Bug 1170300
Summary: | Access is not rejected for disabled domain | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Steeve Goveas <sgoveas> | |
Component: | sssd | Assignee: | Sumit Bose <sbose> | |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | high | |||
Version: | 7.1 | CC: | abokovoy, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, nsoman, ovasik, pbrezina, preichl, rcritten, sssd-maint | |
Target Milestone: | rc | Keywords: | Regression | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | sssd-1.12.2-38.el7 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1172598 (view as bug list) | Environment: | ||
Last Closed: | 2015-03-05 10:34:50 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1172598 |
Description
Steeve Goveas
2014-12-03 17:53:07 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4788 Switching to SSSD as this is a bug in SSSD. Sumit has been looking into this bug. Upstream ticket: https://fedorahosted.org/sssd/ticket/2535 Verified in version ipa-server-4.1.0-13.el7.x86_64 sssd-ipa-1.12.2-39.el7.x86_64 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: trustdomain_cli_bz1070924: Access is not rejected for disabled domain bz1070924 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 14:00:49 ] :: https://bugzilla.redhat.com/show_bug.cgi?id=1070924 :: [ BEGIN ] :: Running 'ipa trustdomain-disable adtest.qe pune.adtest.qe > /tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out 2>&1' :: [ PASS ] :: Command 'ipa trustdomain-disable adtest.qe pune.adtest.qe > /tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out 2>&1' (Expected 0, got 0) -------------------------------------- Disabled trust domain "pune.adtest.qe" -------------------------------------- :: [ BEGIN ] :: Running 'ipa trustdomain-find adtest.qe pune.adtest.qe | tee /tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out' Domain name: pune.adtest.qe Domain NetBIOS name: PUNE Domain Security Identifier: S-1-5-21-91314187-2404433721-1858927112 Domain enabled: False ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Command 'ipa trustdomain-find adtest.qe pune.adtest.qe | tee /tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out' (Expected 0, got 0) :: [ PASS ] :: File '/tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out' should contain 'Domain name: pune.adtest.qe' :: [ PASS ] :: File '/tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out' should contain 'Domain enabled: False' :: [ BEGIN ] :: Running 'sleep 90' :: [ PASS ] :: Command 'sleep 90' (Expected 0, got 0) :: [ BEGIN ] :: Running 'ssh_with_password testu1.qe vm-idm-033.steeve2411.test Secret123' :: [ 14:02:23 ] :: Running: ssh -l "testu1.qe" vm-idm-033.steeve2411.test "echo 'login successful' :: [ 14:02:54 ] :: ssh login failed :: [ BEGIN ] :: Running 'cat /tmp/tmpout.ssh_with_password' spawn ssh -o StrictHostKeyChecking=no -l testu1.qe vm-idm-033.steeve2411.test echo 'login successful' testu1.qe.test's password: Permission denied, please try again. testu1.qe.test's password: :: [ PASS ] :: Command 'cat /tmp/tmpout.ssh_with_password' (Expected 0, got 0) :: [ PASS ] :: Command 'ssh_with_password testu1.qe vm-idm-033.steeve2411.test Secret123' (Expected 1, got 1) :: [ BEGIN ] :: Running 'ipa trustdomain-enable adtest.qe pune.adtest.qe > /tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out 2>&1' :: [ PASS ] :: Command 'ipa trustdomain-enable adtest.qe pune.adtest.qe > /tmp/tmp.b02bxEJFbU/tmpout.trustdomain_cli_bz1070924.out 2>&1' (Expected 0, got 0) ------------------------------------- Enabled trust domain "pune.adtest.qe" ------------------------------------- Fixed upstream master: https://fedorahosted.org/freeipa/changeset/373a04870d6ecc99145a6267c008702ed3e24171 ipa-4-1: https://fedorahosted.org/freeipa/changeset/6d6e924b1fe154812d66277f55c485f210e9c32d Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html |