Bug 782927
| Summary: | [RFE] Add --sizelimit option to hbactest. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | grajaiya, jgalipea, mkosek |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Enhancement |
| Doc Text: |
No documentation needed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 13:29:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dmitri Pal
2012-01-18 21:18:07 UTC
Fixed upstream: Pushed to ipa-2-2: 7eaf1dc594294688daeba31a87781d299e45f038 Pushed to master: 1e04e9f02978592d861895bd14e8b3a2ee2c7100
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed.
1. for i in {1000..1010}; do ipa hbacrule-add $i; done
2. ipa config-mod --searchrecordslimit=5
3. ipa hbacrule-disable allow_all
4. ipa hbacrule-add 782927
5. [root@primenova ~]# ipa hbacrule-show 782927 --all
dn: ipauniqueid=ff7775d4-aa15-11e1-9fdd-52540063d50e,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
Rule name: 782927
Enabled: TRUE
Users: shanks
Hosts: primenova.lab.eng.pnq.redhat.com
Source Hosts: rodimus.lab.eng.pnq.redhat.com
Services: sshd
accessruletype: allow
ipauniqueid: ff7775d4-aa15-11e1-9fdd-52540063d50e
objectclass: ipaassociation, ipahbacrule
[root@primenova ~]#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
[root@primenova ~]# ipa hbactest --user=shanks --srchost=rodimus.lab.eng.pnq.redhat.com --host=primenova.lab.eng.pnq.redhat.com --service=sshd
---------------------
Access granted: False
---------------------
Warning: Sourcehost value of rule "1000" is ignored
Warning: Sourcehost value of rule "1001" is ignored
Warning: Sourcehost value of rule "1002" is ignored
Warning: Sourcehost value of rule "1003" is ignored
Not matched rules: 1000
Not matched rules: 1001
Not matched rules: 1002
Not matched rules: 1003
[root@primenova ~]#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
[root@primenova ~]# ipa hbactest --user=shanks --srchost=rodimus.lab.eng.pnq.redhat.com --host=primenova.lab.eng.pnq.redhat.com --service=sshd --sizelimit=15
--------------------
Access granted: True
--------------------
Warning: Sourcehost value of rule "1000" is ignored
Warning: Sourcehost value of rule "1001" is ignored
Warning: Sourcehost value of rule "1002" is ignored
Warning: Sourcehost value of rule "1003" is ignored
Warning: Sourcehost value of rule "1004" is ignored
Warning: Sourcehost value of rule "1005" is ignored
Warning: Sourcehost value of rule "1006" is ignored
Warning: Sourcehost value of rule "1007" is ignored
Warning: Sourcehost value of rule "1008" is ignored
Warning: Sourcehost value of rule "1009" is ignored
Warning: Sourcehost value of rule "1010" is ignored
Warning: Sourcehost value of rule "782927" is ignored
Matched rules: 782927
Not matched rules: 1000
Not matched rules: 1001
Not matched rules: 1002
Not matched rules: 1003
Not matched rules: 1004
Not matched rules: 1005
Not matched rules: 1006
Not matched rules: 1007
Not matched rules: 1008
Not matched rules: 1009
Not matched rules: 1010
[root@primenova ~]#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
[root@primenova ~]# ipa hbactest --user=shanks --srchost=rodimus.lab.eng.pnq.redhat.com --host=primenova.lab.eng.pnq.redhat.com --service=sshd --rule=782927
--------------------
Access granted: True
--------------------
Warning: Sourcehost value of rule "782927" is ignored
Matched rules: 782927
[root@primenova ~]#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
Verified: ipa-server-2.2.0-16.el6.x86_64
automated
{{{
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [ LOG ] :: ipa-hbacsvc-782927: Test --sizelimit option to hbactest
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [ LOG ] :: kinit as admin with password Secret123 was successful.
:: [ PASS ] :: Kinit as admin user
:: [ PASS ] :: Running 'ipa config-mod --searchrecordslimit=5'
:: [ PASS ] :: Running 'ipa config-show'
:: [ LOG ] :: ################## No Limit :: use global setting ##############
:: [ PASS ] :: 5 hbac rules returned as expected with global size limit of 5
:: [ LOG ] :: ################# Set size limit to 7 #########################
:: [ PASS ] :: 7 hbac rules returned as expected with size limit of 7
:: [ PASS ] :: Running 'ipa config-mod --searchrecordslimit=100'
:: [ PASS ] :: Running 'ipa config-show'
:: [ LOG ] :: Duration: 1m 0s
:: [ LOG ] :: Assertions: 7 good, 0 bad
:: [ PASS ] :: RESULT: ipa-hbacsvc-782927: Test --sizelimit option to hbactest
}}}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |