e57a97aa67
- Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
83 lines
3.2 KiB
Diff
83 lines
3.2 KiB
Diff
From 9e950f89bedeb83267369d60b4a83c77f89e71d6 Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Mon, 27 Nov 2023 16:11:08 -0500
|
|
Subject: [PATCH] hbactest was not collecting or returning messages
|
|
|
|
hbactest does a number of internal searches, one of which
|
|
can exceed the configured sizelimit: hbacrule-find
|
|
|
|
Collect any messages returned from thsi call and display them
|
|
to the user on the cli.
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9486
|
|
|
|
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
---
|
|
ipaclient/plugins/hbactest.py | 2 ++
|
|
ipaserver/plugins/hbactest.py | 14 +++++++++++---
|
|
2 files changed, 13 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/ipaclient/plugins/hbactest.py b/ipaclient/plugins/hbactest.py
|
|
index 1b54530b236cf654bc8ece7ab4e329850f5a6815..e0f93b9c265a176cb872fcf2728dbb3a66a264d9 100644
|
|
--- a/ipaclient/plugins/hbactest.py
|
|
+++ b/ipaclient/plugins/hbactest.py
|
|
@@ -38,6 +38,8 @@ class hbactest(CommandOverride):
|
|
# Note that we don't actually use --detail below to see if details need
|
|
# to be printed as our execute() method will return None for corresponding
|
|
# entries and None entries will be skipped.
|
|
+ self.log_messages(output)
|
|
+
|
|
for o in self.output:
|
|
if o == 'value':
|
|
continue
|
|
diff --git a/ipaserver/plugins/hbactest.py b/ipaserver/plugins/hbactest.py
|
|
index 887a35b7e67b257a2e54d51990af953ff8fbb316..568c13174ba617f2742b8f42c11b36dbde549cc2 100644
|
|
--- a/ipaserver/plugins/hbactest.py
|
|
+++ b/ipaserver/plugins/hbactest.py
|
|
@@ -24,6 +24,8 @@ from ipalib import Command, Str, Flag, Int
|
|
from ipalib import _
|
|
from ipapython.dn import DN
|
|
from ipalib.plugable import Registry
|
|
+from ipalib.messages import VersionMissing
|
|
+
|
|
if api.env.in_server:
|
|
try:
|
|
import ipaserver.dcerpc
|
|
@@ -323,6 +325,9 @@ class hbactest(Command):
|
|
# 2. Required options are (user, target host, service)
|
|
# 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output
|
|
rules = []
|
|
+ result = {
|
|
+ 'warning':None, 'matched':None, 'notmatched':None, 'error':None
|
|
+ }
|
|
|
|
# Use all enabled IPA rules by default
|
|
all_enabled = True
|
|
@@ -351,8 +356,12 @@ class hbactest(Command):
|
|
|
|
hbacset = []
|
|
if len(testrules) == 0:
|
|
- hbacset = self.api.Command.hbacrule_find(
|
|
- sizelimit=sizelimit, no_members=False)['result']
|
|
+ hbacrules = self.api.Command.hbacrule_find(
|
|
+ sizelimit=sizelimit, no_members=False)
|
|
+ hbacset = hbacrules['result']
|
|
+ for message in hbacrules['messages']:
|
|
+ if message['code'] != VersionMissing.errno:
|
|
+ result.setdefault('messages', []).append(message)
|
|
else:
|
|
for rule in testrules:
|
|
try:
|
|
@@ -469,7 +478,6 @@ class hbactest(Command):
|
|
error_rules = []
|
|
warning_rules = []
|
|
|
|
- result = {'warning':None, 'matched':None, 'notmatched':None, 'error':None}
|
|
if not options['nodetail']:
|
|
# Validate runs rules one-by-one and reports failed ones
|
|
for ipa_rule in rules:
|
|
--
|
|
2.43.0
|
|
|