IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: check if username are not optimized out in semanage context

Browse Source 
ipa users having default semanage context were optimized out.
This test checks if those users are listed.

related ticket : https://pagure.io/SSSD/sssd/issue/3819

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Mohammad Rizwan Yusuf
2019-01-21 15:50:54 +05:30
committed by Florence Blanc-Renaud
parent 3ec29a7f6a
commit 144a9c74d6
1 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
ipatests/test_integration/test_user_permissions.py
View File

@@ -4,11 +4,10 @@
from __future__ import absolute_import from __future__ import absolute_import
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_ipa.integration import tasks from ipatests.pytest_ipa.integration import tasks
import paramiko
class TestUserPermissions(IntegrationTest): class TestUserPermissions(IntegrationTest):
topology = 'star' topology = 'star'
@@ -68,6 +67,47 @@ class TestUserPermissions(IntegrationTest):
# call ipa user-del --preserve # call ipa user-del --preserve
self.master.run_command(['ipa', 'user-del', '--preserve', testuser]) self.master.run_command(['ipa', 'user-del', '--preserve', testuser])
def test_selinux_user_optimized(self):
"""
Check that SELinux login context is set on first login for the
user, even if the user is not mapped to a specific SELinux user.
Related ticket https://pagure.io/SSSD/sssd/issue/3819.
"""
# Scenario: add an IPA user with non-default home dir, login through
# ssh as this user and check that there is a SELinux user mapping
# for the user with `semanage login -l`.
# kinit admin
tasks.kinit_admin(self.master)
testuser = 'testuser_selinux'
password = 'Secret123'
testuser_password_confirmation = "%s\n%s\n" % (password,
password)
self.master.run_command(['ipa', 'user-add', testuser,
'--first', testuser,
'--last', testuser,
'--password',
'--homedir',
'/root/{}'.format(testuser)],
stdin_text=testuser_password_confirmation)
# login to the system
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(self.master.hostname,
username=testuser,
password=password)
client.close()
# check if user listed in output
cmd = self.master.run_command(['semanage', 'login', '-l'])
assert testuser in cmd.stdout_text
# call ipa user-del
self.master.run_command(['ipa', 'user-del', testuser])
def test_stageuser_show_as_alternate_admin(self): def test_stageuser_show_as_alternate_admin(self):
""" """
Test that a user member of admins group can call stageuser-show Test that a user member of admins group can call stageuser-show