c8a18bb46d
- Related: RHEL-59788 Rebase Samba to the latest 4.21.x release - Fixes: RHEL-61642 Uninstall ACME separately during PKI uninstallation - Fixes: RHEL-56963 SSSD offline causing test-adtrust-install failure - Fixes: RHEL-56473 Include latest fixes in python3-ipatests packages - Fixes: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode - Fixes: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges - Fixes: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode - Fixes: RHEL-4915 Last expired OTP token would be c Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
68 lines
2.7 KiB
Diff
68 lines
2.7 KiB
Diff
From a343c149838a3058794f33c75c58b75bc1748f7f Mon Sep 17 00:00:00 2001
|
|
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
Date: Tue, 17 Sep 2024 17:00:49 +0200
|
|
Subject: [PATCH] ipatests: provide a ccache to rpcclient deletetrustdom
|
|
|
|
With samba update to samba-4.20.4, rpcclient now needs a
|
|
ccache otherwise it prompts for a password.
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9667
|
|
|
|
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
ipatests/pytest_ipa/integration/tasks.py | 23 ++++++++++++++++++++---
|
|
1 file changed, 20 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
|
|
index 9d6b5f67a311a28c335801d59e0ff0f0c7faccdd..677fb7534256a65940fb5280fa6412789dcba54f 100755
|
|
--- a/ipatests/pytest_ipa/integration/tasks.py
|
|
+++ b/ipatests/pytest_ipa/integration/tasks.py
|
|
@@ -795,15 +795,22 @@ def remove_trust_info_from_ad(master, ad_domain, ad_hostname):
|
|
kinit_as_user(master,
|
|
'Administrator@{}'.format(ad_domain.upper()),
|
|
master.config.ad_admin_password)
|
|
+ # Find cache for the user
|
|
+ cache_args = []
|
|
+ cache = get_credential_cache(master)
|
|
+ if cache:
|
|
+ cache_args = ["--use-krb5-ccache", cache]
|
|
+
|
|
# Detect whether rpcclient supports -k or --use-kerberos option
|
|
res = master.run_command(['rpcclient', '-h'], raiseonerr=False)
|
|
if "--use-kerberos" in res.stderr_text:
|
|
rpcclient_krb5_knob = "--use-kerberos=desired"
|
|
else:
|
|
rpcclient_krb5_knob = "-k"
|
|
- master.run_command(['rpcclient', rpcclient_krb5_knob, ad_hostname,
|
|
- '-c', 'deletetrustdom {}'.format(master.domain.name)],
|
|
- raiseonerr=False)
|
|
+ cmd_args = ['rpcclient', rpcclient_krb5_knob, ad_hostname]
|
|
+ cmd_args.extend(cache_args)
|
|
+ cmd_args.extend(['-c', 'deletetrustdom {}'.format(master.domain.name)])
|
|
+ master.run_command(cmd_args, raiseonerr=False)
|
|
|
|
|
|
def configure_auth_to_local_rule(master, ad):
|
|
@@ -1086,6 +1093,16 @@ def kinit_admin(host, raiseonerr=True):
|
|
raiseonerr=raiseonerr)
|
|
|
|
|
|
+def get_credential_cache(host):
|
|
+ # Return the credential cache currently in use on host or None
|
|
+ result = host.run_command(["klist"]).stdout_text
|
|
+ pattern = re.compile(r'Ticket cache: (?P<cache>.*)\n')
|
|
+ res = pattern.search(result)
|
|
+ if res:
|
|
+ return res['cache']
|
|
+ return None
|
|
+
|
|
+
|
|
def uninstall_master(host, ignore_topology_disconnect=True,
|
|
ignore_last_of_role=True, clean=True, verbose=False):
|
|
uninstall_cmd = ['ipa-server-install', '--uninstall', '-U']
|
|
--
|
|
2.46.2
|
|
|