#7136 ipa-restore command doesn't exit with failure if wrong directory manager's password is provided
Closed: fixed 2 years ago Opened 2 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1483139

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
ipa-restore command doesn't exit with failure if wrong directory manager's
password is provided instead it gives error code (0) which means successful
execution.

Version-Release number of selected component (if applicable):
ipa-server-4.4.0-14.el7_3.7.x86_64.rpm

How reproducible:
Always

Steps to Reproduce:
1. Install IPA server and a replica
2. Take backup on one of the IPA servers using ipa-backup
3. Run ipa-restore command

Actual results:
ipa-restore command doesn't exit with failure if wrong directory manager's
password is provided instead it gives error code (0) which means successful
execution.

Expected results:
ipa-restore command should fail with different error code.

Additional info:
Directory Manager password is used only for disabling replication agreements
during restore. In case we don't have replicas the code that is using directory
manager password is never used, thus it cannot fail and it gets successful.

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1483139

2 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1483139

2 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.7 backlog)

2 years ago

Metadata Update from @rcritten:
- Issue assigned to rcritten

2 years ago

Metadata Update from @rcritten:
- Issue priority set to: low

2 years ago

IMHO this is a very weak corner case. The issue is that the DM password, which is NOT used for a single master, can be incorrect and the restore still successful. Yeah, well.

I'm adding validation there only so the error is caught explicitly.

https://github.com/freeipa/freeipa/pull/1892

master:

  • 0653d2a Validate the Directory Manager password before starting restore

ipa-4-6:

  • 2a8822b Validate the Directory Manager password before starting restore

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @cheimes:
- Issue status updated to: Open (was: Closed)

2 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.6.4 (was: FreeIPA 4.7)

2 years ago

master:

  • 2256f9e Validate the Directory Manager password before starting restore
  • 59b3eb0 Add tests for ipa-restore with DM password validation check

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

ipa-4-6:

  • e045b0a Validate the Directory Manager password before starting restore
  • f8b6e8c Add tests for ipa-restore with DM password validation check

Login to comment on this ticket.

Metadata