ipatests: check if username are not optimized out in semanage context

ipa users having default semanage context were optimized out.
This test checks if those users are listed.

related ticket : https://pagure.io/SSSD/sssd/issue/3819

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Mohammad Rizwan Yusuf 2019-01-21 15:50:54 +05:30 committed by Florence Blanc-Renaud
parent 3ec29a7f6a
commit 144a9c74d6

View File

@ -4,11 +4,10 @@
from __future__ import absolute_import
from ipaplatform.paths import paths
from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_ipa.integration import tasks
import paramiko
class TestUserPermissions(IntegrationTest):
topology = 'star'
@ -68,6 +67,47 @@ class TestUserPermissions(IntegrationTest):
# call ipa user-del --preserve
self.master.run_command(['ipa', 'user-del', '--preserve', testuser])
def test_selinux_user_optimized(self):
"""
Check that SELinux login context is set on first login for the
user, even if the user is not mapped to a specific SELinux user.
Related ticket https://pagure.io/SSSD/sssd/issue/3819.
"""
# Scenario: add an IPA user with non-default home dir, login through
# ssh as this user and check that there is a SELinux user mapping
# for the user with `semanage login -l`.
# kinit admin
tasks.kinit_admin(self.master)
testuser = 'testuser_selinux'
password = 'Secret123'
testuser_password_confirmation = "%s\n%s\n" % (password,
password)
self.master.run_command(['ipa', 'user-add', testuser,
'--first', testuser,
'--last', testuser,
'--password',
'--homedir',
'/root/{}'.format(testuser)],
stdin_text=testuser_password_confirmation)
# login to the system
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(self.master.hostname,
username=testuser,
password=password)
client.close()
# check if user listed in output
cmd = self.master.run_command(['semanage', 'login', '-l'])
assert testuser in cmd.stdout_text
# call ipa user-del
self.master.run_command(['ipa', 'user-del', testuser])
def test_stageuser_show_as_alternate_admin(self):
"""
Test that a user member of admins group can call stageuser-show