abbra · abbra · Nov 13, 2020 · Nov 13, 2020 · Nov 13, 2020 · Nov 13, 2020
diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am
@@ -92,6 +92,7 @@ ipa_kdb_tests_SOURCES += ipa_kdb_kdcpolicy.c
 endif
 
 ipa_kdb_tests_CFLAGS = $(CMOCKA_CFLAGS)
+ipa_kdb_tests_LDFLAGS = -L$(libdir)/samba -Wl,-rpath=$(libdir)/samba
 ipa_kdb_tests_LDADD =          \
        $(CMOCKA_LIBS)          \
        $(KRB5_LIBS)            \
@@ -102,6 +103,7 @@ ipa_kdb_tests_LDADD =          \
        $(top_builddir)/util/libutil.la	\
        -lkdb5                  \
        -lsss_idmap             \
+       -lsamba-security-samba4 \
        $(NULL)
 
 appdir = $(libexecdir)/ipa

diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -2352,7 +2352,7 @@ krb5_error_code ipadb_sign_authdata(krb5_context context,
 
 static char *get_server_netbios_name(struct ipadb_context *ipactx)
 {
-    char hostname[IPA_HOST_FQDN_LEN]; /* NOTE: long enough for DNS name */
+    char hostname[IPA_HOST_FQDN_LEN + 1]; /* NOTE: long enough for DNS name */
     char *p;
 
     strncpy(hostname, ipactx->kdc_hostname, IPA_HOST_FQDN_LEN);

diff --git a/daemons/ipa-kdb/tests/ipa_kdb_tests.c b/daemons/ipa-kdb/tests/ipa_kdb_tests.c
@@ -72,7 +72,7 @@ struct test_ctx {
 #define DOM_SID_TRUST "S-1-5-21-4-5-6"
 #define BLOCKLIST_SID "S-1-5-1"
 #define NUM_SUFFIXES 10
-#define SUFFIX_TEMPLATE "d%0d" DOMAIN_NAME
+#define SUFFIX_TEMPLATE "d%zu" DOMAIN_NAME
 #define TEST_REALM_TEMPLATE "some." SUFFIX_TEMPLATE
 #define EXTERNAL_REALM "WRONG.DOMAIN"
 
@@ -136,7 +136,8 @@ static int setup(void **state)
     ipa_ctx->mspac->trusts[0].upn_suffixes = calloc(NUM_SUFFIXES + 1, sizeof(char *));
     ipa_ctx->mspac->trusts[0].upn_suffixes_len = calloc(NUM_SUFFIXES, sizeof(size_t));
     for (size_t i = 0; i < NUM_SUFFIXES; i++) {
-	asprintf(&(ipa_ctx->mspac->trusts[0].upn_suffixes[i]), SUFFIX_TEMPLATE, i);
+	assert_int_not_equal(asprintf(&(ipa_ctx->mspac->trusts[0].upn_suffixes[i]),
+                                      SUFFIX_TEMPLATE, i), -1);
         ipa_ctx->mspac->trusts[0].upn_suffixes_len[i] =
             strlen(ipa_ctx->mspac->trusts[0].upn_suffixes[i]);
 
@@ -504,7 +505,7 @@ void test_check_trusted_realms(void **state)
 
     for(size_t i = 0; i < NUM_SUFFIXES; i++) {
         char *test_realm = NULL;
-        asprintf(&test_realm, TEST_REALM_TEMPLATE, i);
+        assert_int_not_equal(asprintf(&test_realm, TEST_REALM_TEMPLATE, i), -1);
 
         if (test_realm) {
             kerr = ipadb_is_princ_from_trusted_realm(

diff --git a/daemons/ipa-otpd/main.c b/daemons/ipa-otpd/main.c
@@ -214,7 +214,7 @@ static krb5_error_code setup_ldap(const char *uri, krb5_boolean bind,
 int main(int argc, char **argv)
 {
     const char *hostname;
-    char fqdn[IPA_HOST_FQDN_LEN];
+    char fqdn[IPA_HOST_FQDN_LEN + 1];
     krb5_error_code retval;
     krb5_data hndata;
     verto_ev *sig;

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
@@ -4441,7 +4441,7 @@ static char *sec_key(TALLOC_CTX *mem_ctx, const char *d)
 
 static NTSTATUS save_sid_to_secret(struct ipasam_private *ipasam_state)
 {
-	char hostname[IPA_HOST_FQDN_LEN];
+	char hostname[IPA_HOST_FQDN_LEN + 1];
 	const char *fqdn;
 	char *p;
 	TALLOC_CTX *tmp_ctx;
@@ -4475,7 +4475,7 @@ static NTSTATUS save_sid_to_secret(struct ipasam_private *ipasam_state)
 	}
 	/* Copy is necessary, otherwise we this will corrupt the static
 	 * buffer returned by ipa_gethostfqdn(). */
-	strncpy(hostname, fqdn, sizeof(hostname));
+	strncpy(hostname, fqdn, IPA_HOST_FQDN_LEN);
 	p = strchr(hostname, '.');
 	if (p != NULL) {
 		*p = '\0';

diff --git a/ipaserver/install/ipa_acme_manage.py b/ipaserver/install/ipa_acme_manage.py
@@ -25,13 +25,15 @@
 
 class acme_state(RestClient):
 
-    def _request(self, url):
+    def _request(self, url, headers=None):
+        headers = headers or {}
         return dogtag.https_request(
             self.ca_host, 8443,
             url=url,
             cafile=self.ca_cert,
             client_certfile=paths.RA_AGENT_PEM,
             client_keyfile=paths.RA_AGENT_KEY,
+            headers=headers,
             method='POST'
         )
 
@@ -48,20 +50,21 @@ def __enter__(self):
     def __exit__(self, exc_type, exc_value, traceback):
         """Log out of the REST API"""
         headers = dict(Cookie=self.cookie)
-        status, unused, _unused = self._request('/acme/logout')
+        status, unused, _unused = self._request('/acme/logout', headers=headers)
         object.__setattr__(self, 'cookie', None)
         if status != 204:
             raise RuntimeError('Failed to logout')
 
     def enable(self):
         headers = dict(Cookie=self.cookie)
-        status, unused, _unused = self._request('/acme/enable')
+        status, unused, _unused = self._request('/acme/enable', headers=headers)
         if status != 200:
             raise RuntimeError('Failed to enable ACME')
 
     def disable(self):
         headers = dict(Cookie=self.cookie)
-        status, unused, _unused = self._request('/acme/disable')
+        status, unused, _unused = self._request('/acme/disable',
+                                                headers=headers)
         if status != 200:
             raise RuntimeError('Failed to disble ACME')
 

diff --git a/ipatests/azure/Dockerfiles/Dockerfile.build.rawhide b/ipatests/azure/Dockerfiles/Dockerfile.build.rawhide
@@ -19,6 +19,7 @@ RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \
         openssh-server \
         sudo \
         wget \
+        dbus-broker \
         /root/rpms/*.rpm \
     && dnf clean all && rm -rf /root/rpms /root/srpms \
     && sed -i 's/.*PermitRootLogin .*/#&/g' /etc/ssh/sshd_config \

diff --git a/ipatests/azure/Dockerfiles/seccomp.json b/ipatests/azure/Dockerfiles/seccomp.json
@@ -90,6 +90,7 @@
 				"exit",
 				"exit_group",
 				"faccessat",
+				"faccessat2",
 				"fadvise64",
 				"fadvise64_64",
 				"fallocate",

diff --git a/ipatests/azure/scripts/azure-run-base-tests.sh b/ipatests/azure/scripts/azure-run-base-tests.sh
@@ -48,7 +48,7 @@ if [ "$install_result" -eq 0 ] ; then
 
     sed -ri "s/mode = production/mode = developer/" /etc/ipa/default.conf
     systemctl restart "$HTTPD_SYSTEMD_NAME"
-    firewalld_cmd --add-service={freeipa-ldap,freeipa-ldaps,dns}
+    firewalld_cmd --add-service={freeipa-ldap,freeipa-ldaps,dns} || echo "No firewall active"
 
     echo ${server_password} | kinit admin && ipa ping
     mkdir -p ~/.ipa

diff --git a/ipatests/azure/scripts/setup_containers.py b/ipatests/azure/scripts/setup_containers.py
@@ -195,11 +195,19 @@ def setup_container_overrides(self):
         """
         Set services known to not work in containers to be ignored
         """
-        for service in ['nis-domainname',]:
+        for service in ['nis-domainname', 'chronyd']:
             self.ignore_service_in_container(service)
 
         self.execute_all(args=["systemctl", "daemon-reload"])
 
+    def setup_container_messagebus(self):
+        """
+        Make sure D-BUS is enabled and running
+        """
+
+        self.execute_all(args=["systemctl", "enable", "--now",
+                               "dbus-broker.service"])
+
 
 class Controller(Container):
     """
@@ -297,6 +305,12 @@ def setup_container_overrides(self):
         for container in self.containers:
             container.setup_container_overrides()
 
+    def setup_container_messagebus(self):
+        """
+        Make sure D-BUS is enabled and running
+        """
+        for container in self.containers:
+            container.setup_container_messagebus()
 
 controller = Controller()
 master = Container(role='master')
@@ -307,10 +321,11 @@ def setup_container_overrides(self):
 controller.append(clients)
 controller.append(replicas)
 
+controller.setup_container_messagebus()
 controller.setup_ssh()
 controller.setup_hosts()
 controller.setup_hostname()
-controller.setup_resolvconf()
+# controller.setup_resolvconf()
 controller.setup_container_overrides()
 
 config = {

diff --git a/ipatests/azure/templates/test-jobs.yml b/ipatests/azure/templates/test-jobs.yml
@@ -12,7 +12,11 @@ steps:
         moreutils \
         rng-tools \
         systemd-coredump \
-        python3-docker
+        python3-docker \
+        software-properties-common
+    sudo add-apt-repository -y ppa:abbra/freeipa-libseccomp
+    sudo apt-get update
+    sudo apt-get install -y libseccomp2
     # ubuntu's one is too old: different API
     python3 -m pip install docker --user
   displayName: Install Host's tests requirements

diff --git a/ipatests/azure/templates/variables-common.yml b/ipatests/azure/templates/variables-common.yml
@@ -6,7 +6,7 @@ variables:
   # https://github.com/actions/virtual-environments/blob/master/images/linux/Ubuntu1604-REA    DME.md
   # Ubuntu-18.04 - 3.6.9
   # https://github.com/actions/virtual-environments/blob/master/images/linux/Ubuntu1804-REA    DME.md
-  VM_IMAGE: 'Ubuntu-18.04'
+  VM_IMAGE: 'ubuntu-20.04'
   MAX_CONTAINER_ENVS: 5
   IPA_TESTS_ENV_WORKING_DIR: $(Build.Repository.LocalPath)/ipa_envs
   IPA_TESTS_SCRIPTS: 'ipatests/azure/scripts'

diff --git a/ipatests/azure/templates/variables.yml b/ipatests/azure/templates/variables.yml
@@ -1 +1 @@
-variables-fedora.yml
+variables-rawhide.yml