SlapdObject bind ldaps:// as well

mdavidsaver · mdavidsaver · commit cc95a2ac77e5 · 2022-03-08T14:16:22.000-08:00
Use a set() in _start_slapd() in case caller has somehow
picked a duplicated the port.
diff --git a/Lib/slapdtest/_slapdtest.py b/Lib/slapdtest/_slapdtest.py
@@ -179,6 +179,10 @@ class SlapdObject:
     .. versionchanged:: 3.1
 
         Added context manager functionality
+
+    .. versionchanged:: UNRELEASED
+
+        Added ldaps_uri attribute
     """
     slapd_conf_template = SLAPD_CONF_TEMPLATE
     database = 'mdb'
@@ -212,12 +216,13 @@ class SlapdObject:
 
     def __init__(self):
         self._proc = None
-        self._port = self._avail_tcp_port()
+        self._port, self._tls_port = self._avail_tcp_ports(2)
         self.server_id = self._port % 4096
         self.testrundir = os.path.join(self.TMPDIR, 'python-ldap-test-%d' % self._port)
         self._slapd_conf = os.path.join(self.testrundir, 'slapd.d')
         self._db_directory = os.path.join(self.testrundir, "openldap-data")
         self.ldap_uri = "ldap://%s:%d/" % (self.local_host, self._port)
+        self.ldaps_uri = "ldaps://%s:%d/" % (self.local_host, self._tls_port)
         if HAVE_LDAPI:
             ldapi_path = os.path.join(self.testrundir, 'ldapi')
             self.ldapi_uri = "ldapi://%s" % quote_plus(ldapi_path)
@@ -314,18 +319,26 @@ def _cleanup_rundir(self):
         os.rmdir(self.testrundir)
         self._log.info('cleaned-up %s', self.testrundir)
 
+    def _avail_tcp_ports(self, n):
+        """Return a list of currently unused TCP port numbers.
+        """
+        ports = []
+        socks = [socket.socket(socket.AF_INET, socket.SOCK_STREAM) for _i in range(n)]
+        try:
+            for sock in socks:
+                sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+                sock.bind((self.local_host, 0))
+                ports.append(sock.getsockname()[1])
+        finally:
+            [sock.close() for sock in socks]
+        self._log.info('Found available port(s) %s', socks)
+        return ports
+
     def _avail_tcp_port(self):
         """
         find an available port for TCP connection
         """
-        sock = socket.socket()
-        try:
-            sock.bind((self.local_host, 0))
-            port = sock.getsockname()[1]
-        finally:
-            sock.close()
-        self._log.info('Found available port %d', port)
-        return port
+        return self._avail_tcp_ports(1)
 
     def gen_config(self):
         """
@@ -399,7 +412,7 @@ def _start_slapd(self):
         """
         Spawns/forks the slapd process
         """
-        urls = [self.ldap_uri]
+        urls = [self.ldap_uri, self.ldaps_uri]
         if self.ldapi_uri:
             urls.append(self.ldapi_uri)
         slapd_args = [
@@ -425,13 +438,18 @@ def _start_slapd(self):
                 self._log.debug(
                     "slapd connection check to %s", self.default_ldap_uri
                 )
-                self.ldapwhoami()
+                # try all bound sockets to make sure the daemon is ready to go.
+                self.ldapwhoami(ldap_uri=self.ldap_uri)
+                self.ldapwhoami(ldap_uri=self.ldaps_uri)
+                if self.ldapi_uri:
+                    self.ldapwhoami(ldap_uri=self.ldapi_uri)
             except RuntimeError:
                 if time.monotonic() >= deadline:
                     break
                 time.sleep(0.2)
             else:
                 return
+        self._proc.kill()
         raise RuntimeError("slapd did not start properly")
 
     def start(self):
@@ -448,8 +466,8 @@ def start(self):
             self._test_config()
             self._start_slapd()
             self._log.debug(
-                'slapd with pid=%d listening on %s and %s',
-                self._proc.pid, self.ldap_uri, self.ldapi_uri
+                'slapd with pid=%d listening on %s, %s and %s',
+                self._proc.pid, self.ldap_uri, self.ldaps_uri, self.ldapi_uri
             )
 
     def stop(self):
@@ -483,8 +501,8 @@ def _stopped(self):
             self._log.info('slapd[%d] terminated', self._proc.pid)
             self._proc = None
 
-    def _cli_auth_args(self):
-        if self.cli_sasl_external:
+    def _cli_remote_args(self, ldap_uri):
+        if ldap_uri.startswith('ldapi://'):
             authc_args = [
                 '-Y', 'EXTERNAL',
             ]
@@ -496,16 +514,36 @@ def _cli_auth_args(self):
                 '-D', self.root_dn,
                 '-w', self.root_pw,
             ]
-        return authc_args
+        return ['-H', ldap_uri] + authc_args
 
     # no cover to avoid spurious coverage changes
     def _cli_popen(self, ldapcommand, extra_args=None, ldap_uri=None,
                    stdin_data=None):  # pragma: no cover
         if ldap_uri is None:
             ldap_uri = self.default_ldap_uri
 
+        environ = os.environ.copy()
+
         if ldapcommand.split("/")[-1].startswith("ldap"):
-            args = [ldapcommand, '-H', ldap_uri] + self._cli_auth_args()
+            args = [ldapcommand] + self._cli_remote_args(ldap_uri)
+
+            # setting $LDAPNOINIT ignores all other environment and config files
+            environ.pop('LDAPNOINIT', None)
+            # we really only want to set the CA cert...
+            environ['LDAPTLS_CACERT'] = self.cafile
+            environ['LDAPTLS_REQCERT'] = 'demand'
+            environ['LDAPTLS_REQSAN'] = 'demand'
+            environ['LDAPTLS_CRLCHECK'] = 'none'
+            environ['LDAPTLS_CRLFILE'] = ''
+            # ... but need to provide more to override any system/user defaults.
+            environ['LDAPVERSION'] = '3'
+            environ['LDAPTIMEOUT'] = '5'
+            environ['LDAPTIMELIMIT'] = '15'
+            environ['LDAPSIZELIMIT'] = '12'
+            environ['LDAPNETWORK_TIMEOUT'] = '5'
+            environ['LDAPTLS_CERT'] = ''
+            environ['LDAPTLS_KEY'] = ''
+
         else:
             args = [ldapcommand, '-F', self._slapd_conf]
 
@@ -514,7 +552,8 @@ def _cli_popen(self, ldapcommand, extra_args=None, ldap_uri=None,
         self._log.debug('Run command: %r', ' '.join(args))
         proc = subprocess.Popen(
             args, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE
+            stderr=subprocess.PIPE,
+            env=environ,
         )
         self._log.debug('stdin_data=%r', stdin_data)
         stdout_data, stderr_data = proc.communicate(stdin_data)
@@ -530,11 +569,11 @@ def _cli_popen(self, ldapcommand, extra_args=None, ldap_uri=None,
             )
         return stdout_data, stderr_data
 
-    def ldapwhoami(self, extra_args=None):
+    def ldapwhoami(self, extra_args=None, **kws):
         """
         Runs ldapwhoami on this slapd instance
         """
-        self._cli_popen(self.PATH_LDAPWHOAMI, extra_args=extra_args)
+        self._cli_popen(self.PATH_LDAPWHOAMI, extra_args=extra_args, **kws)
 
     def ldapadd(self, ldif, extra_args=None):
         """
