[Pkg-freeipa-devel] python-lib389.git: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Sep 22 16:13:15 UTC 2016
Makefile | 7
VERSION | 2
lib389/__init__.py | 298 ++++++----
lib389/_constants.py | 29
lib389/_entry.py | 68 ++
lib389/_ldifconn.py | 3
lib389/_mapped_object.py | 423 ++++++++++++++
lib389/aci.py | 185 ++++++
lib389/agreement.py | 3
lib389/backend.py | 108 +++
lib389/brooker.py | 164 -----
lib389/clitools/__init__.py | 2
lib389/clitools/ds_aci_lint | 41 +
lib389/clitools/ds_backend_getattr | 42 +
lib389/clitools/ds_backend_list | 39 +
lib389/clitools/ds_backend_setattr | 43 +
lib389/clitools/ds_krb_create_keytab | 40 +
lib389/clitools/ds_krb_create_principal | 38 +
lib389/clitools/ds_krb_create_realm | 34 +
lib389/clitools/ds_krb_destroy_realm | 34 +
lib389/clitools/ds_list_instances | 29
lib389/clitools/ds_list_instances.py | 29
lib389/clitools/ds_monitor_backend | 39 +
lib389/clitools/ds_monitor_backend.py | 39 -
lib389/clitools/ds_monitor_server | 35 +
lib389/clitools/ds_monitor_server.py | 35 -
lib389/clitools/ds_schema_attributetype_list | 33 +
lib389/clitools/ds_schema_attributetype_list.py | 33 -
lib389/clitools/ds_schema_attributetype_query | 46 +
lib389/clitools/ds_schema_attributetype_query.py | 46 -
lib389/clitools/ds_setup | 80 ++
lib389/clitools/ds_start | 34 +
lib389/clitools/ds_start.py | 34 -
lib389/clitools/ds_stop | 34 +
lib389/clitools/ds_stop.py | 34 -
lib389/clitools/krb_create_keytab.py | 40 -
lib389/clitools/krb_create_principal.py | 38 -
lib389/clitools/krb_create_realm.py | 34 -
lib389/clitools/krb_destroy_realm.py | 34 -
lib389/config.py | 199 ++++++
lib389/dirsrv_log.py | 271 +++++++++
lib389/exceptions.py | 43 +
lib389/index.py | 32 -
lib389/ldclt.py | 130 ++++
lib389/mit_krb5.py | 40 -
lib389/ns-slapd.valgrind | 63 --
lib389/nss_ssl.py | 240 ++++++++
lib389/passwd.py | 51 +
lib389/plugins.py | 118 +++-
lib389/properties.py | 25
lib389/replica.py | 674 ++++++++++++++++++++++-
lib389/repltools.py | 256 ++++++++
lib389/tests/aci_parse_test.py | 98 ---
lib389/tests/aci_test.py | 122 ++++
lib389/tests/backend_test.py | 92 +--
lib389/tests/conftest.py | 7
lib389/tests/dereference_test.py | 2
lib389/tests/dirsrv_log_test.py | 123 ++++
lib389/tests/dirsrv_test.py | 6
lib389/tests/dsadmin_basic_test.py | 4
lib389/tests/dsadmin_create_remove_test.py | 2
lib389/tests/dsadmin_test.py | 8
lib389/tests/effective_rights_test.py | 2
lib389/tests/krb5_create_test.py | 55 +
lib389/tests/ldclt_test.py | 64 ++
lib389/tests/mappingTree_test.py | 2
lib389/tests/nss_ssl_test.py | 83 ++
lib389/tests/plugin_test.py | 137 ++++
lib389/tests/schema_test.py | 2
lib389/tests/suffix_test.py | 5
lib389/tests/utils_test.py | 20
lib389/tools.py | 599 ++++++++++++++++++--
lib389/utils.py | 116 +++
python-lib389.spec | 67 ++
requirements.txt | 1
setup.py | 23
76 files changed, 5048 insertions(+), 1063 deletions(-)
New commits:
commit 7a4e2bbace45f554455f762cf5e0d30820197962
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Aug 1 13:17:22 2016 -0400
Bump version to 1.0.2
diff --git a/VERSION b/VERSION
index 658aed9..663c61a 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-1.0.1
+1.0.2
diff --git a/python-lib389.spec b/python-lib389.spec
index 84c1266..3eb124e 100644
--- a/python-lib389.spec
+++ b/python-lib389.spec
@@ -1,6 +1,6 @@
Summary: A library for accessing, testing, and configuring the 389 Directory Server
Name: python-lib389
-Version: 1.0.1
+Version: 1.0.2
Release: 1%{?dist}
%global tarver %{version}-1
Source0: http://www.port389.org/binaries/%{name}-%{tarver}.tar.bz2
@@ -17,7 +17,7 @@ Requires: python-ldap
Requires: python-six
Requires: python-pyasn1
Requires: python-pyasn1-modules
-Requires: python-dateutil
+Requires: python2-dateutil
%{?python_provide:%python_provide python2-lib389}
@@ -47,6 +47,66 @@ done
%exclude %{_sbindir}/*
%changelog
+* Mon Aug 1 2016 Mark Reynolds <mreynolds at redhat.com> - 1.0.2-1
+- Bump version to 1.0.2
+- Ticket 48946 - openConnection should not fully popluate DirSrv object
+- Ticket 48832 - Add DirSrvTools.getLocalhost() function
+- Ticket 48382 - Fix serverCmd to get sbin dir properly
+- Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc.
+- Ticket 48937 - Cleanup valgrind wrapper script
+- Ticket 48923 - Fix additional issue with serverCmd
+- Ticket 48923 - serverCmd timeout not working as expected
+- Ticket 48917 - Attribute presence
+- Ticket 48911 - Plugin improvements for lib389
+- Ticket 48911 - Improve plugin support based on new mapped objects
+- Ticket 48910 - Fixes for backend tests and lib389 reliability.
+- Ticket 48860 - Add replication tools
+- Ticket 48888 - Correction to create of dsldapobject
+- Ticket 48886 - Fix NSS SSL library in lib389
+- Ticket 48885 - Fix spec file requires
+- Ticket 48884 - Bugfixes for mapped object and new connections
+- Ticket 48878 - better style for backend in backend_test.py
+- Ticket 48878 - pep8 fixes part 2
+- Ticket 48878 - pep8 fixes and fix rpm to build
+- Ticket 48853 - Prerelease installer
+- Ticket 48820 - Begin to test compatability with py.test3, and the new orm
+- Ticket 48434 - Fix for negative tz offsets
+- Ticket 48857 - Remove python-krbV from lib389
+- Ticket 48820 - Move Encryption and RSA to the new object types
+- Ticket 48431 - lib389 integrate ldclt
+- Ticket 48434 - lib389 logging tools
+- Ticket 48796 - add function to remove logs
+- Ticket 48771 - lib389 - get ns-slapd version
+- Ticket 48830 - Convert lib389 to ip route tools
+- Ticket 48763 - backup should run regardless of existing backups.
+- Ticket 48434 - lib389 logging tools
+- Ticket 48798 - EL6 compat for lib389 tests for DH params
+- Ticket 48798 - lib389 add ability to create nss ca and certificate
+- Ticket 48433 - Aci linting tools
+- Ticket 48791 - format args in server tools
+- Ticket 48399 - Helper makefile is missing mkdir dist
+- Ticket 48399 - Helper makefile is missing mkdir dist
+- Ticket 48794 - lib389 build requires are on a single line
+- Ticket 48660 - Add function to convert binary values in an entry to base64
+- Ticket 48764 - Fix mit krb password to be random.
+- Ticket 48765 - Change default ports for standalone topology
+- Ticket 48750 - Clean up logging to improve command experience
+- Ticket 48751 - Improve lib389 ldapi support
+- Ticket 48399 - Add helper makefile to lib389 to build and install
+- Ticket 48661 - Agreement test suite fails at the test_changes case
+- Ticket 48407 - Add test coverage module for lib389 repo
+- Ticket 48357 - clitools should standarise their args
+- Ticket 48560 - Make verbose handling consistent
+- Ticket 48419 - getadminport() should not a be a static method
+- Ticket 48415 - Add default domain parameter
+- Ticket 48408 - RFE escaped default suffix for tests
+- Ticket 48405 - python-lib389 in rawhide is missing dependencies
+- Ticket 48401 - Revert typecheck
+- Ticket 48401 - lib389 Entry hasAttr returs dict instead of false
+- Ticket 48390 - RFE Improvements to lib389 monitor features for rest389
+- Ticket 48358 - Add new spec file
+- Ticket 48371 - weaker host check on localhost.localdomain
+
* Mon Dec 7 2015 Mark Reynolds <mreynolds at redhat.com> - 1.0.1-1
- Removed downloaded dependencies, and added python_provide macro
- Fixed Source0 URL in spec file
diff --git a/setup.py b/setup.py
index 274cb92..ae656f3 100644
--- a/setup.py
+++ b/setup.py
@@ -71,5 +71,5 @@ setup(
]),
],
- install_requires=['python-ldap', 'python-dateutil'],
+ install_requires=['python-ldap'],
)
commit 39e4612bf0076f076453256e8e3344fd01c29eff
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Aug 1 10:39:25 2016 -0400
Ticket 48946 - openConnection should not fully popluate DirSrv object
Description: When opening a connection to a server, there is no need to populate
the DirDrv object which issues several searches.
https://fedorahosted.org/389/ticket/48946
Reviewed by: spichugi (Thanks!)
diff --git a/lib389/__init__.py b/lib389/__init__.py
index f19a1d0..c84c38d 100644
--- a/lib389/__init__.py
+++ b/lib389/__init__.py
@@ -545,14 +545,15 @@ class DirSrv(SimpleLDAPObject):
self.port)))
def openConnection(self, saslmethod=None, certdir=None):
- # Open a new connection to our LDAP server
+ """Open a new connection to our LDAP server
+ """
server = DirSrv(verbose=self.verbose)
args_instance[SER_HOST] = self.host
args_instance[SER_PORT] = self.port
args_instance[SER_SERVERID_PROP] = self.serverid
args_standalone = args_instance.copy()
server.allocate(args_standalone)
- server.open(saslmethod, certdir)
+ server.open(saslmethod, certdir, connOnly=True)
return server
@@ -970,7 +971,7 @@ class DirSrv(SimpleLDAPObject):
self.state = DIRSRV_STATE_ALLOCATED
- def open(self, saslmethod=None, certdir=None, starttls=False):
+ def open(self, saslmethod=None, certdir=None, starttls=False, connOnly=False):
'''
It opens a ldap bound connection to dirsrv so that online
administrative tasks are possible. It binds with the binddn
@@ -1055,7 +1056,8 @@ class DirSrv(SimpleLDAPObject):
"""
if self.verbose:
log.info("open(): bound as %s" % self.binddn)
- self.__initPart2()
+ if not connOnly:
+ self.__initPart2()
self.state = DIRSRV_STATE_ONLINE
def close(self):
commit 4b29192c3ef34867d28d4ce3d308c5079b7ca5ae
Author: Simon Pichugin <spichugi at redhat.com>
Date: Fri Jul 29 17:34:48 2016 +0200
Ticket 48832 - Add DirSrvTools.getLocalhost() function
Description: Some tests require us to know the exact localhost value
that is on the first place after 127.0.0.1.
(some Directory Server attributes is sensible at this matter)
https://fedorahosted.org/389/ticket/48832
Reviewed by: mreynolds (Thanks!)
diff --git a/lib389/tools.py b/lib389/tools.py
index 59649c8..3517143 100644
--- a/lib389/tools.py
+++ b/lib389/tools.py
@@ -1030,6 +1030,19 @@ class DirSrvTools(object):
% (expectedHost, ipPattern))
@staticmethod
+ def getLocalhost():
+ """Get the first host value after 127.0.0.1
+ from /etc/hosts file
+ """
+
+ with open('/etc/hosts', 'r') as f:
+ for line in f.readlines():
+ if line.startswith('127.0.0.1'):
+ localhost = line.split()[1]
+ return localhost
+ return None
+
+ @staticmethod
def testLocalhost():
'''
Checks that the 127.0.0.1 is resolved as localhost.localdomain
commit 8e7893d315ee93be28bdb66321d55eb9b180179c
Author: Simon Pichugin <spichugi at redhat.com>
Date: Wed Jul 27 22:29:46 2016 +0200
Ticket 48382 - Fix serverCmd to get sbin dir properly
Description: On RHEL 6 test scripts would fail to execute sbin commands
like stop-dirsrv, start-dirsrv etc., because the path to them is wrong.
Fix description: Get sbin dir properly using the existing function
from utils.py
https://fedorahosted.org/389/ticket/48382
Reviewed by: nhosoi (Thanks!!)
diff --git a/lib389/tools.py b/lib389/tools.py
index 852686a..59649c8 100644
--- a/lib389/tools.py
+++ b/lib389/tools.py
@@ -234,8 +234,7 @@ class DirSrvTools(object):
assert len(props) == 1
self.sroot = props[0][CONF_SERVER_DIR]
- # instanceDir = os.path.join(self.sroot, "slapd-" + self.inst)
- sbinDir = os.path.join(self.prefix + '/sbin')
+ sbinDir = get_sbin_dir(prefix=self.prefix)
if hasattr(self, 'errlog'):
errLog = self.errlog
commit d4259ee89a69d9cb2ad6d7bf3f3e019c5b4519bb
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Fri Jul 22 17:17:21 2016 -0700
Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc.
Description: Adding 2 error cases.
1. When a SASL mapping is broken, the bind fails with INVALID_CREDENTIALS.
2. When a user is removed from the Directory Server, the bind fails with
INVALID_CREDENTIALS.
https://bugzilla.redhat.com/show_bug.cgi?id=1347760
Reviewed by wibrown at redhat.com (Thank you, William!)
diff --git a/lib389/tests/krb5_create_test.py b/lib389/tests/krb5_create_test.py
index 96f1a17..ec858e2 100644
--- a/lib389/tests/krb5_create_test.py
+++ b/lib389/tests/krb5_create_test.py
@@ -116,6 +116,31 @@ def test_gssapi(topology, add_user):
raise e
assert(conn.whoami_s() == "dn: uid=test,dc=example,dc=com")
+ print("Error case 1. Broken Kerberos uid mapping")
+ uidmapping = 'cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config'
+ topology.instance.modify_s(uidmapping, [(ldap.MOD_REPLACE, 'nsSaslMapFilterTemplate', '(cn=\1)')])
+ conn0 = ldap.initialize("ldap://%s:%s" % (socket.gethostname(), INSTANCE_PORT))
+ try:
+ conn0.sasl_interactive_bind_s('', sasl)
+ except Exception as e:
+ print("Exception (expected): %s" % type(e).__name__)
+ print('Desc ' + e.message['desc'])
+ assert isinstance(e, ldap.INVALID_CREDENTIALS)
+
+ # undo
+ topology.instance.modify_s(uidmapping, [(ldap.MOD_REPLACE, 'nsSaslMapFilterTemplate', '(uid=\1)')])
+
+ print("Error case 2. Delete %s from DS" % TEST_USER)
+ topology.instance.delete_s(TEST_USER)
+ try:
+ conn0.sasl_interactive_bind_s('', sasl)
+ except Exception as e:
+ print("Exception (expected): %s" % type(e).__name__)
+ print('Desc ' + e.message['desc'])
+ assert isinstance(e, ldap.INVALID_CREDENTIALS)
+
+ print("SUCCESS")
+
if __name__ == "__main__":
CURRENT_FILE = os.path.realpath(__file__)
commit 2c330d922dac17121a00efdf75f73477f0ac935f
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Jul 26 15:46:29 2016 -0400
Ticket 48937 - Cleanup valgrind wrapper script
Description: The valgrind wrapper script has a lot of unused code
that should be cleaned up.
https://fedorahosted.org/389/ticket/48937
Reviewed by: nhosoi(Thanks!)
diff --git a/lib389/ns-slapd.valgrind b/lib389/ns-slapd.valgrind
index fd34ef5..96427fe 100755
--- a/lib389/ns-slapd.valgrind
+++ b/lib389/ns-slapd.valgrind
@@ -9,64 +9,21 @@
# --- END COPYRIGHT BLOCK ---
if [ ! "$NETSITE_ROOT" ] ; then
- NETSITE_ROOT=`pwd | sed -e s@/bin/slapd/server@@g`
+ NETSITE_ROOT=`pwd | sed -e s@/bin/slapd/server@@g`
fi
-#export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-#export MALLOC_CHECK_=3
-
-USE_VALGRIND=1
-
-# assumes you have renamed the original ns-slapd binary
+# Assumes you have renamed the original ns-slapd binary
# to ns-slapd.original
SLAPD=$0.original
-# by default valgrind will demangle C++ symbols for you
-# but valgrind must have mangled symbols in suppression files
-#DEMANGLE="--demangle=no"
-# use quiet mode if you only want the errors and nothing but the errors
-QUIETMODE="-q"
+# Make sure /var/tmp exists
VG_LOGDIR=${VG_LOGDIR:-/var/tmp}
if [ ! -d $VG_LOGDIR ] ; then
mkdir -p $VG_LOGDIR || { echo error: could not mkdir -p $VG_LOGDIR ; exit 1; }
fi
-if [ "$USE_VALGRIND" ]; then
- if [ $TET_PNAME ]; then
- mybase=`basename $TET_PNAME .ksh`
- mybase=`basename $mybase .sh`
- if [ -z "$mybase" ] ; then
- mybase=unknown
- fi
- # valgrind --log-file %p is not supported on all platforms
- outputfile=${VG_LOGDIR}/$mybase.vg.$$
- else
- outputfile=${VG_LOGDIR}/slapd.vg.$$
- fi
- if [ $USE_VALGRIND ] ; then
- CHECKCMD="valgrind $QUIETMODE --tool=memcheck --leak-check=yes --leak-resolution=high $DEMANGLE --num-callers=50 --log-file=$outputfile"
- elif [ $USE_CALLGRIND ] ; then
- # collect bus is only for valgrind 3.6 and later - it collects lock/mutex events
- CHECKCMD="valgrind $QUIETMODE --tool=callgrind --collect-systime=yes --collect-bus=yes --separate-threads=yes --callgrind-out-file=${VG_LOGDIR}/callgrind.out.$$"
- USE_VALGRIND=1
- elif [ $USE_DRD ] ; then
- CHECKCMD="valgrind $QUIETMODE --tool=drd --show-stack-usage=yes --shared-threshold=100 --exclusive-threshold=100 --error-limit=no --num-callers=50 --log-file=${VG_LOGDIR}/drd.out.$$"
- USE_VALGRIND=1
- fi
-fi
-
-if [ $USE_VALGRIND ]; then
- $CHECKCMD $SLAPD "$@"
-elif [ -n "$USE_MUTRACE" ]; then
- case "$1" in
- db2index|suffix2instance|db2archive|archive2db|db2ldif|ldif2db)
- $SLAPD "$@"
- ;;
- *)
- LD_PRELOAD="$USE_MUTRACE" $SLAPD -d 0 "$@" > $VG_LOGDIR/mutrace.out.$$ 2>&1 &
- ;;
- esac
-else
- $SLAPD "$@"
-fi
+# Run ns-slapd in valgrind
+outputfile=${VG_LOGDIR}/slapd.vg.$$
+CHECKCMD="valgrind -q --tool=memcheck --leak-check=yes --leak-resolution=high --num-callers=50 --log-file=$outputfile"
+$CHECKCMD $SLAPD "$@"
commit a7a296af9c5260173ecb8a987f5be1257f716a5c
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Jul 20 18:39:40 2016 -0400
Fix format error in print statement
One line commit rule
diff --git a/lib389/__init__.py b/lib389/__init__.py
index 7d2661b..f19a1d0 100644
--- a/lib389/__init__.py
+++ b/lib389/__init__.py
@@ -1427,7 +1427,7 @@ class DirSrv(SimpleLDAPObject):
"""Return the server identifier."""
return self.serverid
- def get_ldif_dir(self, prefix=None):
+ def get_ldif_dir(self):
"""Return the server instance ldif directory."""
try:
ldif_dir = self.getEntry(DN_CONFIG).__getattr__('nsslapd-ldifdir')
@@ -1436,7 +1436,7 @@ class DirSrv(SimpleLDAPObject):
return ldif_dir
- def get_bak_dir(self, prefix=None):
+ def get_bak_dir(self):
"""Return the server instance ldif directory."""
try:
bak_dir = self.getEntry(DN_CONFIG).__getattr__('nsslapd-bakdir')
@@ -2106,7 +2106,7 @@ class DirSrv(SimpleLDAPObject):
break
except ldap.LDAPError as e:
log.fatal('testReplication() failed to modify (%s),' +
- ' error (%d)' % (suffix, str(e)))
+ ' error (%s)' % (suffix, str(e)))
return False
loop += 1
time.sleep(2)
commit 2e7c8a8ca8b4c5c90d68d16d6c8d7830d2c44b23
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Jul 19 10:28:46 2016 -0400
Fix valgrind functions
diff --git a/lib389/__init__.py b/lib389/__init__.py
index 972f75a..7d2661b 100644
--- a/lib389/__init__.py
+++ b/lib389/__init__.py
@@ -1420,11 +1420,31 @@ class DirSrv(SimpleLDAPObject):
return "ldap://%s:%d/" % (ensure_str(host), self.port)
def can_autobind(self):
+ """Check if autobind/LDAPI is enabled."""
return self.ldapi_enabled == 'on' and self.ldapi_socket is not None and self.ldapi_autobind == 'on'
def getServerId(self):
+ """Return the server identifier."""
return self.serverid
+ def get_ldif_dir(self, prefix=None):
+ """Return the server instance ldif directory."""
+ try:
+ ldif_dir = self.getEntry(DN_CONFIG).__getattr__('nsslapd-ldifdir')
+ except:
+ ldif_dir = self.ldifdir
+
+ return ldif_dir
+
+ def get_bak_dir(self, prefix=None):
+ """Return the server instance ldif directory."""
+ try:
+ bak_dir = self.getEntry(DN_CONFIG).__getattr__('nsslapd-bakdir')
+ except:
+ bak_dir = self.bakdir
+
+ return bak_dir
+
#
# Get entries
#
diff --git a/lib389/utils.py b/lib389/utils.py
index 88b59fb..cbb2ade 100644
--- a/lib389/utils.py
+++ b/lib389/utils.py
@@ -32,6 +32,7 @@ import socket
import subprocess
import time
import sys
+import filecmp
from socket import getfqdn
from ldapurl import LDAPUrl
from contextlib import closing
@@ -187,6 +188,9 @@ def valgrind_enable(sbin_dir, wrapper=None):
Copy the valgrind ns-slapd wrapper into the /sbin directory
(making a backup of the original ns-slapd binary).
+ The script calling valgrind_enable() must be run as the 'root' user
+ as selinux needs to be disabled for valgrind to work
+
The server instance(s) should be stopped prior to calling this function.
Then after calling valgrind_enable():
- Start the server instance(s) with a timeout of 60 (valgrind takes a
@@ -197,12 +201,17 @@ def valgrind_enable(sbin_dir, wrapper=None):
- Run valgrind_check_file(result_file, "pattern", "pattern", ...)
- Run valgrind_disable()
- @param sbin_dir - the location of the ns-slapd binary (e.g. /usr/sbin)
- @param wrapper - The valgrind wrapper script for ns-slapd (if not set,
+ :param sbin_dir: the location of the ns-slapd binary (e.g. /usr/sbin)
+ :param wrapper: The valgrind wrapper script for ns-slapd (if not set,
a default wrapper is used)
- @raise IOError
+ :raise IOError: If there is a problem setting up the valgrind scripts
+ :raise EnvironmentError: If script is not run as 'root'
'''
+ if os.geteuid() != 0:
+ log.error('This script must be run as root to use valgrind')
+ raise EnvironmentError
+
if not wrapper:
# use the default ns-slapd wrapper
wrapper = '%s/%s' % (os.path.dirname(os.path.abspath(__file__)),
@@ -214,11 +223,10 @@ def valgrind_enable(sbin_dir, wrapper=None):
if os.path.isfile(nsslapd_backup):
# There is a backup which means we never cleaned up from a previous
# run(failed test?)
- # We do not want to copy ns-slapd to ns-slapd.original because ns-slapd
- # is currently the wrapper. Basically everything is already enabled
- # and ready to go.
- log.info('Valgrind is already enabled.')
- return
+ if not filecmp.cmp(nsslapd_backup, nsslapd_orig):
+ # Files are different sizes, we assume valgrind is already setup
+ log.info('Valgrind is already enabled.')
+ return
# Check both nsslapd's exist
if not os.path.isfile(wrapper):
@@ -235,7 +243,7 @@ def valgrind_enable(sbin_dir, wrapper=None):
except IOError as e:
log.fatal('valgrind_enable(): failed to backup ns-slapd, error: %s' %
e.strerror)
- raise IOError('failed to backup ns-slapd, error: ' % e.strerror)
+ raise IOError('failed to backup ns-slapd, error: %s' % e.strerror)
# Copy the valgrind wrapper into place
try:
@@ -243,9 +251,12 @@ def valgrind_enable(sbin_dir, wrapper=None):
except IOError as e:
log.fatal('valgrind_enable(): failed to copy valgrind wrapper '
'to ns-slapd, error: %s' % e.strerror)
- raise IOError('failed to copy valgrind wrapper to ns-slapd, error: ' %
+ raise IOError('failed to copy valgrind wrapper to ns-slapd, error: %s' %
e.strerror)
+ # Disable selinux
+ os.system('setenforce 0')
+
log.info('Valgrind is now enabled.')
@@ -253,10 +264,18 @@ def valgrind_disable(sbin_dir):
'''
Restore the ns-slapd binary to its original state - the server instances
are expected to be stopped.
- @param sbin_dir - the location of the ns-slapd binary (e.g. /usr/sbin)
- @raise ValueError
+
+ Note - selinux is enabled at the end of this process.
+
+ :param sbin_dir - the location of the ns-slapd binary (e.g. /usr/sbin)
+ :raise ValueError
+ :raise EnvironmentError: If script is not run as 'root'
'''
+ if os.geteuid() != 0:
+ log.error('This script must be run as root to use valgrind')
+ raise EnvironmentError
+
nsslapd_orig = '%s/ns-slapd' % sbin_dir
nsslapd_backup = '%s/ns-slapd.original' % sbin_dir
@@ -266,7 +285,7 @@ def valgrind_disable(sbin_dir):
except IOError as e:
log.fatal('valgrind_disable: failed to restore ns-slapd, error: %s' %
e.strerror)
- raise ValueError('failed to restore ns-slapd, error: ' % e.strerror)
+ raise ValueError('failed to restore ns-slapd, error: %s' % e.strerror)
# Delete the backup now
try:
@@ -274,9 +293,12 @@ def valgrind_disable(sbin_dir):
except OSError as e:
log.fatal('valgrind_disable: failed to delete backup ns-slapd, error:'
' %s' % e.strerror)
- raise ValueError('Failed to delete backup ns-slapd, error: ' %
+ raise ValueError('Failed to delete backup ns-slapd, error: %s' %
e.strerror)
+ # Enable selinux
+ os.system('setenforce 1')
+
log.info('Valgrind is now disabled.')
@@ -290,7 +312,7 @@ def valgrind_get_results_file(dirsrv_inst):
nobody 26239 1 10 14:33 ? 00:00:06 valgrind -q --tool=memcheck
--leak-check=yes --leak-resolution=high --num-callers=50
- --log-file=/var/tmp/slapd.vg.26179 /usr/sbin/ns-slapd.orig
+ --log-file=/var/tmp/slapd.vg.26179 /usr/sbin/ns-slapd.original
-D /etc/dirsrv/slapd-localhost -i /var/run/dirsrv/slapd-localhost.pid
-w /var/run/dirsrv/slapd-localhost.startpid
commit 2f2fae8ce8fdaa865280b380c9304ae47af24c94
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Jul 14 16:47:01 2016 -0400
Ticket 48923 - Fix additional issue with serverCmd
Description: Check return code of "cmd" before entering loop.
also fixed issues with valgrind ns-slapd wrapper
https://fedorahosted.org/389/ticket/48923
Reviewed by: mreynolds (one line commit rule)
diff --git a/lib389/ns-slapd.valgrind b/lib389/ns-slapd.valgrind
index e78825e..fd34ef5 100755
--- a/lib389/ns-slapd.valgrind
+++ b/lib389/ns-slapd.valgrind
@@ -1,13 +1,13 @@
+#!/bin/sh
+
# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2015 Red Hat, Inc.
+# Copyright (C) 2016 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
-#!/bin/sh
-
if [ ! "$NETSITE_ROOT" ] ; then
NETSITE_ROOT=`pwd | sed -e s@/bin/slapd/server@@g`
fi
diff --git a/lib389/tools.py b/lib389/tools.py
index 9781dd3..852686a 100644
--- a/lib389/tools.py
+++ b/lib389/tools.py
@@ -288,7 +288,7 @@ class DirSrvTools(object):
log.warn("Running command: %r - timeout(%d)" % (fullCmd, timeout))
rc = runCmd("%s" % fullCmd, timeout)
- while not done and int(time.time()) < full_timeout:
+ while rc == 0 and not done and int(time.time()) < full_timeout:
line = logfp.readline()
while not done and line:
lastLine = line
@@ -305,7 +305,7 @@ class DirSrvTools(object):
break
elif line.find("exiting.") >= 0:
# possible transient condition - try again
- rc = os.system("%s" % (fullCmd))
+ rc = runCmd("%s" % (fullCmd), timeout)
pos = logfp.tell()
break
pos = logfp.tell()
commit e01bb18188a51aa0d96cefd7da5f28c5c7acf689
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Jul 13 12:02:02 2016 -0400
Ticket 48923 - serverCmd timeout not working as expected
Bug Description: When trying to start a server, and the startup fails,
the start-dirsrv command will actually hang for quite
a while, and the current timeout implementation does
not apply to this scenario.
Fix Description: Instead of calling "os.system()", use subprocess and
a timer that will kill the process if it timeouts.
https://fedorahosted.org/389/ticket/48923
Reviewed by: nhosoi(Thanks!)
diff --git a/lib389/tools.py b/lib389/tools.py
index 34c0187..9781dd3 100644
--- a/lib389/tools.py
+++ b/lib389/tools.py
@@ -25,11 +25,12 @@ import pwd
import grp
import logging
import ldap
-
+import shlex
import socket
import getpass
-# from .nss_ssl import nss_create_new_database
+# from .nss_ssl import nss_create_new_database
+from threading import Timer
from lib389._constants import *
from lib389._ldifconn import LDIFConn
from lib389.properties import *
@@ -95,6 +96,31 @@ USERADD = "/usr/sbin/useradd"
NOLOGIN = "/sbin/nologin"
+def kill_proc(proc, timeout):
+ """Kill a process after the timeout is reached
+ @param proc - The subprocess process
+ @param timeout - timeout in seconds
+ """
+ timeout["value"] = True
+ proc.kill()
+
+
+def runCmd(cmd, timeout_sec):
+ """Run a system command with a timeout
+ @param cmd - The full system command
+ @param timeout_sec - The timeoput value in seconds
+ @return - The result code
+ """
+ proc = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ timeout = {"value": False}
+ timer = Timer(timeout_sec, kill_proc, [proc, timeout])
+ timer.start()
+ stdout, stderr = proc.communicate()
+ timer.cancel()
+ return proc.returncode
+
+
class DirSrvTools(object):
"""DirSrv mix-in."""
@@ -232,7 +258,9 @@ class DirSrvTools(object):
if "USE_GDB" in os.environ or "USE_VALGRIND" in os.environ:
timeout = timeout * 3
- timeout += int(time.time())
+
+ full_timeout = int(time.time()) + timeout
+
if cmd == 'stop':
log.warn("unbinding before stop")
try:
@@ -258,9 +286,9 @@ class DirSrvTools(object):
else:
done = True
- log.warn("Running command: %r" % (fullCmd))
- rc = os.system("%s" % (fullCmd))
- while not done and int(time.time()) < timeout:
+ log.warn("Running command: %r - timeout(%d)" % (fullCmd, timeout))
+ rc = runCmd("%s" % fullCmd, timeout)
+ while not done and int(time.time()) < full_timeout:
line = logfp.readline()
while not done and line:
lastLine = line
@@ -272,7 +300,7 @@ class DirSrvTools(object):
done = True
elif line.find("Initialization Failed") >= 0:
# sometimes the server fails to start - try again
- rc = os.system("%s" % (fullCmd))
+ rc = runCmd("%s" % (fullCmd), timeout)
pos = logfp.tell()
break
elif line.find("exiting.") >= 0:
commit 58a2fd8053cabb9126ab46f0c9d0784e8d8ec4d5
Author: William Brown <firstyear at redhat.com>
Date: Sat Jul 9 21:23:26 2016 +1000
Ticket 48917 - Attribute presence
Bug Description: Need a way to check for attribute presence. Add default equal
for entry aci
Fix Description:
* Add the def present to dsldapobject
* add the .get(,True) for equal in format_term
https://fedorahosted.org/389/ticket/48917
Author: wibrown
Review by: spichugi (Thanks!)
diff --git a/lib389/_entry.py b/lib389/_entry.py
index ade0a22..06717eb 100644
--- a/lib389/_entry.py
+++ b/lib389/_entry.py
@@ -445,7 +445,7 @@ class EntryAci(object):
def _format_term(self, key, value_dict):
rawaci = ''
- if value_dict['equal']:
+ if value_dict.get('equal', True):
rawaci += '="'
else:
rawaci += '!="'
diff --git a/lib389/_mapped_object.py b/lib389/_mapped_object.py
index d595fe4..9f1bfc6 100644
--- a/lib389/_mapped_object.py
+++ b/lib389/_mapped_object.py
@@ -106,6 +106,20 @@ class DSLdapObject(DSLogging):
def dn(self):
return self._dn
+ def present(self, attr, value=None):
+ """
+ Assert that some attr, or some attr / value exist on the entry.
+ """
+ if self._instance.state != DIRSRV_STATE_ONLINE:
+ raise ValueError("Invalid state. Cannot get presence on instance that is not ONLINE")
+ self._log.debug("%s present(%r) %s" % (self._dn, attr, value))
+
+ e = self._instance.getEntry(self._dn)
+ if value is None:
+ return e.hasAttr(attr)
+ else:
+ return e.hasValue(attr, value)
+
def add(self, key, value):
self.set(key, value, action=ldap.MOD_ADD)
@@ -116,12 +130,8 @@ class DSLdapObject(DSLogging):
# This needs to work on key + val, and key
def remove(self, key, value):
"""Remove a value defined by key"""
- self._log.debug("%s get(%r, %r)" % (self._dn, key, value))
- if self._instance.state != DIRSRV_STATE_ONLINE:
- raise ValueError("Invalid state. Cannot remove properties on instance that is not ONLINE")
- else:
- # Do a mod_delete on the value.
- self.set(key, value, action=ldap.MOD_DELETE)
+ # Do a mod_delete on the value.
+ self.set(key, value, action=ldap.MOD_DELETE)
# maybe this could be renamed?
def set(self, key, value, action=ldap.MOD_REPLACE):
commit c6aedf9bde75e945143d098b49f0d44ee0691860
Author: William Brown <firstyear at redhat.com>
Date: Tue Jul 5 16:54:37 2016 +1000
Ticket 48911 - Plugin improvements for lib389
Bug Description: We broke some legacy compatability. It's also useful to be
able to check the plugin status.
Fix Description: Add the needed helpers, and add a status helper
https://fedorahosted.org/389/ticket/48911
Author: wibrown
Review by: mreynolds (Thanks!)
diff --git a/lib389/plugins.py b/lib389/plugins.py
index f599d9e..7e22783 100644
--- a/lib389/plugins.py
+++ b/lib389/plugins.py
@@ -28,6 +28,11 @@ class Plugin(DSLdapObject):
def disable(self):
self.set('nsslapd-pluginEnabled', 'off')
+ def status(self):
+ if self.get_attr_val('nsslapd-pluginEnabled') == 'on':
+ return True
+ return False
+
class AttributeUniquenessPlugin(Plugin):
def __init__(self, instance, dn="cn=attribute uniqueness,cn=plugins,cn=config", batch=False):
super(AttributeUniquenessPlugin, self).__init__(instance, dn, batch)
@@ -104,6 +109,25 @@ class Plugins(DSLdapObjects):
return super(Plugins, self)._entry_to_instance(dn)
+ # To maintain compat with pluginslegacy, here are some helpers.
+
+ def enable(self, name=None, plugin_dn=None):
+ if plugin_dn is not None:
+ raise ValueError('You should swap to the new Plugin API!')
+ if name is None:
+ raise ldap.NO_SUCH_OBJECT('Must provide a selector for name')
+ plugin = self.get(selector=name)
+ plugin.enable()
+
+ def disable(self, name=None, plugin_dn=None):
+ if plugin_dn is not None:
+ raise ValueError('You should swap to the new Plugin API!')
+ if name is None:
+ raise ldap.NO_SUCH_OBJECT('Must provide a selector for name')
+ plugin = self.get(selector=name)
+ plugin.disable()
+
+
class PluginsLegacy(object):
proxied_methods = 'search_s getEntry'.split()
diff --git a/lib389/tests/plugin_test.py b/lib389/tests/plugin_test.py
index 84231a8..adbff56 100644
--- a/lib389/tests/plugin_test.py
+++ b/lib389/tests/plugin_test.py
@@ -117,6 +117,14 @@ def test_plugin_management(topology):
uniqplugin.enable_all_subtrees()
uniqplugin.enable()
+ # Test compat with the old api
+
+ topology.standalone.plugins.enable('attribute uniqueness')
+
+ # Show the status
+
+ assert(uniqplugin.status())
+
log.info('Test PASSED')
commit 2ef056e217dc076496d081e97a0a879dff98c918
Author: William Brown <firstyear at redhat.com>
Date: Mon Jul 4 12:42:17 2016 +1000
Ticket 48911 - Improve plugin support based on new mapped objects
Bug Description: Previously managing plugins via lib389 was a very manual
task. This provides a level of automation and abstraction to that process.
It lays a foundation for making tests more succinct, and improving our admin
More information about the Pkg-freeipa-devel
mailing list