def display_days(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
days = plugin.get_days_allowed_formatted()
if not days:
log.info("No day-based access control policy has been configured")
else:
log.info(days)
def rootdn_setup(topology_st):
"""Initialize our setup to test the Root DN Access Control Plugin
Test the following access control type:
- Allowed IP address *
- Denied IP address *
- Specific time window
- Days allowed access
- Allowed host *
- Denied host *
* means multiple valued
"""
log.info('Initializing root DN test suite...')
# Enable dynamic plugins
topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')
# Enable the plugin
global plugin
plugin = RootDNAccessControlPlugin(topology_st.standalone)
plugin.enable()
log.info('test_rootdn_init: Initialized root DN test suite.')
def rootdn_cleanup(topology_st):
"""Do a cleanup of the config area before the test """
log.info('Cleaning up the config area')
plugin = RootDNAccessControlPlugin(topology_st.standalone)
plugin.remove_all_allow_host()
plugin.remove_all_deny_host()
plugin.remove_all_allow_ip()
plugin.remove_all_deny_ip()
def display_hosts(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
allowed_hosts = plugin.get_allow_host_formatted()
denied_hosts = plugin.get_deny_host_formatted()
if not allowed_hosts and not denied_hosts:
log.info("No host-based access control policy has been configured")
else:
log.info(allowed_hosts)
log.info(denied_hosts)
def display_time(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
val = plugin.get_open_time_formatted()
if not val:
log.info("rootdn-open-time is not set")
else:
log.info(val)
val = plugin.get_close_time_formatted()
if not val:
log.info("rootdn-close-time is not set")
else:
log.info(val)
def rootdn_setup(topology_st):
"""Initialize our setup to test the Root DN Access Control Plugin
Test the following access control type:
- Allowed IP address *
- Denied IP address *
- Specific time window
- Days allowed access
- Allowed host *
- Denied host *
* means mulitple valued
"""
log.info('Initializing root DN test suite...')
global inst
inst = topology_st.standalone
#
# Set an aci so we can modify the plugin after we deny the Root DN
#
ACI = ('(target ="ldap:///cn=config")(targetattr = "*")(version 3.0' +
';acl "all access";allow (all)(userdn="ldap:///anyone");)')
assert inst.config.set('aci', ACI)
#
# Create a user to modify the config
#
users = UserAccounts(inst, DEFAULT_SUFFIX)
TEST_USER_PROPERTIES['userpassword'] = PASSWORD
global user
user = users.create(properties=TEST_USER_PROPERTIES)
#
# Enable dynamic plugins
#
assert inst.config.set('nsslapd-dynamic-plugins', 'on')
#
# Enable the plugin (after enabling dynamic plugins)
#
global plugin
plugin = RootDNAccessControlPlugin(inst)
plugin.enable()
log.info('test_rootdn_init: Initialized root DN test suite.')
def topology(request):
topology = default_topology(request)
plugin = RootDNAccessControlPlugin(topology.standalone)
if not plugin.exists():
plugin.create()
# we need to restart the server after enabling the plugin
plugin.enable()
topology.standalone.restart()
topology.logcap.flush()
return topology
def allow_host(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
# remove host from denied hosts
try:
plugin.remove_deny_host(args.value)
except ldap.NO_SUCH_ATTRIBUTE:
pass
try:
plugin.add_allow_host(args.value)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
log.info('{} added to rootdn-allow-host'.format(args.value))
def deny_ip(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
# remove ip from allowed ips
try:
plugin.remove_allow_ip(args.value)
except ldap.NO_SUCH_ATTRIBUTE:
pass
try:
plugin.add_deny_ip(args.value)
except ldap.TYPE_OR_VALUE_EXISTS:
pass
log.info('{} added to rootdn-deny-ip'.format(args.value))
def clear_all_ips(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
plugin.remove_all_allow_ip()
plugin.remove_all_deny_ip()
log.info('ip-based policy was cleared')
def clear_time(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
plugin.remove_open_time()
plugin.remove_close_time()
log.info('time-based policy was cleared')
def set_close_time(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
plugin.set_close_time(args.value)
log.info('rootdn-close-time set to "{}"'.format(args.value))
def clear_all_days(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
plugin.remove_days_allowed()
log.info('day-based policy was cleared')
def deny_day(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
args.value = args.value[0:3]
plugin.remove_allow_day(args.value)
log.info('{} removed from rootdn-days-allowed'.format(args.value))
def allow_day(inst, basedn, log, args):
plugin = RootDNAccessControlPlugin(inst)
args.value = args.value[0:3]
plugin.add_allow_day(args.value)
log.info('{} added to rootdn-days-allowed'.format(args.value))
def rootdn_edit(inst, basedn, log, args):
log = log.getChild('rootdn_edit')
validate_args(args)
plugin = RootDNAccessControlPlugin(inst)
generic_object_edit(plugin, log, args, arg_to_attr)