| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 |
- # --- BEGIN COPYRIGHT BLOCK ---
- # Copyright (C) 2016 Red Hat, Inc.
- # All rights reserved.
- #
- # License: GPL (version 3 or any later version).
- # See LICENSE for details.
- # --- END COPYRIGHT BLOCK ---
- #
- import logging
- import pytest
- from lib389.tasks import *
- from lib389.topologies import topology_st
- logging.getLogger(__name__).setLevel(logging.DEBUG)
- log = logging.getLogger(__name__)
- def test_ticket365(topology_st):
- '''
- Write your testcase here...
- nsslapd-auditlog-logging-hide-unhashed-pw
- and test
- nsslapd-unhashed-pw-switch ticket 561
- on, off, nolog?
- '''
- USER_DN = 'uid=test_entry,' + DEFAULT_SUFFIX
- #
- # Add the test entry
- #
- try:
- topology_st.standalone.add_s(Entry((USER_DN, {
- 'objectclass': 'top extensibleObject'.split(),
- 'uid': 'test_entry',
- 'userpassword': 'password'
- })))
- except ldap.LDAPError as e:
- log.error('Failed to add test user: error ' + e.message['desc'])
- assert False
- #
- # Enable the audit log
- #
- try:
- topology_st.standalone.modify_s(DN_CONFIG,
- [(ldap.MOD_REPLACE,
- 'nsslapd-auditlog-logging-enabled',
- 'on')])
- except ldap.LDAPError as e:
- log.fatal('Failed to enable audit log, error: ' + e.message['desc'])
- assert False
- '''
- try:
- ent = topology_st.standalone.getEntry(DN_CONFIG, attrlist=[
- 'nsslapd-instancedir',
- 'nsslapd-errorlog',
- 'nsslapd-accesslog',
- 'nsslapd-certdir',
- 'nsslapd-schemadir'])
- '''
- #
- # Allow the unhashed password to be written to audit log
- #
- try:
- topology_st.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
- 'nsslapd-auditlog-logging-hide-unhashed-pw', 'off')])
- except ldap.LDAPError as e:
- log.fatal('Failed to enable writing unhashed password to audit log, ' +
- 'error: ' + e.message['desc'])
- assert False
- #
- # Set new password, and check the audit log
- #
- try:
- topology_st.standalone.modify_s(USER_DN, [(ldap.MOD_REPLACE,
- 'userpassword',
- 'mypassword')])
- except ldap.LDAPError as e:
- log.fatal('Failed to enable writing unhashed password to audit log, ' +
- 'error: ' + e.message['desc'])
- assert False
- # Check audit log
- time.sleep(1)
- if not topology_st.standalone.searchAuditLog('unhashed#user#password: mypassword'):
- log.fatal('failed to find unhashed password in auditlog')
- assert False
- #
- # Hide unhashed password in audit log
- #
- try:
- topology_st.standalone.modify_s(DN_CONFIG,
- [(ldap.MOD_REPLACE,
- 'nsslapd-auditlog-logging-hide-unhashed-pw',
- 'on')])
- except ldap.LDAPError as e:
- log.fatal('Failed to deny writing unhashed password to audit log, ' +
- 'error: ' + e.message['desc'])
- assert False
- log.info('Test complete')
- #
- # Modify password, and check the audit log
- #
- try:
- topology_st.standalone.modify_s(USER_DN, [(ldap.MOD_REPLACE,
- 'userpassword',
- 'hidepassword')])
- except ldap.LDAPError as e:
- log.fatal('Failed to enable writing unhashed password to audit log, ' +
- 'error: ' + e.message['desc'])
- assert False
- # Check audit log
- time.sleep(1)
- if topology_st.standalone.searchAuditLog('unhashed#user#password: hidepassword'):
- log.fatal('Found unhashed password in auditlog')
- assert False
- log.info('Test complete')
- if __name__ == '__main__':
- # Run isolated
- # -s for DEBUG mode
- CURRENT_FILE = os.path.realpath(__file__)
- pytest.main("-s %s" % CURRENT_FILE)
|
