Example #1
0
def test_too_big_password(topo, _fix_password):
    """Test for long long password

    :id: 299a3fb4-5a20-11ea-bba8-8c16451d917b
    :setup: Standalone
    :steps:
        1. Setting policy to keep password histories
        2. Changing number of password in history to 3
        3. Modify password from dby3rs1 to dby3rs2
        4. Checking that the passwordhistory attribute has been added
        5. Add a password test for long long password
        6. Changing number of password in history to 6 and passwordhistory off
    :expected results:
        1. Success
        2. Success
        3. Success
        4. Success
        5. Success
        6. Success
    """
    config = Config(topo.standalone)
    # Setting policy to keep password histories
    config.replace_many(('passwordchecksyntax', 'off'),
                        ('passwordhistory', 'on'))
    assert config.get_attr_val_utf8('passwordinhistory') == '6'
    # Changing number of password in history to 3
    config.replace('passwordinhistory', '3')
    # Modify password from dby3rs1 to dby3rs2
    _change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                              'dbyers1', 'dbyers2')
    with pytest.raises(ldap.CONSTRAINT_VIOLATION):
        _change_password_with_own(topo,
                                  f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                                  'dbyers2', 'dbyers1')
    # Checking that the passwordhistory attribute has been added
    assert UserAccount(
        topo.standalone,
        f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}').get_attr_val_utf8(
            'passwordhistory')
    # Add a password test for long long password
    long_pass = 50 * '0123456789' + 'LENGTH=510'
    _change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                              'dbyers2', long_pass)
    with pytest.raises(ldap.CONSTRAINT_VIOLATION):
        _change_password_with_own(topo,
                                  f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                                  long_pass, long_pass)
    _change_password_with_root(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                               'dbyers1')
    # Changing number of password in history to 6 and passwordhistory off
    config.replace_many(('passwordhistory', 'off'), ('passwordinhistory', '6'))
Example #2
0
def test_pwminage(topo, _fix_password):
    """Test pwminage

    :id: 2df7bf32-5a20-11ea-ad23-8c16451d917b
    :setup: Standalone
    :steps:
        1. Get pwminage; should be 0 currently
        2. Sets policy to pwminage 3
        3. Change current password
        4. Try to change password again
        5. Try now after 3 secs is up,  should work.
    :expected results:
        1. Success
        2. Success
        3. Success
        4. Fail
        5. Success
    """
    config = Config(topo.standalone)
    # Get pwminage; should be 0 currently
    assert config.get_attr_val_utf8('passwordminage') == '0'
    # Sets policy to pwminage 3
    config.replace('passwordminage', '3')
    # Change current password
    _change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                              'dbyers1', 'dbyers2')
    # Try to change password again
    with pytest.raises(ldap.CONSTRAINT_VIOLATION):
        _change_password_with_own(topo,
                                  f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                                  'dbyers2', 'dbyers1')
    for _ in range(3):
        time.sleep(1)
    # Try now after 3 secs is up,  should work.
    _change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                              'dbyers2', 'dbyers1')
    config.replace('passwordminage', '0')
Example #3
0
def test_invalid_credentials(topo, _fix_password):
    """Test bind again with valid password: We should be locked

    :id: 3233ca78-5a20-11ea-8d35-8c16451d917b
    :setup: Standalone
    :steps:
        1. Search if passwordlockout is off
        2. Turns on passwordlockout
        3. sets lockout duration to 3 seconds
        4. Changing pw failure count reset duration to 3 sec and passwordminlength to 10
        5. Try to bind with invalid credentials
        6. Change password to password lockout forever
        7. Try to bind with invalid credentials
        8. Now bind again with valid password: We should be locked
        9. Delete dby3rs before exiting
        10. Reset server
    :expected results:
        1. Success
        2. Success
        3. Success
        4. Success
        5. Fail
        6. Success
        7. Success
        8. Success
        9. Success
        10. Success
    """
    config = Config(topo.standalone)
    # Search if passwordlockout is off
    assert config.get_attr_val_utf8('passwordlockout') == 'off'
    # Turns on passwordlockout
    # sets lockout duration to 3 seconds
    # Changing pw failure count reset duration to 3 sec and passwordminlength to 10
    config.replace_many(
        ('passwordlockout', 'on'), ('passwordlockoutduration', '3'),
        ('passwordresetfailurecount', '3'), ('passwordminlength', '10'))
    # Try to bind with invalid credentials
    for _ in range(3):
        with pytest.raises(ldap.INVALID_CREDENTIALS):
            _change_password_with_own(
                topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}', 'Invalid',
                'dbyers1')
    with pytest.raises(ldap.CONSTRAINT_VIOLATION):
        _change_password_with_own(topo,
                                  f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                                  'Invalid', 'dbyers1')
    for _ in range(3):
        time.sleep(1)
    _change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                              'dbyers1', 'dbyers1')
    # Change password to password lockout forever
    config.replace('passwordunlock', 'off')
    # Try to bind with invalid credentials
    for _ in range(3):
        with pytest.raises(ldap.INVALID_CREDENTIALS):
            _change_password_with_own(
                topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}', 'Invalid',
                'dbyers1')
    with pytest.raises(ldap.CONSTRAINT_VIOLATION):
        _change_password_with_own(topo,
                                  f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                                  'Invalid', 'dbyers1')
    for _ in range(3):
        time.sleep(1)
    # Now bind again with valid password: We should be locked
    with pytest.raises(ldap.CONSTRAINT_VIOLATION):
        _change_password_with_own(topo,
                                  f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                                  'dbyers1', 'dbyers1')
    # Delete dby3rs before exiting
    _change_password_with_root(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                               'dbyers1')
    time.sleep(1)
    _change_password_with_own(topo, f'uid=dbyers,ou=People,{DEFAULT_SUFFIX}',
                              'dbyers1', 'dbyers1')
    # Reset server
    config.replace_many(
        ('passwordinhistory', '6'), ('passwordlockout', 'off'),
        ('passwordlockoutduration', '3600'), ('passwordminlength', '6'),
        ('passwordresetfailurecount', '600'), ('passwordunlock', 'on'))