|
 |
232633 |
From 76d8b45b71563d6158464f7a34bcb57d470993dc Mon Sep 17 00:00:00 2001
|
|
|
232633 |
From: Viktor Ashirov <vashirov@redhat.com>
|
|
|
232633 |
Date: Fri, 21 Jun 2019 16:41:34 +0200
|
|
|
232633 |
Subject: [PATCH 03/12] Issue 50378 - ACI's with IPv4 and IPv6 bind rules do
|
|
|
232633 |
not work for IPv6 clients
|
|
|
232633 |
|
|
|
232633 |
Description:
|
|
|
232633 |
|
|
|
232633 |
Add a new test case for #50378 instead of the older one that was testing
|
|
|
232633 |
an unsupported corner case (ip=*).
|
|
|
232633 |
|
|
|
232633 |
Relates: https://pagure.io/389-ds-base/issue/50378
|
|
|
232633 |
|
|
|
232633 |
Reviewed by: mreynolds (Thanks!)
|
|
|
232633 |
---
|
|
|
232633 |
dirsrvtests/tests/suites/acl/keywords_test.py | 29 ++++++++++---------
|
|
|
232633 |
1 file changed, 16 insertions(+), 13 deletions(-)
|
|
|
232633 |
|
|
|
232633 |
diff --git a/dirsrvtests/tests/suites/acl/keywords_test.py b/dirsrvtests/tests/suites/acl/keywords_test.py
|
|
|
232633 |
index c8c19127b..6a494a4b6 100644
|
|
|
232633 |
--- a/dirsrvtests/tests/suites/acl/keywords_test.py
|
|
|
232633 |
+++ b/dirsrvtests/tests/suites/acl/keywords_test.py
|
|
|
232633 |
@@ -430,30 +430,33 @@ def test_dnsalias_keyword_test_nodns_cannot(topo, add_user, aci_of_user):
|
|
|
232633 |
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
|
|
|
232633 |
org.replace("seeAlso", "cn=1")
|
|
|
232633 |
|
|
|
232633 |
-
|
|
|
232633 |
-def test_user_can_access_the_data_when_connecting_from_any_machine_2(topo, add_user, aci_of_user):
|
|
|
232633 |
+@pytest.mark.ds50378
|
|
|
232633 |
+@pytest.mark.bz1710848
|
|
|
232633 |
+@pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"])
|
|
|
232633 |
+def test_user_can_access_from_ipv4_or_ipv6_address(topo, add_user, aci_of_user, ip_addr):
|
|
|
232633 |
"""
|
|
|
232633 |
- User can access the data when connecting from any machine as per the ACI.
|
|
|
232633 |
+ User can modify the data when accessing the server from the allowed IPv4 and IPv6 addresses
|
|
|
232633 |
|
|
|
232633 |
:id:461e761e-7ac5-11e8-9ae4-8c16451d917b
|
|
|
232633 |
:setup: Standalone Server
|
|
|
232633 |
:steps:
|
|
|
232633 |
- 1. Add test entry
|
|
|
232633 |
- 2. Add ACI
|
|
|
232633 |
- 3. User should follow ACI role
|
|
|
232633 |
+ 1. Add ACI that has both IPv4 and IPv6
|
|
|
232633 |
+ 2. Connect from one of the IPs allowed in ACI
|
|
|
232633 |
+ 3. Modify an attribute
|
|
|
232633 |
:expectedresults:
|
|
|
232633 |
- 1. Entry should be added
|
|
|
232633 |
- 2. Operation should succeed
|
|
|
232633 |
- 3. Operation should succeed
|
|
|
232633 |
+ 1. ACI should be added
|
|
|
232633 |
+ 2. Conection should be successful
|
|
|
232633 |
+ 3. Operation should be successful
|
|
|
232633 |
"""
|
|
|
232633 |
- # Add ACI
|
|
|
232633 |
+ # Add ACI that contains both IPv4 and IPv6
|
|
|
232633 |
Domain(topo.standalone, DEFAULT_SUFFIX).\
|
|
|
232633 |
- add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*)'
|
|
|
232633 |
+ add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*) '
|
|
|
232633 |
f'(version 3.0; aci "IP aci"; allow(all) '
|
|
|
232633 |
- f'userdn = "ldap:///{FULLIP_KEY}" and ip = "*" ;)')
|
|
|
232633 |
+ f'userdn = "ldap:///{FULLIP_KEY}" and (ip = "127.0.0.1" or ip = "::1");)')
|
|
|
232633 |
|
|
|
232633 |
# Create a new connection for this test.
|
|
|
232633 |
- conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM)
|
|
|
232633 |
+ conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM, uri=f'ldap://{ip_addr}:{topo.standalone.port}')
|
|
|
232633 |
+
|
|
|
232633 |
# Perform Operation
|
|
|
232633 |
OrganizationalUnit(conn, IP_OU_KEY).replace("seeAlso", "cn=1")
|
|
|
232633 |
|
|
|
232633 |
--
|
|
|
232633 |
2.21.0
|
|
|
232633 |
|