Re: [389-devel] please review: Ticket 47703 - Remove search limit for ACI group evaluation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Would it be possible to make a unit test case for this. If you set the 
> sizelimit
> in cn=config to be low, say 5, you could easily make a group that has more
> members, and then evaluate aci behaviour in a unit test?
> 
> If you are busy perhaps that's something I could knock up and test if you were
> happy for me to do so.

So I got bored and wrote a test case for this.

However, this test is clearly broken, as it still works even without your patch
applied.

Do you mind explaining some more about the failure condition so that I can make
a unit test that is able to test this patch properly?

Sincerely,

-- 
William Brown <william@xxxxxxxxxxxxxxxx>
From 65280b4d4c06f1c39fbf7759780b7c883f90aae9 Mon Sep 17 00:00:00 2001
From: William Brown <william@xxxxxxxxxxxxxxxx>
Date: Fri, 7 Aug 2015 15:47:58 +0930
Subject: [PATCH] dirsrvtests/tickets/ticket47703_test.py

---
 dirsrvtests/tickets/ticket47703_test.py | 111 ++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 dirsrvtests/tickets/ticket47703_test.py

diff --git a/dirsrvtests/tickets/ticket47703_test.py b/dirsrvtests/tickets/ticket47703_test.py
new file mode 100644
index 0000000..a291e1c
--- /dev/null
+++ b/dirsrvtests/tickets/ticket47703_test.py
@@ -0,0 +1,111 @@
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+from lib389 import DirSrv, Entry, tools, tasks
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from lib389.utils import *
+
+logging.getLogger(__name__).setLevel(logging.DEBUG)
+log = logging.getLogger(__name__)
+
+installation1_prefix = None
+
+TEST_BINDPW = 'uircaeirlgeuicrau'
+
+class TopologyStandalone(object):
+    def __init__(self, standalone):
+        standalone.open()
+        self.standalone = standalone
+
+
+@pytest.fixture(scope="module")
+def topology(request):
+    global installation1_prefix
+    if installation1_prefix:
+        args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+
+    # Creating standalone instance ...
+    standalone = DirSrv(verbose=False)
+    args_instance[SER_HOST] = HOST_STANDALONE
+    args_instance[SER_PORT] = PORT_STANDALONE
+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+    args_standalone = args_instance.copy()
+    standalone.allocate(args_standalone)
+    instance_standalone = standalone.exists()
+    if instance_standalone:
+        standalone.delete()
+    standalone.create()
+    standalone.open()
+
+    # Clear out the tmp dir
+    standalone.clearTmpDir(__file__)
+
+    return TopologyStandalone(standalone)
+
+
+def test_ticket47703(topology):
+    '''
+    Write your testcase here...
+    '''
+    # Create 6 users
+    users = []
+    for i in range(1, 7):
+        topology.standalone.setupBindDN('uid=test%s,%s' % (i, DEFAULT_SUFFIX), TEST_BINDPW)
+        users.append('uid=test%s,%s' % (i, DEFAULT_SUFFIX))
+    # Create a group and add them all as uniqueMembers
+    TEST_USER = users[0]
+    gentry = Entry('cn=testgroup,%s' % DEFAULT_SUFFIX)
+    gentry.setValues('objectclass', 'top', 'groupOfUniqueNames')
+    gentry.setValues('cn', 'testgroup')
+    gentry.setValues('uniqueMember', users)
+    topology.standalone.add_s(gentry)
+    # Create a target object of some kind
+    tentry = Entry('cn=target,%s' % DEFAULT_SUFFIX)
+    tentry.setValues('objectClass', 'top', 'groupOfUniqueNames')
+    tentry.setValues('cn', 'target')
+    # Create an aci on the target object from the group
+    tentry.setValues('aci', """(targetattr ="uniqueMember")(targetfilter ="(cn=target)")(version 3.0;acl "Test ACI";allow (write)(groupdn = "ldap:///%s";);)""" % gentry.dn)
+    topology.standalone.add_s(tentry)
+    # Limit the search size to 5
+    topology.standalone.config.set('nsslapd-sizelimit', '5')
+    # Restart the instance
+    topology.standalone.restart(300)
+    # Now test the behaviour! The aci should be enforced even though it exceeds the sizelimit
+    topology.standalone.simple_bind_s(TEST_USER, TEST_BINDPW)
+    try:
+        topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(objectClass=*)' )
+    except ldap.SIZELIMIT_EXCEEDED:
+        assert True
+    # We are now bound as the test_user, so lets see if the aci works
+    topology.standalone.modify_s(tentry.dn, [(ldap.MOD_ADD, 'uniqueMember', TEST_USER)])
+    assert True
+    log.info('Test complete')
+
+
+def test_ticket47703_final(topology):
+    topology.standalone.db2ldif(bename='userRoot', suffixes=[DEFAULT_SUFFIX], excludeSuffixes=[], encrypt=False, repl_data=False, outputfile='%s/ldif/%s.ldif' % (topology.standalone.dbdir, SERVERID_STANDALONE ))
+    topology.standalone.clearBackupFS()
+    topology.standalone.backupFS()
+    topology.standalone.delete()
+    log.info('Testcase PASSED')
+
+
+def run_isolated():
+    global installation1_prefix
+    installation1_prefix = None
+
+    topo = topology(True)
+    test_ticket47703(topo)
+    test_ticket47703_final(topo)
+
+
+if __name__ == '__main__':
+    run_isolated()
+
-- 
2.4.3


import os
import sys
import time
import ldap
import logging
import pytest
from lib389 import DirSrv, Entry, tools, tasks
from lib389.tools import DirSrvTools
from lib389._constants import *
from lib389.properties import *
from lib389.tasks import *
from lib389.utils import *

logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)

installation1_prefix = None

TEST_BINDPW = 'uircaeirlgeuicrau'

class TopologyStandalone(object):
    def __init__(self, standalone):
        standalone.open()
        self.standalone = standalone


@pytest.fixture(scope="module")
def topology(request):
    global installation1_prefix
    if installation1_prefix:
        args_instance[SER_DEPLOYED_DIR] = installation1_prefix

    # Creating standalone instance ...
    standalone = DirSrv(verbose=False)
    args_instance[SER_HOST] = HOST_STANDALONE
    args_instance[SER_PORT] = PORT_STANDALONE
    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
    args_standalone = args_instance.copy()
    standalone.allocate(args_standalone)
    instance_standalone = standalone.exists()
    if instance_standalone:
        standalone.delete()
    standalone.create()
    standalone.open()

    # Clear out the tmp dir
    standalone.clearTmpDir(__file__)

    return TopologyStandalone(standalone)


def test_ticket47703(topology):
    '''
    Write your testcase here...
    '''
    # Create 6 users
    users = []
    for i in range(1, 7):
        topology.standalone.setupBindDN('uid=test%s,%s' % (i, DEFAULT_SUFFIX), TEST_BINDPW)
        users.append('uid=test%s,%s' % (i, DEFAULT_SUFFIX))
    # Create a group and add them all as uniqueMembers
    TEST_USER = users[0]
    gentry = Entry('cn=testgroup,%s' % DEFAULT_SUFFIX)
    gentry.setValues('objectclass', 'top', 'groupOfUniqueNames')
    gentry.setValues('cn', 'testgroup')
    gentry.setValues('uniqueMember', users)
    topology.standalone.add_s(gentry)
    # Create a target object of some kind
    tentry = Entry('cn=target,%s' % DEFAULT_SUFFIX)
    tentry.setValues('objectClass', 'top', 'groupOfUniqueNames')
    tentry.setValues('cn', 'target')
    # Create an aci on the target object from the group
    tentry.setValues('aci', """(targetattr ="uniqueMember")(targetfilter ="(cn=target)")(version 3.0;acl "Test ACI";allow (write)(groupdn = "ldap:///%s";);)""" % gentry.dn)
    topology.standalone.add_s(tentry)
    # Limit the search size to 5
    topology.standalone.config.set('nsslapd-sizelimit', '5')
    # Restart the instance
    topology.standalone.restart(300)
    # Now test the behaviour! The aci should be enforced even though it exceeds the sizelimit
    topology.standalone.simple_bind_s(TEST_USER, TEST_BINDPW)
    try:
        topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(objectClass=*)' )
    except ldap.SIZELIMIT_EXCEEDED:
        assert True
    # We are now bound as the test_user, so lets see if the aci works
    topology.standalone.modify_s(tentry.dn, [(ldap.MOD_ADD, 'uniqueMember', TEST_USER)])
    assert True
    log.info('Test complete')


def test_ticket47703_final(topology):
    topology.standalone.db2ldif(bename='userRoot', suffixes=[DEFAULT_SUFFIX], excludeSuffixes=[], encrypt=False, repl_data=False, outputfile='%s/ldif/%s.ldif' % (topology.standalone.dbdir, SERVERID_STANDALONE ))
    topology.standalone.clearBackupFS()
    topology.standalone.backupFS()
    topology.standalone.delete()
    log.info('Testcase PASSED')


def run_isolated():
    global installation1_prefix
    installation1_prefix = None

    topo = topology(True)
    test_ticket47703(topo)
    test_ticket47703_final(topo)


if __name__ == '__main__':
    run_isolated()


--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux