diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am index 11aeec5f0ae..14c0546e0a5 100644 --- a/daemons/ipa-kdb/Makefile.am +++ b/daemons/ipa-kdb/Makefile.am @@ -92,6 +92,7 @@ ipa_kdb_tests_SOURCES += ipa_kdb_kdcpolicy.c endif ipa_kdb_tests_CFLAGS = $(CMOCKA_CFLAGS) +ipa_kdb_tests_LDFLAGS = -L$(libdir)/samba -Wl,-rpath=$(libdir)/samba ipa_kdb_tests_LDADD = \ $(CMOCKA_LIBS) \ $(KRB5_LIBS) \ @@ -102,6 +103,7 @@ ipa_kdb_tests_LDADD = \ $(top_builddir)/util/libutil.la \ -lkdb5 \ -lsss_idmap \ + -lsamba-security-samba4 \ $(NULL) appdir = $(libexecdir)/ipa diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index fe5b586b6ae..bb9d85c104b 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -2352,7 +2352,7 @@ krb5_error_code ipadb_sign_authdata(krb5_context context, static char *get_server_netbios_name(struct ipadb_context *ipactx) { - char hostname[IPA_HOST_FQDN_LEN]; /* NOTE: long enough for DNS name */ + char hostname[IPA_HOST_FQDN_LEN + 1]; /* NOTE: long enough for DNS name */ char *p; strncpy(hostname, ipactx->kdc_hostname, IPA_HOST_FQDN_LEN); diff --git a/daemons/ipa-kdb/tests/ipa_kdb_tests.c b/daemons/ipa-kdb/tests/ipa_kdb_tests.c index 752b24ea47d..2a174ce6b60 100644 --- a/daemons/ipa-kdb/tests/ipa_kdb_tests.c +++ b/daemons/ipa-kdb/tests/ipa_kdb_tests.c @@ -72,7 +72,7 @@ struct test_ctx { #define DOM_SID_TRUST "S-1-5-21-4-5-6" #define BLOCKLIST_SID "S-1-5-1" #define NUM_SUFFIXES 10 -#define SUFFIX_TEMPLATE "d%0d" DOMAIN_NAME +#define SUFFIX_TEMPLATE "d%zu" DOMAIN_NAME #define TEST_REALM_TEMPLATE "some." SUFFIX_TEMPLATE #define EXTERNAL_REALM "WRONG.DOMAIN" @@ -136,7 +136,8 @@ static int setup(void **state) ipa_ctx->mspac->trusts[0].upn_suffixes = calloc(NUM_SUFFIXES + 1, sizeof(char *)); ipa_ctx->mspac->trusts[0].upn_suffixes_len = calloc(NUM_SUFFIXES, sizeof(size_t)); for (size_t i = 0; i < NUM_SUFFIXES; i++) { - asprintf(&(ipa_ctx->mspac->trusts[0].upn_suffixes[i]), SUFFIX_TEMPLATE, i); + assert_int_not_equal(asprintf(&(ipa_ctx->mspac->trusts[0].upn_suffixes[i]), + SUFFIX_TEMPLATE, i), -1); ipa_ctx->mspac->trusts[0].upn_suffixes_len[i] = strlen(ipa_ctx->mspac->trusts[0].upn_suffixes[i]); @@ -504,7 +505,7 @@ void test_check_trusted_realms(void **state) for(size_t i = 0; i < NUM_SUFFIXES; i++) { char *test_realm = NULL; - asprintf(&test_realm, TEST_REALM_TEMPLATE, i); + assert_int_not_equal(asprintf(&test_realm, TEST_REALM_TEMPLATE, i), -1); if (test_realm) { kerr = ipadb_is_princ_from_trusted_realm( diff --git a/daemons/ipa-otpd/main.c b/daemons/ipa-otpd/main.c index 2efb371ee59..529e3834a5d 100644 --- a/daemons/ipa-otpd/main.c +++ b/daemons/ipa-otpd/main.c @@ -214,7 +214,7 @@ static krb5_error_code setup_ldap(const char *uri, krb5_boolean bind, int main(int argc, char **argv) { const char *hostname; - char fqdn[IPA_HOST_FQDN_LEN]; + char fqdn[IPA_HOST_FQDN_LEN + 1]; krb5_error_code retval; krb5_data hndata; verto_ev *sig; diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index 5dbdc17fbd8..79f4e5a7724 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -4441,7 +4441,7 @@ static char *sec_key(TALLOC_CTX *mem_ctx, const char *d) static NTSTATUS save_sid_to_secret(struct ipasam_private *ipasam_state) { - char hostname[IPA_HOST_FQDN_LEN]; + char hostname[IPA_HOST_FQDN_LEN + 1]; const char *fqdn; char *p; TALLOC_CTX *tmp_ctx; @@ -4475,7 +4475,7 @@ static NTSTATUS save_sid_to_secret(struct ipasam_private *ipasam_state) } /* Copy is necessary, otherwise we this will corrupt the static * buffer returned by ipa_gethostfqdn(). */ - strncpy(hostname, fqdn, sizeof(hostname)); + strncpy(hostname, fqdn, IPA_HOST_FQDN_LEN); p = strchr(hostname, '.'); if (p != NULL) { *p = '\0'; diff --git a/ipaserver/install/ipa_acme_manage.py b/ipaserver/install/ipa_acme_manage.py index 955f7c979d3..0474b9f4a05 100644 --- a/ipaserver/install/ipa_acme_manage.py +++ b/ipaserver/install/ipa_acme_manage.py @@ -25,13 +25,15 @@ class acme_state(RestClient): - def _request(self, url): + def _request(self, url, headers=None): + headers = headers or {} return dogtag.https_request( self.ca_host, 8443, url=url, cafile=self.ca_cert, client_certfile=paths.RA_AGENT_PEM, client_keyfile=paths.RA_AGENT_KEY, + headers=headers, method='POST' ) @@ -48,20 +50,21 @@ def __enter__(self): def __exit__(self, exc_type, exc_value, traceback): """Log out of the REST API""" headers = dict(Cookie=self.cookie) - status, unused, _unused = self._request('/acme/logout') + status, unused, _unused = self._request('/acme/logout', headers=headers) object.__setattr__(self, 'cookie', None) if status != 204: raise RuntimeError('Failed to logout') def enable(self): headers = dict(Cookie=self.cookie) - status, unused, _unused = self._request('/acme/enable') + status, unused, _unused = self._request('/acme/enable', headers=headers) if status != 200: raise RuntimeError('Failed to enable ACME') def disable(self): headers = dict(Cookie=self.cookie) - status, unused, _unused = self._request('/acme/disable') + status, unused, _unused = self._request('/acme/disable', + headers=headers) if status != 200: raise RuntimeError('Failed to disble ACME') diff --git a/ipatests/azure/Dockerfiles/Dockerfile.build.rawhide b/ipatests/azure/Dockerfiles/Dockerfile.build.rawhide index 47cb81e864d..3c664fd5ea3 100644 --- a/ipatests/azure/Dockerfiles/Dockerfile.build.rawhide +++ b/ipatests/azure/Dockerfiles/Dockerfile.build.rawhide @@ -19,6 +19,7 @@ RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \ openssh-server \ sudo \ wget \ + dbus-broker \ /root/rpms/*.rpm \ && dnf clean all && rm -rf /root/rpms /root/srpms \ && sed -i 's/.*PermitRootLogin .*/#&/g' /etc/ssh/sshd_config \ diff --git a/ipatests/azure/Dockerfiles/seccomp.json b/ipatests/azure/Dockerfiles/seccomp.json index c269d92e5a0..d5a5631facb 100644 --- a/ipatests/azure/Dockerfiles/seccomp.json +++ b/ipatests/azure/Dockerfiles/seccomp.json @@ -90,6 +90,7 @@ "exit", "exit_group", "faccessat", + "faccessat2", "fadvise64", "fadvise64_64", "fallocate", diff --git a/ipatests/azure/scripts/azure-run-base-tests.sh b/ipatests/azure/scripts/azure-run-base-tests.sh index a2129d2a454..3884218c74c 100755 --- a/ipatests/azure/scripts/azure-run-base-tests.sh +++ b/ipatests/azure/scripts/azure-run-base-tests.sh @@ -48,7 +48,7 @@ if [ "$install_result" -eq 0 ] ; then sed -ri "s/mode = production/mode = developer/" /etc/ipa/default.conf systemctl restart "$HTTPD_SYSTEMD_NAME" - firewalld_cmd --add-service={freeipa-ldap,freeipa-ldaps,dns} + firewalld_cmd --add-service={freeipa-ldap,freeipa-ldaps,dns} || echo "No firewall active" echo ${server_password} | kinit admin && ipa ping mkdir -p ~/.ipa diff --git a/ipatests/azure/scripts/setup_containers.py b/ipatests/azure/scripts/setup_containers.py index 6883a19e954..abccf0a8d48 100644 --- a/ipatests/azure/scripts/setup_containers.py +++ b/ipatests/azure/scripts/setup_containers.py @@ -195,11 +195,19 @@ def setup_container_overrides(self): """ Set services known to not work in containers to be ignored """ - for service in ['nis-domainname',]: + for service in ['nis-domainname', 'chronyd']: self.ignore_service_in_container(service) self.execute_all(args=["systemctl", "daemon-reload"]) + def setup_container_messagebus(self): + """ + Make sure D-BUS is enabled and running + """ + + self.execute_all(args=["systemctl", "enable", "--now", + "dbus-broker.service"]) + class Controller(Container): """ @@ -297,6 +305,12 @@ def setup_container_overrides(self): for container in self.containers: container.setup_container_overrides() + def setup_container_messagebus(self): + """ + Make sure D-BUS is enabled and running + """ + for container in self.containers: + container.setup_container_messagebus() controller = Controller() master = Container(role='master') @@ -307,10 +321,11 @@ def setup_container_overrides(self): controller.append(clients) controller.append(replicas) +controller.setup_container_messagebus() controller.setup_ssh() controller.setup_hosts() controller.setup_hostname() -controller.setup_resolvconf() +# controller.setup_resolvconf() controller.setup_container_overrides() config = { diff --git a/ipatests/azure/templates/test-jobs.yml b/ipatests/azure/templates/test-jobs.yml index 4f9abf394ad..1ccf907fe9c 100644 --- a/ipatests/azure/templates/test-jobs.yml +++ b/ipatests/azure/templates/test-jobs.yml @@ -12,7 +12,11 @@ steps: moreutils \ rng-tools \ systemd-coredump \ - python3-docker + python3-docker \ + software-properties-common + sudo add-apt-repository -y ppa:abbra/freeipa-libseccomp + sudo apt-get update + sudo apt-get install -y libseccomp2 # ubuntu's one is too old: different API python3 -m pip install docker --user displayName: Install Host's tests requirements diff --git a/ipatests/azure/templates/variables-common.yml b/ipatests/azure/templates/variables-common.yml index 36594064abb..5b3c2ca4914 100644 --- a/ipatests/azure/templates/variables-common.yml +++ b/ipatests/azure/templates/variables-common.yml @@ -6,7 +6,7 @@ variables: # https://github.com/actions/virtual-environments/blob/master/images/linux/Ubuntu1604-REA DME.md # Ubuntu-18.04 - 3.6.9 # https://github.com/actions/virtual-environments/blob/master/images/linux/Ubuntu1804-REA DME.md - VM_IMAGE: 'Ubuntu-18.04' + VM_IMAGE: 'ubuntu-20.04' MAX_CONTAINER_ENVS: 5 IPA_TESTS_ENV_WORKING_DIR: $(Build.Repository.LocalPath)/ipa_envs IPA_TESTS_SCRIPTS: 'ipatests/azure/scripts' diff --git a/ipatests/azure/templates/variables.yml b/ipatests/azure/templates/variables.yml index 7fcd5c89b79..e1271e4cabe 120000 --- a/ipatests/azure/templates/variables.yml +++ b/ipatests/azure/templates/variables.yml @@ -1 +1 @@ -variables-fedora.yml \ No newline at end of file +variables-rawhide.yml \ No newline at end of file