Diff from rootdn-allow-ip-wildcards to master - fork/yrro/389-ds-base

yrro / 389-ds-base

Forked from 389-ds-base 4 years ago

Source
Stats

Diff

2 commits, 2 files changed

+72 -1

Files Changed 2
Commits 2

WIP tests

Sam Morris • 4 years ago

f726116

Issue 50800 - Fix parsing of wildcards in rootdn-allow-ip attribute

Sam Morris • 4 years ago

28a6e84

dirsrvtests/tests/suites/plugins/rootdn_plugin_test.py

file modified

+71

		`@@ -219,6 +219,41 @@`
		`rootdn_bind(topology_st.standalone, uri=uri)`


		`+ def test_rootdn_access_denied_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):`
		`+ """Test denied IP feature with a wildcard`
		`+`
		`+ :id: 73c74f62-9ac2-4bb6-8a63-bacc8d8bbf93`
		`+ :setup: Standalone instance, rootdn plugin set up`
		`+ :steps:`
		`+ 1. Set rootdn-deny-ip to '127.*'`
		`+ 2. Bind as Root DN`
		`+ 3. Change the denied IP so root DN succeeds`
		`+ 4. Bind as Root DN`
		`+ :expectedresults:`
		`+ 1. Success`
		`+ 2. Should fail`
		`+ 3. Success`
		`+ 4. Success`
		`+ """`
		`+`
		`+ log.info('Running test_rootdn_access_denied_ip_wildcard...')`
		`+`
		`+ plugin.add_deny_ip('127.*')`
		`+ time.sleep(.5)`
		`+`
		`+ # Bind as root DN - should fail`
		`+ uri = 'ldap://{}:{}'.format('127.0.0.1', topology_st.standalone.port)`
		`+ with pytest.raises(ldap.UNWILLING_TO_PERFORM):`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+`
		`+ # Change the denied IP so root DN succeeds`
		`+ plugin.apply_mods([(ldap.MOD_REPLACE, 'rootdn-deny-ip', '255.255.255.255')])`
		`+ time.sleep(.5)`
		`+`
		`+ # Bind should succeed`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+`
		`+`
		`def test_rootdn_access_denied_host(topology_st, rootdn_setup, rootdn_cleanup):`
		`"""Test denied Host feature - we can just test denying localhost`

		`@@ -293,6 +328,42 @@`
		`rootdn_bind(topology_st.standalone, uri=uri)`


		`+ def test_rootdn_access_allowed_ip_wildcard(topology_st, rootdn_setup, rootdn_cleanup):`
		`+ """Test allowed ip feature`
		`+`
		`+ :id: c3e22c61-9ed2-4e89-8243-6ff686ecad9b`
		`+ :setup: Standalone instance, rootdn plugin set up`
		`+ :steps:`
		`+ 1. Set allowed ip to 255.255.255.255 - blocks the Root DN`
		`+ 2. Bind as Root DN`
		`+ 3. Allow 127.*`
		`+ 4. Bind as Root DN`
		`+ :expectedresults:`
		`+ 1. Success`
		`+ 2. Should fail`
		`+ 3. Success`
		`+ 4. Success`
		`+ """`
		`+`
		`+ log.info('Running test_rootdn_access_allowed_ip...')`
		`+`
		`+ # Set allowed ip to 255.255.255.255 - blocks the Root DN`
		`+ plugin.add_allow_ip('255.255.255.255')`
		`+ time.sleep(.5)`
		`+`
		`+ # Bind as Root DN - should fail`
		`+ uri = 'ldap://{}:{}'.format(localhost, topology_st.standalone.port)`
		`+ with pytest.raises(ldap.UNWILLING_TO_PERFORM):`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+`
		`+ # Allow localhost`
		`+ plugin.add_allow_ip('127.*')`
		`+ time.sleep(.5)`
		`+`
		`+ # Bind should succeed`
		`+ rootdn_bind(topology_st.standalone, uri=uri)`
		`+`
		`+`
		`def test_rootdn_access_allowed_host(topology_st, rootdn_setup, rootdn_cleanup):`
		`"""Test allowed host feature`

ldap/servers/plugins/rootdn_access/rootdn_access.c

file modified

+1 -1

		`@@ -371,7 +371,7 @@`
		`}`
		`if (ips_tmp) {`
		`for (i = 0; ips_tmp[i] != NULL; i++) {`
		`- end = strspn(ips_tmp[i], "0123456789:ABCDEFabcdef.");`
		`+ end = strspn(ips_tmp[i], "0123456789:ABCDEFabcdef.*");`
		`if (!end \|\| ips_tmp[i][end] != '\0') {`
		`slapi_log_err(SLAPI_LOG_ERR, ROOTDN_PLUGIN_SUBSYSTEM, "rootdn_load_config - "`
		`"IP address contains invalid characters (%s), skipping\n",`

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

yrro / 389-ds-base

Source Code

Diff 2 commits, 2 files changed +72 -1

Diff

2 commits, 2 files changed

+72 -1