mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ipatests: added unlock_principal_password and change_principal
The unlock_principal_password unlocks the (new) user by running ldappasswd as the user. change_principal is an context manager that changes identity for the supplied api object by disconnecting and reconnecting the rpcclient in and outside of requested kerberos context. This context manager allows to run tests that cannot be executed as an admin user which can for example override an CA ACL. https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Milan Kubík
Martin Basti
parent
8d64485b2e
commit
d2ff5e4639
@ -27,6 +27,8 @@ from os import path
|
|||||||
import tempfile
|
import tempfile
|
||||||
import shutil
|
import shutil
|
||||||
import re
|
import re
|
||||||
|
import uuid
|
||||||
|
from contextlib import contextmanager
|
||||||
|
|
||||||
import six
|
import six
|
||||||
import ldap
|
import ldap
|
||||||
@ -34,9 +36,12 @@ import ldap.sasl
|
|||||||
import ldap.modlist
|
import ldap.modlist
|
||||||
|
|
||||||
import ipalib
|
import ipalib
|
||||||
|
from ipalib import api
|
||||||
from ipalib.plugable import Plugin
|
from ipalib.plugable import Plugin
|
||||||
from ipalib.request import context
|
from ipalib.request import context
|
||||||
from ipapython.dn import DN
|
from ipapython.dn import DN
|
||||||
|
from ipapython.ipautil import private_ccache, kinit_password, run
|
||||||
|
from ipaplatform.paths import paths
|
||||||
|
|
||||||
if six.PY3:
|
if six.PY3:
|
||||||
unicode = str
|
unicode = str
|
||||||
@ -666,3 +671,38 @@ def prepare_config(template, values):
|
|||||||
config.write(template.format(**values))
|
config.write(template.format(**values))
|
||||||
|
|
||||||
return config.name
|
return config.name
|
||||||
|
|
||||||
|
|
||||||
|
def unlock_principal_password(user, oldpw, newpw):
|
||||||
|
userdn = "uid={},{},{}".format(
|
||||||
|
user, api.env.container_user, api.env.basedn)
|
||||||
|
|
||||||
|
args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
|
||||||
|
'-s', newpw, '-x']
|
||||||
|
return run(args)
|
||||||
|
|
||||||
|
|
||||||
|
@contextmanager
|
||||||
|
def change_principal(user, password, client=None, path=None):
|
||||||
|
|
||||||
|
if path:
|
||||||
|
ccache_name = path
|
||||||
|
else:
|
||||||
|
ccache_name = os.path.join('/tmp', str(uuid.uuid4()))
|
||||||
|
|
||||||
|
if client is None:
|
||||||
|
client = api
|
||||||
|
|
||||||
|
|
||||||
|
client.Backend.rpcclient.disconnect()
|
||||||
|
|
||||||
|
with private_ccache(ccache_name):
|
||||||
|
kinit_password(user, password, ccache_name)
|
||||||
|
client.Backend.rpcclient.connect()
|
||||||
|
|
||||||
|
try:
|
||||||
|
yield
|
||||||
|
finally:
|
||||||
|
client.Backend.rpcclient.disconnect()
|
||||||
|
|
||||||
|
client.Backend.rpcclient.connect()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user