diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2012-01-17 17:54:00 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-01-24 21:09:09 -0500 |
| commit | dbd87af80b55af0454866260d24d7b3b1f5d9666 (patch) | |
| tree | 12a97af00abad9c44e79ed378925c001c3802da9 /tests | |
| parent | 635f0a464c587988f9fe982e5540e0cc18835716 (diff) | |
| download | freeipa-dbd87af80b55af0454866260d24d7b3b1f5d9666.tar.gz freeipa-dbd87af80b55af0454866260d24d7b3b1f5d9666.tar.xz freeipa-dbd87af80b55af0454866260d24d7b3b1f5d9666.zip | |
Fix deletion of HBAC Rules when there are SELinux user maps defined
When deleting an HBAC rule we need to ensure that an SELinux user
map isn't pointing at it. We need to take what is the cn of the HBAC
rule and see if that rule exists, then return the dn to that rule.
The search was not being done properly and wasn't enforcing uniqueness.
It could have returned partial matches as well (so tests for the
search test).
https://fedorahosted.org/freeipa/ticket/2269
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_xmlrpc/test_selinuxusermap_plugin.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_selinuxusermap_plugin.py b/tests/test_xmlrpc/test_selinuxusermap_plugin.py index 368037dbe..2fdccf3ef 100644 --- a/tests/test_xmlrpc/test_selinuxusermap_plugin.py +++ b/tests/test_xmlrpc/test_selinuxusermap_plugin.py @@ -36,6 +36,7 @@ host1 = u'testhost1.%s' % api.env.domain hostdn1 = DN(('fqdn',host1),('cn','computers'),('cn','accounts'), api.env.basedn) hbacrule1 = u'testhbacrule1' +hbacrule2 = u'testhbacrule12' fuzzy_selinuxusermapdn = Fuzzy( 'ipauniqueid=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},%s,%s' % (api.env.container_selinux, api.env.basedn) @@ -51,6 +52,7 @@ class test_selinuxusermap(Declarative): ('user_del', [user1], {}), ('host_del', [host1], {}), ('hbacrule_del', [hbacrule1], {}), + ('hbacrule_del', [hbacrule2], {}), ] tests = [ @@ -310,6 +312,26 @@ class test_selinuxusermap(Declarative): ), + dict( + desc='Create HBAC rule %r' % hbacrule2, + command=( + 'hbacrule_add', [hbacrule2], {} + ), + expected=dict( + value=hbacrule2, + summary=u'Added HBAC rule "%s"' % hbacrule2, + result=dict( + cn=[hbacrule2], + objectclass=objectclasses.hbacrule, + ipauniqueid=[fuzzy_uuid], + accessruletype=[u'allow'], + ipaenabledflag=[u'TRUE'], + dn=fuzzy_hbacruledn, + ), + ), + ), + + ############### # Fill out rule with members and/or pointers to HBAC rules dict( @@ -542,6 +564,19 @@ class test_selinuxusermap(Declarative): ), + # This tests selinuxusermap-find --hbacrule=<foo> returns an + # exact match + dict( + desc='Try to delete similarly named HBAC rule %r' % hbacrule2, + command=('hbacrule_del', [hbacrule2], {}), + expected=dict( + result=dict(failed=u''), + value=hbacrule2, + summary=u'Deleted HBAC rule "%s"' % hbacrule2, + ) + ), + + # Test clean up dict( desc='Delete %r' % rule1, |