Guest User

Untitled

a guest
Mar 22nd, 2018
28
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import logging
  2. import pytest
  3. import os
  4. import ldap
  5. import time
  6. from ldap.controls.ppolicy import PasswordPolicyControl
  7. from lib389.topologies import topology_st as topo
  8. from lib389._constants import (DN_DM, PASSWORD, DN_CONFIG)
  9. from lib389.tasks import Entry
  10.  
  11. DEBUGGING = os.getenv("DEBUGGING", default=False)
  12. if DEBUGGING:
  13.     logging.getLogger(__name__).setLevel(logging.DEBUG)
  14. else:
  15.     logging.getLogger(__name__).setLevel(logging.INFO)
  16. log = logging.getLogger(__name__)
  17.  
  18. USER_DN = 'uid=test entry,dc=example,dc=com'
  19. USER_PW = b'password123'
  20.  
  21.  
  22. @pytest.fixture
  23. def init_user(topo, request):
  24.     """Initialize a user - Delete and re-add test user
  25.    """
  26.     try:
  27.         topo.standalone.simple_bind_s(DN_DM, PASSWORD)
  28.         topo.standalone.delete_s(USER_DN)
  29.     except ldap.NO_SUCH_OBJECT:
  30.         pass
  31.     except ldap.LDAPError as e:
  32.         log.error("Failed to delete user, error: {}".format(e.message['desc']))
  33.         assert False
  34.  
  35.     user_data = {'objectClass': 'top person inetOrgPerson'.split(),
  36.                  'uid': 'test entry',
  37.                  'cn': 'test entry',
  38.                  'sn': 'user',
  39.                  'userPassword': USER_PW}
  40.     try:
  41.         topo.standalone.add_s(Entry((USER_DN, user_data)))
  42.     except ldap.LDAPError as e:
  43.         log.error("Failed to add user, error: {}".format(e.message['desc']))
  44.         assert False
  45.  
  46.  
  47. def change_passwd(topo):
  48.     """Reset users password as the user, then re-bind as Directory Manager
  49.    """
  50.     try:
  51.         topo.standalone.simple_bind_s(USER_DN, USER_PW)
  52.         topo.standalone.modify_s(USER_DN, [(ldap.MOD_REPLACE,
  53.                                             'userpassword',
  54.                                             USER_PW)])
  55.         topo.standalone.simple_bind_s(DN_DM, PASSWORD)
  56.     except ldap.LDAPError as e:
  57.         log.error("Failed to change user's password, error: {}".format(e.message['desc']))
  58.         assert False
  59.  
  60.  
  61. def bind_and_get_control(topo, err=0):
  62.     """Bind as the user, and return any controls
  63.    """
  64.     res_type = res_data = res_msgid = res_ctrls = None
  65.     result_id = ''
  66.  
  67.     try:
  68.         result_id = topo.standalone.simple_bind(USER_DN, USER_PW,
  69.                                                 serverctrls=[PasswordPolicyControl()])
  70.         res_type, res_data, res_msgid, res_ctrls = topo.standalone.result3(result_id)
  71.         if err:
  72.             log.fatal('Expected an error, but bind succeeded')
  73.             assert False
  74.     except ldap.LDAPError as e:
  75.         if err:
  76.             log.debug('Got expected error: {}'.format(str(e)))
  77.             pass
  78.         else:
  79.             log.fatal('Did not expect an error: {}'.format(str(e)))
  80.             assert False
  81.  
  82.     if DEBUGGING and res_ctrls and len(res_ctrls) > 0:
  83.         for ctl in res_ctrls:
  84.             if ctl.timeBeforeExpiration:
  85.                 log.debug('control time before expiration: {}'.format(ctl.timeBeforeExpiration))
  86.             if ctl.graceAuthNsRemaining:
  87.                 log.debug('control grace login remaining: {}'.format(ctl.graceAuthNsRemaining))
  88.             if ctl.error is not None and ctl.error >= 0:
  89.                 log.debug('control error: {}'.format(ctl.error))
  90.  
  91.     topo.standalone.simple_bind_s(DN_DM, PASSWORD)
  92.     return res_ctrls
  93.  
  94. def test_pwd_expired_grace_limit(topo, init_user):
  95.     """Test for expiration control when password is expired, but there are
  96.    remaining grace logins
  97.  
  98.    :id: a3d99be5-0b69-410d-b72f-04eda8821a51
  99.    :setup: Standalone instance, a user for testing
  100.    :steps:
  101.        1. Configure password policy and reset password,adn allow it to expire
  102.        2. Bind, and check for expired control, and grace limit
  103.        3. Bind again, consuming the last grace login, control should be returned
  104.        4. Bind again, it should fail, and no control returned
  105.    :expectedresults:
  106.        1. Config update and password reset are successful
  107.        2. The EXPIRED control is returned, and we get the expected number
  108.           of grace logins in the control
  109.        3. The response control has the expected value for grace logins
  110.        4. The bind fails with error 49, and no contorl is returned
  111.    """
  112.  
  113.     log.info('Configure password policy with grace limit set tot 2')
  114.     topo.standalone.config.set('passwordExp', 'on')
  115.     topo.standalone.config.set('passwordMaxAge', '5')
  116.     topo.standalone.config.set('passwordGraceLimit', '2')
  117.  
  118.     log.info('Change password and wait for it to expire')
  119.     change_passwd(topo)
  120.     time.sleep(6)
  121.  
  122.     log.info('Bind and use up one grace login (only one left)')
  123.     ctrls = bind_and_get_control(topo)
  124.     if ctrls is None or len(ctrls) == 0:
  125.         log.fatal('Did not get EXPIRED control in resposne')
  126.         assert False
  127.     else:
  128.         if int(ctrls[0].graceAuthNsRemaining) != 1:
  129.             log.fatal('Got unexpected value for grace logins: {}'.format(ctrls[0].graceAuthNsRemaining))
  130.             assert False
  131.  
  132.     log.info('Use up last grace login, should get control')
  133.     ctrls = bind_and_get_control(topo)
  134.     if ctrls is None or len(ctrls) == 0:
  135.         log.fatal('Did not get control in response')
  136.         assert False
  137.  
  138.     log.info('No grace login available, bind should fail, and no control should be returned')
  139.     ctrls = bind_and_get_control(topo, err=49)
  140.     if ctrls and len(ctrls) > 0:
  141.         log.fatal('Incorrectly got control in response')
  142.         assert False
  143.  
  144. def test_pwd_expired_grace_limit(topo, init_user):
  145.     """Test for expiration control when password is expired, but there are
  146.    remaining grace logins
  147.  
  148.    :id: a3d99be5-0b69-410d-b72f-04eda8821a51
  149.    :setup: Standalone instance, a user for testing
  150.    :steps:
  151.        1. Configure password policy and reset password,adn allow it to expire
  152.        2. Bind, and check for expired control, and grace limit
  153.        3. Bind again, consuming the last grace login, control should be returned
  154.        4. Bind again, it should fail, and no control returned
  155.    :expectedresults:
  156.        1. Config update and password reset are successful
  157.        2. The EXPIRED control is returned, and we get the expected number
  158.           of grace logins in the control
  159.        3. The response control has the expected value for grace logins
  160.        4. The bind fails with error 49, and no contorl is returned
  161.    """
  162.  
  163.     log.info('Configure password policy with grace limit set tot 2')
  164.     topo.standalone.config.set('passwordExp', 'on')
  165.     topo.standalone.config.set('passwordMaxAge', '5')
  166.     topo.standalone.config.set('passwordGraceLimit', '2')
  167.  
  168.     log.info('Change password and wait for it to expire')
  169.     change_passwd(topo)
  170.     time.sleep(6)
  171.  
  172.     log.info('Bind and use up one grace login (only one left)')
  173.     ctrls = bind_and_get_control(topo)
  174.     if ctrls is None or len(ctrls) == 0:
  175.         log.fatal('Did not get EXPIRED control in resposne')
  176.         assert False
  177.     else:
  178.         if int(ctrls[0].graceAuthNsRemaining) != 1:
  179.             log.fatal('Got unexpected value for grace logins: {}'.format(ctrls[0].graceAuthNsRemaining))
  180.             assert False
  181.  
  182.     log.info('Use up last grace login, should get control')
  183.     ctrls = bind_and_get_control(topo)
  184.     if ctrls is None or len(ctrls) == 0:
  185.         log.fatal('Did not get control in response')
  186.         assert False
  187.  
  188.     log.info('No grace login available, bind should fail, and no control should be returned')
  189.     ctrls = bind_and_get_control(topo, err=49)
  190.     if ctrls and len(ctrls) > 0:
  191.         log.fatal('Incorrectly got control in response')
  192.         assert False
  193.  
  194.  
  195. def test_pwd_expiring_with_warning(topo, init_user):
  196.     """Test expiring control response before and after warning is sent
  197.  
  198.    :id: a3d99be5-0b69-410d-b72f-04eda8821a54
  199.    :setup: Standalone instance, a user for testing
  200.    :steps:
  201.        1. Configure password policy, and reset password
  202.        2. Check for EXPIRING control, and the "time to expire"
  203.        3. Bind again, as a warning has now been sent, and check the "time to expire"
  204.    :expectedresults:
  205.        1. Configuration update and password reset are successful
  206.        2. Get the EXPIRING control, and the expected "time to expire" values
  207.        3. Get the EXPIRING control, and the expected "time to expire" values
  208.    """
  209.  
  210.     log.info('Configure password policy')
  211.     topo.standalone.config.set('passwordExp', 'on')
  212.     topo.standalone.config.set('passwordMaxAge', '50')
  213.     topo.standalone.config.set('passwordWarning', '50')
  214.  
  215.     log.info('Change password and get controls')
  216.     change_passwd(topo)
  217.     ctrls = bind_and_get_control(topo)
  218.     if ctrls is None or len(ctrls) == 0:
  219.         log.fatal('Did not get EXPIRING control in response')
  220.         assert False
  221.  
  222.     if int(ctrls[0].timeBeforeExpiration) < 50:
  223.         log.fatal('Got unexpected value for timeBeforeExpiration: {}'.format(ctrls[0].timeBeforeExpiration))
  224.         assert False
  225.  
  226.     log.info('Warning has been sent, try the bind again, and recheck the expiring time')
  227.     time.sleep(5)
  228.     ctrls = bind_and_get_control(topo)
  229.     if ctrls is None or len(ctrls) == 0:
  230.         log.fatal('Did not get EXPIRING control in resposne')
  231.         assert False
  232.  
  233.     if int(ctrls[0].timeBeforeExpiration) > 50:
  234.         log.fatal('Got unexpected value for timeBeforeExpiration: {}'.format(ctrls[0].timeBeforeExpiration))
  235.         assert False
  236.  
  237. if __name__ == '__main__':
  238.     # Run isolated
  239.     # -s for DEBUG mode
  240.     CURRENT_FILE = os.path.realpath(__file__)
  241.     pytest.main("-s %s" % CURRENT_FILE)
RAW Paste Data