rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c9s
ipa/0003-ipatests-Check-Default-PAC-type-is-added-to-config.patch
Florence Blanc-Renaud c8a18bb46d ipa-4.12.2-2 
- Related: RHEL-59788 Rebase Samba to the latest 4.21.x release
- Fixes: RHEL-61642 Uninstall ACME separately during PKI uninstallation
- Fixes: RHEL-56963 SSSD offline causing test-adtrust-install failure
- Fixes: RHEL-56473 Include latest fixes in python3-ipatests packages
- Fixes: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode
- Fixes: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges
- Fixes: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode
- Fixes: RHEL-4915 Last expired OTP token would be c

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2024-10-21 19:24:16 +02:00

93 lines
3.6 KiB
Diff
Raw Permalink Blame History

From ad4b7f6cedaed54acf279033b650010c65face10 Mon Sep 17 00:00:00 2001
From: Sudhir Menon <sumenon@redhat.com>
Date: Tue, 20 Aug 2024 14:52:03 +0530
Subject: [PATCH] ipatests: Check Default PAC type is added to config
This patch checks that the default PAC type
is added to configuration i.e ipaKrbAuthzData: MS-PAC
during ipa-server-installation
The patch also checks that if 'ipaKrbAuthzData: MS-PAC'
attribute is deleted and then when we run 'ipa-server-upgrade'
command the attribute is added back.
Related: https://pagure.io/freeipa/issue/9632
Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
---
.../test_integration/test_installation.py | 15 +++++++++++
ipatests/test_integration/test_upgrade.py | 26 ++++++++++++++++++-
2 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py
index ada43e33fe173ea3c315178c37e2a664b05b905b..c5565c452010f23f038ddf329454b591ef09f6af 100644
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@@ -1190,6 +1190,21 @@ class TestInstallMaster(IntegrationTest):
expected_stdout=f'href="https://{self.master.hostname}/'
)
+ def test_pac_configuration_enabled(self):
+ """
+ This testcase checks that the default PAC type
+ is added to configuration.
+ """
+ base_dn = str(self.master.domain.basedn)
+ dn = DN(
+ ("cn", "ipaConfig"),
+ ("cn", "etc"),
+ base_dn
+ )
+ result = tasks.ldapsearch_dm(self.master, str(dn),
+ ["ipaKrbAuthzData"])
+ assert 'ipaKrbAuthzData: MS-PAC' in result.stdout_text
+
def test_hostname_parameter(self, server_cleanup):
"""
Test that --hostname parameter is respected in interactive mode.
diff --git a/ipatests/test_integration/test_upgrade.py b/ipatests/test_integration/test_upgrade.py
index 011de939e92790734d63da2f85be1c25349116a8..a0f393780ccc25774466992976532c876aa876da 100644
--- a/ipatests/test_integration/test_upgrade.py
+++ b/ipatests/test_integration/test_upgrade.py
@@ -165,7 +165,6 @@ class TestUpgrade(IntegrationTest):
ldap.update_entry(location_krb_rec)
yield _setup_locations
-
ldap = self.master.ldap_connect()
modified = False
@@ -491,3 +490,28 @@ class TestUpgrade(IntegrationTest):
tasks.reinstall_packages(self.master, ['*ipa-client'])
assert not self.master.transport.file_exists(
paths.SSH_CONFIG + ".orig")
+
+ def test_mspac_attribute_set(self):
+ """
+ This testcase deletes the already existing attribute
+ 'ipaKrbAuthzData: MS-PAC'.
+ The test then runs ipa-server-upgrade and checks that
+ the attribute 'ipaKrbAuthzData: MS-PAC' is added again.
+ """
+ base_dn = str(self.master.domain.basedn)
+ dn = DN(
+ ("cn", "ipaConfig"),
+ ("cn", "etc"),
+ base_dn
+ )
+ ldif = textwrap.dedent("""
+ dn: cn=ipaConfig,cn=etc,{}
+ changetype: modify
+ delete: ipaKrbAuthzData
+ """).format(base_dn)
+ tasks.ldapmodify_dm(self.master, ldif)
+ tasks.kinit_admin(self.master)
+ self.master.run_command(['ipa-server-upgrade'])
+ result = tasks.ldapsearch_dm(self.master, str(dn),
+ ["ipaKrbAuthzData"])
+ assert 'ipaKrbAuthzData: MS-PAC' in result.stdout_text
--
2.46.2
Reference in New Issue View Git Blame Copy Permalink