Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tests: Nonroot adtiers #7310

Closed
wants to merge 7 commits into from
Closed
38 changes: 23 additions & 15 deletions src/tests/multihost/ad/test_ad_misc.py
Original file line number Diff line number Diff line change
Expand Up @@ -164,9 +164,9 @@ def test_0001_provider_config_cross_interference(
client.clear_sssd_cache()

# Evaluate test results
assert usr_cmd_1.returncode == 0,\
assert usr_cmd_1.returncode == 0, \
f"getent passwd {aduser} failed (AD without additional LDAP)."
assert usr_cmd_2.returncode != 0,\
assert usr_cmd_2.returncode != 0, \
f"getent passwd {aduser} passed (AD with LDAP with an " \
f"obfuscated password)."
assert "[sdap_cli_auth_step] (0x1000): Invalid authtoken type" \
Expand Down Expand Up @@ -253,7 +253,10 @@ def test_0003_gssapi_ssh(self, multihost, adjoin, create_aduser_group):
dom_name = client.get_domain_section_name()
ad_realm = multihost.ad[0].domainname.upper()
section = f"domain/{dom_name}"
section_params = {'krb5_confd_path': "/etc/krb5.conf.d/"}
section_params = {
'krb5_confd_path': "/etc/krb5.conf.d/",
'debug_level': '9',
}
client.sssd_conf(section, section_params, action="update")
client.clear_sssd_cache()
ad_user = f'{aduser}@{dom_name}'
Expand All @@ -268,8 +271,10 @@ def test_0003_gssapi_ssh(self, multihost, adjoin, create_aduser_group):
ssh.expect('Password for .*:', timeout=10)
ssh.sendline('Secret123')
ssh.prompt(timeout=5)
ssh.sendline('ssh -v -o StrictHostKeyChecking=no -o GSSAPIAuthentication=yes '
'-o PasswordAuthentication=no '
ssh.sendline('klist -A')
ssh.prompt(timeout=5)
ssh.sendline(f'ssh -v -o StrictHostKeyChecking=no -o GSSAPIAuthentication=yes '
f'-o PasswordAuthentication=no '
f'-o PubkeyAuthentication=no -K -l {ad_user} '
f'{multihost.client[0].sys_hostname} id')
ssh.prompt(timeout=30)
Expand Down Expand Up @@ -311,25 +316,27 @@ def test_0004_bz2110091(multihost, adjoin, create_aduser_group):
(ad_user, _) = create_aduser_group
domainname = multihost.ad[0].domainname
client = sssdTools(multihost.client[0], multihost.ad[0])
multihost.client[0].run_command(f'getent passwd {ad_user}@{domainname}')
dom_section = f'domain/{client.get_domain_section_name()}'
sssd_params = {'debug_level': '9'}
client.sssd_conf(dom_section, sssd_params)
client.sssd_conf(dom_section, {'debug_level': '9'})
client.clear_sssd_cache()
multihost.client[0].run_command(f'getent passwd {ad_user}@{domainname}')
client.remove_sss_cache("/var/log/sssd")
multihost.client[0].run_command('systemctl reboot', raiseonerr=False)
multihost.client[0].run_command('systemctl start sssd', raiseonerr=False)
log1 = re.compile(r'Destroying.the.old.c-ares.channel', re.IGNORECASE)
log2 = re.compile(r'\[recreate_ares_channel.*Initializing.new.c-ares.channel', re.IGNORECASE)
time.sleep(30)
# Reboot takes a long time in some cases so we try multiple times.
for _ in range(1, 10):
try:
dom_log = multihost.client[0].get_file_contents(f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8')
break
dom_log = multihost.client[0].get_file_contents(
f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8')
if log2.search(dom_log):
break
except OSError:
# There is no need to fail here as the assertion will fail anyway.
dom_log = "Could not pull the log file!"
time.sleep(30)
else:
# There is no need to fail here as the assertion will fail anyway.
dom_log = "Could not pull the log file!"
log1 = re.compile(r'Destroying.the.old.c-ares.channel', re.IGNORECASE)
log2 = re.compile(r'\[recreate_ares_channel.*Initializing.new.c-ares.channel', re.IGNORECASE)
assert log1.search(dom_log), 'Destroying the old c-ares related log missing'
assert log2.search(dom_log), 'Initializing new c-ares related log missing'

Expand All @@ -354,6 +361,7 @@ def test_0005_get_sid_by_username(multihost, adjoin, create_aduser_group):
(ad_user, _) = create_aduser_group
client = sssdTools(multihost.client[0], multihost.ad[0])
domain_name = client.get_domain_section_name()
client.sssd_conf(f'domain/{domain_name}', {'debug_level': '9'})
client.clear_sssd_cache()
multihost.client[0].run_command('dnf install python3-libsss_nss_idmap -y', raiseonerr=True)
with tempfile.NamedTemporaryFile(mode='w') as tfile:
Expand Down
76 changes: 40 additions & 36 deletions src/tests/multihost/ad/test_adparameters.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,12 @@ def test_0001_bz1296618(self, multihost, adjoin,
client = sssdTools(multihost.client[0], multihost.ad[0])
domain_name = client.get_domain_section_name()
basedn_entry = multihost.ad[0].domain_basedn_entry
users_dn_entry = '{},{}'.format('CN=Users', basedn_entry)
ad_group_dn = 'CN={},{}'.format(adgroup, users_dn_entry)
users_dn_entry = f'CN=Users,{basedn_entry}'
ad_group_dn = f'CN={adgroup},{users_dn_entry}'
domain = multihost.ad[0].domainname
client.sssd_conf(f'domain/{domain}', {'debug_level': '9'})
client.clear_sssd_cache()
user_id = 'id %s@%s' % (aduser, domain)
user_id = f'id {aduser}@{domain}'
multihost.client[0].run_command(user_id)
user_cache_entry = 'name=%s@%s,cn=users'\
',cn=%s,cn=sysdb' % (aduser, domain.lower(), domain)
Expand All @@ -59,8 +60,7 @@ def test_0001_bz1296618(self, multihost, adjoin,
client.remove_ad_user_group(aduser)
client.remove_ad_user_group(adgroup)
client.clear_sssd_cache()
id_lookup = 'id %s@%s' % (aduser, domain)
multihost.client[0].run_command(id_lookup, raiseonerr=False)
multihost.client[0].run_command(user_id, raiseonerr=False)
cmd = multihost.client[0].run_command(ldb_search, raiseonerr=False)
results = cmd.stdout_text.split()
assert ad_group_dn not in results
Expand All @@ -86,20 +86,12 @@ def test_0002_bz1287209(self, multihost, adjoin, create_aduser_group):
adjoin(membersw='adcli')
(ad_user, _) = create_aduser_group
client_ad = sssdTools(multihost.client[0], multihost.ad[0])
bkup = 'cp -af /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig'
multihost.client[0].run_command(bkup)
domainname = multihost.ad[0].domainname
domain_section = 'domain/{}'.format(domainname)
sssd_params = {'full_name_format': '%1$s'}
client_ad.sssd_conf(domain_section, sssd_params)
multihost.client[0].service_sssd('restart')
time.sleep(10)
domain = multihost.ad[0].domainname
su_cmd = 'su - %s@%s -c whoami' % (ad_user, domain)
client_ad.sssd_conf(f'domain/{domain}', {'full_name_format': '%1$s'})
client_ad.clear_sssd_cache()
su_cmd = f'su - {ad_user}@{domain} -c whoami'
cmd = multihost.client[0].run_command(su_cmd, raiseonerr=False)
assert ad_user == cmd.stdout_text.strip()
restore = 'cp -af /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf'
multihost.client[0].run_command(restore)

@pytest.mark.tier1
def test_0003_bz1421622(self, multihost, adjoin, create_aduser_group):
Expand All @@ -119,6 +111,9 @@ def test_0003_bz1421622(self, multihost, adjoin, create_aduser_group):
adjoin(membersw='adcli')
(_, _) = create_aduser_group
domain = multihost.ad[0].domainname.strip().upper()
client = sssdTools(multihost.client[0], multihost.ad[0])
client.sssd_conf(f'domain/{domain}', {'debug_level': '9'})
client.clear_sssd_cache()
userlist = ['users', 'Users', 'USERS', 'uSERS', 'UsErS', 'uSeRs',
'users']
domainlist = ['domain', 'Domain', 'DOMAIN', 'dOMAIN', 'DoMaIn',
Expand All @@ -144,7 +139,10 @@ def test_00015_authselect_cannot_validate_its_own_files(self, multihost, adjoin)
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1734302
"""
adjoin(membersw='adcli')
multihost.client[0].run_command("service sssd restart")
client = sssdTools(multihost.client[0], multihost.ad[0])
domain = multihost.ad[0].domainname.strip().upper()
client.sssd_conf(f'domain/{domain}', {'debug_level': '9'})
client.clear_sssd_cache()
multihost.client[0].run_command("yum install -y gdb")
multihost.client[0].run_command("gdb -quiet authselect -ex "
"'set breakpoint pending on' -ex "
Expand Down Expand Up @@ -178,17 +176,17 @@ def test_0005_BZ1527149_BZ1549675(self, multihost, adjoin, create_adgrp):
client = sssdTools(multihost.client[0])
domain_name = client.get_domain_section_name()
domain = multihost.ad[0].domainname.strip()
user = 'Administrator@%s' % domain
ldbcache = '/var/lib/sss/db/cache_%s.ldb' % domain_name
user_cache_entry = 'name=%s,cn=group,cn=%s,cn=sysdb' % (user, domain)
user = f'Administrator@{domain}'
ldbcache = f'/var/lib/sss/db/cache_{domain_name}.ldb'
user_cache_entry = f'name={user},cn=group,cn={domain},cn=sysdb'
# just to check sssd status checking following user lookup
getent_pwd_cmd = "getent passwd %s" % user
getent_pwd_cmd = f"getent passwd {user}"
cmd = multihost.client[0].run_command(getent_pwd_cmd, raiseonerr=False)
if cmd.returncode == 0:
getent_cmd = "getent group %s" % user
getent_cmd = f"getent group {user}"
cmd = multihost.client[0].run_command(getent_cmd, raiseonerr=False)
if cmd.returncode != 0:
ldbcmd = "ldbsearch -H %s -b %s" % (ldbcache, user_cache_entry)
ldbcmd = f"ldbsearch -H {ldbcache} -b {user_cache_entry}"
cmd = multihost.client[0].run_command(ldbcmd, raiseonerr=False)
if cmd.returncode == 0:
ldb_search_entry = cmd.stdout_text.strip().split('\n')[0]
Expand All @@ -197,8 +195,7 @@ def test_0005_BZ1527149_BZ1549675(self, multihost, adjoin, create_adgrp):
pytest.fail("Expected to get empty output for group lookup")

@pytest.mark.tier1
def test_0006_bz1592964(self, multihost, adjoin,
create_aduser_group,
def test_0006_bz1592964(self, multihost, adjoin, create_aduser_group,
create_domain_local_group,
add_user_in_domain_local_group):
"""
Expand All @@ -222,12 +219,11 @@ def test_0006_bz1592964(self, multihost, adjoin,
client = sssdTools(multihost.client[0])
domain_name = client.get_domain_section_name()
cfgget = '/etc/sssd/sssd.conf'
bkup_cmd = 'cp -f %s %s.backup' % (cfgget, cfgget)
multihost.client[0].run_command(bkup_cmd)
sssdcfg = multihost.client[0].get_file_contents(cfgget)
sssdcfg = sssdcfg.replace(b'services = nss, pam',
b'services = nss, pam, pac')
multihost.client[0].put_file_contents(cfgget, sssdcfg)
client.fix_sssd_conf_perms()
multihost.client[0].run_command('sss_cache -E')
multihost.client[0].service_sssd('restart')
time.sleep(20)
Expand All @@ -246,8 +242,6 @@ def test_0006_bz1592964(self, multihost, adjoin,
'ltestgroup4', 'ltestgroup5']
for _, group in enumerate(grouplist):
assert group in cmd1.stdout_text and cmd2.stdout_text
cp = '/bin/cp -a /etc/sssd/sssd.conf.backup /etc/sssd/sssd.conf'
multihost.client[0].run_command(cp)

@pytest.mark.tier2
def test_0007_bz1361597(self, multihost, adjoin, create_aduser_group):
Expand Down Expand Up @@ -335,12 +329,15 @@ def test_0008_bz1431858(self, multihost, adjoin):
4. Lookup should be successful
"""
adjoin(membersw='adcli')
client = sssdTools(multihost.client[0], multihost.ad[0])
domain = multihost.ad[0].domainname.strip().upper()
client.sssd_conf(f'domain/{domain}', {'debug_level': '9'})
user = "Administrator"
ad_realm = multihost.ad[0].domainname
cmd = "id %s@%s" % (user, ad_realm)
multihost.client[0].run_command(cmd, raiseonerr=False)
output = multihost.client[0].run_command('klist -kt').stdout_text
search = "host/{}".format(multihost.client[0].external_hostname)
search = f"host/{multihost.client[0].external_hostname}"
assert output.find(search) != -1

@pytest.mark.tier1
Expand All @@ -358,10 +355,14 @@ def test_0009_bz1565761(self, multihost, adjoin):
2. Empty output
"""
adjoin(membersw='adcli')
client = sssdTools(multihost.client[0], multihost.ad[0])
domain = multihost.ad[0].domainname.strip().upper()
client.sssd_conf(f'domain/{domain}', {'debug_level': '9'})
user = "Administrator"
ad_relam = multihost.ad[0].domainname
cmd = "sss_cache -E ; id %s@%s" % (user, ad_relam)
multihost.client[0].run_command(cmd, raiseonerr=False)
client.clear_sssd_cache()
multihost.client[0].run_command(
f"id {user}@{domain}", raiseonerr=False
)
grep = 'grep -ire "Domain not found" /var/log/sssd/'
cmd = multihost.client[0].run_command(grep, raiseonerr=False)
output = cmd.stdout_text
Expand All @@ -386,6 +387,8 @@ def test_0010_bz1527662(self, multihost, adjoin):
ad_realm = multihost.ad[0].domainname
user_mail = 'akhomic1b@%s' % ad_realm
client = sssdTools(multihost.client[0], multihost.ad[0])
domain = multihost.ad[0].domainname.strip().upper()
client.sssd_conf(f'domain/{domain}', {'debug_level': '9'})
for user in user_list:
group = '%s_group' % (user)
client.create_ad_user(user, group, user_mail)
Expand All @@ -411,7 +414,7 @@ def test_0011_bz1571526(self, multihost, adjoin):
:customerscenario: True
"""
adjoin(membersw='adcli')
client = sssdTools(multihost.client[0])
client = sssdTools(multihost.client[0], multihost.ad[0])
domain_name = client.get_domain_section_name()
dom_section = 'domain/%s' % domain_name
sssd_params = {'ldap_schema': 'rfc2307', 'debug_level': '9'}
Expand Down Expand Up @@ -444,9 +447,10 @@ def test_0012_bz1738532(self, multihost, adjoin, create_aduser_group):
"""
adjoin(membersw='adcli')
(ad_user, _) = create_aduser_group
client = sssdTools(multihost.client[0])
client = sssdTools(multihost.client[0], multihost.ad[0])
domain = multihost.ad[0].domainname.strip().lower()
user = '%s@%s' % (ad_user, domain)
user = f'{ad_user}@{domain}'
client.sssd_conf(f'domain/{domain}', {'debug_level': '9'})
client.clear_sssd_cache()
set_UPN = 'powershell.exe -inputformat none -noprofile Set-ADUser ' \
'-UserPrincipalName [email protected] -Identity %s' % ad_user
Expand Down
Loading
Loading