Blame SOURCES/0013-IPA-EPN-Use-a-helper-to-retrieve-LDAP-attributes-fro_rhbz#1866938.patch

5144c6
From b95817e35716bbab000633043817202e17d7c53e Mon Sep 17 00:00:00 2001
5144c6
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
5144c6
Date: Thu, 6 Aug 2020 17:07:36 +0200
5144c6
Subject: [PATCH] IPA-EPN: Use a helper to retrieve LDAP attributes from an
5144c6
 entry
5144c6
5144c6
Allow for empty attributes.
5144c6
5144c6
Reviewed-By: Francois Cami <fcami@redhat.com>
5144c6
---
5144c6
 ipaclient/install/ipa_epn.py | 22 +++++++++++++++-------
5144c6
 1 file changed, 15 insertions(+), 7 deletions(-)
5144c6
5144c6
diff --git a/ipaclient/install/ipa_epn.py b/ipaclient/install/ipa_epn.py
5144c6
index 65f9f3d47..0d1ae2add 100644
5144c6
--- a/ipaclient/install/ipa_epn.py
5144c6
+++ b/ipaclient/install/ipa_epn.py
5144c6
@@ -122,22 +122,30 @@ class EPNUserList:
5144c6
         """Return len(self)."""
5144c6
         return len(self._expiring_password_user_dq)
5144c6
 
5144c6
+    def get_ldap_attr(self, entry, attr):
5144c6
+        """Get a single value from a multi-valued attr in a safe way"""
5144c6
+        return str(entry.get(attr, [""]).pop(0))
5144c6
+
5144c6
     def add(self, entry):
5144c6
         """Parses and appends an LDAP user entry with the uid, cn,
5144c6
            givenname, sn, krbpasswordexpiration and mail attributes.
5144c6
         """
5144c6
         try:
5144c6
             self._sorted = False
5144c6
+            if entry.get("mail") is None:
5144c6
+                logger.error("IPA-EPN: No mail address defined for: %s",
5144c6
+                             entry.dn)
5144c6
+                return
5144c6
             self._expiring_password_user_dq.append(
5144c6
                 dict(
5144c6
-                    uid=str(entry["uid"].pop(0)),
5144c6
-                    cn=str(entry["cn"].pop(0)),
5144c6
-                    givenname=str(entry["givenname"].pop(0)),
5144c6
-                    sn=str(entry["sn"].pop(0)),
5144c6
-                    krbpasswordexpiration=str(
5144c6
-                        entry["krbpasswordexpiration"].pop(0)
5144c6
+                    uid=self.get_ldap_attr(entry, "uid"),
5144c6
+                    cn=self.get_ldap_attr(entry, "cn"),
5144c6
+                    givenname=self.get_ldap_attr(entry, "givenname"),
5144c6
+                    sn=self.get_ldap_attr(entry, "sn"),
5144c6
+                    krbpasswordexpiration=(
5144c6
+                        self.get_ldap_attr(entry,"krbpasswordexpiration")
5144c6
                     ),
5144c6
-                    mail=str(entry["mail"]),
5144c6
+                    mail=str(entry.get("mail")),
5144c6
                 )
5144c6
             )
5144c6
         except IndexError as e:
5144c6
-- 
5144c6
2.26.2
5144c6
5144c6
From 8e810d8cf38ec60d76178bd673e218fb05d56c8e Mon Sep 17 00:00:00 2001
5144c6
From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
5144c6
Date: Thu, 6 Aug 2020 17:13:19 +0200
5144c6
Subject: [PATCH] IPA-EPN: fix configuration file typo
5144c6
MIME-Version: 1.0
5144c6
Content-Type: text/plain; charset=UTF-8
5144c6
Content-Transfer-Encoding: 8bit
5144c6
5144c6
Signed-off-by: François Cami <fcami@redhat.com>
5144c6
Reviewed-By: Francois Cami <fcami@redhat.com>
5144c6
---
5144c6
 client/share/epn.conf | 2 +-
5144c6
 1 file changed, 1 insertion(+), 1 deletion(-)
5144c6
5144c6
diff --git a/client/share/epn.conf b/client/share/epn.conf
5144c6
index 0e590dfc3..e3645801c 100644
5144c6
--- a/client/share/epn.conf
5144c6
+++ b/client/share/epn.conf
5144c6
@@ -23,7 +23,7 @@ smtp_port = 25
5144c6
 # Default None (empty value).
5144c6
 # smtp_password =
5144c6
 
5144c6
-# pecifies the number of seconds to wait for SMTP to respond.
5144c6
+# Specifies the number of seconds to wait for SMTP to respond.
5144c6
 smtp_timeout = 60
5144c6
 
5144c6
 # Specifies the type of secure connection to make. Options are: none,
5144c6
-- 
5144c6
2.26.2
5144c6
5144c6
From 1b1dbcbe9d83ba35f3cfdd01399f123816ec6e5b Mon Sep 17 00:00:00 2001
5144c6
From: Rob Crittenden <rcritten@redhat.com>
5144c6
Date: Thu, 6 Aug 2020 18:57:10 -0400
5144c6
Subject: [PATCH] IPA-EPN: Test that users without givenname and/or mail are
5144c6
 handled
5144c6
5144c6
The admin user does not have a givenname by default, allow for that.
5144c6
5144c6
Report errors for users without a default e-mail address.
5144c6
5144c6
Update the SHA256 hash with the typo fix.
5144c6
5144c6
Reviewed-By: Francois Cami <fcami@redhat.com>
5144c6
---
5144c6
 ipatests/test_integration/test_epn.py | 22 +++++++++++++++++++++-
5144c6
 1 file changed, 21 insertions(+), 1 deletion(-)
5144c6
5144c6
diff --git a/ipatests/test_integration/test_epn.py b/ipatests/test_integration/test_epn.py
5144c6
index 18f73c722..c5c73835a 100644
5144c6
--- a/ipatests/test_integration/test_epn.py
5144c6
+++ b/ipatests/test_integration/test_epn.py
5144c6
@@ -240,7 +240,7 @@ class TestEPN(IntegrationTest):
5144c6
         assert epn_conf in cmd1.stdout_text
5144c6
         assert epn_template in cmd1.stdout_text
5144c6
         cmd2 = self.master.run_command(["sha256sum", epn_conf])
5144c6
-        ck = "4c207b5c9c760c36db0d3b2b93da50ea49edcc4002d6d1e7383601f0ec30b957"
5144c6
+        ck = "192481b52fb591112afd7b55b12a44c6618fdbc7e05a3b1866fd67ec579c51df"
5144c6
         assert cmd2.stdout_text.find(ck) == 0
5144c6
 
5144c6
     def test_EPN_smoketest_1(self):
5144c6
@@ -591,3 +591,23 @@ class TestEPN(IntegrationTest):
5144c6
         self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf)
5144c6
         result = tasks.ipa_epn(self.master, raiseonerr=False)
5144c6
         assert "smtp_delay cannot be less than zero" in result.stderr_text
5144c6
+
5144c6
+    def test_EPN_admin(self):
5144c6
+        """The admin user is special and has no givenName by default
5144c6
+           It also doesn't by default have an e-mail address
5144c6
+           Check --dry-run output.
5144c6
+        """
5144c6
+        epn_conf = textwrap.dedent('''
5144c6
+            [global]
5144c6
+        ''')
5144c6
+        self.master.put_file_contents('/etc/ipa/epn.conf', epn_conf)
5144c6
+        self.master.run_command(
5144c6
+            ['ipa', 'user-mod', 'admin', '--password-expiration',
5144c6
+             datetime_to_generalized_time(
5144c6
+                 datetime.datetime.utcnow() + datetime.timedelta(days=7)
5144c6
+             )]
5144c6
+        )
5144c6
+        (unused, stderr_text, _unused) = self._check_epn_output(
5144c6
+            self.master, dry_run=True
5144c6
+        )
5144c6
+        assert "uid=admin" in stderr_text
5144c6
-- 
5144c6
2.26.2
5144c6