Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

# Authors: 

#   Rob Crittenden <rcritten@redhat.com> 

#   Pavel Zuna <pzuna@redhat.com> 

# 

# Copyright (C) 2010  Red Hat 

# see file 'COPYING' for use and warranty information 

# 

# This program is free software; you can redistribute it and/or modify 

# it under the terms of the GNU General Public License as published by 

# the Free Software Foundation, either version 3 of the License, or 

# (at your option) any later version. 

# 

# This program is distributed in the hope that it will be useful, 

# but WITHOUT ANY WARRANTY; without even the implied warranty of 

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 

# GNU General Public License for more details. 

# 

# You should have received a copy of the GNU General Public License 

# along with this program.  If not, see <http://www.gnu.org/licenses/>. 

""" 

Test the `ipalib/plugins/pwpolicy.py` module. 

""" 

 

import sys 

from nose.tools import assert_raises  # pylint: disable=E0611 

 

from xmlrpc_test import XMLRPC_test, assert_attr_equal 

from ipalib import api 

from ipalib import errors 

 

 

class test_pwpolicy(XMLRPC_test): 

    """ 

    Test the `pwpolicy` plugin. 

    """ 

    group = u'testgroup12' 

    group2 = u'testgroup22' 

    group3 = u'testgroup32' 

    user = u'testuser12' 

    kw = {'cospriority': 1, 'krbminpwdlife': 30, 'krbmaxpwdlife': 40, 'krbpwdhistorylength': 5, 'krbpwdminlength': 6 } 

    kw2 = {'cospriority': 2, 'krbminpwdlife': 40, 'krbmaxpwdlife': 60, 'krbpwdhistorylength': 8, 'krbpwdminlength': 9 } 

    kw3 = {'cospriority': 10, 'krbminpwdlife': 50, 'krbmaxpwdlife': 30, 'krbpwdhistorylength': 3, 'krbpwdminlength': 4 } 

    global_policy = u'global_policy' 

 

    def test_1_pwpolicy_add(self): 

        """ 

        Test adding a per-group policy using the `xmlrpc.pwpolicy_add` method. 

        """ 

        # First set up a group and user that will use this policy 

        self.failsafe_add( 

            api.Object.group, self.group, description=u'pwpolicy test group', 

        ) 

        self.failsafe_add( 

            api.Object.user, self.user, givenname=u'Test', sn=u'User' 

        ) 

        api.Command.group_add_member(self.group, user=self.user) 

 

        entry = api.Command['pwpolicy_add'](self.group, **self.kw)['result'] 

        assert_attr_equal(entry, 'krbminpwdlife', '30') 

        assert_attr_equal(entry, 'krbmaxpwdlife', '40') 

        assert_attr_equal(entry, 'krbpwdhistorylength', '5') 

        assert_attr_equal(entry, 'krbpwdminlength', '6') 

        assert_attr_equal(entry, 'cospriority', '1') 

 

    def test_2_pwpolicy_add(self): 

        """ 

        Add a policy with a already used priority. 

 

        The priority validation is done first, so it's OK that the group 

        is the same here. 

        """ 

        try: 

            api.Command['pwpolicy_add'](self.group, **self.kw) 

        except errors.ValidationError: 

            pass 

        else: 

            assert False 

 

    def test_3_pwpolicy_add(self): 

        """ 

        Add a policy that already exists. 

        """ 

        try: 

            # cospriority needs to be unique 

            self.kw['cospriority'] = 3 

            api.Command['pwpolicy_add'](self.group, **self.kw) 

        except errors.DuplicateEntry: 

            pass 

        else: 

            assert False 

 

    def test_4_pwpolicy_add(self): 

        """ 

        Test adding another per-group policy using the `xmlrpc.pwpolicy_add` method. 

        """ 

        self.failsafe_add( 

            api.Object.group, self.group2, description=u'pwpolicy test group 2' 

        ) 

        entry = api.Command['pwpolicy_add'](self.group2, **self.kw2)['result'] 

        assert_attr_equal(entry, 'krbminpwdlife', '40') 

        assert_attr_equal(entry, 'krbmaxpwdlife', '60') 

        assert_attr_equal(entry, 'krbpwdhistorylength', '8') 

        assert_attr_equal(entry, 'krbpwdminlength', '9') 

        assert_attr_equal(entry, 'cospriority', '2') 

 

    def test_5_pwpolicy_add(self): 

        """ 

        Add a pwpolicy for a non-existent group 

        """ 

        try: 

            api.Command['pwpolicy_add'](u'nopwpolicy', cospriority=1, krbminpwdlife=1) 

        except errors.NotFound: 

            pass 

        else: 

            assert False 

 

    def test_6_pwpolicy_show(self): 

        """ 

        Test the `xmlrpc.pwpolicy_show` method with global policy. 

        """ 

        entry = api.Command['pwpolicy_show']()['result'] 

        # Note that this assumes an unchanged global policy 

        assert_attr_equal(entry, 'krbminpwdlife', '1') 

        assert_attr_equal(entry, 'krbmaxpwdlife', '90') 

        assert_attr_equal(entry, 'krbpwdhistorylength', '0') 

        assert_attr_equal(entry, 'krbpwdminlength', '8') 

 

    def test_7_pwpolicy_show(self): 

        """ 

        Test the `xmlrpc.pwpolicy_show` method. 

        """ 

        entry = api.Command['pwpolicy_show'](self.group)['result'] 

        assert_attr_equal(entry, 'krbminpwdlife', '30') 

        assert_attr_equal(entry, 'krbmaxpwdlife', '40') 

        assert_attr_equal(entry, 'krbpwdhistorylength', '5') 

        assert_attr_equal(entry, 'krbpwdminlength', '6') 

        assert_attr_equal(entry, 'cospriority', '1') 

 

    def test_8_pwpolicy_mod(self): 

        """ 

        Test the `xmlrpc.pwpolicy_mod` method for global policy. 

        """ 

        entry = api.Command['pwpolicy_mod'](krbminpwdlife=50)['result'] 

        assert_attr_equal(entry, 'krbminpwdlife', '50') 

 

        # Great, now change it back 

        entry = api.Command['pwpolicy_mod'](krbminpwdlife=1)['result'] 

        assert_attr_equal(entry, 'krbminpwdlife', '1') 

 

    def test_9_pwpolicy_mod(self): 

        """ 

        Test the `xmlrpc.pwpolicy_mod` method. 

        """ 

        entry = api.Command['pwpolicy_mod'](self.group, krbminpwdlife=50)['result'] 

        assert_attr_equal(entry, 'krbminpwdlife', '50') 

 

    def test_a_pwpolicy_managed(self): 

        """ 

        Test adding password policy to a managed group. 

        """ 

        try: 

            entry = api.Command['pwpolicy_add'](self.user, krbminpwdlife=50, cospriority=2)['result'] 

        except errors.ManagedPolicyError: 

            pass 

        else: 

            assert False 

 

    def test_b_pwpolicy_add(self): 

        """ 

        Test adding a third per-group policy using the `xmlrpc.pwpolicy_add` method. 

        """ 

        self.failsafe_add( 

            api.Object.group, self.group3, description=u'pwpolicy test group 3' 

        ) 

        entry = api.Command['pwpolicy_add'](self.group3, **self.kw3)['result'] 

        assert_attr_equal(entry, 'krbminpwdlife', '50') 

        assert_attr_equal(entry, 'krbmaxpwdlife', '30') 

        assert_attr_equal(entry, 'krbpwdhistorylength', '3') 

        assert_attr_equal(entry, 'krbpwdminlength', '4') 

        assert_attr_equal(entry, 'cospriority', '10') 

 

    def test_c_pwpolicy_find(self): 

        """Test that password policies are sorted and reported properly""" 

        result = api.Command['pwpolicy_find']()['result'] 

        assert len(result) == 4 

 

        # Test that policies are sorted in numerical order 

        assert result[0]['cn'] == (self.group,) 

        assert result[1]['cn'] == (self.group2,) 

        assert result[2]['cn'] == (self.group3,) 

        assert result[3]['cn'] == ('global_policy',) 

 

        # Test that returned values match the arguments 

        # Only test the second and third results; the first one was modified 

        for entry, expected in (result[1], self.kw2), (result[2], self.kw3): 

            for name, value in expected.iteritems(): 

                assert_attr_equal(entry, name, str(value)) 

 

    def test_c_pwpolicy_find_pkey_only(self): 

        """Test that password policies are sorted properly with --pkey-only""" 

        result = api.Command['pwpolicy_find'](pkey_only=True)['result'] 

        assert len(result) == 4 

        assert result[0]['cn'] == (self.group,) 

        assert result[1]['cn'] == (self.group2,) 

        assert result[2]['cn'] == (self.group3,) 

        assert result[3]['cn'] == ('global_policy',) 

 

    def test_d_pwpolicy_show(self): 

        """Test that deleting a group removes its pwpolicy""" 

        api.Command['group_del'](self.group3) 

        with assert_raises(errors.NotFound): 

            api.Command['pwpolicy_show'](self.group3) 

 

    def test_e_pwpolicy_del(self): 

        """ 

        Test the `xmlrpc.pwpolicy_del` method. 

        """ 

        api.Command['pwpolicy_del'](self.group) 

        # Verify that it is gone 

        try: 

            api.Command['pwpolicy_show'](self.group) 

        except errors.NotFound: 

            pass 

        else: 

            assert False 

 

        # Verify that global policy cannot be deleted 

        try: 

            api.Command['pwpolicy_del'](self.global_policy) 

        except errors.ValidationError: 

            pass 

        else: 

            assert False 

        try: 

            api.Command['pwpolicy_show'](self.global_policy) 

        except errors.NotFound: 

            assert False 

 

        # Remove the groups we created 

        api.Command['group_del'](self.group) 

        api.Command['group_del'](self.group2) 

 

        # Remove the user we created 

        api.Command['user_del'](self.user)