s
(
USER
,
USER_PWD
)
log
.
info
(
"
User MODRDN operation from %s to %s
"
%
(
CONTAINER_1
,
CONTAINER_2
))
topology_st
.
standalone
.
rename_s
(
USER
,
"
cn=%s
"
%
USER_CN
,
newsuperior
=
CONTAINER_2
,
delold
=
1
)
log
.
info
(
"
Check there is no user in %s
"
%
CONTAINER_1
)
entries
=
topology_st
.
standalone
.
search_s
(
CONTAINER_1
,
ldap
.
SCOPE_ONELEVEL
,
'
cn=%s
'
%
USER_CN
)
assert
not
entries
log
.
info
(
"
Check there is our user in %s
"
%
CONTAINER_2
)
entries
=
topology_st
.
standalone
.
search_s
(
CONTAINER_2
,
ldap
.
SCOPE_ONELEVEL
,
'
cn=%s
'
%
USER_CN
)
assert
entries
if
__name__
==
'
__main__
'
:
# Run isolated
# -s for DEBUG mode
# -v for additional verbose
CURRENT_FILE
=
os
.
path
.
realpath
(
__file__
)
pytest
.
main
(
"
-s -v %s
"
%
CURRENT_FILE
)
dirsrvtests/tests/
tickets/ticket1347760
_test.py
→
dirsrvtests/tests/
suites/acl/repeated_ldap_add
_test.py
View file @
94f30daf
...
...
@@ -34,6 +34,8 @@ BOGUSSUFFIX = 'uid=bogus,ou=people,dc=bogus'
GROUPOU
=
'
ou=groups,%s
'
%
DEFAULT_SUFFIX
BOGUSOU
=
'
ou=OU,%s
'
%
DEFAULT_SUFFIX
def
get_ldap_error_msg
(
e
,
type
):
return
e
.
args
[
0
][
type
]
def
pattern_accesslog
(
file
,
log_pattern
):
for
i
in
range
(
5
):
...
...
@@ -111,7 +113,7 @@ def check_op_result(server, op, dn, superior, exists, rc):
server
.
add_s
(
Entry
((
dn
,
{
'
objectclass
'
:
'
top extensibleObject
'
.
split
(),
'
cn
'
:
'
test entry
'
})))
elif
op
==
'
modify
'
:
server
.
modify_s
(
dn
,
[(
ldap
.
MOD_REPLACE
,
'
description
'
,
'
test
'
)])
server
.
modify_s
(
dn
,
[(
ldap
.
MOD_REPLACE
,
'
description
'
,
b
'
test
'
)])
elif
op
==
'
modrdn
'
:
if
superior
is
not
None
:
server
.
rename_s
(
dn
,
'
uid=new
'
,
newsuperior
=
superior
,
delold
=
1
)
...
...
@@ -125,10 +127,10 @@ def check_op_result(server, op, dn, superior, exists, rc):
except
ldap
.
LDAPError
as
e
:
hit
=
1
log
.
info
(
"
Exception (expected): %s
"
%
type
(
e
).
__name__
)
log
.
info
(
'
Desc
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Desc
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
desc
'
))
)
assert
isinstance
(
e
,
rc
)
if
'
matched
'
in
e
.
message
:
log
.
info
(
'
Matched is returned:
'
+
e
.
message
[
'
matched
'
]
)
if
'
matched
'
in
e
.
args
:
log
.
info
(
'
Matched is returned:
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
matched
'
))
)
if
rc
!=
ldap
.
NO_SUCH_OBJECT
:
assert
False
...
...
@@ -144,14 +146,43 @@ def check_op_result(server, op, dn, superior, exists, rc):
log
.
info
(
'
PASSED
\n
'
)
def
test_ticket1347760
(
topology_st
):
"""
Prevent revealing the entry info to whom has no access rights.
@pytest.mark.bz1347760
def
test_repeated_ldap_add
(
topology_st
):
"""
Prevent revealing the entry info to whom has no access rights.
:id: 76d278bd-3e51-4579-951a-753e6703b4df
:setup: Standalone instance
:steps:
1. Disable accesslog logbuffering
2. Bind as
"
cn=Directory Manager
"
3. Add a organisational unit as BOU
4. Add a bind user as uid=buser123,ou=BOU,dc=example,dc=com
5. Add a test user as uid=tuser0,ou=People,dc=example,dc=com
6. Delete aci in dc=example,dc=com
7. Bind as Directory Manager, acquire an access log path and instance dir
8. Bind as uid=buser123,ou=BOU,dc=example,dc=com who has no right to read the entry
9. Bind as uid=bogus,ou=people,dc=bogus,bogus who does not exist
10. Bind as uid=buser123,ou=BOU,dc=example,dc=com,bogus with wrong password
11. Adding aci for uid=buser123,ou=BOU,dc=example,dc=com to ou=BOU,dc=example,dc=com.
12. Bind as uid=buser123,ou=BOU,dc=example,dc=com now who has right to read the entry
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should be successful
8. Bind operation should be successful with no search result
9. Bind operation should Fail
10. Bind operation should Fail
11. Operation should be successful
12. Bind operation should be successful with search result
"""
log
.
info
(
'
Testing Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc.
'
)
log
.
info
(
'
Disabling accesslog logbuffering
'
)
topology_st
.
standalone
.
modify_s
(
CONFIG_DN
,
[(
ldap
.
MOD_REPLACE
,
'
nsslapd-accesslog-logbuffering
'
,
'
off
'
)])
topology_st
.
standalone
.
modify_s
(
CONFIG_DN
,
[(
ldap
.
MOD_REPLACE
,
'
nsslapd-accesslog-logbuffering
'
,
b
'
off
'
)])
log
.
info
(
'
Bind as {%s,%s}
'
%
(
DN_DM
,
PASSWORD
))
topology_st
.
standalone
.
simple_bind_s
(
DN_DM
,
PASSWORD
)
...
...
@@ -189,7 +220,7 @@ def test_ticket1347760(topology_st):
try
:
topology_st
.
standalone
.
simple_bind_s
(
BINDDN
,
BINDPW
)
except
ldap
.
LDAPError
as
e
:
log
.
info
(
'
Desc
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Desc
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
desc
'
))
)
assert
False
file_obj
=
open
(
file_path
,
"
r
"
)
...
...
@@ -202,7 +233,7 @@ def test_ticket1347760(topology_st):
topology_st
.
standalone
.
simple_bind_s
(
BOGUSDN
,
'
bogus
'
)
except
ldap
.
LDAPError
as
e
:
log
.
info
(
"
Exception (expected): %s
"
%
type
(
e
).
__name__
)
log
.
info
(
'
Desc
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Desc
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
desc
'
))
)
assert
isinstance
(
e
,
ldap
.
INVALID_CREDENTIALS
)
regex
=
re
.
compile
(
'
No such entry
'
)
cause
=
pattern_accesslog
(
file_obj
,
regex
)
...
...
@@ -234,7 +265,7 @@ def test_ticket1347760(topology_st):
topology_st
.
standalone
.
simple_bind_s
(
BINDDN
,
'
bogus
'
)
except
ldap
.
LDAPError
as
e
:
log
.
info
(
"
Exception (expected): %s
"
%
type
(
e
).
__name__
)
log
.
info
(
'
Desc
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Desc
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
desc
'
))
)
assert
isinstance
(
e
,
ldap
.
INVALID_CREDENTIALS
)
regex
=
re
.
compile
(
'
Invalid credentials
'
)
cause
=
pattern_accesslog
(
file_obj
,
regex
)
...
...
@@ -250,7 +281,7 @@ def test_ticket1347760(topology_st):
log
.
info
(
'
aci: %s
'
%
acival
)
log
.
info
(
'
Bind as {%s,%s}
'
%
(
DN_DM
,
PASSWORD
))
topology_st
.
standalone
.
simple_bind_s
(
DN_DM
,
PASSWORD
)
topology_st
.
standalone
.
modify_s
(
BINDOU
,
[(
ldap
.
MOD_ADD
,
'
aci
'
,
acival
)])
topology_st
.
standalone
.
modify_s
(
BINDOU
,
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ensure_bytes
(
acival
)
)
])
time
.
sleep
(
1
)
log
.
info
(
'
Bind case 3. the bind user has the right to read the entry itself, bind should be successful.
'
)
...
...
@@ -376,14 +407,14 @@ def test_ticket1347760(topology_st):
acival
=
'
(targetattr=
"
*
"
)(version 3.0; acl
"
%s-all
"
; allow(all) userdn =
"
ldap:///%s
"
;)
'
%
(
BUID
,
BINDDN
)
log
.
info
(
'
Bind as {%s,%s}
'
%
(
DN_DM
,
PASSWORD
))
topology_st
.
standalone
.
simple_bind_s
(
DN_DM
,
PASSWORD
)
topology_st
.
standalone
.
modify_s
(
DEFAULT_SUFFIX
,
[(
ldap
.
MOD_ADD
,
'
aci
'
,
acival
)])
topology_st
.
standalone
.
modify_s
(
DEFAULT_SUFFIX
,
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ensure_bytes
(
acival
)
)
])
time
.
sleep
(
1
)
log
.
info
(
'
Bind as {%s,%s}.
'
%
(
BINDDN
,
BINDPW
))
try
:
topology_st
.
standalone
.
simple_bind_s
(
BINDDN
,
BINDPW
)
except
ldap
.
LDAPError
as
e
:
log
.
info
(
'
Desc
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Desc
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
desc
'
))
)
assert
False
time
.
sleep
(
1
)
...
...
@@ -434,7 +465,7 @@ def test_ticket1347760(topology_st):
topology_st
.
standalone
.
simple_bind_s
(
BINDDN
,
BUID
)
except
ldap
.
LDAPError
as
e
:
log
.
info
(
"
Exception (expected): %s
"
%
type
(
e
).
__name__
)
log
.
info
(
'
Desc
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Desc
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
desc
'
))
)
assert
isinstance
(
e
,
ldap
.
UNWILLING_TO_PERFORM
)
log
.
info
(
'
Bind as {%s,%s} which should fail with %s.
'
%
(
BINDDN
,
'
bogus
'
,
ldap
.
UNWILLING_TO_PERFORM
.
__name__
))
...
...
@@ -442,7 +473,7 @@ def test_ticket1347760(topology_st):
topology_st
.
standalone
.
simple_bind_s
(
BINDDN
,
'
bogus
'
)
except
ldap
.
LDAPError
as
e
:
log
.
info
(
"
Exception (expected): %s
"
%
type
(
e
).
__name__
)
log
.
info
(
'
Desc
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Desc
{}
'
.
format
(
get_ldap_error_msg
(
e
,
'
desc
'
))
)
assert
isinstance
(
e
,
ldap
.
UNWILLING_TO_PERFORM
)
log
.
info
(
'
SUCCESS
'
)
...
...
@@ -453,3 +484,4 @@ if __name__ == '__main__':
# -s for DEBUG mode
CURRENT_FILE
=
os
.
path
.
realpath
(
__file__
)
pytest
.
main
(
"
-s %s
"
%
CURRENT_FILE
)
dirsrvtests/tests/
tickets/ticket47653
_test.py
→
dirsrvtests/tests/
suites/acl/selfdn_permissions
_test.py
View file @
94f30daf
...
...
@@ -46,18 +46,14 @@ def _oc_definition(oid_ext, name, must=None, may=None):
may
=
MAY
new_oc
=
"
( %s NAME
'
%s
'
DESC
'
%s
'
SUP %s AUXILIARY MUST %s MAY %s )
"
%
(
oid
,
name
,
desc
,
sup
,
must
,
may
)
return
new_oc
return
ensure_bytes
(
new_oc
)
def
test_ticket47653_init
(
topology_st
):
"""
It adds
- Objectclass with MAY
'
member
'
- an entry (
'
bind_entry
'
) with which we bind to test the
'
SELFDN
'
operation
It deletes the anonymous aci
@pytest.fixture
(
scope
=
"
module
"
)
def
allow_user_init
(
topology_st
):
"""
Initialize the test environment
"""
topology_st
.
standalone
.
log
.
info
(
"
Add %s that allows
'
member
'
attribute
"
%
OC_NAME
)
new_oc
=
_oc_definition
(
2
,
OC_NAME
,
must
=
MUST
,
may
=
MAY
)
topology_st
.
standalone
.
schema
.
add_schema
(
'
objectClasses
'
,
new_oc
)
...
...
@@ -71,7 +67,7 @@ def test_ticket47653_init(topology_st):
'
userpassword
'
:
BIND_PW
})))
# enable acl error logging
mod
=
[(
ldap
.
MOD_REPLACE
,
'
nsslapd-errorlog-level
'
,
'
128
'
)]
mod
=
[(
ldap
.
MOD_REPLACE
,
'
nsslapd-errorlog-level
'
,
b
'
128
'
)]
topology_st
.
standalone
.
modify_s
(
DN_CONFIG
,
mod
)
# Remove aci's to start with a clean slate
...
...
@@ -87,13 +83,25 @@ def test_ticket47653_init(topology_st):
'
cn
'
:
name
})))
def
test_ticket47653_add
(
topology_st
):
'''
It checks that, bound as bind_entry,
- we can not ADD an entry without the proper SELFDN aci.
- with the proper ACI we can not ADD with
'
member
'
attribute
- with the proper ACI and
'
member
'
it succeeds to ADD
'''
@pytest.mark.ds47653
def
test_selfdn_permission_add
(
topology_st
,
allow_user_init
):
"""
Check add entry operation with and without SelfDN aci
:id: e837a9ef-be92-48da-ad8b-ebf42b0fede1
:setup: Standalone instance, add a entry which is used to bind,
enable acl error logging by setting
'
nsslapd-errorlog-level
'
to
'
128
'
,
remove aci
'
s to start with a clean slate, and add dummy entries
:steps:
1. Check we can not ADD an entry without the proper SELFDN aci
2. Check with the proper ACI we can not ADD with
'
member
'
attribute
3. Check entry to add with memberS and with the ACI
4. Check with the proper ACI and
'
member
'
it succeeds to ADD
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should fail with Insufficient Access
4. Operation should be successful
"""
topology_st
.
standalone
.
log
.
info
(
"
\n\n
######################### ADD ######################
\n
"
)
# bind as bind_entry
...
...
@@ -143,7 +151,7 @@ def test_ticket47653_add(topology_st):
ACI_ALLOW
=
"
(version 3.0; acl
\"
SelfDN add
\"
; allow (add)
"
ACI_SUBJECT
=
"
userattr =
\"
member#selfDN
\"
;)
"
ACI_BODY
=
ACI_TARGET
+
ACI_TARGETFILTER
+
ACI_ALLOW
+
ACI_SUBJECT
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ACI_BODY
)]
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ensure_bytes
(
ACI_BODY
)
)
]
topology_st
.
standalone
.
modify_s
(
SUFFIX
,
mod
)
# bind as bind_entry
...
...
@@ -176,12 +184,23 @@ def test_ticket47653_add(topology_st):
topology_st
.
standalone
.
add_s
(
entry_with_member
)
def
test_ticket47653_search
(
topology_st
):
'''
It checks that, bound as bind_entry,
- we can not search an entry without the proper SELFDN aci.
- adding the ACI, we can search the entry
'''
@pytest.mark.ds47653
def
test_selfdn_permission_search
(
topology_st
,
allow_user_init
):
"""
Check search operation with and without SelfDN aci
:id: 06d51ef9-c675-4583-99b2-4852dbda190e
:setup: Standalone instance, add a entry which is used to bind,
enable acl error logging by setting
'
nsslapd-errorlog-level
'
to
'
128
'
,
remove aci
'
s to start with a clean slate, and add dummy entries
:steps:
1. Check we can not search an entry without the proper SELFDN aci
2. Add proper ACI
3. Check we can search with the proper ACI
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
"""
topology_st
.
standalone
.
log
.
info
(
"
\n\n
######################### SEARCH ######################
\n
"
)
# bind as bind_entry
topology_st
.
standalone
.
log
.
info
(
"
Bind as %s
"
%
BIND_DN
)
...
...
@@ -202,7 +221,7 @@ def test_ticket47653_search(topology_st):
ACI_ALLOW
=
"
(version 3.0; acl
\"
SelfDN search-read
\"
; allow (read, search, compare)
"
ACI_SUBJECT
=
"
userattr =
\"
member#selfDN
\"
;)
"
ACI_BODY
=
ACI_TARGET
+
ACI_TARGETATTR
+
ACI_TARGETFILTER
+
ACI_ALLOW
+
ACI_SUBJECT
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ACI_BODY
)]
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ensure_bytes
(
ACI_BODY
)
)
]
topology_st
.
standalone
.
modify_s
(
SUFFIX
,
mod
)
# bind as bind_entry
...
...
@@ -215,12 +234,23 @@ def test_ticket47653_search(topology_st):
assert
len
(
ents
)
==
1
def
test_ticket47653_modify
(
topology_st
):
'''
It checks that, bound as bind_entry,
- we can not modify an entry without the proper SELFDN aci.
- adding the ACI, we can modify the entry
'''
@pytest.mark.ds47653
def
test_selfdn_permission_modify
(
topology_st
,
allow_user_init
):
"""
Check modify operation with and without SelfDN aci
:id: 97a58844-095f-44b0-9029-dd29a7d83d68
:setup: Standalone instance, add a entry which is used to bind,
enable acl error logging by setting
'
nsslapd-errorlog-level
'
to
'
128
'
,
remove aci
'
s to start with a clean slate, and add dummy entries
:steps:
1. Check we can not modify an entry without the proper SELFDN aci
2. Add proper ACI
3. Modify the entry and check the modified value
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
"""
# bind as bind_entry
topology_st
.
standalone
.
log
.
info
(
"
Bind as %s
"
%
BIND_DN
)
topology_st
.
standalone
.
simple_bind_s
(
BIND_DN
,
BIND_PW
)
...
...
@@ -230,7 +260,7 @@ def test_ticket47653_modify(topology_st):
# entry to modify WITH member being BIND_DN but WITHOUT the ACI -> ldap.INSUFFICIENT_ACCESS
try
:
topology_st
.
standalone
.
log
.
info
(
"
Try to modify %s (aci is missing)
"
%
ENTRY_DN
)
mod
=
[(
ldap
.
MOD_REPLACE
,
'
postalCode
'
,
'
9876
'
)]
mod
=
[(
ldap
.
MOD_REPLACE
,
'
postalCode
'
,
b
'
9876
'
)]
topology_st
.
standalone
.
modify_s
(
ENTRY_DN
,
mod
)
except
Exception
as
e
:
topology_st
.
standalone
.
log
.
info
(
"
Exception (expected): %s
"
%
type
(
e
).
__name__
)
...
...
@@ -246,7 +276,7 @@ def test_ticket47653_modify(topology_st):
ACI_ALLOW
=
"
(version 3.0; acl
\"
SelfDN write
\"
; allow (write)
"
ACI_SUBJECT
=
"
userattr =
\"
member#selfDN
\"
;)
"
ACI_BODY
=
ACI_TARGET
+
ACI_TARGETATTR
+
ACI_TARGETFILTER
+
ACI_ALLOW
+
ACI_SUBJECT
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ACI_BODY
)]
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ensure_bytes
(
ACI_BODY
)
)
]
topology_st
.
standalone
.
modify_s
(
SUFFIX
,
mod
)
# bind as bind_entry
...
...
@@ -255,20 +285,30 @@ def test_ticket47653_modify(topology_st):
# modify the entry and checks the value
topology_st
.
standalone
.
log
.
info
(
"
Try to modify %s. It should succeeds
"
%
ENTRY_DN
)
mod
=
[(
ldap
.
MOD_REPLACE
,
'
postalCode
'
,
'
1928
'
)]
mod
=
[(
ldap
.
MOD_REPLACE
,
'
postalCode
'
,
b
'
1928
'
)]
topology_st
.
standalone
.
modify_s
(
ENTRY_DN
,
mod
)
ents
=
topology_st
.
standalone
.
search_s
(
ENTRY_DN
,
ldap
.
SCOPE_BASE
,
'
objectclass=*
'
)
assert
len
(
ents
)
==
1
assert
ents
[
0
].
postalCode
==
'
1928
'
def
test_ticket47653_delete
(
topology_st
):
'''
It checks that, bound as bind_entry,
- we can not delete an entry without the proper SELFDN aci.
- adding the ACI, we can delete the entry
'''
assert
ensure_str
(
ents
[
0
].
postalCode
)
==
'
1928
'
@pytest.mark.ds47653
def
test_selfdn_permission_delete
(
topology_st
,
allow_user_init
):
"""
Check delete operation with and without SelfDN aci
:id: 0ec4c0ec-e7b0-4ef1-8373-ab25aae34516
:setup: Standalone instance, add a entry which is used to bind,
enable acl error logging by setting
'
nsslapd-errorlog-level
'
to
'
128
'
,
remove aci
'
s to start with a clean slate, and add dummy entries
:steps:
1. Check we can not delete an entry without the proper SELFDN aci
2. Add proper ACI
3. Check we can perform delete operation with proper ACI
:expectedresults:
1. Operation should be successful
2. Operation should be successful
"""
topology_st
.
standalone
.
log
.
info
(
"
\n\n
######################### DELETE ######################
\n
"
)
# bind as bind_entry
...
...
@@ -292,14 +332,14 @@ def test_ticket47653_delete(topology_st):
ACI_ALLOW
=
"
(version 3.0; acl
\"
SelfDN delete
\"
; allow (delete)
"
ACI_SUBJECT
=
"
userattr =
\"
member#selfDN
\"
;)
"
ACI_BODY
=
ACI_TARGET
+
ACI_TARGETFILTER
+
ACI_ALLOW
+
ACI_SUBJECT
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ACI_BODY
)]
mod
=
[(
ldap
.
MOD_ADD
,
'
aci
'
,
ensure_bytes
(
ACI_BODY
)
)
]
topology_st
.
standalone
.
modify_s
(
SUFFIX
,
mod
)
# bind as bind_entry
topology_st
.
standalone
.
log
.
info
(
"
Bind as %s
"
%
BIND_DN
)
topology_st
.
standalone
.
simple_bind_s
(
BIND_DN
,
BIND_PW
)
# entry to
search
with the proper aci
# entry to
delete
with the proper aci
topology_st
.
standalone
.
log
.
info
(
"
Try to delete %s should be successful
"
%
ENTRY_DN
)
topology_st
.
standalone
.
delete_s
(
ENTRY_DN
)
...
...
dirsrvtests/tests/suites/automember_plugin/automember_test.py
0 → 100644
View file @
94f30daf
import
logging
import
pytest
import
os
import
ldap
from
lib389.utils
import
ds_is_older
from
lib389._constants
import
*
from
lib389.plugins
import
AutoMembershipPlugin
,
AutoMembershipDefinition
,
AutoMembershipDefinitions
from
lib389._mapped_object
import
DSLdapObjects
,
DSLdapObject
from
lib389
import
agreement
from
lib389.idm.user
import
UserAccount
,
UserAccounts
,
TEST_USER_PROPERTIES
from
lib389.idm.group
import
Groups
,
Group
from
lib389.topologies
import
topology_st
as
topo
from
lib389._constants
import
DEFAULT_SUFFIX
# Skip on older versions
pytestmark
=
pytest
.
mark
.
skipif
(
ds_is_older
(
'
1.3.7
'
),
reason
=
"
Not implemented
"
)
DEBUGGING
=
os
.
getenv
(
"
DEBUGGING
"
,
default
=
False
)
if
DEBUGGING
:
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
DEBUG
)
else
:
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
INFO
)
log
=
logging
.
getLogger
(
__name__
)
@pytest.fixture
(
scope
=
"
module
"
)
def
automember_fixture
(
topo
,
request
):
groups
=
Groups
(
topo
.
standalone
,
DEFAULT_SUFFIX
)
group
=
groups
.
create
(
properties
=
{
'
cn
'
:
'
testgroup
'
})
automemberplugin
=
AutoMembershipPlugin
(
topo
.
standalone
)
automemberplugin
.
enable
()
topo
.
standalone
.
restart
()
automember_prop
=
{
'
cn
'
:
'
testgroup_definition
'
,
'
autoMemberScope
'
:
'
ou=People,
'
+
DEFAULT_SUFFIX
,
'
autoMemberFilter
'
:
'
objectclass=*
'
,
'
autoMemberDefaultGroup
'
:
group
.
dn
,
'
autoMemberGroupingAttr
'
:
'
member:dn
'
,
}
automembers
=
AutoMembershipDefinitions
(
topo
.
standalone
,
"
cn=Auto Membership Plugin,cn=plugins,cn=config
"
)
automember
=
automembers
.
create
(
properties
=
automember_prop
)
return
(
group
,
automembers
,
automember
)
def
test_automemberscope
(
automember_fixture
,
topo
):
"""
Test if the automember scope is valid
:id: c3d3f250-e7fd-4441-8387-3d24c156e982
:setup: Standalone instance, enabled Auto Membership Plugin
:steps:
1. Create automember with invalid cn that raises
UNWILLING_TO_PERFORM exception
2. If exception raised, set scope to any cn
3. If exception is not raised, set scope to with ou=People
:expectedresults:
1. Should be success
2. Should be success
3. Should be success
"""
(
group
,
automembers
,
automember
)
=
automember_fixture
automember_prop
=
{
'
cn
'
:
'
anyrandomcn
'
,
'
autoMemberScope
'
:
'
ou=People,
'
+
DEFAULT_SUFFIX
,
'
autoMemberFilter
'
:
'
objectclass=*
'
,
'
autoMemberDefaultGroup
'
:
group
.
dn
,
'
autoMemberGroupingAttr
'
:
'
member:dn
'
,
}
# depends on issue #49465
# with pytest.raises(ldap.UNWILLING_TO_PERFORM):
# automember = automembers.create(properties=automember_prop)
# automember.set_scope("cn=No Entry,%s" % DEFAULT_SUFFIX)
automember
.
set_scope
(
"
ou=People,%s
"
%
DEFAULT_SUFFIX
)
def
test_automemberfilter
(
automember_fixture
,
topo
):
"""
Test if the automember filter is valid
:id: 935c55de-52dc-4f80-b7dd-3aacd30f6df2
:setup: Standalone instance, enabled Auto Membership Plugin
:steps:
1. Create automember with invalid filter that raises
UNWILLING_TO_PERFORM exception
2. If exception raised, set filter to the invalid filter
3. If exception is not raised, set filter as all objectClasses
:expectedresults:
1. Should be success
2. Should be success
3. Should be success
"""
(
group
,
automembers
,
automember
)
=
automember_fixture
automember_prop
=
{
'
cn
'
:
'
anyrandomcn
'
,
'
autoMemberScope
'
:
'
ou=People,
'
+
DEFAULT_SUFFIX
,
'
autoMemberFilter
'
:
'
(ou=People
'
,
'
autoMemberDefaultGroup
'
:
group
.
dn
,
'
autoMemberGroupingAttr
'
:
'
member:dn
'
,
}
with
pytest
.
raises
(
ldap
.
UNWILLING_TO_PERFORM
):
automember
=
automembers
.
create
(
properties
=
automember_prop
)
automember
.
set_filter
(
"
(ou=People
"
)
automember
.
set_filter
(
"
objectClass=*
"
)
def
test_adduser
(
automember_fixture
,
topo
):
"""
Test if member is automatically added to the group
:id: 14f1e2f5-2162-41ab-962c-5293516baf2e
:setup: Standalone instance, enabled Auto Membership Plugin
:steps:
1. Create a user
2. Assert that the user is member of the group
:expectedresults:
1. Should be success
2. Should be success
"""
(
group
,
automembers
,
automember
)
=
automember_fixture
users
=
UserAccounts
(
topo
.
standalone
,
DEFAULT_SUFFIX
)
user
=
users
.
create
(
properties
=
TEST_USER_PROPERTIES
)
assert
group
.
is_member
(
user
.
dn
)
dirsrvtests/tests/suites/basic/basic_test.py
View file @
94f30daf
...
...
@@ -12,13 +12,13 @@
"""
from
subprocess
import
check_output
,
Popen
from
lib389.idm.user
import
UserAccounts
import
pytest
from
lib389.tasks
import
*
from
lib389.utils
import
*
from
lib389.topologies
import
topology_st
from
lib389.dbgen
import
dbgen
from
lib389.idm.organizationalunit
import
OrganizationalUnits
from
lib389._constants
import
DN_DM
,
PASSWORD
,
PW_DM
from
lib389.topologies
import
topology_st
...
...
@@ -44,7 +44,7 @@ def import_example_ldif(topology_st):
log
.
info
(
'
Initializing the
"
basic
"
test suite
'
)
ldif
=
'
%s/Example.ldif
'
%
get_data_dir
(
topology_st
.
standalone
.
prefix
)
ldif
=
'
%s/
dirsrv/data/
Example.ldif
'
%
topology_st
.
standalone
.
get_data_dir
(
)
import_ldif
=
topology_st
.
standalone
.
get_ldif_dir
()
+
"
/Example.ldif
"
shutil
.
copyfile
(
ldif
,
import_ldif
)
topology_st
.
standalone
.
tasks
.
importLDIF
(
suffix
=
DEFAULT_SUFFIX
,
...
...
@@ -298,7 +298,7 @@ def test_basic_import_export(topology_st, import_example_ldif):
#
# Cleanup - Import the Example LDIF for the other tests in this suite
#
ldif
=
'
%s/Example.ldif
'
%
get_data_dir
(
topology_st
.
standalone
.
prefix
)
ldif
=
'
%s/
dirsrv/data/
Example.ldif
'
%
topology_st
.
standalone
.
get_data_dir
(
)
import_ldif
=
topology_st
.
standalone
.
get_ldif_dir
()
+
"
/Example.ldif
"
shutil
.
copyfile
(
ldif
,
import_ldif
)
try
:
...
...
@@ -366,6 +366,25 @@ def test_basic_backup(topology_st, import_example_ldif):
log
.
info
(
'
test_basic_backup: PASSED
'
)
def
test_basic_db2index
(
topology_st
,
import_example_ldif
):
"""
Assert db2index can operate correctly.
:id: 191fc0fd-9722-46b5-a7c3-e8760effe119
:setup: Standalone instance
:steps:
1: call db2index
:expectedresults:
1: Index succeeds.
"""
topology_st
.
standalone
.
stop
()
topology_st
.
standalone
.
db2index
()
topology_st
.
standalone
.
db2index
(
suffixes
=
[
DEFAULT_SUFFIX
],
attrs
=
[
'
uid
'
])
topology_st
.
standalone
.
start
()
def
test_basic_acl
(
topology_st
,
import_example_ldif
):
"""
Run some basic access control (ACL) tests
...
...
@@ -580,7 +599,7 @@ def test_basic_referrals(topology_st, import_example_ldif):
:setup: Standalone instance
:steps:
1. Set the referral and the backen
idealy
d state
1. Set the referral and the backend state
2. Set backend state to referral mode.
3. Set server to not follow referral.
4. Search using referral.
...
...
@@ -868,6 +887,135 @@ adds nsslapd-return-default-opattr attr with value of one operation attribute.
log
.
fatal
(
'
Search failed, error:
'
+
e
.
message
[
'
desc
'
])
assert
False
@pytest.fixture
(
scope
=
"
module
"
)
def
test_users
(
topology_st
):
"""
Add users to the default suffix
"""
users
=
UserAccounts
(
topology_st
.
standalone
,
DEFAULT_SUFFIX
)
user_names
=
[
"
Directory
"
,
"
Server
"
,
"
389
"
,
"
lib389
"
,
"
pytest
"
]
log
.
info
(
'
Adding 5 test users
'
)
for
name
in
user_names
:
user
=
users
.
create
(
properties
=
{
'
uid
'
:
name
,
'
sn
'
:
name
,
'
cn
'
:
name
,
'
uidNumber
'
:
'
1000
'
,
'
gidNumber
'
:
'
1000
'
,
'
homeDirectory
'
:
'
/home/%s
'
%
name
,
'
mail
'
:
'
%s@example.com
'
%
name
,
'
userpassword
'
:
'
pass%s
'
%
name
,
})
def
test_basic_anonymous_search
(
topology_st
,
test_users
):
"""
Tests basic anonymous search operations
:id: c7831e04-f458-4e50-83c7-b6f77109f639
:setup: Standalone instance
Add 5 test users with different user names
:steps:
1. Execute anonymous search with different filters
:expectedresults:
1. Search should be successful
"""
filters
=
[
"
uid=Directory
"
,
"
(|(uid=S*)(uid=3*))
"
,
"
(&(uid=l*)(mail=l*))
"
,
"
(&(!(uid=D*))(ou=People))
"
]
log
.
info
(
"
Execute anonymous search with different filters
"
)
for
filtr
in
filters
:
entries
=
topology_st
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
filtr
)
assert
len
(
entries
)
!=
0
@pytest.mark.ds604
@pytest.mark.bz915801
def
test_search_original_type
(
topology_st
,
test_users
):
"""
Test ldapsearch returning original attributes
using nsslapd-search-return-original-type-switch
:id: d7831d04-f558-4e50-93c7-b6f77109f640
:setup: Standalone instance
Add some test entries
:steps:
1. Set nsslapd-search-return-original-type-switch to ON
2. Check that ldapsearch *does* return unknown attributes
3. Turn off nsslapd-search-return-original-type-switch
4. Check that ldapsearch doesn
'
t return any unknown attributes
:expectedresults:
1. nsslapd-search-return-original-type-switch should be set to ON
2. ldapsearch should return unknown attributes
3. nsslapd-search-return-original-type-switch should be OFF
4. ldapsearch should not return any unknown attributes
"""
log
.
info
(
"
Set nsslapd-search-return-original-type-switch to ON
"
)
topology_st
.
standalone
.
config
.
set
(
'
nsslapd-search-return-original-type-switch
'
,
'
on
'
)
log
.
info
(
"
Check that ldapsearch *does* return unknown attributes
"
)
entries
=
topology_st
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
'
uid=Directory
'
,
[
'
objectclass overflow
'
,
'
unknown
'
])
assert
"
objectclass overflow
"
in
entries
[
0
].
getAttrs
()
log
.
info
(
"
Set nsslapd-search-return-original-type-switch to Off
"
)
topology_st
.
standalone
.
config
.
set
(
'
nsslapd-search-return-original-type-switch
'
,
'
off
'
)
log
.
info
(
"
Check that ldapsearch *does not* return unknown attributes
"
)
entries
=
topology_st
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
'
uid=Directory
'
,
[
'
objectclass overflow
'
,
'
unknown
'
])
assert
"
objectclass overflow
"
not
in
entries
[
0
].
getAttrs
()
@pytest.mark.bz192901
def
test_search_ou
(
topology_st
):
"""
Test that DS should not return an entry that does not match the filter
:id: d7831d05-f117-4e89-93c7-b6f77109f640
:setup: Standalone instance
:steps:
1. Create an OU entry without sub entries
2. Search from the OU with the filter that does not match the OU
:expectedresults:
1. Creation of OU should be successful
2. Search should not return any results
"""
log
.
info
(
"
Create a test OU without sub entries
"
)
ou
=
OrganizationalUnits
(
topology_st
.
standalone
,
DEFAULT_SUFFIX
)
ou
.
create
(
properties
=
{
'
ou
'
:
'
test_ou
'
,
})
search_base
=
(
"
ou=test_ou,%s
"
%
DEFAULT_SUFFIX
)
log
.
info
(
"
Search from the OU with the filter that does not match the OU, it should not return anything
"
)
entries
=
topology_st
.
standalone
.
search_s
(
search_base
,
ldap
.
SCOPE_SUBTREE
,
'
uid=*
'
,
[
'
dn
'
])
assert
len
(
entries
)
==
0
@pytest.mark.bz1044135
@pytest.mark.ds47319
def
test_connection_buffer_size
(
topology_st
):
"""
Test connection buffer size adjustable with different values(valid values and invalid)
:id: e7831d05-f117-4ec9-1203-b6f77109f117
:setup: Standalone instance
:steps:
1. Set nsslapd-connection-buffer to some valid values (2, 0 , 1)
2. Set nsslapd-connection-buffer to some invalid values (-1, a)
:expectedresults:
1. This should pass
2. This should fail
"""
valid_values
=
[
'
2
'
,
'
0
'
,
'
1
'
]
for
value
in
valid_values
:
topology_st
.
standalone
.
config
.
replace
(
'
nsslapd-connection-buffer
'
,
value
)
invalid_values
=
[
'
-1
'
,
'
a
'
]
for
value
in
invalid_values
:
with
pytest
.
raises
(
ldap
.
OPERATIONS_ERROR
):
topology_st
.
standalone
.
config
.
replace
(
'
nsslapd-connection-buffer
'
,
value
)
if
__name__
==
'
__main__
'
:
# Run isolated
# -s for DEBUG mode
...
...
dirsrvtests/tests/suites/betxns/betxn_test.py
View file @
94f30daf
...
...
@@ -12,23 +12,17 @@ from lib389.tasks import *
from
lib389.utils
import
*
from
lib389.topologies
import
topology_st
from
lib389.plugins
import
SevenBitCheckPlugin
,
AttributeUniquenessPlugin
,
MemberOfPlugin
from
lib389.idm.user
import
UserAccounts
,
TEST_USER_PROPERTIES
from
lib389.idm.group
import
Groups
from
lib389._constants
import
DEFAULT_SUFFIX
,
PLUGIN_7_BIT_CHECK
,
PLUGIN_ATTR_UNIQUENESS
,
PLUGIN_MEMBER_OF
logging
.
getLogger
(
__name__
).
setLevel
(
logging
.
DEBUG
)
log
=
logging
.
getLogger
(
__name__
)
@pytest.fixture
(
scope
=
'
module
'
)
def
dynamic_plugins
(
topology_st
):
"""
Enable dynamic plugins - makes plugin testing much easier
"""
try
:
topology_st
.
standalone
.
modify_s
(
DN_CONFIG
,
[(
ldap
.
MOD_REPLACE
,
'
nsslapd-dynamic-plugins
'
,
'
on
'
)])
except
ldap
.
LDAPError
as
e
:
ldap
.
error
(
'
Failed to enable dynamic plugin!
'
+
e
.
message
[
'
desc
'
])
assert
False
def
test_betxt_7bit
(
topology_st
,
dynamic_plugins
):
def
test_betxt_7bit
(
topology_st
):
"""
Test that the 7-bit plugin correctly rejects an invalid update
:id: 9e2ab27b-eda9-4cd9-9968-a1a8513210fd
...
...
@@ -51,55 +45,39 @@ def test_betxt_7bit(topology_st, dynamic_plugins):
log
.
info
(
'
Running test_betxt_7bit...
'
)
USER_DN
=
'
uid=test_entry,
'
+
DEFAULT_SUFFIX
eight_bit_rdn
=
six
.
u
(
'
uid=Fu
\u00c4\u00e8
'
)
BAD_RDN
=
eight_bit_rdn
.
encode
(
'
utf-8
'
)
BAD_RDN
=
u
'
uid=Fu
\u00c4\u00e8
'
# This plugin should on by default, but just in case...
topology_st
.
standalone
.
plugins
.
enable
(
name
=
PLUGIN_7_BIT_CHECK
)
sevenbc
=
SevenBitCheckPlugin
(
topology_st
.
standalone
)
sevenbc
.
enable
()
topology_st
.
standalone
.
restart
()
# Add our test user
try
:
topology_st
.
standalone
.
add_s
(
Entry
((
USER_DN
,
{
'
objectclass
'
:
"
top extensibleObject
"
.
split
(),
'
sn
'
:
'
1
'
,
'
cn
'
:
'
test 1
'
,
'
uid
'
:
'
test_entry
'
,
'
userpassword
'
:
'
password
'
})))
except
ldap
.
LDAPError
as
e
:
log
.
error
(
'
Failed to add test user
'
+
USER_DN
+
'
: error
'
+
e
.
message
[
'
desc
'
])
assert
False
users
=
UserAccounts
(
topology_st
.
standalone
,
basedn
=
DEFAULT_SUFFIX
)
user
=
users
.
create
(
properties
=
TEST_USER_PROPERTIES
)
# Attempt a modrdn, this should fail
try
:
topology_st
.
standalone
.
rename_s
(
USER_DN
,
BAD_RDN
,
delold
=
0
)
user
.
rename
(
BAD_RDN
)
log
.
fatal
(
'
test_betxt_7bit: Modrdn operation incorrectly succeeded
'
)
assert
False
except
ldap
.
LDAPError
as
e
:
log
.
info
(
'
Modrdn failed as expected: error
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
Modrdn failed as expected: error
%s
'
%
str
(
e
)
)
# Make sure the operation did not succeed, attempt to search for the new RDN
try
:
entries
=
topology_st
.
standalone
.
search_s
(
DEFAULT_SUFFIX
,
ldap
.
SCOPE_SUBTREE
,
BAD_RDN
)
if
entries
:
log
.
fatal
(
'
test_betxt_7bit: Incorrectly found the entry using the invalid RDN
'
)
assert
False
except
ldap
.
LDAPError
as
e
:
log
.
fatal
(
'
Error while searching for test entry:
'
+
e
.
message
[
'
desc
'
])
assert
False
user_check
=
users
.
get
(
"
testuser
"
)
assert
user_check
.
dn
==
user
.
dn
#
# Cleanup - remove the user
#
try
:
topology_st
.
standalone
.
delete_s
(
USER_DN
)
except
ldap
.
LDAPError
as
e
:
log
.
fatal
(
'
Failed to delete test entry:
'
+
e
.
message
[
'
desc
'
])
assert
False
user
.
delete
()
log
.
info
(
'
test_betxt_7bit: PASSED
'
)
def
test_betxn_attr_uniqueness
(
topology_st
,
dynamic_plugins
):
def
test_betxn_attr_uniqueness
(
topology_st
):
"""
Test that we can not add two entries that have the same attr value that is
defined by the plugin
...
...
@@ -124,50 +102,40 @@ def test_betxn_attr_uniqueness(topology_st, dynamic_plugins):
USER1_DN
=
'
uid=test_entry1,
'
+
DEFAULT_SUFFIX
USER2_DN
=
'
uid=test_entry2,
'
+
DEFAULT_SUFFIX
topology_st
.
standalone
.
plugins
.
enable
(
name
=
PLUGIN_ATTR_UNIQUENESS
)
attruniq
=
AttributeUniquenessPlugin
(
topology_st
.
standalone
)
attruniq
.
enable
()
topology_st
.
standalone
.
restart
()
# Add the first entry
try
:
topology_st
.
standalone
.
add_s
(
Entry
((
USER1_DN
,
{
'
objectclass
'
:
"
top extensibleObject
"
.
split
(),
'
sn
'
:
'
1
'
,
'
cn
'
:
'
test 1
'
,
'
uid
'
:
'
test_entry1
'
,
'
userpassword
'
:
'
password1
'
})))
except
ldap
.
LDAPError
as
e
:
log
.
fatal
(
'
test_betxn_attr_uniqueness: Failed to add test user:
'
+
USER1_DN
+
'
, error
'
+
e
.
message
[
'
desc
'
])
assert
False
users
=
UserAccounts
(
topology_st
.
standalone
,
basedn
=
DEFAULT_SUFFIX
)
user1
=
users
.
create
(
properties
=
{
'
uid
'
:
'
testuser1
'
,
'
cn
'
:
'
testuser1
'
,
'
sn
'
:
'
user1
'
,
'
uidNumber
'
:
'
1001
'
,
'
gidNumber
'
:
'
2001
'
,
'
homeDirectory
'
:
'
/home/testuser1
'
})
# Add the second entry with a duplicate uid
try
:
topology_st
.
standalone
.
add_s
(
Entry
((
USER2_DN
,
{
'
objectclass
'
:
"
top extensibleObject
"
.
split
(),
'
sn
'
:
'
2
'
,
'
cn
'
:
'
test 2
'
,
'
uid
'
:
'
test_entry2
'
,
'
uid
'
:
'
test_entry1
'
,
# Duplicate value
'
userpassword
'
:
'
password2
'
})))
user2
=
users
.
create
(
properties
=
{
'
uid
'
:
[
'
testuser2
'
,
'
testuser1
'
],
'
cn
'
:
'
testuser2
'
,
'
sn
'
:
'
user2
'
,
'
uidNumber
'
:
'
1002
'
,
'
gidNumber
'
:
'
2002
'
,
'
homeDirectory
'
:
'
/home/testuser2
'
})
log
.
fatal
(
'
test_betxn_attr_uniqueness: The second entry was incorrectly added.
'
)
assert
False
except
ldap
.
LDAPError
as
e
:
log
.
error
(
'
test_betxn_attr_uniqueness: Failed to add test user as expected:
'
+
USER1_DN
+
'
, error
'
+
e
.
message
[
'
desc
'
])
log
.
error
(
'
test_betxn_attr_uniqueness: Failed to add test user as expected:
'
)
#
# Cleanup - disable plugin, remove test entry
#
topology_st
.
standalone
.
plugins
.
disable
(
name
=
PLUGIN_ATTR_UNIQUENESS
)
try
:
topology_st
.
standalone
.
delete_s
(
USER1_DN
)
except
ldap
.
LDAPError
as
e
:
log
.
fatal
(
'
test_betxn_attr_uniqueness: Failed to delete test entry1:
'
+
e
.
message
[
'
desc
'
])
assert
False
user1
.
delete
()
log
.
info
(
'
test_betxn_attr_uniqueness: PASSED
'
)
def
test_betxn_memberof
(
topology_st
,
dynamic_plugins
):
def
test_betxn_memberof
(
topology_st
):
"""
Test PLUGIN_MEMBER_OF plugin
:id: 70d0b96e-b693-4bf7-bbf5-102a66ac5993
...
...
@@ -192,55 +160,34 @@ def test_betxn_memberof(topology_st, dynamic_plugins):
ENTRY2_DN
=
'
cn=group2,
'
+
DEFAULT_SUFFIX
PLUGIN_DN
=
'
cn=
'
+
PLUGIN_MEMBER_OF
+
'
,cn=plugins,cn=config
'
# Enable and configure memberOf plugin
topology_st
.
standalone
.
plugins
.
enable
(
name
=
PLUGIN_MEMBER_OF
)
try
:
topology_st
.
standalone
.
modify_s
(
PLUGIN_DN
,
[(
ldap
.
MOD_REPLACE
,
'
memberofgroupattr
'
,
'
member
'
),
(
ldap
.
MOD_REPLACE
,
'
memberofAutoAddOC
'
,
'
referral
'
)])
except
ldap
.
LDAPError
as
e
:
log
.
fatal
(
'
test_betxn_memberof: Failed to update config(member): error
'
+
e
.
message
[
'
desc
'
])
assert
False
# Add our test entries
try
:
topology_st
.
standalone
.
add_s
(
Entry
((
ENTRY1_DN
,
{
'
objectclass
'
:
"
top groupofnames
"
.
split
(),
'
cn
'
:
'
group1
'
})))
except
ldap
.
LDAPError
as
e
:
log
.
error
(
'
test_betxn_memberof: Failed to add group1:
'
+
ENTRY1_DN
+
'
, error
'
+
e
.
message
[
'
desc
'
])
assert
False
try
:
topology_st
.
standalone
.
add_s
(
Entry
((
ENTRY2_DN
,
{
'
objectclass
'
:
"
top groupofnames
"
.
split
(),
'
cn
'
:
'
group1
'
})))
except
ldap
.
LDAPError
as
e
:
log
.
error
(
'
test_betxn_memberof: Failed to add group2:
'
+
ENTRY2_DN
+
'
, error
'
+
e
.
message
[
'
desc
'
])
assert
False
memberof
=
MemberOfPlugin
(
topology_st
.
standalone
)
memberof
.
enable
()
memberof
.
set_autoaddoc
(
'
referral
'
)
# memberof.add_groupattr('member') # This is already the default.
topology_st
.
standalone
.
restart
()
#
# Test mod replace
#
groups
=
Groups
(
topology_st
.
standalone
,
DEFAULT_SUFFIX
)
group1
=
groups
.
create
(
properties
=
{
'
cn
'
:
'
group1
'
,
})
# Add group2 to group1 - it should fail with objectclass violation
try
:
topology_st
.
standalone
.
modify_s
(
ENTRY1_DN
,
[(
ldap
.
MOD_REPLACE
,
'
member
'
,
ENTRY2_DN
)])
log
.
fatal
(
'
test_betxn_memberof: Group2 was incorrectly allowed to be added to group1
'
)
assert
False
except
ldap
.
LDAPError
as
e
:
log
.
info
(
'
test_betxn_memberof: Group2 was correctly rejected (mod replace): error
'
+
e
.
message
[
'
desc
'
])
group2
=
groups
.
create
(
properties
=
{
'
cn
'
:
'
group2
'
,
})
#
# Test mod add
#
# We may need to mod groups to not have nsMemberOf ... ?
if
not
ds_is_older
(
'
1.3.7
'
):
group1
.
remove
(
'
objectClass
'
,
'
nsMemberOf
'
)
group2
.
remove
(
'
objectClass
'
,
'
nsMemberOf
'
)
# Add group2 to group1 - it should fail with objectclass violation
try
:
group1
.
add_member
(
group2
.
dn
)
topology_st
.
standalone
.
modify_s
(
ENTRY1_DN
,
[(
ldap
.
MOD_ADD
,
'
member
'
,
ENTRY2_DN
)])
log
.
fatal
(
'
test_betxn_memberof: Group2 was incorrectly allowed to be added to group1
'
)
assert
False
except
ldap
.
LDAPError
as
e
:
log
.
info
(
'
test_betxn_memberof: Group2 was correctly rejected (mod add): error
'
+
e
.
message
[
'
desc
'
]
)
log
.
info
(
'
test_betxn_memberof: Group2 was correctly rejected (mod add): error
'
)
#
# Done
...
...
dirsrvtests/tests/suites/clu/clu_test.py
View file @
94f30daf
...
...
@@ -6,7 +6,8 @@
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
import
time
import
subprocess
import
pytest
from
lib389.tasks
import
*
from
lib389.utils
import
*
...
...
@@ -37,7 +38,6 @@ def test_clu_pwdhash(topology_st):
log
.
info
(
'
Running test_clu_pwdhash...
'
)
cmd
=
'
%s -s ssha testpassword
'
%
os
.
path
.
join
(
topology_st
.
standalone
.
get_bin_dir
(),
'
pwdhash
'
)
p
=
os
.
popen
(
cmd
)
result
=
p
.
readline
()
p
.
close
()
...
...
@@ -49,14 +49,45 @@ def test_clu_pwdhash(topology_st):
if
len
(
result
)
<
20
:
log
.
fatal
(
'
test_clu_pwdhash: Encrypted password is too short
'
)
assert
False
log
.
info
(
'
pwdhash generated:
'
+
result
)
log
.
info
(
'
test_clu_pwdhash: PASSED
'
)
def
test_clu_pwdhash_mod
(
topology_st
):
"""
Test the pwdhash script output with -D configdir
:id: 874ab5e2-207b-4a95-b4c0-22d97b8ab643
:setup: Standalone instance
:steps:
1. Set nsslapd-rootpwstoragescheme & passwordStorageScheme to SSHA256 & SSHA384 respectively
2. Execute /usr/bin/pwdhash -D /etc/dirsrv/slapd-instance_name/ <password>
3. Check if there is any output
4. Check if the command returns the hashed string using the algorithm set in nsslapd-rootpwstoragescheme
:expectedresults:
1. nsslapd-rootpwstoragescheme & passwordStorageScheme should set to SSHA256 & SSHA384 respectively
2. Execution should PASS
3. There should be an output from the command
4. Command should return the hashed string using the algorithm set in nsslapd-rootpwstoragescheme
"""
log
.
info
(
'
Running test_clu_pwdhash_mod...
'
)
topology_st
.
standalone
.
config
.
set
(
'
nsslapd-rootpwstoragescheme
'
,
'
SSHA256
'
)
topology_st
.
standalone
.
config
.
set
(
'
passwordStorageScheme
'
,
'
SSHA384
'
)
cmd
=
[
os
.
path
.
join
(
topology_st
.
standalone
.
get_bin_dir
(),
'
pwdhash
'
),
'
-D
'
,
'
/etc/dirsrv/slapd-standalone1
'
,
'
password
'
]
result
=
subprocess
.
check_output
(
cmd
)
stdout
=
ensure_str
(
result
)
assert
result
,
"
Failed to run pwdhash
"
assert
'
SSHA256
'
in
stdout
log
.
info
(
'
pwdhash generated:
'
+
stdout
)
log
.
info
(
'
returned the hashed string using the algorithm set in nsslapd-rootpwstoragescheme
'
)
if
__name__
==
'
__main__
'
:
# Run isolated
# -s for DEBUG mode
CURRENT_FILE
=
os
.
path
.
realpath
(
__file__
)
pytest
.
main
(
"
-s %s
"
%
CURRENT_FILE
)
Prev
1
2
3
4
5
…
38
Next