Bug 790352

Summary: Warnings when --srchost option is specified and rule has no sourcehost.
Product: Red Hat Enterprise Linux 6 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED NOTABUG QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-14 13:54:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Gowrishankar Rajaiyan 2012-02-14 10:21:09 UTC 
Description of problem:
Warning are displayed when srchost option is used in hbactest, and also warning messages are displayed even if the rule does not contain any source host. 

Version-Release number of selected component (if applicable):
ipa-server-2.2.0-101.20120209T0933zgit52cf9d9.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Add a rule which has no sourcehost.
[root@sentinel ~]# ipa hbacrule-show rule1000 --all
  dn: ipauniqueid=2a75ad92-5722-11e1-b341-525400400b4a,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  Rule name: rule1000
  Enabled: TRUE
  accessruletype: allow
  ipauniqueid: 2a75ad92-5722-11e1-b341-525400400b4a
  objectclass: ipaassociation, ipahbacrule
[root@sentinel ~]#

2. Execute hbactest against rule in Step 1
[root@sentinel ~]# ipa hbactest --user=user782927 --srchost=$HOSTNAME --host=$HOSTNAME --service=sshd --rule=rule1001
---------------------
Access granted: False
---------------------
  warning: Sourcehost value of rule "rule1001" is ignored       <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  notmatched: rule1001
[root@sentinel ~]# 

  
Actual results:
Here the rule does not have any sourcehost, however, we display a warning stating that sourcehost value of the rule would be ignored.

Expected results:
No warning should be displayed if there exists no sourcehost in the rule even though --srchost option is specified for test request.

Additional info:
Comment 2 Rob Crittenden 2012-02-14 13:54:13 UTC 
The warning ONLY displays when --srchost is provided. It is independent of the rules. It tells the user that this option makes no difference (and is a big hint to not pass it any more).