andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0007-Issue-50378-ACI-s-with-IPv4-and-IPv6-bind-rules-do-n.patch

232633
From 76d8b45b71563d6158464f7a34bcb57d470993dc Mon Sep 17 00:00:00 2001
232633
From: Viktor Ashirov <vashirov@redhat.com>
232633
Date: Fri, 21 Jun 2019 16:41:34 +0200
232633
Subject: [PATCH 03/12] Issue 50378 - ACI's with IPv4 and IPv6 bind rules do
232633
 not work for IPv6 clients
232633
232633
Description:
232633
232633
Add a new test case for #50378 instead of the older one that was testing
232633
an unsupported corner case (ip=*).
232633
232633
Relates: https://pagure.io/389-ds-base/issue/50378
232633
232633
Reviewed by: mreynolds (Thanks!)
232633
---
232633
 dirsrvtests/tests/suites/acl/keywords_test.py | 29 ++++++++++---------
232633
 1 file changed, 16 insertions(+), 13 deletions(-)
232633
232633
diff --git a/dirsrvtests/tests/suites/acl/keywords_test.py b/dirsrvtests/tests/suites/acl/keywords_test.py
232633
index c8c19127b..6a494a4b6 100644
232633
--- a/dirsrvtests/tests/suites/acl/keywords_test.py
232633
+++ b/dirsrvtests/tests/suites/acl/keywords_test.py
232633
@@ -430,30 +430,33 @@ def test_dnsalias_keyword_test_nodns_cannot(topo, add_user, aci_of_user):
232633
     with pytest.raises(ldap.INSUFFICIENT_ACCESS):
232633
         org.replace("seeAlso", "cn=1")
232633
 
232633
-
232633
-def test_user_can_access_the_data_when_connecting_from_any_machine_2(topo, add_user, aci_of_user):
232633
+@pytest.mark.ds50378
232633
+@pytest.mark.bz1710848
232633
+@pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"])
232633
+def test_user_can_access_from_ipv4_or_ipv6_address(topo, add_user, aci_of_user, ip_addr):
232633
     """
232633
-    User can access the data when connecting from any machine as per the ACI.
232633
+    User can modify the data when accessing the server from the allowed IPv4 and IPv6 addresses
232633
 
232633
     :id:461e761e-7ac5-11e8-9ae4-8c16451d917b
232633
     :setup: Standalone Server
232633
     :steps:
232633
-        1. Add test entry
232633
-        2. Add ACI
232633
-        3. User should follow ACI role
232633
+        1. Add ACI that has both IPv4 and IPv6
232633
+        2. Connect from one of the IPs allowed in ACI
232633
+        3. Modify an attribute
232633
     :expectedresults:
232633
-        1. Entry should be added
232633
-        2. Operation should  succeed
232633
-        3. Operation should  succeed
232633
+        1. ACI should be added
232633
+        2. Conection should be successful
232633
+        3. Operation should be successful
232633
     """
232633
-    # Add ACI
232633
+    # Add ACI that contains both IPv4 and IPv6
232633
     Domain(topo.standalone, DEFAULT_SUFFIX).\
232633
-        add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*)'
232633
+        add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*) '
232633
                    f'(version 3.0; aci "IP aci"; allow(all) '
232633
-                   f'userdn = "ldap:///{FULLIP_KEY}" and ip = "*" ;)')
232633
+                   f'userdn = "ldap:///{FULLIP_KEY}" and (ip = "127.0.0.1" or ip = "::1");)')
232633
 
232633
     # Create a new connection for this test.
232633
-    conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM)
232633
+    conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM, uri=f'ldap://{ip_addr}:{topo.standalone.port}')
232633
+
232633
     # Perform Operation
232633
     OrganizationalUnit(conn, IP_OU_KEY).replace("seeAlso", "cn=1")
232633
 
232633
-- 
232633
2.21.0
232633