rpms/ipa
6
0
Fork 0
Code Issues Pull Requests Releases Activity
fe5c3c292a
ipa/0092-ipatests-fix-test_adtrust_install_with_non_ipa_user.patch
Florence Blanc-Renaud a96d03c543 ipa-4.12.2-19 
- Resolves: RHEL-100450 eDNS: multiple issues during encrypted DNS setup
- Resolves: RHEL-89907 Privilege escalation from host to domain admin in FreeIPA
- Resolves: RHEL-99315 Include latest fixes in python3-ipatests package
- Resolves: RHEL-98565 ipa-idrange-fix: 'Env' object has no attribute 'basedn'
- Resolves: RHEL-96920 Nightly test failure (rawhide) in test_trust.py::TestTrust::test_server_option_with_unreachable_ad
- Resolves: RHEL-31907 kdb: support storing and retrieving multiple master keys

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2025-06-30 11:07:39 +02:00

91 lines
3.6 KiB
Diff
Raw Blame History

From 39e92c4033d0ecd702281f3ecbeac3b5f654e973 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Thu, 19 Jun 2025 17:17:44 +0200
Subject: [PATCH] ipatests: fix test_adtrust_install_with_non_ipa_user
Fix the test scenario:
create a user with a second krbprincipalname but no
krbcanonical name.
kinit -E with the other name
try ipa-adtrust-install with the other name
It should fail with the error message 'user not found'
Fixes: https://pagure.io/freeipa/issue/9812
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
---
.../test_integration/test_adtrust_install.py | 48 ++++++++++++++-----
1 file changed, 36 insertions(+), 12 deletions(-)
diff --git a/ipatests/test_integration/test_adtrust_install.py b/ipatests/test_integration/test_adtrust_install.py
index 99d3029443ea39bb5f0e333a5087d30291191968..09e227ec8125e90b37d1d92f0512f9819f5b48c3 100644
--- a/ipatests/test_integration/test_adtrust_install.py
+++ b/ipatests/test_integration/test_adtrust_install.py
@@ -360,27 +360,51 @@ class TestIpaAdTrustInstall(IntegrationTest):
assert msg in result.stdout_text
assert result.returncode == 0
- def test_adtrust_install_with_non_ipa_user(self):
+ @pytest.fixture
+ def create_user(self):
+ # create a user with 'othername' as 2nd krbprincipalname but
+ # no krbcanonicalname
+ basedn = self.master.domain.basedn
+ self.test_user = 'idmuser'
+ self.test_alias = 'othername'
+ tasks.create_active_user(
+ self.master, self.test_user, self.master.config.admin_password,
+ first=self.test_user, last=self.test_user)
+ user_update_ldif = textwrap.dedent("""
+ dn: uid={user},cn=users,cn=accounts,{base_dn}
+ changetype: modify
+ add: krbprincipalname
+ krbprincipalname: {alias}@{realm}
+ -
+ delete: krbcanonicalname
+ """.format(base_dn=basedn, user=self.test_user,
+ alias=self.test_alias, realm=self.master.domain.realm))
+ tasks.ldapmodify_dm(self.master, user_update_ldif)
+ yield
+ tasks.kinit_admin(self.master)
+ self.master.run_command(["ipa", "user-del", self.test_user])
+
+ def test_adtrust_install_with_user_missing_krbcanonical(self, create_user):
"""
Test that ipa-adtrust-install command returns
- an error when kinit is done as alias
- i.e root which is not an ipa user.
+ an error when kinit is done as an alias
+ for which there is no krbcanonicalname.
"""
- msg = (
- 'Unrecognized error during check of admin rights: '
- 'root: user not found'
- )
- user = 'root'
+ self.master.run_command(["kdestroy", "-A"])
self.master.run_command(
- ["kinit", "-E", user],
- stdin_text=self.master.config.admin_password
- )
+ ["kinit", "-E", self.test_alias],
+ stdin_text=self.master.config.admin_password)
+
result = self.master.run_command(
- ["ipa-adtrust-install", "-A", user,
+ ["ipa-adtrust-install", "-A", self.test_alias,
"-a", self.master.config.admin_password,
"-U"], raiseonerr=False
)
assert result.returncode != 0
+ msg = (
+ 'Unrecognized error during check of admin rights: '
+ '{alias}: user not found'
+ ).format(alias=self.test_alias)
assert msg in result.stderr_text
def test_adtrust_install_as_regular_ipa_user(self):
--
2.50.0
Reference in New Issue View Git Blame Copy Permalink