Ticket 49017 - Various minor test failures

Bug Description:

There were a number of tests failing on my system:

* pwdPolicy
* range_search
* basic

The source of the issues:

* basis test didn't isolate tests from each other so a test failure with SNMP agent caused other DSE tests to fail
* range_search was not detecting presence of valgrind previously.
* range_search was logging an error for NSS that was misformated
* range_search was not chmodding the correct cert9,key4 and pkcs11 files
* pwdPolicy was not using the correct paths for sbin

Fix Description:

* Add better isolation to basic test
* Fix the NSS log format in ssl.c
* Fix the chmod for the new NSS db format
* Update the pwdPolicy test to correctly use the sbin paths

https://fedorahosted.org/389/ticket/49017

Author: wibrown

Review by: mreynolds (Thanks!)

dirsrvtests/tests/suites/basic/basic_test.py

@@ -101,6 +101,8 @@ def rootdse_attr(topology, request):
     """Adds an attr from the list
     as the default attr to the rootDSE
     """
+    # Ensure the server is started and connected
+    topology.standalone.start()
 
     RETURN_DEFAULT_OPATTR = "nsslapd-return-default-opattr"
     rootdse_attr_name = request.param
@@ -712,6 +714,8 @@ def test_def_rootdse_attr(topology, import_example_ldif, rootdse_attr_name):
     are not returned by default in rootDSE searches
     """
 
+    topology.standalone.start()
+
     log.info("        Assert rootdse search hasn't %s attr" % rootdse_attr_name)
     try:
         entries = topology.standalone.search_s("", ldap.SCOPE_BASE)

dirsrvtests/tests/suites/memory_leaks/range_search_test.py

@@ -56,8 +56,8 @@ def topology(request):
 
     def fin():
         standalone.delete()
-        sbin_dir = standalone.get_sbin_dir()
         if not standalone.has_asan():
+            sbin_dir = standalone.get_sbin_dir()
             valgrind_disable(sbin_dir)
     request.addfinalizer(fin)
 

dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py

@@ -116,7 +116,8 @@ def password_policy(topology, test_user):
 
     log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
     try:
-        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+        subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(),
+                         '-D', DN_DM, '-w', PASSWORD,
                          '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
                          '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
     except subprocess.CalledProcessError as e:
@@ -137,7 +138,8 @@ def password_policy(topology, test_user):
 
     log.info('Create password policy for subtree {}'.format(TEST_USER_DN))
     try:
-        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+        subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(),
+                         '-D', DN_DM, '-w', PASSWORD,
                          '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
                          '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE])
     except subprocess.CalledProcessError as e:

dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py

@@ -128,7 +128,8 @@ def password_policy(topology, test_user):
 
     log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
     try:
-        subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+        subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(),
+                         '-D', DN_DM, '-w', PASSWORD,
                          '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
                          '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
     except subprocess.CalledProcessError as e:

dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py

@@ -205,7 +205,8 @@ def local_policy(topology, add_user):
 
     log.info("Setting fine grained policy for user ({:s})".format(USER_DN))
     try:
-        subprocess.call(['/usr/sbin/ns-newpwpolicy.pl', '-D', DN_DM,
+        subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(),
+                         '-D', DN_DM,
                          '-w', PASSWORD, '-h', HOST_STANDALONE,
                          '-p', str(PORT_STANDALONE), '-U', USER_DN,
                          '-Z', SERVERID_STANDALONE])

ldap/servers/slapd/ssl.c

@@ -1196,9 +1196,6 @@ slapd_nss_init(int init_ssl, int config_available)
 	int create_certdb = 0;
 	PRUint32 nssFlags = 0;
 	char *certdir;
-	char *certdb_file_name = NULL;
-	char *keydb_file_name = NULL;
-	char *secmoddb_file_name = NULL;
 #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
 	char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
 	/* Get the range of the supported SSL version */
@@ -1271,34 +1268,62 @@ slapd_nss_init(int init_ssl, int config_available)
 		return -1;
 	}
 
-	/* NSS creates the certificate db files with a mode of 600.  There
-	 * is no way to pass in a mode to use for creation to NSS, so we
-	 * need to modify it after creation.  We need to allow read and
-	 * write permission to the group so the certs can be managed via
-	 * the console/adminserver. */
-	if (create_certdb) {
-		certdb_file_name = slapi_ch_smprintf("%s/cert8.db", certdir);
-		keydb_file_name = slapi_ch_smprintf("%s/key3.db", certdir);
-		secmoddb_file_name = slapi_ch_smprintf("%s/secmod.db", certdir);
-		if(chmod(certdb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
-			slapi_log_err(SLAPI_LOG_ERR, "Security Initialization - slapd_nss_init: chmod failed for file %s error (%d) %s.\n",
-					certdb_file_name, errno, slapd_system_strerror(errno));
-		}
-		if(chmod(keydb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
-			slapi_log_err(SLAPI_LOG_ERR, "Security Initialization - slapd_nss_init: chmod failed for file %s error (%d) %s.\n",
-					keydb_file_name, errno, slapd_system_strerror(errno));
-		}
-		if(chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
-			slapi_log_err(SLAPI_LOG_ERR, "Security Initialization - slapd_nss_init: chmod failed for file %s error (%d) %s.\n",
-					secmoddb_file_name, errno, slapd_system_strerror(errno));
-		}
-	}
+    /* NSS creates the certificate db files with a mode of 600.  There
+     * is no way to pass in a mode to use for creation to NSS, so we
+     * need to modify it after creation.  We need to allow read and
+     * write permission to the group so the certs can be managed via
+     * the console/adminserver. */
+    if (create_certdb) {
+        char *cert8db_file_name = NULL;
+        char *cert9db_file_name = NULL;
+        char *key3db_file_name = NULL;
+        char *key4db_file_name = NULL;
+        char *secmoddb_file_name = NULL;
+        char *pkcs11txt_file_name = NULL;
+
+
+        cert8db_file_name = slapi_ch_smprintf("%s/cert8.db", certdir);
+        cert9db_file_name = slapi_ch_smprintf("%s/cert9.db", certdir);
+        key3db_file_name = slapi_ch_smprintf("%s/key3.db", certdir);
+        key4db_file_name = slapi_ch_smprintf("%s/key4.db", certdir);
+        secmoddb_file_name = slapi_ch_smprintf("%s/secmod.db", certdir);
+        pkcs11txt_file_name = slapi_ch_smprintf("%s/pkcs11.txt", certdir);
+
+        if(chmod(cert8db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+            slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
+                    cert8db_file_name, errno, slapd_system_strerror(errno));
+        }
+        if(chmod(cert9db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+            slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
+                    cert9db_file_name, errno, slapd_system_strerror(errno));
+        }
+        if(chmod(key3db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+            slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
+                    key3db_file_name, errno, slapd_system_strerror(errno));
+        }
+        if(chmod(key4db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+            slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
+                    key4db_file_name, errno, slapd_system_strerror(errno));
+        }
+        if(chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+            slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
+                    secmoddb_file_name, errno, slapd_system_strerror(errno));
+        }
+        if(chmod(pkcs11txt_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){
+            slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init - chmod failed for file %s error (%d) %s.\n",
+                    pkcs11txt_file_name, errno, slapd_system_strerror(errno));
+        }
+
+        slapi_ch_free_string(&cert8db_file_name);
+        slapi_ch_free_string(&cert9db_file_name);
+        slapi_ch_free_string(&key3db_file_name);
+        slapi_ch_free_string(&key4db_file_name);
+        slapi_ch_free_string(&secmoddb_file_name);
+        slapi_ch_free_string(&pkcs11txt_file_name);
+    }
 
     /****** end of NSS Initialization ******/
     _nss_initialized = 1;
-    slapi_ch_free_string(&certdb_file_name);
-    slapi_ch_free_string(&keydb_file_name);
-    slapi_ch_free_string(&secmoddb_file_name);
     slapi_ch_free_string(&certdir);
     return rv;
 }