Imported Debian patch 4.8.10-2

2020-11-23 20:48:56 +02:00
parent 8bc559c5a1
commit 358acdd85f
917 changed files with 1185414 additions and 1069733 deletions
--- a/ipatests/test_ipaclient/test_csrgen.py
+++ b/ipatests/test_ipaclient/test_csrgen.py
@@ -54,7 +54,7 @@ class IdentityFormatter(csrgen.Formatter):
        return {'options': syntax_rules}


-class test_Formatter(object):
+class test_Formatter:
    def test_prepare_data_rule_with_data_source(self, formatter):
        data_rule = csrgen.Rule('uid', '{{subject.uid.0}}',
                                {'data_source': 'subject.uid.0'})
@@ -135,7 +135,7 @@ class test_Formatter(object):
        assert prepared == 'rule1,rule2'


-class test_FileRuleProvider(object):
+class test_FileRuleProvider:
    def test_rule_basic(self, rule_provider):
        rule_name = 'basic'

@@ -168,7 +168,7 @@ class test_FileRuleProvider(object):
            rule_provider.rules_for_profile('nosuchprofile')


-class test_CSRGenerator(object):
+class test_CSRGenerator:
    def test_userCert_OpenSSL(self, generator):
        principal = {
            'uid': ['testuser'],
@@ -259,12 +259,12 @@ class test_CSRGenerator(object):

        with pytest.raises(
                errors.CSRTemplateError,
-                message='unrecognised attribute type: X'):
+                match=r'^unrecognised attribute type: X$'):
            csrgen_ffi.build_requestinfo(
                config.encode('utf-8'), adaptor.get_subject_public_key_info())


-class test_rule_handling(object):
+class test_rule_handling:
    def test_optionalAttributeMissing(self, generator):
        principal = {'uid': 'testuser'}
        rule_provider = StubRuleProvider()
--- a/ipatests/test_ipaclient/test_ldapconf.py
+++ b/ipatests/test_ipaclient/test_ldapconf.py
@@ -0,0 +1,114 @@
+#
+# Copyright (C) 2019  FreeIPA Contributors see COPYING for license
+#
+
+import os
+import shutil
+import tempfile
+
+import pytest
+
+from ipaplatform.paths import paths
+
+import ipatests.util
+ipatests.util.check_ipaclient_unittests()  # noqa: E402
+
+from ipaclient.install.client import configure_openldap_conf
+
+# with single URI and space
+LDAP_CONF_1 = """
+#
+# LDAP Defaults
+#
+
+BASE dc=example,dc=com
+URI ldap://ldap.example.com
+
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON    on
+"""
+
+# URI with two entries and tabs
+LDAP_CONF_2 = """
+#
+# LDAP Defaults
+#
+
+BASE\tdc=example,dc=com
+URI\tldap://ldap.example.com ldap://ldap-master.example.com:666
+
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON    on
+"""
+
+BASEDN = 'cn=ipa,cn=example'
+SERVER = 'ldap.ipa.example'
+
+
+class DummyFStore:
+    def backup_file(self, fname):
+        pass
+
+
+def ldap_conf(content):
+    # fixture tmp_path is pytest >= 3.9
+    tmp_path = tempfile.mkdtemp()
+    cfgfile = os.path.join(tmp_path, 'ldap.conf')
+    if content is not None:
+        with open(cfgfile, 'w') as f:
+            f.write(content)
+    orig_ldap_conf = paths.OPENLDAP_LDAP_CONF
+    try:
+        paths.OPENLDAP_LDAP_CONF = cfgfile
+        configure_openldap_conf(DummyFStore(), BASEDN, [SERVER])
+
+        with open(cfgfile) as f:
+            text = f.read()
+
+        settings = {}
+        for line in text.split('\n'):
+            line = line.strip()
+            if not line or line.startswith('#'):
+                continue
+            k, v = line.split(None, 1)
+            settings.setdefault(k, []).append(v)
+    finally:
+        paths.OPENLDAP_LDAP_CONF = orig_ldap_conf
+        shutil.rmtree(tmp_path)
+    return text, settings
+
+
+def test_openldap_conf_empty():
+    text, settings = ldap_conf("")
+    assert '# File modified by ipa-client-install' in text
+    assert settings == {
+        'BASE': [BASEDN],
+        'URI': ['ldaps://{}'.format(SERVER)],
+        'TLS_CACERT': ['/etc/ipa/ca.crt'],
+        'SASL_MECH': ['GSSAPI']
+    }
+
+
+def test_openldap_conf_spaces():
+    text, settings = ldap_conf(LDAP_CONF_1)
+    assert '# File modified by ipa-client-install' in text
+    assert settings == {
+        'BASE': ['dc=example,dc=com'],
+        'URI': ['ldap://ldap.example.com'],
+        'SASL_NOCANON': ['on'],
+        'TLS_CACERT': ['/etc/ipa/ca.crt'],
+        'SASL_MECH': ['GSSAPI']
+    }
+
+
+@pytest.mark.xfail(reason="freeipa ticket 7838", strict=True)
+def test_openldap_conf_mixed():
+    text, settings = ldap_conf(LDAP_CONF_2)
+    assert '# File modified by ipa-client-install' in text
+    assert settings == {
+        'BASE': ['dc=example,dc=com'],
+        'URI': ['ldap://ldap.example.com ldap://ldap-master.example.com:666'],
+        'SASL_NOCANON': ['on'],
+        'TLS_CACERT': ['/etc/ipa/ca.crt'],
+        'SASL_MECH': ['GSSAPI']
+    }