mirielka commented on a pull request

"""
This PR is not intended to fix a failing test, but fix their execution and 
error checking. The negative tests for sudorule in master and ipa-4-3 (both 
with sssd-1.14.1-1.fc24, see jenkins jobs for master [1] and ipa-4-3 [2]) 
return following message when trying to use sudo as a user that is not allowed 
to use sudo by current sudorule:
```
We trust you have received the usual lecture from the local System 
Administrator. It usually boils down to these three things: 
     #1) Respect the privacy of others.
     #2) Think before you type.
     #3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified
```
As commented by pbrezina in SSSD ticket [3], this message is caused by missing 
sudorule "defaults" (correct one is "Sorry, user is not allowed to use sudo" or 
similar). Addition of this sudorule is the purpose of this PR. Also I added 
some checks to the contents of the error message so tests do not pass invalid 
error message as correct just because it has the same return code.

[1] 
http://jenkins.idm.lab.eng.brq.redhat.com:8080/view/FreeIPA%20Integration%20-%20master%20Fedora%2024/job/freeipa-timed-integration-f24master-sudo-domlevel-0/44/consoleFull
[2] 
http://jenkins.idm.lab.eng.brq.redhat.com:8080/view/FreeIPA%20Integration%20-%20ipa-4-3%20Fedora%2024/job/freeipa-timed-integration-f24ipa43-sudo-domlevel-0/48/consoleFull
[3] https://fedorahosted.org/sssd/ticket/3152

P.S.: for me, one test in both master and ipa-4-3 fail both before and after 
application of this change, I would discuss it off-list with you later when I'm 
investigating it. Of course with Fedora 24 and sssd-1.14.1-1.fc24.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/27#issuecomment-243049417
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to