From 92e4fde1f6d7f703b3741fe9ea13207025420f5c Mon Sep 17 00:00:00 2001 From: William Brown Date: Wed, 26 Oct 2016 11:43:41 +1000 Subject: [PATCH] Ticket 49017 - Various minor test failures Bug Description: There were a number of tests failing on my system: * pwdPolicy * range_search * basic The source of the issues: * basis test didn't isolate tests from each other so a test failure with SNMP agent caused other DSE tests to fail * range_search was not detecting presence of valgrind previously. * range_search was logging an error for NSS that was misformated * range_search was not chmodding the correct cert9,key4 and pkcs11 files * pwdPolicy was not using the correct paths for sbin Fix Description: * Add better isolation to basic test * Fix the NSS log format in ssl.c * Fix the chmod for the new NSS db format * Update the pwdPolicy test to correctly use the sbin paths https://fedorahosted.org/389/ticket/49017 Author: wibrown Review by: ??? --- dirsrvtests/tests/suites/basic/basic_test.py | 4 ++ .../tests/suites/memory_leaks/range_search_test.py | 2 +- .../suites/password/pwdPolicy_attribute_test.py | 6 +- .../password/pwdPolicy_inherit_global_test.py | 3 +- .../suites/password/pwdPolicy_warning_test.py | 3 +- ldap/servers/slapd/ssl.c | 81 ++++++++++++++-------- 6 files changed, 66 insertions(+), 33 deletions(-) diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py index 1033fd6..209bab9 100644 --- a/dirsrvtests/tests/suites/basic/basic_test.py +++ b/dirsrvtests/tests/suites/basic/basic_test.py @@ -101,6 +101,8 @@ def rootdse_attr(topology, request): """Adds an attr from the list as the default attr to the rootDSE """ + # Ensure the server is started and connected + topology.standalone.start() RETURN_DEFAULT_OPATTR = "nsslapd-return-default-opattr" rootdse_attr_name = request.param @@ -712,6 +714,8 @@ def test_def_rootdse_attr(topology, import_example_ldif, rootdse_attr_name): are not returned by default in rootDSE searches """ + topology.standalone.start() + log.info(" Assert rootdse search hasn't %s attr" % rootdse_attr_name) try: entries = topology.standalone.search_s("", ldap.SCOPE_BASE) diff --git a/dirsrvtests/tests/suites/memory_leaks/range_search_test.py b/dirsrvtests/tests/suites/memory_leaks/range_search_test.py index 014ea51..d8d591f 100644 --- a/dirsrvtests/tests/suites/memory_leaks/range_search_test.py +++ b/dirsrvtests/tests/suites/memory_leaks/range_search_test.py @@ -56,8 +56,8 @@ def topology(request): def fin(): standalone.delete() - sbin_dir = standalone.get_sbin_dir() if not standalone.has_asan(): + sbin_dir = standalone.get_sbin_dir() valgrind_disable(sbin_dir) request.addfinalizer(fin) diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py index 023f508..b474f61 100644 --- a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py +++ b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py @@ -116,7 +116,8 @@ def password_policy(topology, test_user): log.info('Create password policy for subtree {}'.format(OU_PEOPLE)) try: - subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, + subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(), + '-D', DN_DM, '-w', PASSWORD, '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE]) except subprocess.CalledProcessError as e: @@ -137,7 +138,8 @@ def password_policy(topology, test_user): log.info('Create password policy for subtree {}'.format(TEST_USER_DN)) try: - subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, + subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(), + '-D', DN_DM, '-w', PASSWORD, '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE]) except subprocess.CalledProcessError as e: diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py index 162efe7..67127e5 100644 --- a/dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py +++ b/dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py @@ -128,7 +128,8 @@ def password_policy(topology, test_user): log.info('Create password policy for subtree {}'.format(OU_PEOPLE)) try: - subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, + subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(), + '-D', DN_DM, '-w', PASSWORD, '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE]) except subprocess.CalledProcessError as e: diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py index d064783..4647e24 100644 --- a/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py +++ b/dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py @@ -205,7 +205,8 @@ def local_policy(topology, add_user): log.info("Setting fine grained policy for user ({:s})".format(USER_DN)) try: - subprocess.call(['/usr/sbin/ns-newpwpolicy.pl', '-D', DN_DM, + subprocess.call(['%s/ns-newpwpolicy.pl' % topology.standalone.get_sbin_dir(), + '-D', DN_DM, '-w', PASSWORD, '-h', HOST_STANDALONE, '-p', str(PORT_STANDALONE), '-U', USER_DN, '-Z', SERVERID_STANDALONE]) diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c index 0b18922..016352b 100644 --- a/ldap/servers/slapd/ssl.c +++ b/ldap/servers/slapd/ssl.c @@ -1196,9 +1196,6 @@ slapd_nss_init(int init_ssl, int config_available) int create_certdb = 0; PRUint32 nssFlags = 0; char *certdir; - char *certdb_file_name = NULL; - char *keydb_file_name = NULL; - char *secmoddb_file_name = NULL; #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */ char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH]; /* Get the range of the supported SSL version */ @@ -1271,34 +1268,62 @@ slapd_nss_init(int init_ssl, int config_available) return -1; } - /* NSS creates the certificate db files with a mode of 600. There - * is no way to pass in a mode to use for creation to NSS, so we - * need to modify it after creation. We need to allow read and - * write permission to the group so the certs can be managed via - * the console/adminserver. */ - if (create_certdb) { - certdb_file_name = slapi_ch_smprintf("%s/cert8.db", certdir); - keydb_file_name = slapi_ch_smprintf("%s/key3.db", certdir); - secmoddb_file_name = slapi_ch_smprintf("%s/secmod.db", certdir); - if(chmod(certdb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ - slapi_log_err(SLAPI_LOG_ERR, "Security Initialization - slapd_nss_init: chmod failed for file %s error (%d) %s.\n", - certdb_file_name, errno, slapd_system_strerror(errno)); - } - if(chmod(keydb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ - slapi_log_err(SLAPI_LOG_ERR, "Security Initialization - slapd_nss_init: chmod failed for file %s error (%d) %s.\n", - keydb_file_name, errno, slapd_system_strerror(errno)); - } - if(chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ - slapi_log_err(SLAPI_LOG_ERR, "Security Initialization - slapd_nss_init: chmod failed for file %s error (%d) %s.\n", - secmoddb_file_name, errno, slapd_system_strerror(errno)); - } - } + /* NSS creates the certificate db files with a mode of 600. There + * is no way to pass in a mode to use for creation to NSS, so we + * need to modify it after creation. We need to allow read and + * write permission to the group so the certs can be managed via + * the console/adminserver. */ + if (create_certdb) { + char *cert8db_file_name = NULL; + char *cert9db_file_name = NULL; + char *key3db_file_name = NULL; + char *key4db_file_name = NULL; + char *secmoddb_file_name = NULL; + char *pkcs11txt_file_name = NULL; + + + cert8db_file_name = slapi_ch_smprintf("%s/cert8.db", certdir); + cert9db_file_name = slapi_ch_smprintf("%s/cert9.db", certdir); + key3db_file_name = slapi_ch_smprintf("%s/key3.db", certdir); + key4db_file_name = slapi_ch_smprintf("%s/key4.db", certdir); + secmoddb_file_name = slapi_ch_smprintf("%s/secmod.db", certdir); + pkcs11txt_file_name = slapi_ch_smprintf("%s/pkcs11.txt", certdir); + + if(chmod(cert8db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + cert8db_file_name, errno, slapd_system_strerror(errno)); + } + if(chmod(cert9db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + cert9db_file_name, errno, slapd_system_strerror(errno)); + } + if(chmod(key3db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + key3db_file_name, errno, slapd_system_strerror(errno)); + } + if(chmod(key4db_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + key4db_file_name, errno, slapd_system_strerror(errno)); + } + if(chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + secmoddb_file_name, errno, slapd_system_strerror(errno)); + } + if(chmod(pkcs11txt_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + slapi_log_err(SLAPI_LOG_WARNING, "Security Initialization", "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + pkcs11txt_file_name, errno, slapd_system_strerror(errno)); + } + + slapi_ch_free_string(&cert8db_file_name); + slapi_ch_free_string(&cert9db_file_name); + slapi_ch_free_string(&key3db_file_name); + slapi_ch_free_string(&key4db_file_name); + slapi_ch_free_string(&secmoddb_file_name); + slapi_ch_free_string(&pkcs11txt_file_name); + } /****** end of NSS Initialization ******/ _nss_initialized = 1; - slapi_ch_free_string(&certdb_file_name); - slapi_ch_free_string(&keydb_file_name); - slapi_ch_free_string(&secmoddb_file_name); slapi_ch_free_string(&certdir); return rv; } -- 1.8.3.1