diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py deleted file mode 100644 index dcedcc1d99a..00000000000 --- a/src/tests/multihost/basic/conftest.py +++ /dev/null @@ -1,478 +0,0 @@ -from sssd.testlib.common.libkrb5 import krb5srv -from sssd.testlib.common.utils import sssdTools, PkiTools -from sssd.testlib.common.utils import LdapOperations -from sssd.testlib.common.libdirsrv import DirSrvWrap -from sssd.testlib.common.exceptions import PkiLibException -from sssd.testlib.common.exceptions import LdapException -from sssd.testlib.common.exceptions import SSSDException - -import pytest -try: - import ConfigParser -except ImportError: - import configparser as ConfigParser -import os -import tempfile -import ldap - - -pytest_plugins = ( - 'sssd.testlib.common.fixtures', -) - - -def pytest_configure(): - pytest.num_masters = 1 - pytest.num_ad = 0 - pytest.num_atomic = 0 - pytest.num_replicas = 0 - pytest.num_clients = 0 - pytest.num_others = 0 - - -@pytest.fixture(scope="class") -def multihost(session_multihost): - """ multihost fixture """ - return session_multihost - - -@pytest.fixture(scope="session") -def package_install(session_multihost): - """ Install required packages """ - distro = session_multihost.master[0].distro - pkg_list = 'acl authselect nss-tools 389-ds-base krb5-server '\ - 'openldap-clients krb5-workstation '\ - 'sssd sssd-dbus sssd-kcm ' \ - 'expect ldb-tools sssd-tools' - cmd = 'yum install -y %s' % (pkg_list) - if '8.' in distro: - enableidm = 'yum -y module enable idm:DL1' - session_multihost.master[0].run_command(enableidm) - session_multihost.master[0].run_command(cmd) - - -@pytest.fixture(scope="session") -def run_authselect(session_multihost): - """ Run authconfig to configure Kerberos and SSSD auth on remote host """ - authselect_cmd = 'authselect select sssd with-mkhomedir --force' - session_multihost.master[0].run_command(authselect_cmd) - - -@pytest.fixture(scope="session") -def nssdir(session_multihost): - """ Setup Self signed CA """ - server_list = [session_multihost.master[0].sys_hostname] - pki_inst = PkiTools() - try: - certdb = pki_inst.createselfsignedcerts(server_list) - except PkiLibException as err: - return (err.msg, err.rval) - else: - return certdb - - -@pytest.fixture(scope="session") -def setup_ldap(session_multihost, nssdir, request): - """ Setup Directory Server """ - ds_obj = DirSrvWrap(session_multihost.master[0], ssl=True, ssldb=nssdir) - ds_obj.create_ds_instance('example1', 'dc=example,dc=test') - - def remove_ldap(): - """ Remove ldap server instance """ - ds_obj.remove_ds_instance('example1') - request.addfinalizer(remove_ldap) - - -@pytest.fixture(scope="session") -def setup_kerberos(session_multihost, request): - """ Setup kerberos """ - tools = sssdTools(session_multihost.master[0]) - tools.config_etckrb5('EXAMPLE.TEST') - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - krb.krb_setup_new() - - def remove_kerberos(): - """ Remove kerberos instance """ - krb.destroy_krb5server() - remove_keytab = 'rm -f /etc/krb5.keytab' - session_multihost.master[0].run_command(remove_keytab) - request.addfinalizer(remove_kerberos) - - -@pytest.fixture(scope='class', autouse=True) -def setup_sssd(session_multihost, request): - """ Configure sssd.conf """ - domain_section = 'domain/EXAMPLE.TEST' - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - krb5_server = session_multihost.master[0].sys_hostname - cacert_loc = '/etc/openldap/cacerts/cacert.pem' - sssdConfig = ConfigParser.ConfigParser() - sssdConfig.optionxform = str - sssdConfig.add_section('sssd') - sssdConfig.set('sssd', 'domains', 'EXAMPLE.TEST') - sssdConfig.set('sssd', 'config_file_version', '2') - sssdConfig.set('sssd', 'services', 'nss, pam, sudo, ifp') - sssdConfig.add_section(domain_section) - sssdConfig.set(domain_section, 'enumerate', 'false') - sssdConfig.set(domain_section, 'id_provider', 'ldap') - sssdConfig.set(domain_section, 'ldap_uri', ldap_uri) - sssdConfig.set(domain_section, 'ldap_search_base', 'dc=example,dc=test') - sssdConfig.set(domain_section, 'ldap_tls_cacert', cacert_loc) - sssdConfig.set(domain_section, 'auth_provider', 'krb5') - sssdConfig.set(domain_section, 'krb5_server', krb5_server) - sssdConfig.set(domain_section, 'krb5_kpasswd', krb5_server) - sssdConfig.set(domain_section, 'krb5_realm', 'EXAMPLE.TEST') - sssdConfig.set(domain_section, 'debug_level', '9') - sssdConfig.set(domain_section, 'ldap_sudo_random_offset', '0') - sssdConfig.add_section('nss') - sssdConfig.set('nss', 'debug_level', '9') - sssdConfig.add_section('pam') - sssdConfig.set('pam', 'debug_level', '9') - sssdConfig.add_section('kcm') - sssdConfig.set('kcm', 'debug_level', '9') - temp_fd, temp_file_path = tempfile.mkstemp(suffix='conf', prefix='sssd') - with open(temp_file_path, "w") as outfile: - sssdConfig.write(outfile) - session_multihost.master[0].transport.put_file(temp_file_path, - '/etc/sssd/sssd.conf') - chg_perm = 'chmod 600 /etc/sssd/sssd.conf' - session_multihost.master[0].run_command(chg_perm) - os.close(temp_fd) - try: - session_multihost.master[0].service_sssd('restart') - except SSSDException: - journalctl_cmd = "journalctl -x -n 50 --no-pager" - session_multihost.master[0].run_command(journalctl_cmd) - assert False - - def stop_sssd(): - """ Stop sssd service """ - session_multihost.master[0].service_sssd('stop') - sssd_cache = ['cache_%s.ldb' % ('EXAMPLE.TEST'), 'config.ldb', - 'sssd.ldb', 'timestamps_%s.ldb' % ('EXAMPLE.TEST')] - for cache_file in sssd_cache: - db_file = '/var/lib/sss/db/%s' % (cache_file) - session_multihost.master[0].run_command(['rm', '-f', db_file]) - secrets_db = '/var/lib/sss/secrets/secrets.ldb' - session_multihost.master[0].run_command(['rm', '-f', secrets_db]) - request.addfinalizer(stop_sssd) - - -@pytest.fixture -def enable_kcm(session_multihost, request): - """ Enable sssd kcm """ - backup_krb5_conf = 'cp /etc/krb5.conf /etc/krb5.conf.nokcm' - session_multihost.master[0].run_command(backup_krb5_conf) - session_multihost.master[0].service_sssd('stop') - tools = sssdTools(session_multihost.master[0]) - tools.enable_kcm() - start_kcm = 'systemctl start sssd-kcm' - session_multihost.master[0].service_sssd('start') - session_multihost.master[0].run_command(start_kcm) - - def disable_kcm(): - """ Disable sssd kcm """ - restore_krb5_conf = 'cp /etc/krb5.conf.nokcm /etc/krb5.conf' - session_multihost.master[0].run_command(restore_krb5_conf) - stop_kcm = 'systemctl stop sssd-kcm' - session_multihost.master[0].run_command(stop_kcm) - request.addfinalizer(disable_kcm) - - -@pytest.fixture(scope='session') -def enable_oddjob(session_multihost, request): - """Enables and starts oddjob service""" - check_enabled = session_multihost.master[0].run_command( - 'systemctl is-enabled oddjobd.service', raiseonerr=False) - enabled = "enabled" in check_enabled.stdout_text - check_active = session_multihost.master[0].run_command( - 'systemctl is-active oddjobd.service', raiseonerr=False) - active = "inactive" not in check_active.stdout_text - if not enabled: - session_multihost.master[0].run_command( - 'systemctl enable oddjobd.service', raiseonerr=False) - if not active: - session_multihost.master[0].run_command( - 'systemctl start oddjobd.service', raiseonerr=False) - - def revert_odjob(): - """Reverts changes to oddjob service.""" - if not enabled: - session_multihost.master[0].run_command( - 'systemctl disable oddjobd.service', raiseonerr=False) - if not active: - session_multihost.master[0].run_command( - 'systemctl stop oddjobd.service', raiseonerr=False) - - request.addfinalizer(revert_odjob) - - -@pytest.fixture -def create_casesensitive_posix_user(session_multihost): - """ Create a case sensitive posix user """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - username = 'CAPSUSER-1' - user_info = {'cn': username, - 'uid': username, - 'uidNumber': '24583100', - 'gidNumber': '14564100'} - ldap_inst.posix_user("ou=People", "dc=example,dc=test", user_info) - krb.add_principal('CAPSUSER-1', 'user', 'Secret123') - - -@pytest.fixture -def set_case_sensitive_false(session_multihost, request): - """ Set case_sensitive to false in sssd domain section """ - bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig' - session_multihost.master[0].run_command(bkup_sssd) - session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST') - if domain_section in sssdconfig.sections(): - sssdconfig.set(domain_section, 'case_sensitive', 'false') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - session_multihost.master[0].service_sssd('restart') - - def restore_sssd(): - """ Restore sssd.conf """ - restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf' - session_multihost.master[0].run_command(restore_sssd) - session_multihost.master[0].service_sssd('restart') - request.addfinalizer(restore_sssd) - - -@pytest.fixture -def set_entry_cache_sudo_timeout(session_multihost, request): - """ Set entry cache sudo timeout in sssd.conf """ - bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig' - session_multihost.master[0].run_command(bkup_sssd) - session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST') - if domain_section in sssdconfig.sections(): - sssdconfig.set(domain_section, 'entry_cache_sudo_timeout', '30') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - session_multihost.master[0].service_sssd('restart') - - def restore_sssd(): - """ Restore sssd.conf """ - restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf' - session_multihost.master[0].run_command(restore_sssd) - session_multihost.master[0].service_sssd('restart') - request.addfinalizer(restore_sssd) - - -@pytest.fixture -def generic_sudorule(session_multihost, request): - """ Create a generic sudo rule """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - ldap_inst.org_unit('sudoers', 'dc=example,dc=test') - sudo_ou = 'ou=sudoers,dc=example,dc=test' - rule_dn1 = "%s,%s" % ('cn=lessrule', sudo_ou) - sudo_options = ["!requiretty", "!authenticate"] - try: - ldap_inst.add_sudo_rule(rule_dn1, 'ALL', - '/usr/bin/less', 'foo1', - sudo_options) - except LdapException: - pytest.fail("Failed to add sudo rule %s" % rule_dn1) - - def del_sudo_rule(): - """ Delete sudo rule """ - (ret, _) = ldap_inst.del_dn(rule_dn1) - assert ret == 'Success' - (ret, _) = ldap_inst.del_dn(sudo_ou) - assert ret == 'Success' - request.addfinalizer(del_sudo_rule) - - -@pytest.fixture -def enable_files_domain(session_multihost): - """ - Enable the implicit files domain - """ - session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.RawConfigParser(delimiters=('=')) - sssdconfig.read('/tmp/sssd.conf') - sssd_section = 'sssd' - if sssd_section in sssdconfig.sections(): - sssdconfig.set(sssd_section, 'enable_files_domain', 'true') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - session_multihost.master[0].service_sssd('restart') - - -@pytest.fixture(scope="class") -def files_domain_users_class(request, session_multihost): - users = ('lcl1', 'lcl2', 'lcl3') - for user in users: - useradd_cmd = "useradd %s" % (user) - session_multihost.master[0].run_command(useradd_cmd) - - no_home_users = ('no_home_user', ) - for user in no_home_users: - useradd_cmd = "useradd --no-create-home %s" % (user) - session_multihost.master[0].run_command(useradd_cmd) - usermod_cmd = "usermod -d /tmp %s" % (user) - session_multihost.master[0].run_command(usermod_cmd) - - def teardown_files_domain_users(): - for user in users + no_home_users: - userdel_cmd = "userdel %s" % (user) - session_multihost.master[0].run_command(userdel_cmd) - request.addfinalizer(teardown_files_domain_users) - - -@pytest.fixture -def case_sensitive_sudorule(session_multihost, - create_casesensitive_posix_user, - request): - """ Create posix user and groups """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - ldap_inst.org_unit('sudoers', 'dc=example,dc=test') - sudo_ou = 'ou=sudoers,dc=example,dc=test' - rule_dn1 = "%s,%s" % ('cn=lessrule', sudo_ou) - rule_dn2 = "%s,%s" % ('cn=morerule', sudo_ou) - sudo_options = ["!requiretty", "!authenticate"] - try: - ldap_inst.add_sudo_rule(rule_dn1, 'ALL', - '/usr/bin/less', 'capsuser-1', - sudo_options) - except LdapException: - pytest.fail("Failed to add sudo rule %s" % rule_dn1) - try: - ldap_inst.add_sudo_rule(rule_dn2, 'ALL', - '/usr/bin/more', 'CAPSUSER-1', - sudo_options) - except LdapException: - pytest.fail("Failed to add sudo rule %s" % rule_dn2) - - def del_sensitive_sudo_rule(): - """ Delete sudo rule """ - (ret, _) = ldap_inst.del_dn(rule_dn1) - assert ret == 'Success' - (ret, _) = ldap_inst.del_dn(rule_dn2) - assert ret == 'Success' - (ret, _) = ldap_inst.del_dn(sudo_ou) - assert ret == 'Success' - request.addfinalizer(del_sensitive_sudo_rule) - - -@pytest.fixture -def enable_sss_sudo_nsswitch(session_multihost, tmpdir, request): - """Enable sss backend for sudoers in nsswitch.conf """ - conf = '/etc/nsswitch.conf' - local_conf = tmpdir.mkdir("tmpdir").join('nsswitch.conf') - backup_cmd = "cp -f /etc/nsswitch.conf /etc/nsswitch.conf.backup" - session_multihost.master[0].run_command(backup_cmd) - content = '\nsudoers: sss\n' - session_multihost.master[0].transport.get_file(conf, str(local_conf)) - - local_conf.write(content, mode='a') - session_multihost.master[0].transport.put_file(str(local_conf), - '/etc/nsswitch.conf') - - def restore_nsswitch(): - """ Restore nsswitch.conf """ - restore_cmd = 'cp -f /etc/nsswitch.conf.backup /etc/nsswitch.conf' - session_multihost.master[0].run_command(restore_cmd) - request.addfinalizer(restore_nsswitch) - - -@pytest.fixture(scope='session') -def create_posix_usersgroups(session_multihost): - """ Create posix user and groups """ - ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname) - ds_rootdn = 'cn=Directory Manager' - ds_rootpw = 'Secret123' - ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - for i in range(10): - user_info = {'cn': 'foo%d' % i, - 'uid': 'foo%d' % i, - 'uidNumber': '1458310%d' % i, - 'gidNumber': '14564100', - 'userPassword': 'Secret123'} - if ldap_inst.posix_user("ou=People", "dc=example,dc=test", user_info): - krb.add_principal('foo%d' % i, 'user', 'Secret123') - else: - print("Unable to add ldap User %s" % (user_info)) - assert False - memberdn = 'uid=%s,ou=People,dc=example,dc=test' % ('foo0') - group_info = {'cn': 'ldapusers', - 'gidNumber': '14564100', - 'uniqueMember': memberdn} - try: - ldap_inst.posix_group("ou=Groups", "dc=example,dc=test", group_info) - except LdapException: - assert False - group_dn = 'cn=ldapusers,ou=Groups,dc=example,dc=test' - for i in range(1, 10): - user_dn = 'uid=foo%d,ou=People,dc=example,dc=test' % i - add_member = [(ldap.MOD_ADD, 'uniqueMember', user_dn.encode('utf-8'))] - (ret, _) = ldap_inst.modify_ldap(group_dn, add_member) - assert ret == 'Success' - - -@pytest.fixture(scope='session') -def create_many_user_principals(session_multihost): - krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST') - for i in range(1, 65): - username = "user%04d" % i - krb.add_principal(username, 'user', 'Secret123') - - -@pytest.fixture(scope="session", autouse=True) -def setup_session(request, session_multihost, - package_install, - run_authselect, - setup_ldap, - setup_kerberos, - create_posix_usersgroups, - enable_oddjob, - create_testdir): - """ Run all session scoped fixtures """ - tp = TestPrep(session_multihost) - tp.setup() - - def teardown_session(): - """ Run teardown session scoped fixtures """ - tp.teardown() - request.addfinalizer(teardown_session) - - -class TestPrep(object): - """ Initialize Session """ - def __init__(self, multihost): - self.multihost = multihost - - def setup(self): - """ Start session """ - print("\n............Session Setup...............") - - def teardown(self): - """ End session """ - print("\n............Session Ends.................") diff --git a/src/tests/multihost/basic/mhc.yaml b/src/tests/multihost/basic/mhc.yaml deleted file mode 100644 index 24d505481a6..00000000000 --- a/src/tests/multihost/basic/mhc.yaml +++ /dev/null @@ -1,8 +0,0 @@ -root_password: 'vagrant' -domains: -- name: tier0.tests - type: sssd - hosts: - - name: client - external_hostname: client.test - role: master diff --git a/src/tests/multihost/basic/test_basic.py b/src/tests/multihost/basic/test_basic.py deleted file mode 100644 index 214cecc48e5..00000000000 --- a/src/tests/multihost/basic/test_basic.py +++ /dev/null @@ -1,84 +0,0 @@ -""" SSSD Sanity Test Cases - -:requirement: IDM-SSSD-REQ : KRB5 Provider -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" -import time -import configparser as ConfigParser -from sssd.testlib.common.utils import sssdTools - - -class TestSanitySSSD(object): - """ Basic Sanity Test cases """ - @staticmethod - def test_ssh_user_login(multihost): - """ - :title: Login: Check ssh login as LDAP user with Kerberos credentials - :id: b7600a46-1827-486a-ae2e-cbedad6ddf41 - """ - client = sssdTools(multihost.master[0]) - ssh0 = client.auth_from_client("foo1", 'Secret123') == 3 - assert ssh0, "Authentication Failed as user foo1" - - @staticmethod - def test_kinit(multihost): - """ - :title: Login: Verify kinit is successfull after user login - :id: 5e15e9e9-c559-49b8-a164-abe13d82d0fd - """ - user = 'foo2' - cmd = multihost.master[0].run_command( - f'su - {user} -c "kinit"', stdin_text='Secret123', - raiseonerr=False) - assert cmd.returncode == 0, "kinit failed!" - - cmd2 = multihost.master[0].run_command( - f'su - {user} -c "klist"', raiseonerr=False) - assert cmd2.returncode == 0, "klist failed!" - - @staticmethod - def test_offline_ssh_login(multihost): - """ - :title: Login: Verify offline ssh login - :id: 90e9a834-a1f9-4bef-bdae-57a7b411cce4 - """ - multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.RawConfigParser() - sssdconfig.read('/tmp/sssd.conf') - domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST') - if domain_section in sssdconfig.sections(): - sssdconfig.set(domain_section, 'cache_credentials', 'True') - sssdconfig.set(domain_section, 'krb5_store_password_if_offline', - 'True') - sssdconfig.set('pam', 'offline_credentials_expiration', '0') - with open('/tmp/sssd.conf', "w") as file_d: - sssdconfig.write(file_d) - else: - print("Could not fetch sssd.conf") - assert False - multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - multihost.master[0].service_sssd('restart') - time.sleep(5) - client = sssdTools(multihost.master[0]) - user = 'foo4' - ssh0 = client.auth_from_client(user, password='Secret123') == 3 - assert ssh0, f"Initial ssh login as {user} failed." - - stop_dirsrv = 'systemctl stop dirsrv@example1' - stop_krb5kdc = 'systemctl stop krb5kdc' - multihost.master[0].run_command(stop_dirsrv) - multihost.master[0].run_command(stop_krb5kdc) - - ssh1 = client.auth_from_client(user, password='Secret123') == 3 - - start_dirsrv = 'systemctl start dirsrv@example1' - start_krb5kdc = 'systemctl start krb5kdc' - multihost.master[0].run_command(start_dirsrv) - multihost.master[0].run_command(start_krb5kdc) - - assert ssh1, f"Offline ssh login as {user} failed." diff --git a/src/tests/multihost/basic/test_config.py b/src/tests/multihost/basic/test_config.py deleted file mode 100644 index 00a82204cb6..00000000000 --- a/src/tests/multihost/basic/test_config.py +++ /dev/null @@ -1,109 +0,0 @@ -""" SSSD Configuration-related Test Cases - -:requirement: IDM-SSSD-REQ: Configuration merging -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" - -from utils_config import set_param, remove_section - - -class TestSSSDConfig(object): - """ - Test cases around SSSD config management - """ - def _assert_config_value(self, multihost, section, key, value): - # This would really be much, much nicer to implement using python-ldb - # but at the moment, the multihost tests rely on a virtual environment - # where everything is pip-installed..and python-ldb is not present in - # pip - confdb_dn = 'cn=%s,cn=config' % (section) - ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b %s' % (confdb_dn) - cmd = multihost.master[0].run_command(ldb_cmd) - check_str = '%s: %s' % (key, value) - assert check_str in cmd.stdout_text - - def test_sssd_genconf_sssd_running(self, multihost): - """ - :title: config: sssd --genconf is able to re-generate - the configuration even while SSSD is running - :id: 078721e9-536b-4fd8-a36d-bd94673228fc - """ - multihost.master[0].service_sssd('restart') - - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - - set_param(multihost, 'pam', 'debug_level', '1') - multihost.master[0].run_command('/usr/sbin/sssd --genconf') - self._assert_config_value(multihost, 'pam', 'debug_level', '1') - - set_param(multihost, 'pam', 'debug_level', '9') - - def test_sssd_genconf_section_only(self, multihost): - """ - :title: config: sssd --genconf-section only - refreshes those sections given on the command line - :id: 011bf2ad-4a2a-4350-adfa-7826349e262f - """ - multihost.master[0].service_sssd('restart') - - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - set_param(multihost, 'pam', 'debug_level', '1') - set_param(multihost, 'nss', 'debug_level', '1') - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=pam') - - # We only told genconf to touch the pam section.. - self._assert_config_value(multihost, 'pam', 'debug_level', '1') - # ..so the NSS section shouldn't be updated at all - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - set_param(multihost, 'nss', 'debug_level', '9') - set_param(multihost, 'pam', 'debug_level', '9') - - def test_sssd_genconf_add_remove_section(self, multihost): - """ - :title: config: sssd --genconf-section can not only modify - existing configuration sections, but also add a new section - :id: 8df66b51-aadc-456e-8f27-a1a787e61769 - """ - # Establish a baseline - multihost.master[0].service_sssd('restart') - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - set_param(multihost, 'foo', 'bar', 'baz') - - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=foo') - - ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b cn=foo,cn=config' - cmd = multihost.master[0].run_command(ldb_cmd) - assert 'bar: baz' in cmd.stdout_text - - remove_section(multihost, 'foo') - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=foo') - - ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b cn=foo,cn=config' - cmd = multihost.master[0].run_command(ldb_cmd) - assert 'foo' not in cmd.stdout_text - # Also make sure the existing sections were intact - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - def test_sssd_genconf_no_such_section(self, multihost): - """ - :title: config: Referencing a non-existant section must not fail - :id: 4e160dcc-9789-4f3f-b8d4-c67d27ef4a1c - :description: Referencing a non-existant section must not fail, - because we want to call this command from the systemd unit files - and by default the sections don't have to be present - """ - multihost.master[0].service_sssd('restart') - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=xyz') diff --git a/src/tests/multihost/basic/test_files.py b/src/tests/multihost/basic/test_files.py deleted file mode 100644 index f4ab938f7e4..00000000000 --- a/src/tests/multihost/basic/test_files.py +++ /dev/null @@ -1,74 +0,0 @@ -"""Files test provider cases - -:requirement: IDM-SSSD-REQ :: SSSD is default for local resolution -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" -import pytest - - -def have_files_provider(multihost): - cmd = multihost.master[0].run_command('man sssd-files | grep files', raiseonerr=False) - return cmd.returncode == 0 - - -def get_sss_entry(multihost, db, ent_name): - cmd = multihost.master[0].run_command('getent %s -s sss %s' % (db, ent_name), raiseonerr=False) - return cmd.returncode, cmd.stdout_text - - -def get_sss_user(multihost, username): - return get_sss_entry(multihost, 'passwd', username) - - -@pytest.mark.usefixtures('enable_files_domain', 'files_domain_users_class') -class TestImplicitFilesProvider(object): - """ - Test the files provider. This test runs the implicit files provider - together with another domain to stick close to what users use in Fedora - """ - def test_files_does_not_handle_root(self, multihost): - """ - :title: files: files provider does not handle root - :id: 5aa5165d-379f-4fc6-b4ed-b32b66406d4f - """ - if not have_files_provider(multihost): - pytest.skip("Files Provider support isn't available, skipping") - exit_status, _ = get_sss_user(multihost, 'root') - assert exit_status == 2 - - def test_files_sanity(self, multihost): - """ - :title: files: Test that the files provider can resolve a user - :id: 242cd094-b04d-4857-981a-8624573dde84 - """ - if not have_files_provider(multihost): - pytest.skip("Files Provider support isn't available, skipping") - exit_status, _ = get_sss_user(multihost, 'lcl1') - assert exit_status == 0 - - def test_files_enumeration(self, multihost): - """ - :title: files: Verify files provider do not enumerate - :id: e6d922bf-3af2-4cea-8570-6dd9233da624 - :description: Since nss_files enumerates and libc would - concatenate the results, the files provider of SSSD should - not enumerate - """ - if not have_files_provider(multihost): - pytest.skip("Files Provider support isn't available, skipping") - cmd = multihost.master[0].run_command('getent passwd -s sss') - assert len(cmd.stdout_text) == 0 - - def test_updated_homedir(self, multihost): - """ - :title: files: Test that homedir is updated - :id: a9a0a911-1818-40d1-b897-0397ef107fd4 - """ - if not have_files_provider(multihost): - pytest.skip("Files Provider support isn't available, skipping") - exit_status, output = get_sss_user(multihost, 'no_home_user') - assert exit_status == 0 - assert ":/tmp:" in output diff --git a/src/tests/multihost/basic/test_ifp.py b/src/tests/multihost/basic/test_ifp.py deleted file mode 100644 index a8cf24b9f6c..00000000000 --- a/src/tests/multihost/basic/test_ifp.py +++ /dev/null @@ -1,37 +0,0 @@ -"""InfoPipe test cases - -:requirement: IDM-SSSD-REQ : Configuration and Service Management -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" -import pytest - - -class TestInfoPipe(object): - """ - Test the InfoPipe responder - """ - def test_ifp_extra_attributes_property(self, multihost): - """ - :title: ifp: requesting the extraAttributes property works - :id: 23b8c7e8-df4b-47ef-b38e-0503040e1d67 - see e.g. https://github.com/SSSD/sssd/issues/4891 - """ - # Note that this test needs dbus-tools package that - # is not implicitly installed here. - check_ifp = "libsss_simpleifp" in multihost.master[0].run_command("rpm -qa").stdout_text - if not check_ifp: - pytest.skip("libsss_simpleifp is not present, skipping test.") - dbus_send_cmd = \ - """ - dbus-send --print-reply --system \ - --dest=org.freedesktop.sssd.infopipe \ - /org/freedesktop/sssd/infopipe/Users/LDAP_2eTEST/123 \ - org.freedesktop.DBus.Properties.Get \ - string:"org.freedesktop.sssd.infopipe.Users.User" \ - string:"extraAttributes" - """ - cmd = multihost.master[0].run_command(dbus_send_cmd) - assert cmd.returncode == 0 diff --git a/src/tests/multihost/basic/test_kcm.py b/src/tests/multihost/basic/test_kcm.py deleted file mode 100644 index 8f527f6b81d..00000000000 --- a/src/tests/multihost/basic/test_kcm.py +++ /dev/null @@ -1,340 +0,0 @@ -""" KCM Responder Sanity Test Cases - -:requirement: IDM-SSSD-REQ :: SSSD KCM as default Kerberos CCACHE provider -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" -import os -import re -import pytest -from pexpect import pxssh -from utils_config import set_param -from sssd.testlib.common.utils import sssdTools - - -class TestSanityKCM(object): - """ KCM Sanity Test cases """ - def _kcm_service_op(self, multihost, svc_op): - systemd_kcm_op = 'systemctl %s sssd-kcm' % (svc_op) - multihost.master[0].run_command(systemd_kcm_op) - - def _start_kcm(self, multihost): - self._kcm_service_op(multihost, 'start') - - def _stop_kcm(self, multihost): - self._kcm_service_op(multihost, 'stop') - - def _restart_kcm(self, multihost): - self._kcm_service_op(multihost, 'restart') - - def _remove_kcm_log_file(self, multihost): - multihost.master[0].run_command('rm -f /var/log/sssd/sssd_kcm.log') - - def _kcm_log_length(self, multihost): - basename = 'sssd_kcm.log' - kcm_log_file = '/var/log/sssd/' + basename - local_kcm_log_file = '/tmp/kcm.log' - try: - multihost.master[0].transport.get_file(kcm_log_file, - local_kcm_log_file) - except FileNotFoundError: - return 0 - - nlines = sum(1 for line in open(local_kcm_log_file)) - os.remove(local_kcm_log_file) - return nlines - - def _remove_secret_db(self, multihost): - multihost.master[0].run_command( - 'rm -f /var/lib/sss/secrets/secrets.ldb') - self._restart_kcm(multihost) - - @pytest.mark.usefixtures("enable_kcm") - def test_kinit_kcm(self, multihost): - """ - :title: kcm: Run kinit with KRB5CCNAME=KCM - :id: 245eecf6-04b9-4c9f-8685-681d184fbbcf - """ - self._start_kcm(multihost) - - user = 'foo3' - cmd = multihost.master[0].run_command( - f'su - {user} -c "KRB5CCNAME=KCM:; kinit"', stdin_text='Secret123', - raiseonerr=False) - assert cmd.returncode == 0, "kinit failed!" - - cmd2 = multihost.master[0].run_command( - f'su - {user} -c "KRB5CCNAME=KCM:; klist"', raiseonerr=False) - assert cmd2.returncode == 0, "klist failed!" - assert 'Ticket cache: KCM:14583103' in cmd2.stdout_text - - @staticmethod - @pytest.mark.usefixtures("enable_kcm") - def test_ssh_login_kcm(multihost): - """ - :title: kcm: Verify ssh logins are successuful with kcm as default - :id: 458ed1e4-b908-40d3-b2fd-392e8d2dcf4b - """ - # pylint: disable=unused-argument - client = sssdTools(multihost.master[0]) - ssh0 = client.auth_from_client("foo4", 'Secret123') == 3 - if not ssh0: - multihost.master[0].run_command( - 'journalctl -u sssd -n 50 --no-pager') - assert ssh0, "Authentication Failed as user foo4" - - @pytest.mark.usefixtures("enable_kcm") - def test_kcm_debug_level_set(self, multihost): - """ - :title: kcm: After kcm section with debug - level set restaring sssd-kcm service enables kcm debugging - :id: 31c74bfc-69d5-46bd-aef8-a5581970832e - :description: Test that just adding a [kcm] section and restarting - the kcm service enables debugging without having to restart the - whole sssd - """ - # Start from a known-good state where the configuration is refreshed - # by the monitor and logging is completely disabled - multihost.master[0].service_sssd('stop') - self._stop_kcm(multihost) - self._remove_kcm_log_file(multihost) - set_param(multihost, 'kcm', 'debug_level', '0') - multihost.master[0].service_sssd('start') - self._start_kcm(multihost) - - log_lines_pre = self._kcm_log_length(multihost) - - # Debugging is disabled, kinit and make sure that no debug messages - # were produced - user = 'foo3' - client = sssdTools(multihost.master[0]) - ssh0 = client.auth_from_client(user, 'Secret123') == 3 - assert ssh0, f"Authentication Failed as user {user}." - - multihost.master[0].run_command( - f'su - {user} -c "kdestroy"', raiseonerr=False) - - log_lines_nodebug = self._kcm_log_length(multihost) - assert log_lines_nodebug == log_lines_pre - - # Enable debugging, restart only the kcm service, make sure some - # debug messages were produced - set_param(multihost, 'kcm', 'debug_level', '9') - self._restart_kcm(multihost) - - ssh1 = client.auth_from_client(user, 'Secret123') == 3 - assert ssh1, f"Authentication Failed as user {user}." - - multihost.master[0].run_command( - f'su - {user} -c "kdestroy"', raiseonerr=False) - - log_lines_debug = self._kcm_log_length(multihost) - assert log_lines_debug > log_lines_pre + 100 - - @staticmethod - @pytest.mark.usefixtures("enable_kcm") - def test_kdestroy_retval(multihost): - """ - :title: kcm: Test that destroying an empty cache does - not return a non-zero return code - :id: 2826097f-e6d7-4d99-ac85-3ee081aa681a - """ - - user = 'foo3' - client = sssdTools(multihost.master[0]) - ssh0 = client.auth_from_client(user, 'Secret123') == 3 - assert ssh0, f"Authentication Failed as user {user}." - - kd1 = multihost.master[0].run_command( - f'su -l {user} -c "kdestroy"', raiseonerr=False) - assert kd1.returncode == 0, "First kdestroy failed!" - - # Run the command again in case there was something in the ccache - # previously - kd2 = multihost.master[0].run_command( - f'su -l {user} -c "kdestroy"', raiseonerr=False) - assert kd2.returncode == 0, "Second kdestroy failed!" - - @staticmethod - @pytest.mark.usefixtures("enable_kcm") - def test_ssh_forward_creds(multihost): - """ - :title: kcm: Test that SSH can forward credentials with KCM - :id: f4b0c785-a895-48a1-a55e-7519cf221393 - :ticket: https://github.com/SSSD/sssd/issues/4863 - """ - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True - try: - ssh.login(multihost.master[0].sys_hostname, 'foo3', 'Secret123') - ssh.sendline('kdestroy -A -q') - ssh.prompt(timeout=5) - ssh.sendline('kinit foo9') - ssh.expect('Password for .*:', timeout=10) - ssh.sendline('Secret123') - ssh.prompt(timeout=5) - ssh.sendline('klist') - ssh.prompt(timeout=5) - klist = str(ssh.before) - ssh.sendline(f'ssh -v -o StrictHostKeyChecking=no -K -l foo9 ' - f'{multihost.master[0].sys_hostname} klist') - ssh.prompt(timeout=30) - ssh_output = str(ssh.before) - ssh.logout() - except pxssh.ExceptionPxssh as ex: - pytest.fail(ex) - # Note: The cache is based on uid so for foo3 it is 14583103 and - # for foo9 it is 14583109 (see create_posix_usersgroups fixture) - assert 'KCM:14583103' in klist, "kinit did not work!" - assert 'KCM:14583109' in ssh_output, "Ticket not forwarded!" - - @staticmethod - @pytest.mark.usefixtures("enable_kcm") - def test_kvno_display(multihost): - """ - :title: kcm: Test kvno correctly displays version numbers of principals - :id: 7c9178e6-fea5-44a1-b473-76667624cee2 - :ticket: https://github.com/SSSD/sssd/issues/4763 - """ - host_princ = f'host/{multihost.master[0].sys_hostname}@EXAMPLE.TEST' - kvno_cmd = f'kvno {host_princ}' - - client = sssdTools(multihost.master[0]) - client.auth_from_client('foo4', 'Secret123') - - kvno = multihost.master[0].run_command( - f'su -l foo4 -c "{kvno_cmd}"', raiseonerr=False) - assert kvno.returncode == 0, "kvno failed!" - - for line in kvno.stdout_text.splitlines(): - kvno_check = re.search(r'%s: kvno = (\d+)' % host_princ, line) - if kvno_check: - print(kvno_check.group()) - else: - pytest.fail("kvno display was improper") - - @pytest.mark.usefixtures("enable_kcm", "create_many_user_principals") - def test_kcm_peruid_quota(self, multihost): - """ - :title: kcm: Make sure the quota limits a client, but only that client - :id: 3ac8f62e-05e4-4ca7-b588-145fd6258c2a - """ - # It is easier to keep these tests stable and independent from others - # if they start from a clean slate - self._remove_secret_db(multihost) - - client = sssdTools(multihost.master[0]) - client.auth_from_client('foo2', 'Secret123') - client.auth_from_client('foo3', 'Secret123') - - # The loop would request 63 users, plus there is foo3 we authenticated - # earlier, so this should exactly deplete the quota, but should succeed - for i in range(1, 64): - username = "user%04d" % i - kinit = multihost.master[0].run_command( - f'su -l foo3 -c "kinit {username}"', - stdin_text='Secret123', raiseonerr=False) - assert kinit.returncode == 0 - - # this kinit should be exactly one over the peruid limit - kinit_f = multihost.master[0].run_command( - 'su -l foo3 -c "kinit user0064"', - stdin_text='Secret123', raiseonerr=False) - assert kinit_f.returncode != 0 - - # Since this is a per-uid limit, another user should be able to kinit - # just fine - # this kinit should be exactly one over the peruid limit - kinit_o = multihost.master[0].run_command( - 'su -l foo2 -c "kinit user0064"', - stdin_text='Secret123', raiseonerr=False) - assert kinit_o.returncode == 0 - - # kdestroy as the original user, the quota should allow a subsequent - # kinit - multihost.master[0].run_command( - 'su -l foo3 -c "kdestroy -A"', raiseonerr=False) - kinit_p = multihost.master[0].run_command( - 'su -l foo3 -c "kinit user0064"', - stdin_text='Secret123', raiseonerr=False) - assert kinit_p.returncode == 0 - - multihost.master[0].run_command( - 'su -l foo2 -c "kdestroy -A"', raiseonerr=False) - - multihost.master[0].run_command( - 'su -l foo3 -c "kdestroy -A"', raiseonerr=False) - - @pytest.mark.usefixtures("enable_kcm", "create_many_user_principals") - def test_kcm_peruid_quota_increase(self, multihost): - """ - :title: kcm: Quota increase - :id: 0b3cab49-befb-4ab2-bb12-b102d94249aa - :description: Increasing the peruid quota allows a client to store - more data - """ - # It is easier to keep these tests stable and independent from others - # if they start from a clean slate - self._remove_secret_db(multihost) - user = 'foo3' - client = sssdTools(multihost.master[0]) - client.auth_from_client(user, 'Secret123') - - # The loop would request 63 users, plus there is foo3 we authenticated - # earlier, so this should exactly deplete the quota, but should succeed - for i in range(1, 64): - username = "user%04d" % i - kinit = multihost.master[0].run_command( - f'su -l {user} -c "kinit {username}"', - stdin_text='Secret123', raiseonerr=False) - assert kinit.returncode == 0 - - # this kinit should be exactly one over the peruid limit - kinit_f = multihost.master[0].run_command( - f'su -l {user} -c "kinit user0064"', - stdin_text='Secret123', raiseonerr=False) - assert kinit_f.returncode != 0 - - set_param(multihost, 'kcm', 'max_uid_ccaches', '65') - self._restart_kcm(multihost) - - # Now the kinit should work as we increased the limit - kinit_p = multihost.master[0].run_command( - f'su -l {user} -c "kinit user0064"', - stdin_text='Secret123', raiseonerr=False) - assert kinit_p.returncode == 0 - - multihost.master[0].run_command( - f'su -l {user} -c "kdestroy -A"', raiseonerr=False) - - @pytest.mark.usefixtures("enable_kcm") - def test_kcm_payload_low_quota(self, multihost): - """ - :title: kcm: Quota enforcement - :id: cb3daadb-c5e7-48f8-b419-11c616f0d602 - :description: Set a prohibitive quota for the per-ccache payload - limit and make sure it gets enforced - """ - # It is easier to keep these tests stable and independent from others - # if they start from a clean slate - self._remove_secret_db(multihost) - user = 'foo3' - client = sssdTools(multihost.master[0]) - client.auth_from_client(user, 'Secret123') - - multihost.master[0].run_command( - f'su -l {user} -c "kdestroy -A"', raiseonerr=False) - - set_param(multihost, 'kcm', 'max_ccache_size', '1') - self._restart_kcm(multihost) - - # We use kinit to exceed the maximum ccache size as it creates payload - # of 1280 bytes by acquiring tgt and also some control credentials. - # SSH authentication is not sufficient as it stores only tgt. - kv_p = multihost.master[0].run_command( - f'su -l foo3 -c "kinit {user}@EXAMPLE.TEST"', - stdin_text='Secret123', raiseonerr=False) - assert kv_p.returncode != 0 diff --git a/src/tests/multihost/basic/test_ldap.py b/src/tests/multihost/basic/test_ldap.py deleted file mode 100644 index 2ea483b8d82..00000000000 --- a/src/tests/multihost/basic/test_ldap.py +++ /dev/null @@ -1,110 +0,0 @@ -""" SSSD LDAP provider tests - -:requirement: IDM-SSSD-REQ : LDAP Provider -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" - -import pytest -from sssd.testlib.common.utils import sssdTools -try: - import ConfigParser -except ImportError: - import configparser as ConfigParser - - -@pytest.fixture -def set_ldap_auth_provider(session_multihost, request): - """ Set entry cache sudo timeout in sssd.conf """ - bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig' - session_multihost.master[0].run_command(bkup_sssd) - session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST') - if domain_section in sssdconfig.sections(): - sssdconfig.set(domain_section, 'auth_provider', 'ldap') - sssdconfig.set(domain_section, - 'ldap_auth_disable_tls_never_use_in_production', - 'true') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - session_multihost.master[0].service_sssd('restart') - - def restore_sssd(): - """ Restore sssd.conf """ - restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf' - session_multihost.master[0].run_command(restore_sssd) - session_multihost.master[0].service_sssd('restart') - request.addfinalizer(restore_sssd) - - -@pytest.fixture -def set_ldap_pwmodify_mode_ldap_modify(session_multihost, request): - """ Set entry cache sudo timeout in sssd.conf """ - bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig' - session_multihost.master[0].run_command(bkup_sssd) - session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST') - if domain_section in sssdconfig.sections(): - sssdconfig.set(domain_section, 'ldap_pwmodify_mode', 'ldap_modify') - with open('/tmp/sssd.conf', "w") as sssconf: - sssdconfig.write(sssconf) - session_multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - session_multihost.master[0].service_sssd('restart') - - def restore_sssd(): - """ Restore sssd.conf """ - restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf' - session_multihost.master[0].run_command(restore_sssd) - session_multihost.master[0].service_sssd('restart') - request.addfinalizer(restore_sssd) - - -class TestLDAPChpass(object): - """ Test changing LDAP password """ - - @staticmethod - def _change_test_reset_password(multihost): - user = 'foo1' - client = sssdTools(multihost.master[0]) - ssh0 = client.auth_from_client(user, 'Secret123') == 3 - assert ssh0, f"Authentication Failed as user {user}" - client.change_user_password( - user, 'Secret123', 'Secret123', 'Secret1234', 'Secret1234') - - # Try logging in with the new password - ssh1 = client.auth_from_client(user, 'Secret1234') == 3 - assert ssh1, f"Authentication Failed as {user} with the new password." - - # Clean up and change the password back - client.change_user_password( - user, 'Secret1234', 'Secret1234', 'Secret123', 'Secret123') - - @staticmethod - def test_ldap_chpass_extop(multihost): - """ - :title: chpass: Test password change using the default extended - operation - :id: 4b3ab9a6-d26f-484d-994f-8bc74c31b9dd - """ - TestLDAPChpass._change_test_reset_password(multihost) - - @staticmethod - @pytest.mark.usefixtures("set_ldap_auth_provider", - "set_ldap_pwmodify_mode_ldap_modify") - def test_ldap_chpass_modify(multihost): - """ - :title: chpass: Test password change using LDAP modify - :id: 554c989d-f99b-4722-925b-5be54a33af89 - """ - TestLDAPChpass._change_test_reset_password(multihost) diff --git a/src/tests/multihost/basic/test_ldapapi.py b/src/tests/multihost/basic/test_ldapapi.py deleted file mode 100644 index 3cdc35e1b42..00000000000 --- a/src/tests/multihost/basic/test_ldapapi.py +++ /dev/null @@ -1,56 +0,0 @@ -""" SSSD LDAP provider tests - -:requirement: IDM-SSSD-REQ : LDAP Provider -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" - -import pytest -from sssd.testlib.common.utils import sssdTools - - -@pytest.fixture -def set_ldap_uri(multihost): - ldap_uri = 'ldapi://%2Frun%2Fslapd-example1.socket' - tools = sssdTools(multihost.master[0]) - domain_name = tools.get_domain_section_name() - master = sssdTools(multihost.master[0]) - domain_params = {'ldap_uri': ldap_uri} - master.sssd_conf(f'domain/{domain_name}', domain_params) - multihost.master[0].service_sssd('restart') - - -@pytest.mark.usefixtures("set_ldap_uri") -class TestLdapApi(object): - """ Basic Ldap Uri Test cases """ - @staticmethod - def test_ssh_user_login(multihost): - """ - :title: Add support for ldapi:// URLs - :bugzilla:https://bugzilla.redhat.com/show_bug.cgi?id=2152177 - :id: 4f4a01a6-da6d-11ed-9c8d-845cf3eff344 - :steps: - 1. Check user can be fetched from master server - 2. Check sssctl command works - 3. Check getent command works - 4. Check user can login to localhost - :expectedresults: - 1. User id should be fetched - 2. Should succeed - 3. Should succeed - 4. User should able to login to localhost - """ - std_out = multihost.master[0].run_command("id foo1").stdout_text - for data in ['foo1', 'ldapusers']: - assert data in std_out - std_out = multihost.master[0].run_command("sssctl user-checks foo1").stdout_text - for data in ["uidNumber", 'foo1', '/bin/bash']: - assert data in std_out - std_out = multihost.master[0].run_command("getent passwd foo1").stdout_text - for data in ['foo1', '/bin/bash']: - assert data in std_out - client = sssdTools(multihost.master[0]) - ssh0 = client.auth_from_client("foo1", 'Secret123') == 3 - assert ssh0, "Authentication Failed as user foo1" diff --git a/src/tests/multihost/basic/test_sssctl_config_check.py b/src/tests/multihost/basic/test_sssctl_config_check.py deleted file mode 100644 index f003a8d1967..00000000000 --- a/src/tests/multihost/basic/test_sssctl_config_check.py +++ /dev/null @@ -1,102 +0,0 @@ -"""sssctl config-check Test Cases - -:requirement: IDM-SSSD-REQ: Status utility -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" - -import re - - -class TestSssctlConfigCheck(object): - def test_verify_typo_option_name(self, multihost): - """ - :title: sssctl: Verify typos in option name (not value) - of configuration file - :id: 4089f5d6-cdeb-4bcb-9028-cabd97d43045 - """ - cfgget = '/etc/sssd/sssd.conf' - cfgput = '/tmp/sssd.conf.backup' - multihost.master[0].run_command(['/bin/cp', - '-a', cfgget, cfgput], - raiseonerr=False) - sssdcfg = multihost.master[0].get_file_contents(cfgget) - - # replacing ldap_search_base option with search_base - sssdcfg = re.sub(b"ldap_search_base", - b"search_base", sssdcfg) - multihost.master[0].put_file_contents(cfgget, sssdcfg) - sssctl_cmd = 'sssctl config-check' - cmd = multihost.master[0].run_command(sssctl_cmd, raiseonerr=False) - if cmd.returncode == 1: - log = re.compile(r'Attribute\s.search.base.\sis\snot\sallowed.*') - if log.search(cmd.stdout_text): - assert True - else: - assert False - else: - assert False - multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], - raiseonerr=False) - - def test_verify_typo_domain_name(self, multihost): - """ - :title: sssctl: Verify typos in domain name of configuration file - :id: a5d3a3a5-f832-4fc6-a628-9165dab69dd2 - """ - cfgget = '/etc/sssd/sssd.conf' - cfgput = '/tmp/sssd.conf.backup' - multihost.master[0].run_command(['/bin/cp', - '-a', cfgget, cfgput], - raiseonerr=False) - sssdcfg = multihost.master[0].get_file_contents(cfgget) - - # replacing the domain name with typo - sssdcfg = re.sub(b"domain/EXAMPLE.TEST", - b"domain/", sssdcfg) - multihost.master[0].put_file_contents(cfgget, sssdcfg) - sssctl_cmd = 'sssctl config-check' - cmd = multihost.master[0].run_command(sssctl_cmd, raiseonerr=False) - if cmd.returncode == 1: - log = re.compile(r'Section\s\[domain\/\]\sis\snot\sallowed.*') - if log.search(cmd.stdout_text): - assert True - else: - assert False - else: - assert False - multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], - raiseonerr=False) - - def test_misplaced_option(self, multihost): - """ - :title: sssctl: Verify misplace options in default configuration file - :id: ed814158-dea5-4f62-8500-fe62087332f9 - """ - cfgget = '/etc/sssd/sssd.conf' - cfgput = '/tmp/sssd.conf.backup' - sssdcfg = multihost.master[0].get_file_contents(cfgget) - - # adding services option under domain section - sssdcfg = re.sub(b"services = nss, pam, sudo, ifp", - b"#services = nss, pam, sudo, ifp", sssdcfg) - sssdcfg = re.sub(b".domain/EXAMPLE.TEST.", - b"[domain/EXAMPLE.TEST]" - b"\nservices = nss, pam, sudo, ifp", sssdcfg) - multihost.master[0].put_file_contents(cfgget, sssdcfg) - sssctl_cmd = 'sssctl config-check' - cmd = multihost.master[0].run_command(sssctl_cmd, - raiseonerr=False) - if cmd.returncode == 1: - log = re.compile( - r'.Attribute\s.services.\sis\snot\sallowed\sin\ssection\s.*') - if log.search(cmd.stdout_text): - assert True - else: - assert False - else: - assert False - multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], - raiseonerr=False) diff --git a/src/tests/multihost/basic/test_sudo.py b/src/tests/multihost/basic/test_sudo.py deleted file mode 100644 index 35861defd34..00000000000 --- a/src/tests/multihost/basic/test_sudo.py +++ /dev/null @@ -1,66 +0,0 @@ -""" SUDO responder sanity Test Cases - -:requirement: sudo -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" - -import time -import pytest -from sssd.testlib.common.utils import sssdTools - - -class TestSanitySudo(object): - """ Basic Sanity Test cases for sudo service in sssd """ - @staticmethod - @pytest.mark.converted('test_sudo.py', 'test_sudo__case_sensitive_false') - @pytest.mark.usefixtures( - "case_sensitive_sudorule", "enable_sss_sudo_nsswitch", - "set_case_sensitive_false") - def test_case_senitivity(multihost): - """ - :title: sudo: Verify case sensitivity in sudo responder - :id: 64ab80be-17fd-4c3b-9d9b-7d07c6279975 - """ - user = 'capsuser-1' - # Test ssh login - client = sssdTools(multihost.master[0]) - ssh_result = client.auth_from_client(user, 'Secret123') == 3 - cmd = multihost.master[0].run_command( - f'su - {user} -c "sudo -l"', raiseonerr=False) - rule_result = cmd.returncode == 0 and \ - '(root) NOPASSWD: /usr/bin/less' in cmd.stdout_text - rule2_result = cmd.returncode == 0 and \ - '(root) NOPASSWD: /usr/bin/more' in cmd.stdout_text - assert ssh_result, f"Ssh failed for user: {user}." - assert rule_result, f"Rules missing for user: {user}." - assert rule2_result, f"Rules missing for user: {user}." - - @staticmethod - @pytest.mark.converted('test_sudo.py', 'test_sudo__rules_refresh') - @pytest.mark.usefixtures("enable_sss_sudo_nsswitch", "generic_sudorule", - "set_entry_cache_sudo_timeout") - def test_refresh_expired_rule(multihost): - """ - :title: sudo: Verify refreshing expired sudo rules - do not crash sssd_sudo - :id: 532513b2-15bc-46ac-8fc9-19fd0bf485c4 - """ - - user = 'foo1' - # Test ssh login - client = sssdTools(multihost.master[0]) - ssh_result = client.auth_from_client(user, 'Secret123') == 3 - cmd = multihost.master[0].run_command( - f'su - {user} -c "sudo -l"', raiseonerr=False) - time.sleep(30) - cmd2 = multihost.master[0].run_command( - f'su - {user} -c "sudo -l"', raiseonerr=False) - - assert ssh_result, f"Ssh failed for user: {user}." - assert cmd.returncode == 0, \ - f"First sudo -l failed for user: {user}." - assert cmd2.returncode == 0, \ - f"Second sudo -l failed for user: {user}." diff --git a/src/tests/multihost/basic/utils_config.py b/src/tests/multihost/basic/utils_config.py deleted file mode 100644 index 11b718e1380..00000000000 --- a/src/tests/multihost/basic/utils_config.py +++ /dev/null @@ -1,32 +0,0 @@ -""" Various utilities for manipulating SSSD configuration """ -import configparser as ConfigParser - - -def set_param(multihost, section, key, value): - multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - if section not in sssdconfig.sections(): - sssdconfig.add_section(section) - - sssdconfig.set(section, key, value) - with open(str('/tmp/sssd.conf'), "w") as sssconf: - sssdconfig.write(sssconf) - - multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf') - - -def remove_section(multihost, section): - multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', - '/tmp/sssd.conf') - sssdconfig = ConfigParser.ConfigParser() - sssdconfig.read('/tmp/sssd.conf') - sssdconfig.remove_section(section) - - with open(str('/tmp/sssd.conf'), "w") as sssconf: - sssdconfig.write(sssconf) - - multihost.master[0].transport.put_file('/tmp/sssd.conf', - '/etc/sssd/sssd.conf')