[Freeipa-devel] [freeipa PR#2259][opened] [Backport][ipa-4-6] Check if user permssions and umask 0022 is set after ipa-restore

Thu, 16 Aug 2018 06:46:55 -0700 

   URL: https://github.com/freeipa/freeipa/pull/2259
Author: mrizwan93
 Title: #2259: [Backport][ipa-4-6] Check if user permssions and umask 0022 is 
set after ipa-restore
Action: opened

PR body:
"""
This test checks if the access rights for user/group
is set to 644 on /var/lib/dirsrv/slapd-TESTRELM-TEST/ldif/*
and umask 0022 set while restoring.

related ticket: https://pagure.io/freeipa/issue/6844

Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com>
Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com>
Reviewed-By: Rob Crittenden <rcrit...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2259/head:pr2259
git checkout pr2259

From 1555fa28c82dd4c9409b913ab6d964a5e3fe0abc Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan Yusuf <myu...@redhat.com>
Date: Tue, 31 Jul 2018 20:23:31 +0530
Subject: [PATCH] Check if user permssions and umask 0022 is set when executing
 ipa-restore

This test checks if the access rights for user/group
is set to 644 on /var/lib/dirsrv/slapd-TESTRELM-TEST/ldif/*
and umask 0022 set while restoring.

related ticket: https://pagure.io/freeipa/issue/6844

Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com>
Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com>
Reviewed-By: Rob Crittenden <rcrit...@redhat.com>
---
 .../test_backup_and_restore.py                | 65 +++++++++++++++----
 1 file changed, 52 insertions(+), 13 deletions(-)

diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index 7022940fa5..99636d2d46 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -25,6 +25,8 @@
 import contextlib
 from tempfile import NamedTemporaryFile
 
+from ipaplatform.constants import constants
+from ipaplatform.paths import paths
 from ipapython.dn import DN
 from ipapython import ipautil
 from ipatests.test_integration.base import IntegrationTest
@@ -36,7 +38,6 @@
 
 logger = logging.getLogger(__name__)
 
-
 def assert_entries_equal(a, b):
     assert_deepequal(a.dn, b.dn)
     assert_deepequal(dict(a), dict(b))
@@ -49,6 +50,7 @@ def to_dict(r):
             'stderr': r.stderr_text,
             'returncode': r.returncode,
         }
+
     assert_deepequal(to_dict(a), to_dict(b))
 
 
@@ -233,7 +235,6 @@ def install(cls, mh):
     def _full_backup_restore_with_DNS_zone(self, reinstall=False):
         """backup, uninstall, restore"""
         with restore_checker(self.master):
-
             self.master.run_command([
                 'ipa', 'dnszone-add',
                 self.example_test_zone,
@@ -299,7 +300,6 @@ def install(cls, mh):
 
     def _full_backup_and_restore_with_DNSSEC_zone(self, reinstall=False):
         with restore_checker(self.master):
-
             self.master.run_command([
                 'ipa', 'dnszone-add',
                 self.example_test_zone,
@@ -481,7 +481,7 @@ def test_full_backup_and_restore_with_replica(self):
         check_replication(self.master, replica, "testuser1")
 
 
-class TestUserrootFilesOwnership(IntegrationTest):
+class TestUserRootFilesOwnershipPermission(IntegrationTest):
     """Test to check if userroot.ldif have proper ownership.
 
     Before the fix, when ipa-backup was called for the first time,
@@ -498,9 +498,19 @@ class TestUserrootFilesOwnership(IntegrationTest):
     fail
 
     related ticket: https://pagure.io/freeipa/issue/7010
+
+    This test also checks if the access rights for user/group
+    are set and umask 0022 set while restoring.
+
+    related ticket: https://pagure.io/freeipa/issue/6844
     """
 
-    def test_userroot_ldif_files_ownership(self):
+    @classmethod
+    def install(cls, mh):
+        super(TestUserRootFilesOwnershipPermission, cls).install(mh)
+        cls.bashrc_file = cls.master.get_file_contents('/root/.bashrc')
+
+    def test_userroot_ldif_files_ownership_and_permission(self):
         """backup, uninstall, restore, backup"""
         tasks.install_master(self.master)
         backup_path = backup(self.master)
@@ -509,29 +519,58 @@ def test_userroot_ldif_files_ownership(self):
                                  '--uninstall',
                                  '-U'])
 
+        # set umask to 077 just to check if restore success.
+        self.master.run_command('echo "umask 0077" >> /root/.bashrc')
+        result = self.master.run_command(['umask'])
+        assert '0077' in result.stdout_text
+
         dirman_password = self.master.config.dirman_password
-        self.master.run_command(['ipa-restore', backup_path],
-                                stdin_text=dirman_password + '\nyes')
+        result = self.master.run_command(['ipa-restore', backup_path],
+                                         stdin_text=dirman_password + '\nyes')
+        assert 'Temporary setting umask to 022' in result.stderr_text
+
+        # check if umask reset to 077 after restore.
+        result = self.master.run_command(['umask'])
+        assert '0077' in result.stdout_text
 
         # check if files have proper owner and group.
         dashed_domain = self.master.domain.realm.replace(".", '-')
         arg = ['stat',
-               '-c', '%U%G',
-               '/var/lib/dirsrv/slapd-' + dashed_domain + '/ldif']
+               '-c', '%U:%G',
+               '{}/ldif/'.format(
+                   paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
+                   dashed_domain)]
         cmd = self.master.run_command(arg)
-        assert 'dirsrvdirsrv' in cmd.stdout_text
+        expected = '{}:{}'.format(constants.DS_USER, constants.DS_GROUP)
+        assert expected in cmd.stdout_text
 
+        # also check of access rights are set to 644.
         arg = ['stat',
-               '-c', '%U%G',
-               '/var/lib/dirsrv/slapd-' + dashed_domain + '/ldif/']
+               '-c', '%U:%G:%a',
+               '{}/ldif/{}-ipaca.ldif'.format(
+                   paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
+                   dashed_domain, dashed_domain)]
         cmd = self.master.run_command(arg)
-        assert 'dirsrvdirsrv' in cmd.stdout_text
+        assert '{}:644'.format(expected) in cmd.stdout_text
+
+        arg = ['stat',
+               '-c', '%U:%G:%a',
+               '{}/ldif/{}-userRoot.ldif'.format(
+                   paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
+                   dashed_domain, dashed_domain)]
+        cmd = self.master.run_command(arg)
+        assert '{}:644'.format(expected) in cmd.stdout_text
 
         cmd = self.master.run_command(['ipa-backup', '-d'])
         unexp_str = "CRITICAL: db2ldif failed:"
         assert cmd.returncode == 0
         assert unexp_str not in cmd.stdout_text
 
+    def test_files_ownership_and_permission_teardown(self):
+        """ Method to restore the default bashrc contents"""
+        if self.bashrc_file is not None:
+            self.master.put_file_contents('/root/.bashrc', self.bashrc_file)
+
 
 class TestReplicaInstallAfterRestore(IntegrationTest):
     """Test to check second replica installation after master restore

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/ZHBK6LREE5MS3AEFE7AQ6XJ5VBBY2QPY/

Reply via email to