From b35c79a8dd6727b8552d6f1d38b9689a71ac2e9a Mon Sep 17 00:00:00 2001 From: angus Date: Sun, 17 Apr 2016 12:01:05 +0200 Subject: [PATCH 1/2] Adapted the user account setup for the test environment to the new v2 approach (encrypted passwords). Modified integration tests to adapt to dovecot. Need to be worked out: - user accounts checks: dir layout under dovecot probably include dynamic filenames. How can we handle that ? - fail2ban container cannot ban via iptables if we do not run it with special privileges. --- test/config/clear.postfix-accounts.cf | 2 ++ test/config/postfix-accounts.cf | 4 +-- test/tests.bats | 45 +++++++++++++++------------ 3 files changed, 29 insertions(+), 22 deletions(-) create mode 100644 test/config/clear.postfix-accounts.cf diff --git a/test/config/clear.postfix-accounts.cf b/test/config/clear.postfix-accounts.cf new file mode 100644 index 00000000..8f209cc6 --- /dev/null +++ b/test/config/clear.postfix-accounts.cf @@ -0,0 +1,2 @@ +user1@localhost.localdomain|mypassword +user2@otherdomain.tld|mypassword diff --git a/test/config/postfix-accounts.cf b/test/config/postfix-accounts.cf index 8f209cc6..f1ec3b3d 100644 --- a/test/config/postfix-accounts.cf +++ b/test/config/postfix-accounts.cf @@ -1,2 +1,2 @@ -user1@localhost.localdomain|mypassword -user2@otherdomain.tld|mypassword +user1@localhost.localdomain|{MD5-CRYPT}$1$agWCql3M$ATBimsiJ4EETYnG/yLWwr. +user2@otherdomain.tld|{MD5-CRYPT}$1$31q82qPz$vprzqppi3chSsK8SgWT8d/ diff --git a/test/tests.bats b/test/tests.bats index b2ec5176..b025ae90 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -79,13 +79,13 @@ # sasl # -@test "checking sasl: testsaslauthd works with good password" { - run docker exec mail /bin/sh -c "testsaslauthd -u user2 -r otherdomain.tld -p mypassword | grep 'OK \"Success.\"'" +@test "checking sasl: doveadm auth test works with good password" { + run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld mypassword | grep 'auth succeeded'" [ "$status" -eq 0 ] } -@test "checking sasl: testsaslauthd fails with bad password" { - run docker exec mail /bin/sh -c "testsaslauthd -u user2 -r otherdomain.tld -p BADPASSWORD | grep 'NO \"authentication failed\"'" +@test "checking sasl: doveadm auth test fails with bad password" { + run docker exec mail /bin/sh -c "doveadm auth test -x service=smtp user2@otherdomain.tld BADPASSWORD | grep 'auth failed'" [ "$status" -eq 0 ] } @@ -109,22 +109,22 @@ # @test "checking smtp: authentication works with good password (plain)" { - run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-plain.txt | grep 'Authentication successful'" + run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-plain.txt | grep 'Authentication successful'" [ "$status" -eq 0 ] } @test "checking smtp: authentication fails with wrong password (plain)" { - run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-plain-wrong.txt | grep 'authentication failed'" + run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-plain-wrong.txt | grep 'authentication failed'" [ "$status" -eq 0 ] } @test "checking smtp: authentication works with good password (login)" { - run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-login.txt | grep 'Authentication successful'" + run docker exec mail /bin/sh -c "nc -w 5 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-login.txt | grep 'Authentication successful'" [ "$status" -eq 0 ] } @test "checking smtp: authentication fails with wrong password (login)" { - run docker exec mail /bin/sh -c "nc -w 1 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-login-wrong.txt | grep 'authentication failed'" + run docker exec mail /bin/sh -c "nc -w 20 0.0.0.0 25 < /tmp/docker-mailserver/test/auth/smtp-auth-login-wrong.txt | grep 'authentication failed'" [ "$status" -eq 0 ] } @@ -175,10 +175,10 @@ # @test "checking accounts: user accounts" { - run docker exec mail sasldblistusers2 + run docker exec mail doveadm user '*' [ "$status" -eq 0 ] - [ "${lines[0]}" = "user1@localhost.localdomain: userPassword" ] - [ "${lines[1]}" = "user2@otherdomain.tld: userPassword" ] + [ "${lines[0]}" = "user1@localhost.localdomain" ] + [ "${lines[1]}" = "user2@otherdomain.tld" ] } @test "checking accounts: user mail folders for user1" { @@ -187,10 +187,15 @@ [ "${lines[0]}" = ".Drafts" ] [ "${lines[1]}" = ".Sent" ] [ "${lines[2]}" = ".Trash" ] - [ "${lines[3]}" = "courierimapsubscribed" ] - [ "${lines[4]}" = "cur" ] - [ "${lines[5]}" = "new" ] - [ "${lines[6]}" = "tmp" ] + [ "${lines[3]}" = "cur" ] + [ "${lines[4]}" = "dovecot-uidlist" ] + [ "${lines[5]}" = "dovecot-uidvalidity" ] + [ "${lines[6]}" = "dovecot-uidvalidity.5712dae3" ] + [ "${lines[7]}" = "dovecot.index.cache" ] + [ "${lines[8]}" = "dovecot.index.log" ] + [ "${lines[9]}" = "new" ] + [ "${lines[10]}" = "subscriptions" ] + [ "${lines[11]}" = "tmp" ] } @test "checking accounts: user mail folders for user2" { @@ -199,9 +204,9 @@ [ "${lines[0]}" = ".Drafts" ] [ "${lines[1]}" = ".Sent" ] [ "${lines[2]}" = ".Trash" ] - [ "${lines[3]}" = "courierimapsubscribed" ] - [ "${lines[4]}" = "cur" ] - [ "${lines[5]}" = "new" ] + [ "${lines[3]}" = "cur" ] + [ "${lines[4]}" = "new" ] + [ "${lines[5]}" = "subscriptions" ] [ "${lines[6]}" = "tmp" ] } @@ -217,9 +222,9 @@ } @test "checking postfix: main.cf overrides" { - run docker exec mail grep -q 'max_idle = 600s' /tmp/postfix/main.cf + run docker exec mail grep -q 'max_idle = 600s' /tmp/docker-mailserver/postfix-main.cf [ "$status" -eq 0 ] - run docker exec mail grep -q 'readme_directory = /tmp' /tmp/postfix/main.cf + run docker exec mail grep -q 'readme_directory = /tmp' /tmp/docker-mailserver/postfix-main.cf [ "$status" -eq 0 ] } From a6d666b450444d3aca50a6bed08c221593bad9dd Mon Sep 17 00:00:00 2001 From: angus Date: Sun, 17 Apr 2016 20:10:09 +0200 Subject: [PATCH 2/2] Improvements on CI tests: now user account checks are working. Need to work on fail2ban tests. --- test/tests.bats | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index b025ae90..02df01ae 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -52,7 +52,7 @@ } @test "checking imap: server is ready with STARTTLS" { - run docker exec mail /bin/bash -c "nc -w 1 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" + run docker exec mail /bin/bash -c "nc -w 5 0.0.0.0 143 | grep '* OK' | grep 'STARTTLS' | grep 'ready'" [ "$status" -eq 0 ] } @@ -182,32 +182,15 @@ } @test "checking accounts: user mail folders for user1" { - run docker exec mail ls -A /var/mail/localhost.localdomain/user1 + run docker exec mail /bin/bash -c "ls -A /var/mail/localhost.localdomain/user1 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" [ "$status" -eq 0 ] - [ "${lines[0]}" = ".Drafts" ] - [ "${lines[1]}" = ".Sent" ] - [ "${lines[2]}" = ".Trash" ] - [ "${lines[3]}" = "cur" ] - [ "${lines[4]}" = "dovecot-uidlist" ] - [ "${lines[5]}" = "dovecot-uidvalidity" ] - [ "${lines[6]}" = "dovecot-uidvalidity.5712dae3" ] - [ "${lines[7]}" = "dovecot.index.cache" ] - [ "${lines[8]}" = "dovecot.index.log" ] - [ "${lines[9]}" = "new" ] - [ "${lines[10]}" = "subscriptions" ] - [ "${lines[11]}" = "tmp" ] + [ "$output" -eq 7 ] } @test "checking accounts: user mail folders for user2" { - run docker exec mail ls -A /var/mail/otherdomain.tld/user2 + run docker exec mail /bin/bash -c "ls -A /var/mail/otherdomain.tld/user2 | grep -E '.Drafts|.Sent|.Trash|cur|new|subscriptions|tmp' | wc -l" [ "$status" -eq 0 ] - [ "${lines[0]}" = ".Drafts" ] - [ "${lines[1]}" = ".Sent" ] - [ "${lines[2]}" = ".Trash" ] - [ "${lines[3]}" = "cur" ] - [ "${lines[4]}" = "new" ] - [ "${lines[5]}" = "subscriptions" ] - [ "${lines[6]}" = "tmp" ] + [ "$output" -eq 7 ] } #