Skip to content
Commits on Source (27)
Show whitespace changes
Inline Side-by-side
Makefile.am
View file @ 4d8863f9
......@@ -882,10 +882,12 @@ systemdsystemunit_DATA = wrappers/$(PACKAGE_NAME)@.service \
wrappers/$(systemdgroupname) \
wrappers/$(PACKAGE_NAME)-snmp.service
systemdsystemunitdropin_DATA = wrappers/$(PACKAGE_NAME)@.service.d/custom.conf
if with_sanitizer
systemdsystemunitdropin_DATA += wrappers/$(PACKAGE_NAME)@.service.d/xsan.conf
systemdsystemunitdropin_DATA = wrappers/$(PACKAGE_NAME)@.service.d/xsan.conf
else
systemdsystemunitdropin_DATA = wrappers/$(PACKAGE_NAME)@.service.d/custom.conf
endif
else
if INITDDIR
init_SCRIPTS = wrappers/$(PACKAGE_NAME) \
......
VERSION.sh
View file @ 4d8863f9
......@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=4
VERSION_MAINT=1.5
VERSION_MAINT=1.6
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL=
VERSION_DATE=$(date -u +%Y%m%d)
......
debian/389-ds-base-legacy-tools.install deleted 100644 → 0
View file @ e8f97fdd
usr/bin/cl-dump
usr/bin/dbgen
usr/bin/infadd
usr/bin/ldif
usr/bin/migratecred
usr/bin/mmldif
usr/bin/repl-monitor
usr/bin/rsearch
usr/lib/*/dirsrv/perl/
usr/sbin/bak2db
usr/sbin/bak2db-online
usr/sbin/cleanallruv
usr/sbin/db2bak
usr/sbin/db2bak-online
usr/sbin/db2index
usr/sbin/db2index-online
usr/sbin/db2ldif
usr/sbin/db2ldif-online
usr/sbin/dbmon.sh
usr/sbin/dn2rdn
usr/sbin/fixup-linkedattrs
usr/sbin/fixup-memberof
usr/sbin/ldif2db
usr/sbin/ldif2db-online
usr/sbin/migrate-ds
usr/sbin/monitor
usr/sbin/ns-accountstatus
usr/sbin/ns-activate
usr/sbin/ns-inactivate
usr/sbin/ns-newpwpolicy
usr/sbin/remove-ds
usr/sbin/restoreconfig
usr/sbin/saveconfig
usr/sbin/schema-reload
usr/sbin/setup-ds
usr/sbin/suffix2instance
usr/sbin/syntax-validate
usr/sbin/upgradednformat
usr/sbin/usn-tombstone-cleanup
usr/sbin/verify-db
usr/share/dirsrv/properties/*.res
usr/share/dirsrv/script-templates
usr/share/dirsrv/updates
usr/share/man/man1/cl-dump.1
usr/share/man/man1/dbgen.1
usr/share/man/man1/infadd.1
usr/share/man/man1/ldif.1
usr/share/man/man1/migratecred.1
usr/share/man/man1/mmldif.1
usr/share/man/man1/repl-monitor.1
usr/share/man/man1/rsearch.1
usr/share/man/man8/bak2db-online.8
usr/share/man/man8/bak2db.8
usr/share/man/man8/cleanallruv.8
usr/share/man/man8/db2bak-online.8
usr/share/man/man8/db2bak.8
usr/share/man/man8/db2index-online.8
usr/share/man/man8/db2index.8
usr/share/man/man8/db2ldif-online.8
usr/share/man/man8/db2ldif.8
usr/share/man/man8/dbmon.sh.8
usr/share/man/man8/dn2rdn.8
usr/share/man/man8/fixup-linkedattrs.8
usr/share/man/man8/fixup-memberof.8
usr/share/man/man8/ldif2db-online.8
usr/share/man/man8/ldif2db.8
usr/share/man/man8/migrate-ds.8
usr/share/man/man8/monitor.8
usr/share/man/man8/ns-accountstatus.8
usr/share/man/man8/ns-activate.8
usr/share/man/man8/ns-inactivate.8
usr/share/man/man8/ns-newpwpolicy.8
usr/share/man/man8/remove-ds.8
usr/share/man/man8/restoreconfig.8
usr/share/man/man8/saveconfig.8
usr/share/man/man8/schema-reload.8
usr/share/man/man8/setup-ds.8
usr/share/man/man8/suffix2instance.8
usr/share/man/man8/syntax-validate.8
usr/share/man/man8/upgradednformat.8
usr/share/man/man8/usn-tombstone-cleanup.8
usr/share/man/man8/verify-db.8
debian/389-ds-base.install
View file @ 4d8863f9
......@@ -18,21 +18,12 @@ usr/libexec/ds_selinux_enabled
usr/libexec/ds_selinux_port_query
usr/libexec/ds_systemd_ask_password_acl
usr/lib/sysctl.d/70-dirsrv.conf
usr/sbin/dbverify
usr/sbin/dscontainer
usr/sbin/ldap-agent
usr/sbin/ldif2ldap
usr/sbin/ns-slapd
usr/sbin/restart-dirsrv
usr/sbin/start-dirsrv
usr/sbin/status-dirsrv
usr/sbin/stop-dirsrv
usr/sbin/upgradedb
usr/sbin/vlvindex
usr/share/dirsrv/data
usr/share/dirsrv/inf
usr/share/dirsrv/mibs
usr/share/dirsrv/properties/ns-slapd.properties
usr/share/dirsrv/schema
usr/share/gdb/auto-load/usr/sbin/ns-slapd-gdb.py
usr/share/man/man1/dbscan.1
......@@ -44,12 +35,4 @@ usr/share/man/man1/logconv.1
usr/share/man/man1/pwdhash.1
usr/share/man/man1/readnsstate.1
usr/share/man/man5/*.5
usr/share/man/man8/dbverify.8
usr/share/man/man8/ldif2ldap.8
usr/share/man/man8/ns-slapd.8
usr/share/man/man8/restart-dirsrv.8
usr/share/man/man8/start-dirsrv.8
usr/share/man/man8/status-dirsrv.8
usr/share/man/man8/stop-dirsrv.8
usr/share/man/man8/upgradedb.8
usr/share/man/man8/vlvindex.8
debian/changelog
View file @ 4d8863f9
389-ds-base (1.4.1.6-1) unstable; urgency=medium
* New upstream release.
* control: Drop direct depends on python from 389-ds-base. (Closes:
#936102)
* Drop -legacy-tools and other obsolete scripts.
* use-bash-instead-of-sh.diff, rename-online-scripts.diff, perl-use-
move-instead-of-rename.diff: Dropped, obsolete.
* rules: Fix dsconf/dscreate/dsctl/dsidm manpage section.
* tests/setup: Migrate to dscreate.
* control: Add libnss3-tools to python3-lib389 depends. (Closes: #920025)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 11 Sep 2019 17:01:03 +0300
389-ds-base (1.4.1.5-1) unstable; urgency=medium
* New upstream release.
......
debian/control
View file @ 4d8863f9
......@@ -106,13 +106,11 @@ Architecture: any
Pre-Depends: debconf (>= 0.5) | debconf-2.0
Depends:
389-ds-base-libs (= ${binary:Version}),
389-ds-base-legacy-tools (= ${binary:Version}),
adduser,
acl,
ldap-utils,
libperl4-corelibs-perl | perl (<< 5.12.3-7),
libsasl2-modules-gssapi-mit,
python,
perl,
python3-lib389,
python3-selinux,
python3-semanage,
......@@ -137,25 +135,10 @@ Description: 389 Directory Server suite - server
* on-line, zero downtime update of schema, configuration, and
in-tree Access Control Information.
Package: 389-ds-base-legacy-tools
Architecture: any
Depends:
libmozilla-ldap-perl,
libnetaddr-ip-perl,
libperl4-corelibs-perl | perl (<< 5.12.3-7),
libsocket-getaddrinfo-perl,
${misc:Depends},
${shlibs:Depends},
Conflicts: 389-ds-base (<< 1.4.0.20-1)
Replaces: 389-ds-base (<< 1.4.0.20-1)
Description: Legacy utilities for 389 Directory Server
Legacy (and deprecated) utilities for 389 Directory Server. This includes
the old account management and task scripts. These are deprecated in favour of
the dscreate, dsctl, dsconf and dsidm tools.
Package: python3-lib389
Architecture: all
Depends: ${misc:Depends}, ${python3:Depends},
libnss3-tools,
python3-argcomplete,
python3-dateutil,
python3-ldap,
......
debian/patches/drop-old-man.diff 0 → 100644
View file @ 4d8863f9
--- a/Makefile.am
+++ b/Makefile.am
@@ -928,69 +928,20 @@ include_HEADERS = src/svrcore/src/svrcor
# man pages
#------------------------
dist_man_MANS = man/man1/dbscan.1 \
- man/man1/cl-dump.1 \
- man/man1/cl-dump.pl.1 \
- man/man1/dbgen.pl.1 \
man/man1/ds-logpipe.py.1 \
man/man1/ds-replcheck.1 \
- man/man1/infadd.1 \
man/man1/ldap-agent.1 \
man/man1/ldclt.1 \
- man/man1/ldif.1 \
man/man1/logconv.pl.1 \
- man/man1/migratecred.1 \
- man/man1/mmldif.1 \
man/man1/pwdhash.1 \
- man/man1/repl-monitor.1 \
- man/man1/repl-monitor.pl.1 \
- man/man1/rsearch.1 \
man/man1/readnsstate.1 \
man/man5/99user.ldif.5 \
- man/man8/migrate-ds.pl.8 \
man/man8/ns-slapd.8 \
- man/man8/restart-dirsrv.8 \
- man/man8/setup-ds.pl.8 \
- man/man8/start-dirsrv.8 \
- man/man8/stop-dirsrv.8 \
- man/man8/status-dirsrv.8 \
- man/man8/bak2db.8 \
- man/man8/bak2db.pl.8 \
man/man5/certmap.conf.5 \
- man/man8/cleanallruv.pl.8 \
- man/man8/dbverify.8 \
- man/man8/db2bak.8 \
- man/man8/db2bak.pl.8 \
- man/man8/db2ldif.8 \
- man/man8/db2ldif.pl.8 \
- man/man8/db2index.8 \
- man/man8/db2index.pl.8 \
- man/man8/fixup-linkedattrs.pl.8 \
- man/man8/fixup-memberof.pl.8 \
- man/man8/ldif2db.8 \
- man/man8/ldif2db.pl.8 \
- man/man8/dbmon.sh.8 \
man/man5/dirsrv.5 \
man/man5/dirsrv.systemd.5 \
- man/man8/dn2rdn.8 \
- man/man8/ldif2ldap.8 \
- man/man8/monitor.8 \
- man/man8/ns-accountstatus.pl.8 \
- man/man8/ns-newpwpolicy.pl.8 \
- man/man8/ns-activate.pl.8 \
- man/man8/ns-inactivate.pl.8 \
- man/man8/remove-ds.pl.8 \
- man/man8/restoreconfig.8 \
- man/man8/saveconfig.8 \
- man/man8/schema-reload.pl.8 \
man/man5/slapd-collations.conf.5 \
- man/man8/suffix2instance.8 \
- man/man8/syntax-validate.pl.8 \
- man/man5/template-initconfig.5 \
- man/man8/upgradednformat.8 \
- man/man8/upgradedb.8 \
- man/man8/usn-tombstone-cleanup.pl.8 \
- man/man8/vlvindex.8 \
- man/man8/verify-db.pl.8
+ man/man5/template-initconfig.5
#------------------------
# updates
debian/patches/perl-use-move-instead-of-rename.diff deleted 100644 → 0
View file @ e8f97fdd
--- a/ldap/admin/src/scripts/60upgradeconfigfiles.pl
+++ b/ldap/admin/src/scripts/60upgradeconfigfiles.pl
@@ -31,7 +31,7 @@ sub runinst {
next if (! -f $oldname); # does not exist - skip - already (re)moved
my $newname = "$bakdir/$file";
$! = 0; # clear
- rename $oldname, $newname;
+ copy $oldname, $newname;
if ($!) {
push @errs, ["error_renaming_config", $oldname, $newname, $!];
}
@@ -57,7 +57,7 @@ sub runinst {
next if (! -f $oldname); # does not exist - not backed up
my $newname = $inf->{slapd}->{config_dir} . "/" . $file;
next if (-f $newname); # not removed
- rename $oldname, $newname;
+ move $oldname, $newname;
}
return @errs;
}
--- a/ldap/admin/src/scripts/60upgradeschemafiles.pl
+++ b/ldap/admin/src/scripts/60upgradeschemafiles.pl
@@ -1,4 +1,4 @@
-
+use File::Copy;
use Mozilla::LDAP::LDIF;
use DSCreate qw(installSchema);
@@ -39,7 +39,7 @@ sub runinst {
next if (! -f $oldname); # does not exist - skip - already (re)moved
my $newname = "$bakdir/$file";
$! = 0; # clear
- rename $oldname, $newname;
+ copy $oldname, $newname;
if ($!) {
push @errs, ["error_renaming_schema", $oldname, $newname, $!];
}
@@ -140,7 +140,7 @@ sub runinst {
# Backup the original 99user.ldif
$! = 0; # clear
- rename $inf->{slapd}->{schema_dir} . "/99user.ldif", "$bakdir/99user.ldif";
+ copy $inf->{slapd}->{schema_dir} . "/99user.ldif", "$bakdir/99user.ldif";
if ($!) {
push @errs, ["error_renaming_schema", $inf->{slapd}->{schema_dir} . "/99user.ldif", "$bakdir/99user.ldif", $!];
}
@@ -171,13 +171,13 @@ sub runinst {
next if (! -f $oldname); # does not exist - not backed up
my $newname = $inf->{slapd}->{schema_dir} . "/" . $file;
next if (-f $newname); # not removed
- rename $oldname, $newname;
+ move $oldname, $newname;
}
# Restore 99user.ldif. We overwrite whatever is there since
# it is possible that we have modified it.
if (-f "$bakdir/99user.ldif") {
- rename "$bakdir/99user.ldif", $inf->{slapd}->{schema_dir} . "/99user.ldif";
+ move "$bakdir/99user.ldif", $inf->{slapd}->{schema_dir} . "/99user.ldif";
}
return @errs;
debian/patches/rename-online-scripts.diff deleted 100644 → 0
View file @ e8f97fdd
--- a/ldap/admin/src/scripts/template-bak2db.pl.in
+++ b/ldap/admin/src/scripts/template-bak2db.pl.in
@@ -23,6 +23,6 @@ while ($i <= $#ARGV) {
$i++;
}
-exec "{{SERVERBIN-DIR}}/bak2db.pl @wrapperArgs -Z {{SERV-ID}}";
+exec "{{SERVERBIN-DIR}}/bak2db-online @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
--- a/ldap/admin/src/scripts/template-db2bak.pl.in
+++ b/ldap/admin/src/scripts/template-db2bak.pl.in
@@ -23,7 +23,7 @@ while ($i <= $#ARGV) {
$i++;
}
-exec "{{SERVERBIN-DIR}}/db2bak.pl @wrapperArgs -Z {{SERV-ID}}";
+exec "{{SERVERBIN-DIR}}/db2bak-online @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
--- a/ldap/admin/src/scripts/template-db2index.pl.in
+++ b/ldap/admin/src/scripts/template-db2index.pl.in
@@ -23,6 +23,6 @@ while ($i <= $#ARGV) {
$i++;
}
-exec "{{SERVERBIN-DIR}}/db2index.pl @wrapperArgs -Z {{SERV-ID}}";
+exec "{{SERVERBIN-DIR}}/db2index-online @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
--- a/ldap/admin/src/scripts/template-db2ldif.pl.in
+++ b/ldap/admin/src/scripts/template-db2ldif.pl.in
@@ -26,6 +26,6 @@ while ($i <= $#ARGV) {
$cwd = cwd();
-exec "{{SERVERBIN-DIR}}/db2ldif.pl -c $cwd @wrapperArgs -Z {{SERV-ID}}";
+exec "{{SERVERBIN-DIR}}/db2ldif-online -c $cwd @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
--- a/ldap/admin/src/scripts/template-ldif2db.pl.in
+++ b/ldap/admin/src/scripts/template-ldif2db.pl.in
@@ -23,6 +23,6 @@ while ($i <= $#ARGV) {
$i++;
}
-exec "{{SERVERBIN-DIR}}/ldif2db.pl @wrapperArgs -Z {{SERV-ID}}";
+exec "{{SERVERBIN-DIR}}/ldif2db-online @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
debian/patches/series
View file @ 4d8863f9
use-bash-instead-of-sh.diff
rename-online-scripts.diff
fix-obsolete-target.diff
fix-saslpath.diff
fix-systemctl-path.diff
CVE-2017-15135.patch
perl-use-move-instead-of-rename.diff
drop-old-man.diff
debian/patches/use-bash-instead-of-sh.diff deleted 100644 → 0
View file @ e8f97fdd
--- a/ldap/admin/src/scripts/bak2db.in
+++ b/ldap/admin/src/scripts/bak2db.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/db2bak.in
+++ b/ldap/admin/src/scripts/db2bak.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/db2index.in
+++ b/ldap/admin/src/scripts/db2index.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/db2ldif.in
+++ b/ldap/admin/src/scripts/db2ldif.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/dbverify.in
+++ b/ldap/admin/src/scripts/dbverify.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/dn2rdn.in
+++ b/ldap/admin/src/scripts/dn2rdn.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/ldif2db.in
+++ b/ldap/admin/src/scripts/ldif2db.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/ldif2ldap.in
+++ b/ldap/admin/src/scripts/ldif2ldap.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/monitor.in
+++ b/ldap/admin/src/scripts/monitor.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/restart-dirsrv.in
+++ b/ldap/admin/src/scripts/restart-dirsrv.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# Script that restarts the ns-slapd server.
# Exit status can be:
--- a/ldap/admin/src/scripts/restoreconfig.in
+++ b/ldap/admin/src/scripts/restoreconfig.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/saveconfig.in
+++ b/ldap/admin/src/scripts/saveconfig.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/start-dirsrv.in
+++ b/ldap/admin/src/scripts/start-dirsrv.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# Script that starts the ns-slapd server.
# Exit status can be:
--- a/ldap/admin/src/scripts/stop-dirsrv.in
+++ b/ldap/admin/src/scripts/stop-dirsrv.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# Script that stops the ns-slapd server.
# Exit status can be:
--- a/ldap/admin/src/scripts/suffix2instance.in
+++ b/ldap/admin/src/scripts/suffix2instance.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/upgradedb.in
+++ b/ldap/admin/src/scripts/upgradedb.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/upgradednformat.in
+++ b/ldap/admin/src/scripts/upgradednformat.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
--- a/ldap/admin/src/scripts/vlvindex.in
+++ b/ldap/admin/src/scripts/vlvindex.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
. @datadir@/@package_name@/data/DSSharedLib
debian/rules
View file @ 4d8863f9
......@@ -9,63 +9,23 @@ ifneq (,$(filter $(DEB_HOST_ARCH), armel m68k mips mipsel powerpc powerpcspe sh4
endif
# Keep track of files we don't install
NOT_INSTALLED :=
NOT_INSTALLED := \
usr/bin/infadd \
usr/bin/repl-monitor \
usr/bin/mmldif \
usr/bin/migratecred \
usr/bin/rsearch \
usr/bin/ldif
REALFILE = \
bin/cl-dump.pl \
bin/dbgen.pl \
bin/ds-logpipe.py \
bin/logconv.pl \
bin/repl-monitor.pl \
sbin/migrate-ds.pl \
sbin/remove-ds.pl \
sbin/setup-ds.pl \
sbin/cleanallruv.pl \
sbin/fixup-linkedattrs.pl \
sbin/fixup-memberof.pl \
sbin/ns-accountstatus.pl \
sbin/ns-activate.pl \
sbin/ns-inactivate.pl \
sbin/ns-newpwpolicy.pl \
sbin/schema-reload.pl \
sbin/syntax-validate.pl \
sbin/usn-tombstone-cleanup.pl \
sbin/verify-db.pl \
share/man/man1/cl-dump.pl.1 \
share/man/man1/dbgen.pl.1 \
share/man/man1/ds-logpipe.py.1 \
share/man/man1/logconv.pl.1 \
share/man/man1/repl-monitor.pl.1 \
share/man/man8/cleanallruv.pl.8 \
share/man/man8/fixup-linkedattrs.pl.8 \
share/man/man8/fixup-memberof.pl.8 \
share/man/man8/migrate-ds.pl.8 \
share/man/man8/ns-accountstatus.pl.8 \
share/man/man8/ns-activate.pl.8 \
share/man/man8/ns-inactivate.pl.8 \
share/man/man8/ns-newpwpolicy.pl.8 \
share/man/man8/setup-ds.pl.8 \
share/man/man8/schema-reload.pl.8 \
share/man/man8/syntax-validate.pl.8 \
share/man/man8/remove-ds.pl.8 \
share/man/man8/usn-tombstone-cleanup.pl.8 \
share/man/man8/verify-db.pl.8
# scripts for handling online servers
REALFILE_ONLINE = \
sbin/bak2db.pl \
sbin/db2bak.pl \
sbin/db2index.pl \
sbin/db2ldif.pl \
sbin/ldif2db.pl \
share/man/man8/bak2db.pl.8 \
share/man/man8/db2bak.pl.8 \
share/man/man8/db2index.pl.8 \
share/man/man8/db2ldif.pl.8 \
share/man/man8/ldif2db.pl.8
%:
dh $@ --with autoreconf,python3 --builddir build/
dh $@ --with python3 --builddir build/
override_dh_auto_clean:
dh_auto_clean
......@@ -83,8 +43,7 @@ override_dh_auto_configure:
--with-tmpfiles-d=/etc/tmpfiles.d \
--enable-autobind \
--enable-cmocka \
--enable-icu \
--enable-perl
--enable-icu
override_dh_auto_build:
(cd src/lib389 && python3 setup.py build)
......@@ -101,15 +60,8 @@ override_dh_install:
$(CURDIR)/debian/tmp/usr/`echo $$file | \
sed -s 's/\.pl//;s/\.py//'`; \
done
# use -online suffix so that they won't overwrite the offline scripts
for file in $(REALFILE_ONLINE); do mv -f $(CURDIR)/debian/tmp/usr/$$file \
$(CURDIR)/debian/tmp/usr/`echo $$file | \
sed -s 's/\.pl/-online/'`; \
done
# purge .la files
find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \;
# fix template script headers
find $(CURDIR)/debian/tmp/usr/share/dirsrv/script-templates/ -type f -exec perl -pi -e 's,#\{\{PERL-EXEC\}\},#!/usr/bin/perl,' "{}" \;
# Also get rid of other files which aren't installed. Do not
# use -f to ensure we notice disappearing files:
......@@ -117,6 +69,12 @@ override_dh_install:
mkdir -p $(CURDIR)/debian/tmp/etc/systemd/system/dirsrv.target.wants
# fix the manpage section, argparse-manpage hardcodes it as 1
sed -i "1s/\"1\"/\"8\"/" debian/tmp/usr/share/man/man8/dsconf.8
sed -i "1s/\"1\"/\"8\"/" debian/tmp/usr/share/man/man8/dscreate.8
sed -i "1s/\"1\"/\"8\"/" debian/tmp/usr/share/man/man8/dsctl.8
sed -i "1s/\"1\"/\"8\"/" debian/tmp/usr/share/man/man8/dsidm.8
dh_install
override_dh_missing:
......
debian/tests/setup
View file @ 4d8863f9
......@@ -18,13 +18,19 @@ echo "$IP $HOSTNAME.debci $HOSTNAME" >> /etc/hosts
echo "/etc/hosts now has:"
cat /etc/hosts
/usr/sbin/setup-ds --silent -- \
General.FullMachineName=$HOSTNAME.debci\
General.SuiteSpotUserID=dirsrv\
General.SuiteSpotGroup=dirsrv\
slapd.ServerPort=1389\
slapd.ServerIdentifier=debci\
slapd.Suffix=dc=example,dc=com\
slapd.RootDN="cn=Directory Manager"\
slapd.RootDNPwd=Secret123
cat << EOF > /tmp/debci.inf
[general]
full_machine_name = $HOSTNAME.debci
strict_host_checking = False
[slapd]
group = dirsrv
instance_name = debci
port = 1389
root_dn = cn=Directory Manager
root_password = Secret123
user = dirsrv
[backend-userroot]
suffix = dc=example,dc=com
EOF
/usr/sbin/dscreate from-file /tmp/debci.inf
dirsrvtests/tests/suites/filter/filter_with_non_root_user_test.py 0 → 100644
View file @ 4d8863f9
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2019 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ----
"""
verify and testing Filter from a search
"""
import os
import pytest
from lib389._constants import DEFAULT_SUFFIX, PW_DM
from lib389.topologies import topology_st as topo
from lib389.idm.user import UserAccounts, UserAccount
from lib389.idm.account import Accounts
pytestmark = pytest.mark.tier1
FILTER_MWARD = "(uid=mward)"
FILTER_L = "(l=sunnyvale)"
FILTER_MAIL = "(mail=jreu*)"
FILTER_EXAM = "(mail=*exam*)"
FILTER_7393 = "(telephonenumber=*7393)"
FILTER_408 = "(telephonenumber=*408*3)"
FILTER_UID = "(uid=*)"
FILTER_PASSWD = "(userpassword=*)"
FILTER_FRED = "(fred=*)"
FILTER_AAA = "(uid:2.16.840.1.113730.3.3.2.15.1:=>AAA)"
FILTER_AAA_ES = "(uid:es:=>AAA)"
FILTER_AAA_UID = "(uid:2.16.840.1.113730.3.3.2.15.1.5:=AAA)"
FILTER_100 = "(uid:2.16.840.1.113730.3.3.2.15.1:=>user100)"
FILTER_ES_100 = "(uid:es:=>user100)"
FILTER_UID_100 = "(uid:2.16.840.1.113730.3.3.2.15.1.5:=user100)"
FILTER_UID_1 = "(uid:2.16.840.1.113730.3.3.2.15.1:=<1)"
FILTER_UID_ES = "(uid:es:=<1)"
FILTER_UID_2 = "(uid:2.16.840.1.113730.3.3.2.15.1.1:=1)"
FILTER_UID_USER1 = "(uid:2.16.840.1.113730.3.3.2.15.1:=<user1)"
FILTER_ES_USER1 = "(uid:es:=<user1)"
FILTER_UI_USER1 = "(uid:2.16.840.1.113730.3.3.2.15.1.1:=user1)"
FILTER_Z = "(uid:2.16.840.1.113730.3.3.2.15.1:=<z)"
FILTER_NZ = "(uid:es:=<z)"
FILTER_UIDZ = "(uid:2.16.840.1.113730.3.3.2.15.1.1:=z)"
FILTER_UID_LS = "(uid<=1)"
FILTER_UID_LA = "(uid<=A)"
FILTER_USER1 = "(uid=user1)"
FILTER_UIDLEZ = "(uid<=Z)"
FILTER_UIDGE1 = "(uid>=1)"
FILTER_UIDGEA = "(uid>=A)"
FILTER_UIDGEAU20 = "(uid>=user20)"
FILTER_UIDGEZ = "(uid>=Z)"
FILTER_A = "(uid:2.16.840.1.113730.3.3.2.18.1:=<=A)"
FILTER_FR_A = "(uid:fr:=<=A)"
FILTER_E_A = "(uid:2.16.840.1.113730.3.3.2.18.1.2:=A)"
FILTER_USER20 = "(uid:2.16.840.1.113730.3.3.2.18.1:=<=user20)"
FILTER_L_USER20 = "(uid:fr:=<=user20)"
FILTER_E_USER20 = "(uid:2.16.840.1.113730.3.3.2.18.1.2:=user20)"
FILTER_Z2 = "(uid:2.16.840.1.113730.3.3.2.18.1:=<=z)"
FILTER_LE_Z = "(uid:fr:=<=z)"
FILTER_E_Z = "(uid:2.16.840.1.113730.3.3.2.18.1.2:=z)"
FILTER_GE_Z = "(uid:2.16.840.1.113730.3.3.2.18.1:=>=A)"
FILTER_GE_A = "(uid:fr:=>=A)"
FILTER_UID_A = "(uid:2.16.840.1.113730.3.3.2.18.1.4:=A)"
FILTER_UID_USER20 = "(uid:2.16.840.1.113730.3.3.2.18.1:=>=user20)"
FILTER_FR_USER20 = "(uid:fr:=>=user20)"
FILTER_UID_E_USER20 = "(uid:2.16.840.1.113730.3.3.2.18.1.4:=user20)"
FILTER_EGE_Z = "(uid:2.16.840.1.113730.3.3.2.18.1:=>=z)"
FILTER_FR_Z = "(uid:fr:=>=z)"
FILTER_UID_Z = "(uid:2.16.840.1.113730.3.3.2.18.1.4:=z)"
FILTER_SN = "(sn~=tiller)"
FILTER_GN = "(givenName~=pricella)"
FILTER_DES = "(description=This is the special * attribute value)"
FILTER_DES_X = "(description=*x*)"
FILTER_PTYL = "(uid=ptyler)"
FILTER_WAL = "(uid=*wal*)"
FILTER_RN = "(roomNumber=0312)"
FILTER_MW = "(uid=mw*)"
FILTER_2295 = "(roomNumber=2295)"
FILTER_CAPERTION = "(l=Cupertino)"
FILTER_INTER = "(objectclass=inetorgperson)"
FILTER_MAIL2 = "(mail=cnewport@example.com)"
FILTER_VALE = "(l=sunnyvale)"
FILTER_UID20 = "(uid=user20)"
FILTER_UID30 = "(uid=user30)"
FILTER_4012 = "(roomNumber=200)"
FILTER_3924 = "(roomNumber=201)"
FILTER_4508 = "(roomNumber=202)"
FILTER_UID40 = "(uid=user40)"
FILTER_2254 = "(roomNumber=2254)"
FILTER_L2 = "(l=*)"
FILTER_C_SN_GN = f"(&{FILTER_SN} {FILTER_GN})"
FILTER_C_SN_PTYL = f"(&(!{FILTER_SN})(!{FILTER_PTYL}))"
FILTER_SN_PTYL = f"(&(!{FILTER_SN}) {FILTER_PTYL})"
FILTER_N_SN_PTYL = f"(&{FILTER_SN}(!{FILTER_PTYL}))"
FILTER_C_WALL_RN = f"(|{FILTER_WAL} {FILTER_RN})"
FILTER_N_WALL_RN = f"(|(!{FILTER_WAL})(!{FILTER_RN}))"
FILTER_C_N_WALL_RN = f"(|(!{FILTER_WAL}){FILTER_RN})"
FILTER_C_N_WAL_RN = f"(|{FILTER_WAL}(!{FILTER_RN}))"
FILTER_C_WAL_SN = f"(&{FILTER_WAL}(|{FILTER_SN} {FILTER_2295}))"
FILTER_C_WAL_2295 = f"(|(&{FILTER_WAL} {FILTER_2295})(&{FILTER_WAL} {FILTER_SN}))"
FILTER_C_WAL_SN_2295 = f"(|{FILTER_WAL}(&{FILTER_SN} {FILTER_2295}))"
FILTER_C_WAL_SN_WAL = f"(&(|{FILTER_WAL} {FILTER_SN})(|{FILTER_WAL} {FILTER_2295}))"
FILTER_WAL_2295 = f"(&{FILTER_WAL} {FILTER_2295})"
FILTER_2295_WAL = f"(&{FILTER_2295} {FILTER_WAL})"
FILTER_OR_2295_WAL = f"(|{FILTER_2295} {FILTER_WAL})"
FILTER_OR_WAL_SN = f"(|{FILTER_WAL}(&{FILTER_SN} {FILTER_2295}))"
FILTER_OR_WAL_2295 = f"(|{FILTER_WAL} {FILTER_2295})"
FILTER_OR_WAL_L = f"(|{FILTER_WAL} {FILTER_L2})"
FILTER_AND_C_OR = f"(&{FILTER_CAPERTION} {FILTER_OR_WAL_SN})"
FILTER_AND_C_F = f"(&(!{FILTER_CAPERTION})(!{FILTER_OR_WAL_SN}))"
FILTER_AND_C_W_SN = f"(&(!{FILTER_CAPERTION}){FILTER_OR_WAL_SN})"
FILTER_AND_N_C_W_SN = f"(&{FILTER_CAPERTION}(!{FILTER_OR_WAL_SN}))"
FILTER_OR_N_C_W_SN = f"(|{FILTER_CAPERTION} {FILTER_OR_WAL_SN})"
FILTER_OR_N_CWS = f"(|(!{FILTER_CAPERTION})(!{FILTER_OR_WAL_SN}))"
FILTER_OR_N_CWSN = f"(|(!{FILTER_CAPERTION}){FILTER_OR_WAL_SN})"
FILTER_OR_CWSN_N = f"(|{FILTER_CAPERTION}(!{FILTER_OR_WAL_SN}))"
FILTER_AND_USER1 = f"(&(!{FILTER_USER1}){FILTER_INTER})"
FILTER_OR_USER1 = f"(|(!{FILTER_USER1}){FILTER_INTER})"
FILTER_MAIL_VAL = f"(&(!{FILTER_MAIL2}){FILTER_VALE})"
FILTER_OR_MAIL_VAL = f"(|(!{FILTER_MAIL2}){FILTER_VALE})"
FILTER_USER1_UID = f"(&(!{FILTER_USER1})(!{FILTER_UID20})(!{FILTER_UID30}){FILTER_INTER})"
FILTER_USER1_UID20 = f"(|(!{FILTER_USER1})(!{FILTER_UID20})(!{FILTER_UID30}){FILTER_INTER})"
FILTER_USER4012_3924 = f"(&(!{FILTER_4012})(!{FILTER_3924})(!{FILTER_4508}){FILTER_VALE})"
FILTER_USER4012_3924_4520 = f"(|(!{FILTER_4012})(!{FILTER_3924})(!{FILTER_4508}){FILTER_VALE})"
FILTER_USER40_USER1 = f"(&(!{FILTER_UID40})(&(!{FILTER_USER1})(!{FILTER_UID20})" \
f"(!{FILTER_UID30}){FILTER_INTER}))"
FILTER_USER40_USER20 = f"(|(!{FILTER_UID40})(&(!{FILTER_USER1})(!{FILTER_UID20})" \
f"(!{FILTER_UID30}){FILTER_INTER}))"
FILTER_SN0 = f"(&(!{FILTER_2254}){FILTER_USER4012_3924})"
FILTER_SN1 = f"(|(!{FILTER_2254}){FILTER_USER4012_3924})"
FILTER_ORG = "(objectclass=inetorgperson)"
FILTER_SV = "(l=sunnyvale)"
FILTER_USER30 = "(uid=user30)"
FILTER_RN_4012 = "(roomNumber=4012)"
FILTER_RN_3924 = "(roomNumber=3924)"
FILTER_RN_4508 = "(roomNumber=4508)"
FILTER_L_ALL = "(l=*)"
FILTER_UID_WAL = f"(|(uid=*wal*) {FILTER_L_ALL})"
FILTER_U1_U20_U30 = f"(&(!{FILTER_USER1})(!{FILTER_USER20})(!{FILTER_USER30}))"
FILTER_N_U1_U20_U30 = f"(|(!{FILTER_USER1})(!{FILTER_USER20})(!{FILTER_USER30}))"
FILTER_RN_4012_3924_4508 = f"(&(!{FILTER_RN_4012})(!{FILTER_RN_3924})(!{FILTER_RN_4508}))"
FILTER_RN_N_4012_3924_4508 = f"(|(!{FILTER_RN_4012})(!{FILTER_RN_3924})(!{FILTER_RN_4508}))"
FILTER_RN_ORG_1_20 = f"(& {FILTER_ORG}(!{FILTER_USER1})(!{FILTER_USER20})(!{FILTER_USER30}))"
FILTER_RN_ORG_1_20_30 = f"(| {FILTER_ORG}(!{FILTER_USER1})(!{FILTER_USER20})(!{FILTER_USER30}))"
FILTER_SV_4012_3924 = f"(&{FILTER_SV}(!{FILTER_RN_4012})(!{FILTER_RN_3924})(!{FILTER_RN_4508}))"
FILTER_SV_4012_3924_45 = f"(|{FILTER_SV}(!{FILTER_RN_4012})(!{FILTER_RN_3924})(!{FILTER_RN_4508}))"
FILTER_ALL_SV = f"(!(|(!{FILTER_L_ALL})(!{FILTER_SV})))"
FILTER_L_ALL_SV = f"(|(!{FILTER_L_ALL})(!{FILTER_SV}))"
FILTER_CAP_EXAM = f"(&{FILTER_CAPERTION} {FILTER_EXAM} {FILTER_UID_WAL})"
FILTER_CAP_EXAM_WALL = f"(&(!{FILTER_CAPERTION})(!{FILTER_EXAM})(!{FILTER_UID_WAL}))"
FILTER_CAP_EXAM_U_WALL = f"(&(!{FILTER_CAPERTION})(!{FILTER_EXAM}){FILTER_UID_WAL})"
FILTER_EXAM_U_WALL = f"(&(!{FILTER_CAPERTION}){FILTER_EXAM}(!{FILTER_UID_WAL}))"
FILTER_CAP_E_W = f"(&(!{FILTER_CAPERTION}){FILTER_EXAM} {FILTER_UID_WAL})"
FILTER_CAP_E_N_W = f"(&{FILTER_CAPERTION}(!{FILTER_EXAM})(!{FILTER_UID_WAL}))"
FILTER_CAP_N_E_W = f"(&{FILTER_CAPERTION}(!{FILTER_EXAM}){FILTER_UID_WAL})"
FILTER_N_CP_E_W = f"(&{FILTER_CAPERTION} {FILTER_EXAM}(!{FILTER_UID_WAL}))"
FILTER_N_CP_N_E_W = f"(|{FILTER_CAPERTION} {FILTER_EXAM} {FILTER_UID_WAL})"
FILTER_N_CP_N_E_N_W = f"(|(!{FILTER_CAPERTION})(!{FILTER_EXAM})(!{FILTER_UID_WAL}))"
FILTER_OR_CP_E_W = f"(|(!{FILTER_CAPERTION})(!{FILTER_EXAM}){FILTER_UID_WAL})"
FILTER_OR_N_CP_E_W = f"(|(!{FILTER_CAPERTION}){FILTER_EXAM}(!{FILTER_UID_WAL}))"
FILTER_OR_N_CP_N_E_W = f"(|(!{FILTER_CAPERTION}){FILTER_EXAM} {FILTER_UID_WAL})"
FILTER_OR_N_CP_N_E_N_W = f"(|{FILTER_CAPERTION}(!{FILTER_EXAM})(!{FILTER_UID_WAL}))"
FILTER_NOT_CP_N_E_N_W = f"(|{FILTER_CAPERTION}(!{FILTER_EXAM}){FILTER_UID_WAL})"
FILTER_NOT_CP_NOT_E_N_W = f"(|{FILTER_CAPERTION} {FILTER_EXAM}(!{FILTER_UID_WAL}))"
VALUES = [FILTER_7393, FILTER_408]
POSITIVE = [FILTER_MWARD, FILTER_L, FILTER_MAIL, FILTER_EXAM, FILTER_UID,
FILTER_AAA, FILTER_AAA_ES, FILTER_AAA_UID, FILTER_100,
FILTER_ES_100, FILTER_UID_100, FILTER_UI_USER1, FILTER_UIDZ,
FILTER_USER1, FILTER_UIDLEZ, FILTER_UIDGE1, FILTER_UIDGEA, FILTER_UIDGEAU20,
FILTER_E_USER20, FILTER_E_Z, FILTER_GE_Z, FILTER_GE_A, FILTER_UID_A,
FILTER_UID_USER20, FILTER_FR_USER20, FILTER_UID_E_USER20, FILTER_EGE_Z,
FILTER_FR_Z, FILTER_DES, FILTER_DES_X, FILTER_PTYL, FILTER_WAL, FILTER_RN,
FILTER_MW, FILTER_2295, FILTER_CAPERTION, FILTER_INTER, FILTER_VALE, FILTER_4012,
FILTER_3924, FILTER_4508, FILTER_L2, FILTER_C_SN_PTYL, FILTER_SN_PTYL,
FILTER_C_WALL_RN, FILTER_N_WALL_RN, FILTER_C_N_WALL_RN,
FILTER_C_N_WAL_RN, FILTER_C_WAL_SN, FILTER_C_WAL_2295, FILTER_C_WAL_SN_2295,
FILTER_C_WAL_SN_WAL, FILTER_WAL_2295, FILTER_2295_WAL, FILTER_OR_2295_WAL,
FILTER_OR_WAL_SN, FILTER_OR_WAL_2295, FILTER_OR_WAL_L, FILTER_AND_C_OR,
FILTER_AND_C_F, FILTER_AND_C_W_SN, FILTER_AND_N_C_W_SN, FILTER_OR_N_C_W_SN,
FILTER_OR_N_CWS, FILTER_OR_N_CWSN, FILTER_OR_CWSN_N, FILTER_AND_USER1,
FILTER_OR_USER1, FILTER_MAIL_VAL, FILTER_C_WAL_SN_WAL, FILTER_WAL_2295,
FILTER_2295_WAL, FILTER_OR_2295_WAL, FILTER_USER4012_3924_4520, FILTER_USER40_USER1,
FILTER_USER40_USER20, FILTER_SN0, FILTER_SN1, FILTER_U1_U20_U30, FILTER_N_U1_U20_U30,
FILTER_RN_4012_3924_4508, FILTER_RN_N_4012_3924_4508, FILTER_RN_ORG_1_20,
FILTER_RN_ORG_1_20_30, FILTER_SV_4012_3924, FILTER_SV_4012_3924_45, FILTER_ALL_SV,
FILTER_L_ALL_SV, FILTER_CAP_EXAM_WALL, FILTER_CAP_EXAM_U_WALL,
FILTER_CAP_E_W, FILTER_N_CP_N_E_W, FILTER_N_CP_N_E_N_W, FILTER_OR_CP_E_W,
FILTER_OR_N_CP_E_W, FILTER_OR_N_CP_N_E_W, FILTER_OR_N_CP_N_E_N_W,
FILTER_NOT_CP_N_E_N_W, FILTER_NOT_CP_NOT_E_N_W, FILTER_CAP_N_E_W]
NEGATIVE = [FILTER_PASSWD, FILTER_FRED, FILTER_UID_1, FILTER_UID_ES, FILTER_UID_2,
FILTER_UID_USER1, FILTER_ES_USER1, FILTER_Z, FILTER_NZ, FILTER_UID_LS,
FILTER_UID_LA, FILTER_UIDGEZ, FILTER_A, FILTER_FR_A, FILTER_E_A,
FILTER_USER20, FILTER_L_USER20, FILTER_Z2,
FILTER_LE_Z, FILTER_UID_Z, FILTER_SN, FILTER_GN, FILTER_MAIL2, FILTER_UID20,
FILTER_UID30, FILTER_UID40, FILTER_C_SN_GN, FILTER_N_SN_PTYL, FILTER_EXAM_U_WALL,
FILTER_CAP_E_N_W, FILTER_N_CP_E_W, FILTER_CAP_EXAM]
def create_users_all(instance, user, room, l_l, description, telephonenumber):
"""
Will create users with different type of l
"""
instance.create(properties={
'mail': f'{user}@redhat.com',
'uid': user,
'givenName': user.title(),
'cn': f'bit {user}',
'sn': user.title(),
'l': l_l,
'manager': f'uid={user},ou=People,{DEFAULT_SUFFIX}',
'roomnumber': room,
'userpassword': PW_DM,
'homeDirectory': '/home/' + user,
'uidNumber': '1000',
'gidNumber': '2000',
'description': description,
'telephonenumber': telephonenumber
})
@pytest.fixture(scope="module")
def _create_entries(topo):
"""
Will create necessary users for this script.
"""
# Creating Users
users_people = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
for user, room in [('scarte2', '2013'),
('mward', '1707'),
('tclow', '4376'),
('bwalker', '3529')]:
create_users_all(users_people, user, room, 'Santa Clara',
'This is the special * attribute value',
'+1 408 555 7393')
for number in range(200, 300):
create_users_all(users_people, f'user{number}', f'{number}',
'Sunnyvale', 'Not the one you looking for.',
'123')
for user, room in [('abergin', '3472'),
('mtyler', '2701'),
('ptyler', '0327'),
('gtyler', '0312'),
('ewalker', '2295'),
('awalker', '0061'),
('jreuter', '2942'),
('passin', '3530')
]:
create_users_all(users_people, user, room, 'Cupertino',
'Not the one you looking for.',
'123')
for user, name, lang, tele in [
(f'uid=user147,ou=Çlose Crèkä,{DEFAULT_SUFFIX}', 'Ellàdiñé Passin',
'lang-de', '+1 408 555 7393'),
(f'uid=user0, ou=Ännheimè,{DEFAULT_SUFFIX}', 'Babette Rynders',
'lang-es', '+1 415 788-4115'),
(f'uid=user1,ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}', 'myrty DeCoursin',
'lang-ie', '+1 408 689-8883'),
(f'uid=user2,ou=Çéliné Ändrè,{DEFAULT_SUFFIX}', "Row O'Conner",
'lang-it', '+1 714 902-8784'),
(f'uid=user10,ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}', "Candide Ruiz",
'lang-be', '+1 818 774-5666'),
(f'uid=user11,ou=Çéliné Ändrè,{DEFAULT_SUFFIX}', "Rosene Tarquinio",
'lang-ie', '+1 818 512-5483'),
(f'uid=user22,ou=Çéliné Ändrè,{DEFAULT_SUFFIX}', "Drusie Dynie",
'lang-it', '+1 303 520-7607'),
(f'uid=user32,ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}', "Deat Liverman",
'lang-it', '+1 714 986-7403'),
(f'uid=user42,ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}', "Emyd Artzer",
'lang-be', '+1 415 382-3440'),
(f'uid=user52,ou=Ännheimè,{DEFAULT_SUFFIX}', "Lurlene Christie",
'lang-se', '+1 818 301-7281'),
(f'uid=user62,ou=Çlose Crèkä,{DEFAULT_SUFFIX}', "Goutam Sawchuk",
'lang-es', '+1 804 159-3054'),
(f'uid=user74,ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}', "Sally Rossi",
'lang-de', '+1 714 558-4165'),
(f'uid=user93,ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}', "Dolores Markovic",
'lang-it', '+1 408 374-9555'),
(f'uid=user102,ou=Çlose Crèkä,{DEFAULT_SUFFIX}', "Clovis Safah",
'lang-de', '+1 415 964-2124'),
(f'uid=user115,ou=Ännheimè,{DEFAULT_SUFFIX}', "Angelie Mirande",
'lang-ie', '+1 804 832-8156'),
(f'uid=user127,ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}', "Sibilla Millspaugh",
'lang-it', '+1 818 204-6815')]:
users_people.create(properties={
'mail': f'{user}'.split(',')[0].split('=')[1] + '@redhat.com',
'uid': f'{user}'.split(',')[0].split('=')[1],
'cn': name,
'sn': name.split()[1],
'givenName': f'{user}'.split(',')[0].split('=')[1].title(),
f'givenName;{lang}': f'{user}'.split(',')[0].split('=')[1].title(),
f'cn;{lang}': name,
f'sn;{lang}': name.split()[1],
'manager': user,
'roomnumber': '0056',
'telephonenumber': tele,
'userpassword': PW_DM,
'homeDirectory': '/home/' + f'{user}'.split(',')[0].split('=')[1],
'uidNumber': '1000',
'gidNumber': '2000',
'description': 'This is xman * attribute value'
})
users_people.create(properties={
'l': 'Sunnyvale',
'cn': 'Kirsten Vaughan',
'sn': 'Vaughan',
'givenname': 'Kirsten',
'uid': 'kvaughan',
'mail': 'kvaughan@example.com',
'roomnumber': '2871',
'nsSizeLimit': '-1',
'nsTimeLimit': '-1',
'nsIdleTimeout': '-1',
'manager': f'uid=kvaughan,ou=People,{DEFAULT_SUFFIX}',
'userpassword': PW_DM,
'homeDirectory': '/home/' + 'kvaughan',
'uidNumber': '1000',
'gidNumber': '2000',
})
@pytest.mark.parametrize("real_value", VALUES)
def test_telephone(topo, _create_entries, real_value):
"""Test telephone number attr with filter
:id: abe3e6de-9eec-11e8-adf0-8c16451d917b
:setup: Standalone
:steps:
1. Pass filter rules as per the condition .
:expected results:
2. Pass
"""
conn = UserAccount(topo.standalone, f'uid=jreuter,ou=People,{DEFAULT_SUFFIX}').bind(PW_DM)
for user in Accounts(conn, DEFAULT_SUFFIX).filter(real_value):
assert user.get_attr_val_utf8("telephoneNumber")
@pytest.mark.parametrize("real_value", POSITIVE)
def test_all_positive(topo, _create_entries, real_value):
"""Test filters with positive output.
:id: abe3e6dd-9ecc-11e8-adf0-8c16451d917b
:setup: Standalone
:steps:
1. Pass filter rules as per the condition .
:expected results:
1. Pass
"""
conn = UserAccount(topo.standalone, f'uid=tclow,ou=People,{DEFAULT_SUFFIX}').bind(PW_DM)
assert Accounts(conn, DEFAULT_SUFFIX).filter(real_value)
@pytest.mark.parametrize("real_value", NEGATIVE)
def test_all_negative(topo, _create_entries, real_value):
"""Test filters which will not give any output.
:id: abe3e1de-9ecc-11e8-adf0-8c16451d917b
:setup: Standalone
:steps:
1. Pass filter rules as per the negative condition .
:expected results:
1. Fail
"""
conn = UserAccount(topo.standalone, f'uid=tclow,ou=People,{DEFAULT_SUFFIX}').bind(PW_DM)
assert not Accounts(conn, DEFAULT_SUFFIX).filter(real_value)
if __name__ == '__main__':
CURRENT_FILE = os.path.realpath(__file__)
pytest.main("-s -v %s" % CURRENT_FILE)
dirsrvtests/tests/suites/password/pwd_upgrade_on_bind.py 0 → 100644
View file @ 4d8863f9
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2019 William Brown <william@blackhats.net.au>
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
import ldap
import pytest
from lib389.topologies import topology_st
from lib389.idm.user import UserAccounts
from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
def test_password_hash_on_upgrade(topology_st):
"""If a legacy password hash is present, assert that on a correct bind
the hash is "upgraded" to the latest-and-greatest hash format on the
server.
Assert also that password FAILURE does not alter the password.
:id: 42cf99e6-454d-46f5-8f1c-8bb699864a07
:setup: Single instance
:steps: 1. Set a password hash in SSHA256, and hash to pbkdf2 statically
2. Test a faulty bind
3. Assert the PW is SSHA256
4. Test a correct bind
5. Assert the PW is PBKDF2
:expectedresults:
1. Successfully set the values
2. The bind fails
3. The PW is SSHA256
4. The bind succeeds
5. The PW is PBKDF2
"""
# Make sure the server is set to pkbdf
topology_st.standalone.config.set('passwordStorageScheme', 'PBKDF2_SHA256')
topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'on')
users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
user = users.create_test_user()
# Static version of "password" in SSHA256.
user.set('userPassword', "{SSHA256}9eliEQgjfc4Fcj1IXZtc/ne1GRF+OIjz/NfSTX4f7HByGMQrWHLMLA==")
# Attempt to bind with incorrect password.
with pytest.raises(ldap.INVALID_CREDENTIALS):
badconn = user.bind('badpassword')
# Check the pw is SSHA256
up = user.get_attr_val_utf8('userPassword')
assert up.startswith('{SSHA256}')
# Bind with correct.
conn = user.bind(PASSWORD)
# Check the pw is now PBKDF2!
up = user.get_attr_val_utf8('userPassword')
assert up.startswith('{PBKDF2_SHA256}')
def test_password_hash_on_upgrade_clearcrypt(topology_st):
"""In some deploymentes, some passwords MAY be in clear or crypt which have
specific possible application integrations allowing the read value to be
processed by other entities. We avoid upgrading these two, to prevent
breaking these integrations.
:id: 27712492-a4bf-4ea9-977b-b4850ddfb628
:setup: Single instance
:steps: 1. Set a password hash in CLEAR, and hash to pbkdf2 statically
2. Test a correct bind
3. Assert the PW is CLEAR
4. Set the password to CRYPT
5. Test a correct bind
6. Assert the PW is CLEAR
:expectedresults:
1. Successfully set the values
2. The bind succeeds
3. The PW is CLEAR
4. The set succeeds
4. The bind succeeds
5. The PW is CRYPT
"""
# Make sure the server is set to pkbdf
topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'on')
users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
user = users.create_test_user(1001)
topology_st.standalone.config.set('passwordStorageScheme', 'CLEAR')
user.set('userPassword', "password")
topology_st.standalone.config.set('passwordStorageScheme', 'PBKDF2_SHA256')
conn = user.bind(PASSWORD)
up = user.get_attr_val_utf8('userPassword')
assert up.startswith('password')
user.set('userPassword', "{crypt}I0S3Ry62CSoFg")
conn = user.bind(PASSWORD)
up = user.get_attr_val_utf8('userPassword')
assert up.startswith('{crypt}')
def test_password_hash_on_upgrade_disable(topology_st):
"""If a legacy password hash is present, assert that on a correct bind
the hash is "upgraded" to the latest-and-greatest hash format on the
server. But some people may not like this, so test that we can disable
the feature too!
:id: ed315145-a3d1-4f17-b04c-73d3638e7ade
:setup: Single instance
:steps: 1. Set a password hash in SSHA256, and hash to pbkdf2 statically
2. Test a faulty bind
3. Assert the PW is SSHA256
4. Test a correct bind
5. Assert the PW is SSHA256
:expectedresults:
1. Successfully set the values
2. The bind fails
3. The PW is SSHA256
4. The bind succeeds
5. The PW is SSHA256
"""
# Make sure the server is set to pkbdf
topology_st.standalone.config.set('passwordStorageScheme', 'PBKDF2_SHA256')
topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
user = users.create_test_user(1002)
# Static version of "password" in SSHA256.
user.set('userPassword', "{SSHA256}9eliEQgjfc4Fcj1IXZtc/ne1GRF+OIjz/NfSTX4f7HByGMQrWHLMLA==")
# Attempt to bind with incorrect password.
with pytest.raises(ldap.INVALID_CREDENTIALS):
badconn = user.bind('badpassword')
# Check the pw is SSHA256
up = user.get_attr_val_utf8('userPassword')
assert up.startswith('{SSHA256}')
# Bind with correct.
conn = user.bind(PASSWORD)
# Check the pw is NOT upgraded!
up = user.get_attr_val_utf8('userPassword')
assert up.startswith('{SSHA256}')
dirsrvtests/tests/suites/password/regression_test.py
View file @ 4d8863f9
......@@ -8,8 +8,11 @@
import pytest
import time
from lib389._constants import PASSWORD, DN_DM, DEFAULT_SUFFIX
from lib389._constants import SUFFIX, PASSWORD, DN_DM, DN_CONFIG, PLUGIN_RETRO_CHANGELOG, DEFAULT_SUFFIX, DEFAULT_CHANGELOG_DB
from lib389 import Entry
from lib389.topologies import topology_m1 as topo_master
from lib389.idm.user import UserAccounts
from lib389.utils import ldap, os, logging
from lib389.utils import ldap, os, logging, ensure_bytes
from lib389.topologies import topology_st as topo
from lib389.idm.organizationalunit import OrganizationalUnits
......@@ -36,6 +39,23 @@ TEST_PASSWORDS += ['CNpwtest1ZZZZ', 'ZZZZZCNpwtest1',
TEST_PASSWORDS2 = (
'CN12pwtest31', 'SN3pwtest231', 'UID1pwtest123', 'MAIL2pwtest12@redhat.com', '2GN1pwtest123', 'People123')
def _check_unhashed_userpw(inst, user_dn, is_present=False):
"""Check if unhashed#user#password attribute is present of not in the changelog"""
unhashed_pwd_attribute = 'unhashed#user#password'
changelog_dbdir = os.path.join(os.path.dirname(inst.dbdir), DEFAULT_CHANGELOG_DB)
for dbfile in os.listdir(changelog_dbdir):
if dbfile.endswith('.db'):
changelog_dbfile = os.path.join(changelog_dbdir, dbfile)
log.info('Changelog dbfile file exist: {}'.format(changelog_dbfile))
log.info('Running dbscan -f to check {} attr'.format(unhashed_pwd_attribute))
dbscanOut = inst.dbscan(DEFAULT_CHANGELOG_DB, changelog_dbfile)
for entry in dbscanOut.split(b'dbid: '):
if ensure_bytes('operation: modify') in entry and ensure_bytes(user_dn) in entry and ensure_bytes('userPassword') in entry:
if is_present:
assert ensure_bytes(unhashed_pwd_attribute) in entry
else:
assert ensure_bytes(unhashed_pwd_attribute) not in entry
@pytest.fixture(scope="module")
def passw_policy(topo, request):
......@@ -193,6 +213,105 @@ def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
# reset password
create_user.set('userPassword', PASSWORD)
@pytest.mark.ds49789
def test_unhashed_pw_switch(topo_master):
"""Check that nsslapd-unhashed-pw-switch works corrently
:id: e5aba180-d174-424d-92b0-14fe7bb0b92a
:setup: Master Instance
:steps:
1. A Master is created, enable retrocl (not used here)
2. create a set of users
3. update userpassword of user1 and check that unhashed#user#password is not logged (default)
4. udpate userpassword of user2 and check that unhashed#user#password is not logged ('nolog')
5. udpate userpassword of user3 and check that unhashed#user#password is logged ('on')
:expectedresults:
1. Success
2. Success
3 Success (unhashed#user#password is not logged in the replication changelog)
4. Success (unhashed#user#password is not logged in the replication changelog)
5. Success (unhashed#user#password is logged in the replication changelog)
"""
MAX_USERS = 10
PEOPLE_DN = ("ou=people," + DEFAULT_SUFFIX)
inst = topo_master.ms["master1"]
inst.modify_s("cn=Retro Changelog Plugin,cn=plugins,cn=config",
[(ldap.MOD_REPLACE, 'nsslapd-changelogmaxage', b'2m'),
(ldap.MOD_REPLACE, 'nsslapd-changelog-trim-interval', b"5s"),
(ldap.MOD_REPLACE, 'nsslapd-logAccess', b'on')])
inst.config.loglevel(vals=[256 + 4], service='access')
inst.restart()
# If you need any test suite initialization,
# please, write additional fixture for that (including finalizer).
# Topology for suites are predefined in lib389/topologies.py.
# enable dynamic plugins, memberof and retro cl plugin
#
log.info('Enable plugins...')
try:
inst.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.message['desc'])
assert False
#topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
inst.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
#topology_st.standalone.modify_s("cn=changelog,cn=ldbm database,cn=plugins,cn=config", [(ldap.MOD_REPLACE, 'nsslapd-cachememsize', str(100000))])
inst.restart()
log.info('create users and group...')
for idx in range(1, MAX_USERS):
try:
USER_DN = ("uid=member%d,%s" % (idx, PEOPLE_DN))
inst.add_s(Entry((USER_DN,
{'objectclass': 'top extensibleObject'.split(),
'uid': 'member%d' % (idx)})))
except ldap.LDAPError as e:
log.fatal('Failed to add user (%s): error %s' % (USER_DN, e.message['desc']))
assert False
# Check default is that unhashed#user#password is not logged
user = "uid=member1,%s" % (PEOPLE_DN)
inst.modify_s(user, [(ldap.MOD_REPLACE,
'userpassword',
PASSWORD.encode())])
inst.stop()
_check_unhashed_userpw(inst, user, is_present=False)
# Check with nolog that unhashed#user#password is not logged
inst.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-unhashed-pw-switch',
b'nolog')])
inst.restart()
user = "uid=member2,%s" % (PEOPLE_DN)
inst.modify_s(user, [(ldap.MOD_REPLACE,
'userpassword',
PASSWORD.encode())])
inst.stop()
_check_unhashed_userpw(inst, user, is_present=False)
# Check with value 'on' that unhashed#user#password is logged
inst.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-unhashed-pw-switch',
b'on')])
inst.restart()
user = "uid=member3,%s" % (PEOPLE_DN)
inst.modify_s(user, [(ldap.MOD_REPLACE,
'userpassword',
PASSWORD.encode())])
inst.stop()
_check_unhashed_userpw(inst, user, is_present=True)
if DEBUGGING:
# Add debugging steps(if any)...
pass
if __name__ == '__main__':
# Run isolated
......
dirsrvtests/tests/suites/replication/changelog_trimming_test.py
View file @ 4d8863f9
......@@ -6,7 +6,7 @@ import time
from lib389._constants import *
from lib389.properties import *
from lib389.topologies import topology_m1 as topo
from lib389.changelog import Changelog5
from lib389.replica import Changelog5
from lib389.idm.domain import Domain
pytestmark = pytest.mark.tier1
......@@ -132,4 +132,3 @@ if __name__ == '__main__':
# -s for DEBUG mode
CURRENT_FILE = os.path.realpath(__file__)
pytest.main("-s %s" % CURRENT_FILE)
dirsrvtests/tests/suites/replication/regression_test.py
View file @ 4d8863f9
......@@ -18,9 +18,8 @@ from lib389.idm.user import UserAccount
from lib389.idm.group import Groups, Group
from lib389.idm.domain import Domain
from lib389.idm.directorymanager import DirectoryManager
from lib389.replica import Replicas, ReplicationManager
from lib389.replica import Replicas, ReplicationManager, Changelog5
from lib389.agreement import Agreements
from lib389.changelog import Changelog5
from lib389 import pid_from_file
......
dirsrvtests/tests/suites/tls/ssl_version_test.py 0 → 100644
View file @ 4d8863f9
import logging
import pytest
import os
from lib389.config import Encryption
from lib389.topologies import topology_st as topo
DEBUGGING = os.getenv("DEBUGGING", default=False)
if DEBUGGING:
logging.getLogger(__name__).setLevel(logging.DEBUG)
else:
logging.getLogger(__name__).setLevel(logging.INFO)
log = logging.getLogger(__name__)
def test_ssl_version_range(topo):
"""Specify a test case purpose or name here
:id: bc400f54-3966-49c8-b640-abbf4fb2377e
1. Get current default range
2. Set sslVersionMin and verify it is applied after a restart
3. Set sslVersionMax and verify it is applied after a restart
:expectedresults:
1. Success
2. Success
3. Success
"""
topo.standalone.enable_tls()
enc = Encryption(topo.standalone)
default_min = enc.get_attr_val_utf8('sslVersionMin')
default_max = enc.get_attr_val_utf8('sslVersionMax')
log.info(f"default min: {default_min} max: {default_max}")
if DEBUGGING:
topo.standalone.config.set('nsslapd-auditlog-logging-enabled', 'on')
# Test that setting the min version is applied after a restart
enc.replace('sslVersionMin', default_max)
enc.replace('sslVersionMax', default_max)
topo.standalone.restart()
min = enc.get_attr_val_utf8('sslVersionMin')
assert min == default_max
# Test that setting the max version is applied after a restart
enc.replace('sslVersionMin', default_min)
enc.replace('sslVersionMax', default_min)
topo.standalone.restart()
max = enc.get_attr_val_utf8('sslVersionMax')
assert max == default_min
if __name__ == '__main__':
# Run isolated
# -s for DEBUG mode
CURRENT_FILE = os.path.realpath(__file__)
pytest.main(["-s", CURRENT_FILE])
docker/389-ds-suse/Dockerfile
View file @ 4d8863f9
......@@ -12,7 +12,7 @@ RUN zypper ar http://download.opensuse.org/update/leap/15.1/oss/ u && \
zypper --gpg-auto-import-keys ref
RUN zypper --non-interactive si --build-deps-only 389-ds && \
zypper in -y 389-ds rust cargo rust-std && \
zypper in -y 389-ds rust cargo rust-std libevent && \
zypper rm -y 389-ds
# Install build dependencies
......@@ -33,7 +33,8 @@ WORKDIR /usr/local/src/389-ds-base
# Build and install
# Derived from rpm --eval '%configure' on opensuse.
RUN ./configure --host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu \
RUN autoreconf -fiv && \
./configure --host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu \
--program-prefix= \
--disable-dependency-tracking \
--prefix=/usr \
......