Patches attached.

https://fedorahosted.org/freeipa/ticket/5733

--
Milan Kubik

From 985814ef076a828ac59aeafd0598d87983edc809 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Fri, 1 Apr 2016 11:11:54 +0200
Subject: [PATCH] ipatests: Add test case for requesting a certificate with
 full principal.

Also fixes an issue in change_principal context manager that caused
a resource leak on test case failure.

https://fedorahosted.org/freeipa/ticket/5733
---
 .../test_xmlrpc/test_caacl_profile_enforcement.py     |  8 ++++++++
 ipatests/util.py                                      | 19 ++++++++++---------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
index dca4151d614a4c2e2f5a09455426d117da4c1c80..a0b8d614cf6dd42b18eb03100a318e4a3fbfb4e0 100644
--- a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
+++ b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
@@ -130,6 +130,14 @@ class TestCertSignMIME(XMLRPC_test):
             api.Command.cert_request(csr, principal=smime_user,
                                      profile_id=smime_profile.name)
 
+    @pytest.mark.xfail(strict=True, reason='freeipa ticket 5733')
+    def test_sign_smime_csr_full_principal(self, smime_profile, smime_user):
+        csr = generate_user_csr(smime_user)
+        smime_user_principal = '@'.join((smime_user, api.env.realm))
+        with change_principal(smime_user, SMIME_USER_PW):
+            api.Command.cert_request(csr, principal=smime_user_principal,
+                                     profile_id=smime_profile.name)
+
 
 @pytest.mark.tier1
 class TestSignWithDisabledACL(XMLRPC_test):
diff --git a/ipatests/util.py b/ipatests/util.py
index 6aefe74d34fd7b1bd063c4b17c98af4840d6f042..118c47a12e0d97907cb559d716989a9ca6c5f304 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -696,17 +696,18 @@ def change_principal(user, password, client=None, path=None):
 
     client.Backend.rpcclient.disconnect()
 
-    with private_ccache(ccache_name):
-        kinit_password(user, password, ccache_name)
+    try:
+        with private_ccache(ccache_name):
+            kinit_password(user, password, ccache_name)
+            client.Backend.rpcclient.connect()
+
+            try:
+                yield
+            finally:
+                client.Backend.rpcclient.disconnect()
+    finally:
         client.Backend.rpcclient.connect()
 
-        try:
-            yield
-        finally:
-            client.Backend.rpcclient.disconnect()
-
-    client.Backend.rpcclient.connect()
-
 def get_group_dn(cn):
     return DN(('cn', cn), api.env.container_group, api.env.basedn)
 
-- 
2.8.0

From f3cb98f26551d342968281fb01d288e10cda85de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Fri, 1 Apr 2016 11:11:54 +0200
Subject: [PATCH] ipatests: Add test case for requesting a certificate with
 full principal.

Also fixes an issue in change_principal context manager that caused
a resource leak on test case failure.

https://fedorahosted.org/freeipa/ticket/5733
---
 .../test_xmlrpc/test_caacl_profile_enforcement.py     |  8 ++++++++
 ipatests/util.py                                      | 19 ++++++++++---------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
index 78262ae8c17716633ac33fcc8114f6b549066a42..98165c4919e719e72fd7a4aec977f12dacd79249 100644
--- a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
+++ b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
@@ -125,6 +125,14 @@ class TestCertSignMIME(XMLRPC_test):
             api.Command.cert_request(csr, principal=smime_user,
                                      profile_id=smime_profile.name)
 
+    @pytest.mark.xfail(strict=True, reason='freeipa ticket 5733')
+    def test_sign_smime_csr_full_principal(self, smime_profile, smime_user):
+        csr = generate_user_csr(smime_user)
+        smime_user_principal = '@'.join((smime_user, api.env.realm))
+        with change_principal(smime_user, SMIME_USER_PW):
+            api.Command.cert_request(csr, principal=smime_user_principal,
+                                     profile_id=smime_profile.name)
+
 
 @pytest.mark.tier1
 class TestSignWithDisabledACL(XMLRPC_test):
diff --git a/ipatests/util.py b/ipatests/util.py
index 4d99ff6e0a505cd3f75053f97caca9edbc802bcf..a3c4889c6fd0026bf5caa655170f785f571e09f5 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -687,13 +687,14 @@ def change_principal(user, password, client=None, path=None):
 
     client.Backend.rpcclient.disconnect()
 
-    with private_ccache(ccache_name):
-        kinit_password(user, password, ccache_name)
+    try:
+        with private_ccache(ccache_name):
+            kinit_password(user, password, ccache_name)
+            client.Backend.rpcclient.connect()
+
+            try:
+                yield
+            finally:
+                client.Backend.rpcclient.disconnect()
+    except:
         client.Backend.rpcclient.connect()
-
-        try:
-            yield
-        finally:
-            client.Backend.rpcclient.disconnect()
-
-    client.Backend.rpcclient.connect()
-- 
2.8.0

From 985814ef076a828ac59aeafd0598d87983edc809 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Fri, 1 Apr 2016 11:11:54 +0200
Subject: [PATCH] ipatests: Add test case for requesting a certificate with
 full principal.

Also fixes an issue in change_principal context manager that caused
a resource leak on test case failure.

https://fedorahosted.org/freeipa/ticket/5733
---
 .../test_xmlrpc/test_caacl_profile_enforcement.py     |  8 ++++++++
 ipatests/util.py                                      | 19 ++++++++++---------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
index dca4151d614a4c2e2f5a09455426d117da4c1c80..a0b8d614cf6dd42b18eb03100a318e4a3fbfb4e0 100644
--- a/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
+++ b/ipatests/test_xmlrpc/test_caacl_profile_enforcement.py
@@ -130,6 +130,14 @@ class TestCertSignMIME(XMLRPC_test):
             api.Command.cert_request(csr, principal=smime_user,
                                      profile_id=smime_profile.name)
 
+    @pytest.mark.xfail(strict=True, reason='freeipa ticket 5733')
+    def test_sign_smime_csr_full_principal(self, smime_profile, smime_user):
+        csr = generate_user_csr(smime_user)
+        smime_user_principal = '@'.join((smime_user, api.env.realm))
+        with change_principal(smime_user, SMIME_USER_PW):
+            api.Command.cert_request(csr, principal=smime_user_principal,
+                                     profile_id=smime_profile.name)
+
 
 @pytest.mark.tier1
 class TestSignWithDisabledACL(XMLRPC_test):
diff --git a/ipatests/util.py b/ipatests/util.py
index 6aefe74d34fd7b1bd063c4b17c98af4840d6f042..118c47a12e0d97907cb559d716989a9ca6c5f304 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -696,17 +696,18 @@ def change_principal(user, password, client=None, path=None):
 
     client.Backend.rpcclient.disconnect()
 
-    with private_ccache(ccache_name):
-        kinit_password(user, password, ccache_name)
+    try:
+        with private_ccache(ccache_name):
+            kinit_password(user, password, ccache_name)
+            client.Backend.rpcclient.connect()
+
+            try:
+                yield
+            finally:
+                client.Backend.rpcclient.disconnect()
+    finally:
         client.Backend.rpcclient.connect()
 
-        try:
-            yield
-        finally:
-            client.Backend.rpcclient.disconnect()
-
-    client.Backend.rpcclient.connect()
-
 def get_group_dn(cn):
     return DN(('cn', cn), api.env.container_group, api.env.basedn)
 
-- 
2.8.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to