2013-11-01 07:57:18 -05:00
|
|
|
# Authors:
|
|
|
|
# Tomas Babej <tbabej@redhat.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2013 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty information
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2014-12-16 07:45:37 -06:00
|
|
|
# FIXME: Pylint errors
|
|
|
|
# pylint: disable=no-member
|
|
|
|
|
2018-04-05 02:21:16 -05:00
|
|
|
from __future__ import absolute_import
|
|
|
|
|
2013-11-01 07:57:18 -05:00
|
|
|
import os
|
|
|
|
import re
|
2019-10-15 05:24:11 -05:00
|
|
|
|
|
|
|
import pytest
|
2013-11-01 07:57:18 -05:00
|
|
|
|
2019-06-15 09:25:51 -05:00
|
|
|
from ipaplatform.constants import constants as platformconstants
|
2014-05-29 07:47:17 -05:00
|
|
|
from ipaplatform.paths import paths
|
2013-11-01 07:57:18 -05:00
|
|
|
|
2018-08-02 06:45:19 -05:00
|
|
|
from ipatests.pytest_ipa.integration import tasks
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
# importing test_trust under different name to avoid nose executing the test
|
|
|
|
# base class imported from this module
|
|
|
|
from ipatests.test_integration import test_trust as trust_tests
|
|
|
|
|
|
|
|
|
2018-09-26 04:59:50 -05:00
|
|
|
class BaseTestLegacyClient:
|
2013-11-01 07:57:18 -05:00
|
|
|
"""
|
|
|
|
Tests legacy client support.
|
|
|
|
"""
|
|
|
|
|
|
|
|
advice_id = None
|
|
|
|
backup_files = ['/etc/sysconfig/authconfig',
|
|
|
|
'/etc/pam.d',
|
|
|
|
'/etc/openldap/cacerts',
|
|
|
|
'/etc/openldap/ldap.conf',
|
|
|
|
'/etc/nsswitch.conf',
|
2014-05-29 07:47:17 -05:00
|
|
|
paths.SSSD_CONF]
|
2013-11-01 07:57:18 -05:00
|
|
|
|
2014-12-16 07:45:37 -06:00
|
|
|
homedir_template = "/home/{domain}/{username}"
|
2019-06-15 09:25:51 -05:00
|
|
|
default_shell = platformconstants.DEFAULT_SHELL
|
2014-12-16 07:45:37 -06:00
|
|
|
required_extra_roles = ()
|
|
|
|
optional_extra_roles = ()
|
|
|
|
|
2014-01-23 03:05:09 -06:00
|
|
|
# Actual test classes need to override these attributes to set the expected
|
|
|
|
# values on the UID and GID results, since this varies with the usage of the
|
|
|
|
# POSIX and non-POSIX ID ranges
|
|
|
|
|
|
|
|
testuser_uid_regex = None
|
|
|
|
testuser_gid_regex = None
|
2014-02-04 19:30:14 -06:00
|
|
|
subdomain_testuser_uid_regex = None
|
|
|
|
subdomain_testuser_gid_regex = None
|
2017-02-08 04:38:08 -06:00
|
|
|
treedomain_testuser_uid_regex = None
|
|
|
|
treedomain_testuser_gid_regex = None
|
2014-01-23 03:05:09 -06:00
|
|
|
|
2014-02-06 09:08:04 -06:00
|
|
|
# To allow custom validation dependent on the trust type
|
|
|
|
posix_trust = False
|
|
|
|
|
2013-11-01 07:57:18 -05:00
|
|
|
def test_apply_advice(self):
|
|
|
|
# Obtain the advice from the server
|
|
|
|
tasks.kinit_admin(self.master)
|
|
|
|
result = self.master.run_command(['ipa-advise', self.advice_id])
|
|
|
|
advice = result.stdout_text
|
|
|
|
|
|
|
|
# Apply the advice on the legacy client
|
|
|
|
advice_path = os.path.join(self.legacy_client.config.test_dir,
|
|
|
|
'advice.sh')
|
|
|
|
self.legacy_client.put_file_contents(advice_path, advice)
|
|
|
|
result = self.legacy_client.run_command(['bash', '-x', '-e',
|
|
|
|
advice_path])
|
|
|
|
|
|
|
|
# Restart SSHD to load new PAM configuration
|
2014-05-29 07:47:17 -05:00
|
|
|
self.legacy_client.run_command([paths.SBIN_SERVICE, 'sshd', 'restart'])
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
def clear_sssd_caches(self):
|
|
|
|
tasks.clear_sssd_cache(self.master)
|
|
|
|
tasks.clear_sssd_cache(self.legacy_client)
|
|
|
|
|
|
|
|
def test_getent_ipa_user(self):
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
result = self.legacy_client.run_command(['getent', 'passwd', 'admin'])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
admin_regex = r"admin:\*:(\d+):(\d+):"\
|
2019-06-15 09:25:51 -05:00
|
|
|
r"Administrator:/home/admin:{}".format(
|
|
|
|
platformconstants.DEFAULT_ADMIN_SHELL,
|
|
|
|
)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
assert re.search(admin_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_getent_ipa_group(self):
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
result = self.legacy_client.run_command(['getent', 'group', 'admins'])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
admin_group_regex = r"admins:\*:(\d+):admin"
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
assert re.search(admin_group_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_id_ipa_user(self):
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
result = self.legacy_client.run_command(['id', 'admin'])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
uid_regex = r"uid=(\d+)\(admin\)"
|
|
|
|
gid_regex = r"gid=(\d+)\(admins\)"
|
|
|
|
groups_regex = r"groups=(\d+)\(admins\)"
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
assert re.search(uid_regex, result.stdout_text)
|
|
|
|
assert re.search(gid_regex, result.stdout_text)
|
|
|
|
assert re.search(groups_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_getent_ad_user(self):
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
testuser = 'testuser@%s' % self.ad.domain.name
|
|
|
|
result = self.legacy_client.run_command(['getent', 'passwd', testuser])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
testuser_regex = r"testuser@%s:\*:%s:%s:"\
|
2019-06-15 09:25:51 -05:00
|
|
|
r"Test User:%s:%s"\
|
2014-02-04 19:30:14 -06:00
|
|
|
% (re.escape(self.ad.domain.name),
|
|
|
|
self.testuser_uid_regex,
|
2014-02-05 07:56:19 -06:00
|
|
|
self.testuser_gid_regex,
|
|
|
|
self.homedir_template.format(
|
|
|
|
username='testuser',
|
2019-06-15 09:25:51 -05:00
|
|
|
domain=re.escape(self.ad.domain.name)),
|
|
|
|
self.default_shell,
|
2014-02-05 07:56:19 -06:00
|
|
|
)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
2014-02-04 19:30:14 -06:00
|
|
|
assert re.search(testuser_regex, result.stdout_text)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
def test_getent_ad_group(self):
|
|
|
|
self.clear_sssd_caches()
|
2014-01-22 04:44:34 -06:00
|
|
|
testgroup = 'testgroup@%s' % self.ad.domain.name
|
2013-11-01 07:57:18 -05:00
|
|
|
result = self.legacy_client.run_command(['getent', 'group', testgroup])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
testgroup_regex = r"%s:\*:%s:" % (testgroup, self.testuser_gid_regex)
|
2014-02-04 19:30:14 -06:00
|
|
|
assert re.search(testgroup_regex, result.stdout_text)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
def test_id_ad_user(self):
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
testuser = 'testuser@%s' % self.ad.domain.name
|
2014-01-22 04:44:34 -06:00
|
|
|
testgroup = 'testgroup@%s' % self.ad.domain.name
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
result = self.legacy_client.run_command(['id', testuser])
|
|
|
|
|
2014-02-06 09:08:04 -06:00
|
|
|
# Only for POSIX trust testing does the testuser belong to the
|
|
|
|
# testgroup
|
2019-09-23 16:30:22 -05:00
|
|
|
group_name = r'\(%s\)' % testgroup if self.posix_trust else ''
|
2014-02-06 09:08:04 -06:00
|
|
|
|
2019-09-23 16:30:22 -05:00
|
|
|
uid_regex = r"uid=%s\(%s\)" % (self.testuser_uid_regex, testuser)
|
2014-02-06 09:08:04 -06:00
|
|
|
gid_regex = "gid=%s%s" % (self.testuser_gid_regex, group_name)
|
|
|
|
groups_regex = "groups=%s%s" % (self.testuser_gid_regex, group_name)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
assert re.search(uid_regex, result.stdout_text)
|
|
|
|
assert re.search(gid_regex, result.stdout_text)
|
|
|
|
assert re.search(groups_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_login_ipa_user(self):
|
|
|
|
if not self.master.transport.file_exists('/usr/bin/sshpass'):
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('Package sshpass not available on %s'
|
|
|
|
% self.master.hostname)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
result = self.master.run_command(
|
|
|
|
'sshpass -p %s '
|
|
|
|
'ssh '
|
|
|
|
'-o StrictHostKeyChecking=no '
|
|
|
|
'-l admin '
|
|
|
|
'%s '
|
|
|
|
'"echo test"' %
|
|
|
|
(self.legacy_client.config.admin_password,
|
2014-04-06 11:45:16 -05:00
|
|
|
self.legacy_client.hostname))
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
assert "test" in result.stdout_text
|
|
|
|
|
|
|
|
def test_login_ad_user(self):
|
|
|
|
if not self.master.transport.file_exists('/usr/bin/sshpass'):
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('Package sshpass not available on %s'
|
|
|
|
% self.master.hostname)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
testuser = 'testuser@%s' % self.ad.domain.name
|
|
|
|
result = self.master.run_command(
|
|
|
|
'sshpass -p Secret123 '
|
|
|
|
'ssh '
|
|
|
|
'-o StrictHostKeyChecking=no '
|
|
|
|
'-l %s '
|
|
|
|
'%s '
|
|
|
|
'"echo test"' %
|
2014-04-06 11:45:16 -05:00
|
|
|
(testuser, self.legacy_client.hostname))
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
assert "test" in result.stdout_text
|
|
|
|
|
|
|
|
def test_login_disabled_ipa_user(self):
|
|
|
|
if not self.master.transport.file_exists('/usr/bin/sshpass'):
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('Package sshpass not available on %s'
|
|
|
|
% self.master.hostname)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
|
|
|
|
result = self.master.run_command(
|
|
|
|
'sshpass -p %s '
|
|
|
|
'ssh '
|
|
|
|
'-o StrictHostKeyChecking=no '
|
|
|
|
'-l disabledipauser '
|
|
|
|
'%s '
|
|
|
|
'"echo test"'
|
|
|
|
% (self.legacy_client.config.admin_password,
|
|
|
|
self.legacy_client.external_hostname),
|
|
|
|
raiseonerr=False)
|
|
|
|
|
|
|
|
assert result.returncode != 0
|
|
|
|
|
|
|
|
def test_login_disabled_ad_user(self):
|
|
|
|
if not self.master.transport.file_exists('/usr/bin/sshpass'):
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('Package sshpass not available on %s'
|
2013-11-01 07:57:18 -05:00
|
|
|
% self.master.hostname)
|
|
|
|
|
|
|
|
testuser = 'disabledaduser@%s' % self.ad.domain.name
|
|
|
|
result = self.master.run_command(
|
|
|
|
'sshpass -p Secret123 '
|
|
|
|
'ssh '
|
|
|
|
'-o StrictHostKeyChecking=no '
|
|
|
|
'-l %s '
|
|
|
|
'%s '
|
|
|
|
'"echo test"' %
|
|
|
|
(testuser, self.legacy_client.external_hostname),
|
|
|
|
raiseonerr=False)
|
|
|
|
|
|
|
|
assert result.returncode != 0
|
|
|
|
|
2014-02-04 19:30:14 -06:00
|
|
|
def test_getent_subdomain_ad_user(self):
|
|
|
|
if not self.ad_subdomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD for the subdomain is not available.')
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
testuser = 'subdomaintestuser@%s' % self.ad_subdomain
|
|
|
|
result = self.legacy_client.run_command(['getent', 'passwd', testuser])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
testuser_regex = r"subdomaintestuser@%s:\*:%s:%s:"\
|
|
|
|
r"Subdomaintest User:%s:"\
|
2019-06-15 09:25:51 -05:00
|
|
|
r"%s"\
|
2014-02-04 19:30:14 -06:00
|
|
|
% (re.escape(self.ad_subdomain),
|
|
|
|
self.subdomain_testuser_uid_regex,
|
2014-02-05 07:56:19 -06:00
|
|
|
self.subdomain_testuser_gid_regex,
|
|
|
|
self.homedir_template.format(
|
|
|
|
username='subdomaintestuser',
|
2019-06-15 09:25:51 -05:00
|
|
|
domain=re.escape(self.ad_subdomain)),
|
|
|
|
self.default_shell,
|
2014-02-05 07:56:19 -06:00
|
|
|
)
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
assert re.search(testuser_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_getent_subdomain_ad_group(self):
|
|
|
|
if not self.ad_subdomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD for the subdomain is not available.')
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
testgroup = 'subdomaintestgroup@%s' % self.ad_subdomain
|
|
|
|
result = self.legacy_client.run_command(['getent', 'group', testgroup])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
testgroup_stdout = r"%s:\*:%s:" % (testgroup,
|
2014-04-08 01:31:58 -05:00
|
|
|
self.subdomain_testuser_gid_regex)
|
2014-02-04 19:30:14 -06:00
|
|
|
assert re.search(testgroup_stdout, result.stdout_text)
|
|
|
|
|
|
|
|
def test_id_subdomain_ad_user(self):
|
|
|
|
if not self.ad_subdomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD for the subdomain is not available.')
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
testuser = 'subdomaintestuser@%s' % self.ad_subdomain
|
|
|
|
testgroup = 'subdomaintestgroup@%s' % self.ad_subdomain
|
|
|
|
|
|
|
|
result = self.legacy_client.run_command(['id', testuser])
|
|
|
|
|
2014-02-06 09:08:04 -06:00
|
|
|
# Only for POSIX trust testing does the testuser belong to the
|
|
|
|
# testgroup
|
2019-09-23 16:30:22 -05:00
|
|
|
group_name = r'\(%s\)' % testgroup if self.posix_trust else ''
|
2014-02-06 09:08:04 -06:00
|
|
|
|
2019-09-23 16:30:22 -05:00
|
|
|
uid_regex = r"uid=%s\(%s\)" % (self.subdomain_testuser_uid_regex,
|
2014-04-08 01:31:58 -05:00
|
|
|
testuser)
|
|
|
|
gid_regex = "gid=%s%s" % (self.subdomain_testuser_gid_regex,
|
|
|
|
group_name)
|
|
|
|
groups_regex = "groups=%s%s" % (self.subdomain_testuser_gid_regex,
|
|
|
|
group_name)
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
assert re.search(uid_regex, result.stdout_text)
|
|
|
|
assert re.search(gid_regex, result.stdout_text)
|
|
|
|
assert re.search(groups_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_login_subdomain_ad_user(self):
|
|
|
|
if not self.ad_subdomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD for the subdomain is not available.')
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
if not self.master.transport.file_exists('/usr/bin/sshpass'):
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('Package sshpass not available on %s'
|
|
|
|
% self.master.hostname)
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
testuser = 'subdomaintestuser@%s' % self.ad_subdomain
|
|
|
|
result = self.master.run_command(
|
|
|
|
'sshpass -p Secret123 '
|
|
|
|
'ssh '
|
|
|
|
'-o StrictHostKeyChecking=no '
|
|
|
|
'-l %s '
|
|
|
|
'%s '
|
|
|
|
'"echo test"' %
|
|
|
|
(testuser, self.legacy_client.external_hostname))
|
|
|
|
|
|
|
|
assert "test" in result.stdout_text
|
|
|
|
|
|
|
|
def test_login_disabled_subdomain_ad_user(self):
|
|
|
|
if not self.ad_subdomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD for the subdomain is not available.')
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
if not self.master.transport.file_exists('/usr/bin/sshpass'):
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('Package sshpass not available on %s'
|
|
|
|
% self.master.hostname)
|
2014-02-04 19:30:14 -06:00
|
|
|
|
|
|
|
testuser = 'subdomaindisabledaduser@%s' % self.ad_subdomain
|
|
|
|
result = self.master.run_command(
|
|
|
|
'sshpass -p Secret123 '
|
|
|
|
'ssh '
|
|
|
|
'-o StrictHostKeyChecking=no '
|
|
|
|
'-l %s '
|
|
|
|
'%s '
|
|
|
|
'"echo test"' %
|
|
|
|
(testuser, self.legacy_client.external_hostname),
|
|
|
|
raiseonerr=False)
|
|
|
|
|
|
|
|
assert result.returncode != 0
|
|
|
|
|
2017-02-08 04:38:08 -06:00
|
|
|
def test_getent_treedomain_ad_user(self):
|
|
|
|
if not self.ad_treedomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD tree root domain is not available.')
|
2017-02-08 04:38:08 -06:00
|
|
|
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
testuser = 'treetestuser@{0}'.format(self.ad_treedomain)
|
|
|
|
result = self.legacy_client.run_command(['getent', 'passwd', testuser])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
testuser_regex = (r"treetestuser@{0}:\*:{1}:{2}:TreeTest User:"
|
2019-06-15 09:25:51 -05:00
|
|
|
r"/home/{0}/treetestuser:{3}".format(
|
2017-02-08 04:38:08 -06:00
|
|
|
re.escape(self.ad_treedomain),
|
|
|
|
self.treedomain_testuser_uid_regex,
|
2019-06-15 09:25:51 -05:00
|
|
|
self.treedomain_testuser_gid_regex,
|
|
|
|
self.default_shell,
|
|
|
|
))
|
2017-02-08 04:38:08 -06:00
|
|
|
|
|
|
|
assert re.search(testuser_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_getent_treedomain_ad_group(self):
|
|
|
|
if not self.ad_treedomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD tree root domain is not available')
|
2017-02-08 04:38:08 -06:00
|
|
|
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
testgroup = 'treetestgroup@{0}'.format(self.ad_treedomain)
|
|
|
|
result = self.legacy_client.run_command(['getent', 'group', testgroup])
|
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
testgroup_stdout = r"{0}:\*:{1}:".format(
|
2017-02-08 04:38:08 -06:00
|
|
|
testgroup, self.treedomain_testuser_gid_regex)
|
|
|
|
|
|
|
|
assert re.search(testgroup_stdout, result.stdout_text)
|
|
|
|
|
|
|
|
def test_id_treedomain_ad_user(self):
|
|
|
|
if not self.ad_treedomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD tree root domain is not available')
|
2017-02-08 04:38:08 -06:00
|
|
|
|
|
|
|
self.clear_sssd_caches()
|
|
|
|
|
|
|
|
testuser = 'treetestuser@{0}'.format(self.ad_treedomain)
|
|
|
|
testgroup = 'treetestgroup@{0}'.format(self.ad_treedomain)
|
|
|
|
|
|
|
|
result = self.legacy_client.run_command(['id', testuser])
|
|
|
|
|
|
|
|
# Only for POSIX trust testing does the testuser belong to the
|
|
|
|
# testgroup
|
|
|
|
|
2019-09-23 16:30:22 -05:00
|
|
|
group_name = r'\({}\)'.format(testgroup) if self.posix_trust else ''
|
2017-02-08 04:38:08 -06:00
|
|
|
|
2019-09-23 16:30:22 -05:00
|
|
|
uid_regex = r"uid={0}\({1}\)".format(
|
2017-02-08 04:38:08 -06:00
|
|
|
self.treedomain_testuser_uid_regex, testuser)
|
|
|
|
|
|
|
|
gid_regex = "gid={0}{1}".format(
|
|
|
|
self.treedomain_testuser_gid_regex, group_name)
|
|
|
|
|
|
|
|
group_regex = "groups={0}{1}".format(
|
|
|
|
self.treedomain_testuser_gid_regex, group_name)
|
|
|
|
|
|
|
|
assert re.search(uid_regex, result.stdout_text)
|
|
|
|
assert re.search(gid_regex, result.stdout_text)
|
|
|
|
assert re.search(group_regex, result.stdout_text)
|
|
|
|
|
|
|
|
def test_login_treedomain_ad_user(self):
|
|
|
|
if not self.ad_treedomain:
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip('AD tree root domain is not available.')
|
2017-02-08 04:38:08 -06:00
|
|
|
|
|
|
|
if not self.master.transport.file_exists('/usr/bin/sshpass'):
|
2019-10-15 05:24:11 -05:00
|
|
|
pytest.skip(
|
2017-12-06 10:01:57 -06:00
|
|
|
'Package sshpass not available on {}'.format(
|
|
|
|
self.master.hostname)
|
|
|
|
)
|
2017-02-08 04:38:08 -06:00
|
|
|
|
|
|
|
result = self.master.run_command(
|
|
|
|
'sshpass -p {0} ssh -o StrictHostKeyChecking=no '
|
|
|
|
'-l admin {1} "echo test"'.format(
|
|
|
|
self.legacy_client.config.admin_password,
|
|
|
|
self.legacy_client.external_hostname))
|
|
|
|
|
|
|
|
assert "test" in result.stdout_text
|
|
|
|
|
|
|
|
|
2013-11-01 07:57:18 -05:00
|
|
|
@classmethod
|
2014-12-15 04:29:05 -06:00
|
|
|
def install(cls, mh):
|
|
|
|
super(BaseTestLegacyClient, cls).install(mh)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
2014-02-05 02:07:45 -06:00
|
|
|
tasks.kinit_admin(cls.master)
|
|
|
|
|
2013-11-01 07:57:18 -05:00
|
|
|
password_confirmation = (
|
|
|
|
cls.master.config.admin_password +
|
|
|
|
'\n' +
|
|
|
|
cls.master.config.admin_password
|
|
|
|
)
|
|
|
|
|
|
|
|
cls.master.run_command(['ipa', 'user-add', 'disabledipauser',
|
|
|
|
'--first', 'disabled',
|
|
|
|
'--last', 'ipauser',
|
|
|
|
'--password'],
|
|
|
|
stdin_text=password_confirmation)
|
|
|
|
|
|
|
|
cls.master.run_command(['ipa', 'user-disable', 'disabledipauser'])
|
|
|
|
|
2014-10-29 10:42:49 -05:00
|
|
|
cls.ad = cls.ad_domains[0].ads[0]
|
|
|
|
|
|
|
|
cls.legacy_client = cls.host_by_role(cls.required_extra_roles[0])
|
|
|
|
|
|
|
|
# Determine whether the subdomain AD is available
|
|
|
|
try:
|
|
|
|
child_ad = cls.host_by_role(cls.optional_extra_roles[0])
|
|
|
|
cls.ad_subdomain = '.'.join(
|
2017-02-08 04:38:08 -06:00
|
|
|
child_ad.hostname.split('.')[1:])
|
2014-10-29 10:42:49 -05:00
|
|
|
except LookupError:
|
|
|
|
cls.ad_subdomain = None
|
|
|
|
|
2017-02-08 04:38:08 -06:00
|
|
|
# Determine whether the tree domain AD is available
|
|
|
|
try:
|
|
|
|
cls.tree_ad = cls.host_by_role(cls.optional_extra_roles[1])
|
|
|
|
cls.ad_treedomain = '.'.join(
|
|
|
|
cls.tree_ad.hostname.split('.')[1:])
|
|
|
|
except LookupError:
|
|
|
|
cls.ad_treedomain = None
|
|
|
|
|
2014-10-29 10:42:49 -05:00
|
|
|
tasks.apply_common_fixes(cls.legacy_client)
|
|
|
|
|
|
|
|
for f in cls.backup_files:
|
|
|
|
tasks.backup_file(cls.legacy_client, f)
|
|
|
|
|
2013-11-01 07:57:18 -05:00
|
|
|
@classmethod
|
2014-12-15 04:29:05 -06:00
|
|
|
def uninstall(cls, mh):
|
2013-11-01 07:57:18 -05:00
|
|
|
cls.master.run_command(['ipa', 'user-del', 'disabledipauser'],
|
|
|
|
raiseonerr=False)
|
2014-01-20 02:28:26 -06:00
|
|
|
|
2016-10-14 01:04:43 -05:00
|
|
|
# Remove information about trust from AD, if domain was defined
|
|
|
|
if hasattr(cls, 'ad_domain'):
|
2021-01-24 08:02:10 -06:00
|
|
|
tasks.remove_trust_info_from_ad(cls.master, cls.ad_domain,
|
|
|
|
cls.ad_domain.hostname)
|
2016-10-14 01:04:43 -05:00
|
|
|
|
2014-01-20 02:28:26 -06:00
|
|
|
# Also unapply fixes on the legacy client, if defined
|
|
|
|
if hasattr(cls, 'legacy_client'):
|
|
|
|
tasks.unapply_fixes(cls.legacy_client)
|
|
|
|
|
2014-12-15 04:29:05 -06:00
|
|
|
super(BaseTestLegacyClient, cls).uninstall(mh)
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
|
2014-01-23 03:05:09 -06:00
|
|
|
# Base classes with attributes that are specific for each legacy client test
|
|
|
|
|
2018-09-26 04:59:50 -05:00
|
|
|
class BaseTestLegacySSSDBefore19RedHat:
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
advice_id = 'config-redhat-sssd-before-1-9'
|
|
|
|
required_extra_roles = ['legacy_client_sssd_redhat']
|
2017-01-10 08:17:40 -06:00
|
|
|
optional_extra_roles = ['ad_subdomain', 'ad_treedomain']
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
|
2018-09-26 04:59:50 -05:00
|
|
|
class BaseTestLegacyNssPamLdapdRedHat:
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
advice_id = 'config-redhat-nss-pam-ldapd'
|
|
|
|
required_extra_roles = ['legacy_client_nss_pam_ldapd_redhat']
|
2017-01-10 08:17:40 -06:00
|
|
|
optional_extra_roles = ['ad_subdomain', 'ad_treedomain']
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
def clear_sssd_caches(self):
|
|
|
|
tasks.clear_sssd_cache(self.master)
|
|
|
|
|
|
|
|
|
2018-09-26 04:59:50 -05:00
|
|
|
class BaseTestLegacyNssLdapRedHat:
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
advice_id = 'config-redhat-nss-ldap'
|
|
|
|
required_extra_roles = ['legacy_client_nss_ldap_redhat']
|
2017-01-10 08:17:40 -06:00
|
|
|
optional_extra_roles = ['ad_subdomain', 'ad_treedomain']
|
2013-11-01 07:57:18 -05:00
|
|
|
|
|
|
|
def clear_sssd_caches(self):
|
|
|
|
tasks.clear_sssd_cache(self.master)
|
2014-01-23 03:05:09 -06:00
|
|
|
|
|
|
|
|
|
|
|
# Base classes that join legacy client specific steps with steps required
|
|
|
|
# to setup IPA with trust (both with and without using the POSIX attributes)
|
|
|
|
|
2019-05-14 15:15:47 -05:00
|
|
|
class BaseTestLegacyClientPosix(trust_tests.BaseTestTrust,
|
|
|
|
BaseTestLegacyClient):
|
2014-01-23 03:05:09 -06:00
|
|
|
|
|
|
|
testuser_uid_regex = '10042'
|
|
|
|
testuser_gid_regex = '10047'
|
2014-02-04 19:30:14 -06:00
|
|
|
subdomain_testuser_uid_regex = '10142'
|
|
|
|
subdomain_testuser_gid_regex = '10147'
|
2017-02-08 04:38:08 -06:00
|
|
|
treedomain_testuser_uid_regex = '10242'
|
|
|
|
treedomain_testuser_gid_regex = '10247'
|
2014-02-06 09:08:04 -06:00
|
|
|
posix_trust = True
|
2014-01-23 03:05:09 -06:00
|
|
|
|
|
|
|
def test_remove_trust_with_posix_attributes(self):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2019-05-14 15:15:47 -05:00
|
|
|
class BaseTestLegacyClientNonPosix(trust_tests.BaseTestTrust,
|
|
|
|
BaseTestLegacyClient):
|
2014-01-23 03:05:09 -06:00
|
|
|
|
2018-09-24 03:49:45 -05:00
|
|
|
testuser_uid_regex = r'(?!10042)(\d+)'
|
|
|
|
testuser_gid_regex = r'(?!10047)(\d+)'
|
|
|
|
subdomain_testuser_uid_regex = r'(?!10142)(\d+)'
|
|
|
|
subdomain_testuser_gid_regex = r'(?!10147)(\d+)'
|
|
|
|
treedomain_testuser_uid_regex = r'(?!10242)(\d+)'
|
|
|
|
treedomain_testuser_gid_regex = r'(?!10247)(\d+)'
|
2014-01-23 03:05:09 -06:00
|
|
|
|
|
|
|
def test_remove_nonposix_trust(self):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2018-09-26 04:59:50 -05:00
|
|
|
class BaseTestSSSDMixin:
|
2014-04-10 02:12:48 -05:00
|
|
|
|
|
|
|
def test_apply_advice(self):
|
|
|
|
super(BaseTestSSSDMixin, self).test_apply_advice()
|
2021-06-02 09:20:56 -05:00
|
|
|
tasks.setup_sssd_conf(self.legacy_client)
|
2014-04-10 02:12:48 -05:00
|
|
|
|
|
|
|
|
2014-02-04 19:30:14 -06:00
|
|
|
# Tests definitions themselves. Beauty. Just pure beauty.
|
2014-01-23 03:05:09 -06:00
|
|
|
|
2014-04-10 02:12:48 -05:00
|
|
|
class TestLegacySSSDBefore19RedHatNonPosix(BaseTestSSSDMixin,
|
|
|
|
BaseTestLegacySSSDBefore19RedHat,
|
2014-01-23 03:05:09 -06:00
|
|
|
BaseTestLegacyClientNonPosix):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class TestLegacyNssPamLdapdRedHatNonPosix(BaseTestLegacyNssPamLdapdRedHat,
|
|
|
|
BaseTestLegacyClientNonPosix):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class TestLegacyNssLdapRedHatNonPosix(BaseTestLegacyNssLdapRedHat,
|
|
|
|
BaseTestLegacyClientNonPosix):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2014-04-10 02:12:48 -05:00
|
|
|
class TestLegacySSSDBefore19RedHatPosix(BaseTestSSSDMixin,
|
|
|
|
BaseTestLegacySSSDBefore19RedHat,
|
2014-01-23 03:05:09 -06:00
|
|
|
BaseTestLegacyClientPosix):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class TestLegacyNssPamLdapdRedHatPosix(BaseTestLegacyNssPamLdapdRedHat,
|
|
|
|
BaseTestLegacyClientPosix):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class TestLegacyNssLdapRedHatPosix(BaseTestLegacyNssLdapRedHat,
|
|
|
|
BaseTestLegacyClientPosix):
|
|
|
|
pass
|