Esempio n. 1
0
def display_days(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    days = plugin.get_days_allowed_formatted()
    if not days:
        log.info("No day-based access control policy has been configured")
    else:
        log.info(days)
Esempio n. 2
0
def rootdn_setup(topology_st):
    """Initialize our setup to test the Root DN Access Control Plugin

    Test the following access control type:

    - Allowed IP address *
    - Denied IP address *
    - Specific time window
    - Days allowed access
    - Allowed host *
    - Denied host *

    * means multiple valued
    """

    log.info('Initializing root DN test suite...')

    # Enable dynamic plugins
    topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')

    # Enable the plugin
    global plugin
    plugin = RootDNAccessControlPlugin(topology_st.standalone)
    plugin.enable()

    log.info('test_rootdn_init: Initialized root DN test suite.')
Esempio n. 3
0
def rootdn_cleanup(topology_st):
    """Do a cleanup of the config area before the test """
    log.info('Cleaning up the config area')
    plugin = RootDNAccessControlPlugin(topology_st.standalone)
    plugin.remove_all_allow_host()
    plugin.remove_all_deny_host()
    plugin.remove_all_allow_ip()
    plugin.remove_all_deny_ip()
Esempio n. 4
0
def display_hosts(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    allowed_hosts = plugin.get_allow_host_formatted()
    denied_hosts = plugin.get_deny_host_formatted()
    if not allowed_hosts and not denied_hosts:
        log.info("No host-based access control policy has been configured")
    else:
        log.info(allowed_hosts)
        log.info(denied_hosts)
Esempio n. 5
0
def display_time(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    val = plugin.get_open_time_formatted()
    if not val:
        log.info("rootdn-open-time is not set")
    else:
        log.info(val)
    val = plugin.get_close_time_formatted()
    if not val:
        log.info("rootdn-close-time is not set")
    else:
        log.info(val)
Esempio n. 6
0
def rootdn_setup(topology_st):
    """Initialize our setup to test the Root DN Access Control Plugin

    Test the following access control type:

    - Allowed IP address *
    - Denied IP address *
    - Specific time window
    - Days allowed access
    - Allowed host *
    - Denied host *

    * means mulitple valued
    """

    log.info('Initializing root DN test suite...')
    global inst
    inst = topology_st.standalone

    #
    # Set an aci so we can modify the plugin after we deny the Root DN
    #
    ACI = ('(target ="ldap:///cn=config")(targetattr = "*")(version 3.0' +
           ';acl "all access";allow (all)(userdn="ldap:///anyone");)')
    assert inst.config.set('aci', ACI)

    #
    # Create a user to modify the config
    #
    users = UserAccounts(inst, DEFAULT_SUFFIX)
    TEST_USER_PROPERTIES['userpassword'] = PASSWORD
    global user
    user = users.create(properties=TEST_USER_PROPERTIES)

    #
    # Enable dynamic plugins
    #
    assert inst.config.set('nsslapd-dynamic-plugins', 'on')

    #
    # Enable the plugin (after enabling dynamic plugins)
    #
    global plugin
    plugin = RootDNAccessControlPlugin(inst)
    plugin.enable()

    log.info('test_rootdn_init: Initialized root DN test suite.')
Esempio n. 7
0
def topology(request):
    topology = default_topology(request)

    plugin = RootDNAccessControlPlugin(topology.standalone)
    if not plugin.exists():
        plugin.create()

    # we need to restart the server after enabling the plugin
    plugin.enable()
    topology.standalone.restart()
    topology.logcap.flush()

    return topology
Esempio n. 8
0
def allow_host(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)

    # remove host from denied hosts
    try:
        plugin.remove_deny_host(args.value)
    except ldap.NO_SUCH_ATTRIBUTE:
        pass

    try:
        plugin.add_allow_host(args.value)
    except ldap.TYPE_OR_VALUE_EXISTS:
        pass
    log.info('{} added to rootdn-allow-host'.format(args.value))
Esempio n. 9
0
def deny_ip(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)

    # remove ip from allowed ips
    try:
        plugin.remove_allow_ip(args.value)
    except ldap.NO_SUCH_ATTRIBUTE:
        pass

    try:
        plugin.add_deny_ip(args.value)
    except ldap.TYPE_OR_VALUE_EXISTS:
        pass
    log.info('{} added to rootdn-deny-ip'.format(args.value))
Esempio n. 10
0
def clear_all_ips(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    plugin.remove_all_allow_ip()
    plugin.remove_all_deny_ip()
    log.info('ip-based policy was cleared')
Esempio n. 11
0
def clear_time(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    plugin.remove_open_time()
    plugin.remove_close_time()
    log.info('time-based policy was cleared')
Esempio n. 12
0
def set_close_time(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    plugin.set_close_time(args.value)
    log.info('rootdn-close-time set to "{}"'.format(args.value))
Esempio n. 13
0
def clear_all_days(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    plugin.remove_days_allowed()
    log.info('day-based policy was cleared')
Esempio n. 14
0
def deny_day(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    args.value = args.value[0:3]
    plugin.remove_allow_day(args.value)
    log.info('{} removed from rootdn-days-allowed'.format(args.value))
Esempio n. 15
0
def allow_day(inst, basedn, log, args):
    plugin = RootDNAccessControlPlugin(inst)
    args.value = args.value[0:3]
    plugin.add_allow_day(args.value)
    log.info('{} added to rootdn-days-allowed'.format(args.value))
Esempio n. 16
0
def rootdn_edit(inst, basedn, log, args):
    log = log.getChild('rootdn_edit')
    validate_args(args)
    plugin = RootDNAccessControlPlugin(inst)
    generic_object_edit(plugin, log, args, arg_to_attr)