URL: https://github.com/freeipa/freeipa/pull/2366 Author: flo-renaud Title: #2366: [Backport][ipa-4-7] authselect: harden uninstallation of ipa client Action: opened
PR body: """ This PR was opened automatically because PR #2363 was pushed to master and backport to ipa-4-7 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2366/head:pr2366 git checkout pr2366
From fb62f1cb2f0ce87ac7f472dbfca8bc0ac0fd8117 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Fri, 14 Sep 2018 18:08:26 +0200 Subject: [PATCH 1/2] authselect: harden uninstallation of ipa client When ipa client is uninstalled, the content of sysrestore.state is read to restore the previous authselect profile and features. The code should properly handle the case where sysrestore.state contains the header for the authselect section, but the key=value for profile and features are missing. Fixes https://pagure.io/freeipa/issue/7657 --- ipaplatform/redhat/authconfig.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py index ba85537dc7..ab3775e9e9 100644 --- a/ipaplatform/redhat/authconfig.py +++ b/ipaplatform/redhat/authconfig.py @@ -162,8 +162,10 @@ def unconfigure( profile = 'sssd' features = '' else: - profile = statestore.restore_state('authselect', 'profile') - features = statestore.restore_state('authselect', 'features_list') + profile = \ + statestore.restore_state('authselect', 'profile') or 'sssd' + features = \ + statestore.restore_state('authselect', 'features_list') or '' statestore.delete_state('authselect', 'mkhomedir') cmd = [paths.AUTHSELECT, "select", profile, features, "--force"] From 48653c2e8520f18348b539deae36f7e9dcd51081 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Fri, 14 Sep 2018 18:12:40 +0200 Subject: [PATCH 2/2] tests: add test for uninstall with incomplete sysrestore.state Add a test that performs client uninstallation when sysrestore.state contains the header for the [authselect] section but does not contain a value for profile and features. Related to https://pagure.io/freeipa/issue/7657 --- ipatests/test_integration/test_authselect.py | 29 ++++++++++++++++++-- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/test_authselect.py b/ipatests/test_integration/test_authselect.py index fa9b202654..5dbfce88c9 100644 --- a/ipatests/test_integration/test_authselect.py +++ b/ipatests/test_integration/test_authselect.py @@ -8,9 +8,10 @@ from __future__ import absolute_import +import os import pytest -import ipaplatform.paths +from ipaplatform.paths import paths from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_ipa.integration import tasks @@ -44,7 +45,7 @@ def apply_authselect_profile(host, profile, options=()): @pytest.mark.skipif( - ipaplatform.paths.paths.AUTHSELECT is None, + paths.AUTHSELECT is None, reason="Authselect is only available in fedora-like distributions") class TestClientInstallation(IntegrationTest): """ @@ -187,6 +188,28 @@ def test_install_client_no_sudo(self): # but not with sudo (because of extraargs) check_authselect_profile(self.client, default_profile, ()) + def test_uninstall_wrong_sysrestore(self): + """ + Test client uninstallation when sysrestore.state is incomplete + Test for issue 7657 + """ + # Remove the keys 'profile' and 'features_list' from sysrestore.state + def keep(line): + if line.startswith('profile') or line.startswith('features_list'): + return False + return True + + sysrestore_state_file = os.path.join(paths.IPA_CLIENT_SYSRESTORE, + "sysrestore.state") + content = self.client.get_file_contents(sysrestore_state_file, + encoding='utf-8') + lines = [line.rstrip() for line in content.split('\n') if keep(line)] + new_content = '\n'.join(lines) + self.client.put_file_contents(sysrestore_state_file, new_content) + + result = self._uninstall_client() + assert result.returncode == 0 + @classmethod def uninstall(cls, mh): super(TestClientInstallation, cls).uninstall(mh) @@ -195,7 +218,7 @@ def uninstall(cls, mh): @pytest.mark.skipif( - ipaplatform.paths.paths.AUTHSELECT is None, + paths.AUTHSELECT is None, reason="Authselect is only available in fedora-like distributions") class TestServerInstallation(IntegrationTest): """
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org