websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.3.1

Browse Source
This commit is contained in:
Mario Fetka
2021-08-10 02:37:58 +02:00
parent a791de49a2
commit 2f177da8f2
2056 changed files with 421730 additions and 1668138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
ipatests/test_integration/test_legacy_clients.py
View File

@@ -20,15 +20,13 @@
# FIXME: Pylint errors
# pylint: disable=no-member
from __future__ import absolute_import
import os
import re
import unittest
import nose
from ipaplatform.paths import paths
from ipatests.pytest_ipa.integration import tasks
from ipatests.test_integration import tasks
# importing test_trust under different name to avoid nose executing the test
# base class imported from this module
@@ -60,8 +58,6 @@ class BaseTestLegacyClient(object):
testuser_gid_regex = None
subdomain_testuser_uid_regex = None
subdomain_testuser_gid_regex = None
treedomain_testuser_uid_regex = None
treedomain_testuser_gid_regex = None
# To allow custom validation dependent on the trust type
posix_trust = False
@@ -90,8 +86,8 @@ class BaseTestLegacyClient(object):
self.clear_sssd_caches()
result = self.legacy_client.run_command(['getent', 'passwd', 'admin'])
admin_regex = r"admin:\*:(\d+):(\d+):"\
r"Administrator:/home/admin:/bin/bash"
admin_regex = "admin:\*:(\d+):(\d+):"\
"Administrator:/home/admin:/bin/bash"
assert re.search(admin_regex, result.stdout_text)
@@ -99,7 +95,7 @@ class BaseTestLegacyClient(object):
self.clear_sssd_caches()
result = self.legacy_client.run_command(['getent', 'group', 'admins'])
admin_group_regex = r"admins:\*:(\d+):admin"
admin_group_regex = "admins:\*:(\d+):admin"
assert re.search(admin_group_regex, result.stdout_text)
@@ -107,9 +103,9 @@ class BaseTestLegacyClient(object):
self.clear_sssd_caches()
result = self.legacy_client.run_command(['id', 'admin'])
uid_regex = r"uid=(\d+)\(admin\)"
gid_regex = r"gid=(\d+)\(admins\)"
groups_regex = r"groups=(\d+)\(admins\)"
uid_regex = "uid=(\d+)\(admin\)"
gid_regex = "gid=(\d+)\(admins\)"
groups_regex = "groups=(\d+)\(admins\)"
assert re.search(uid_regex, result.stdout_text)
assert re.search(gid_regex, result.stdout_text)
@@ -120,8 +116,8 @@ class BaseTestLegacyClient(object):
testuser = 'testuser@%s' % self.ad.domain.name
result = self.legacy_client.run_command(['getent', 'passwd', testuser])
testuser_regex = r"testuser@%s:\*:%s:%s:"\
r"Test User:%s:/bin/sh"\
testuser_regex = "testuser@%s:\*:%s:%s:"\
"Test User:%s:/bin/sh"\
% (re.escape(self.ad.domain.name),
self.testuser_uid_regex,
self.testuser_gid_regex,
@@ -137,7 +133,7 @@ class BaseTestLegacyClient(object):
testgroup = 'testgroup@%s' % self.ad.domain.name
result = self.legacy_client.run_command(['getent', 'group', testgroup])
testgroup_regex = r"%s:\*:%s:" % (testgroup, self.testuser_gid_regex)
testgroup_regex = "%s:\*:%s:" % (testgroup, self.testuser_gid_regex)
assert re.search(testgroup_regex, result.stdout_text)
def test_id_ad_user(self):
@@ -161,7 +157,7 @@ class BaseTestLegacyClient(object):
def test_login_ipa_user(self):
if not self.master.transport.file_exists('/usr/bin/sshpass'):
raise unittest.SkipTest('Package sshpass not available on %s'
raise nose.SkipTest('Package sshpass not available on %s'
% self.master.hostname)
result = self.master.run_command(
@@ -178,7 +174,7 @@ class BaseTestLegacyClient(object):
def test_login_ad_user(self):
if not self.master.transport.file_exists('/usr/bin/sshpass'):
raise unittest.SkipTest('Package sshpass not available on %s'
raise nose.SkipTest('Package sshpass not available on %s'
% self.master.hostname)
testuser = 'testuser@%s' % self.ad.domain.name
@@ -195,7 +191,7 @@ class BaseTestLegacyClient(object):
def test_login_disabled_ipa_user(self):
if not self.master.transport.file_exists('/usr/bin/sshpass'):
raise unittest.SkipTest('Package sshpass not available on %s'
raise nose.SkipTest('Package sshpass not available on %s'
% self.master.hostname)
self.clear_sssd_caches()
@@ -215,7 +211,7 @@ class BaseTestLegacyClient(object):
def test_login_disabled_ad_user(self):
if not self.master.transport.file_exists('/usr/bin/sshpass'):
raise unittest.SkipTest('Package sshpass not available on %s'
raise nose.SkipTest('Package sshpass not available on %s'
% self.master.hostname)
testuser = 'disabledaduser@%s' % self.ad.domain.name
@@ -233,15 +229,15 @@ class BaseTestLegacyClient(object):
def test_getent_subdomain_ad_user(self):
if not self.ad_subdomain:
raise unittest.SkipTest('AD for the subdomain is not available.')
raise nose.SkipTest('AD for the subdomain is not available.')
self.clear_sssd_caches()
testuser = 'subdomaintestuser@%s' % self.ad_subdomain
result = self.legacy_client.run_command(['getent', 'passwd', testuser])
testuser_regex = r"subdomaintestuser@%s:\*:%s:%s:"\
r"Subdomaintest User:%s:"\
r"/bin/sh"\
testuser_regex = "subdomaintestuser@%s:\*:%s:%s:"\
"Subdomaintest User:%s:"\
"/bin/sh"\
% (re.escape(self.ad_subdomain),
self.subdomain_testuser_uid_regex,
self.subdomain_testuser_gid_regex,
@@ -254,19 +250,19 @@ class BaseTestLegacyClient(object):
def test_getent_subdomain_ad_group(self):
if not self.ad_subdomain:
raise unittest.SkipTest('AD for the subdomain is not available.')
raise nose.SkipTest('AD for the subdomain is not available.')
self.clear_sssd_caches()
testgroup = 'subdomaintestgroup@%s' % self.ad_subdomain
result = self.legacy_client.run_command(['getent', 'group', testgroup])
testgroup_stdout = r"%s:\*:%s:" % (testgroup,
testgroup_stdout = "%s:\*:%s:" % (testgroup,
self.subdomain_testuser_gid_regex)
assert re.search(testgroup_stdout, result.stdout_text)
def test_id_subdomain_ad_user(self):
if not self.ad_subdomain:
raise unittest.SkipTest('AD for the subdomain is not available.')
raise nose.SkipTest('AD for the subdomain is not available.')
self.clear_sssd_caches()
testuser = 'subdomaintestuser@%s' % self.ad_subdomain
@@ -291,10 +287,10 @@ class BaseTestLegacyClient(object):
def test_login_subdomain_ad_user(self):
if not self.ad_subdomain:
raise unittest.SkipTest('AD for the subdomain is not available.')
raise nose.SkipTest('AD for the subdomain is not available.')
if not self.master.transport.file_exists('/usr/bin/sshpass'):
raise unittest.SkipTest('Package sshpass not available on %s'
raise nose.SkipTest('Package sshpass not available on %s'
% self.master.hostname)
testuser = 'subdomaintestuser@%s' % self.ad_subdomain
@@ -311,10 +307,10 @@ class BaseTestLegacyClient(object):
def test_login_disabled_subdomain_ad_user(self):
if not self.ad_subdomain:
raise unittest.SkipTest('AD for the subdomain is not available.')
raise nose.SkipTest('AD for the subdomain is not available.')
if not self.master.transport.file_exists('/usr/bin/sshpass'):
raise unittest.SkipTest('Package sshpass not available on %s'
raise nose.SkipTest('Package sshpass not available on %s'
% self.master.hostname)
testuser = 'subdomaindisabledaduser@%s' % self.ad_subdomain
@@ -330,83 +326,6 @@ class BaseTestLegacyClient(object):
assert result.returncode != 0
def test_getent_treedomain_ad_user(self):
if not self.ad_treedomain:
raise unittest.SkipTest('AD tree root domain is not available.')
self.clear_sssd_caches()
testuser = 'treetestuser@{0}'.format(self.ad_treedomain)
result = self.legacy_client.run_command(['getent', 'passwd', testuser])
testuser_regex = (r"treetestuser@{0}:\*:{1}:{2}:TreeTest User:"
r"/home/{0}/treetestuser:/bin/sh".format(
re.escape(self.ad_treedomain),
self.treedomain_testuser_uid_regex,
self.treedomain_testuser_gid_regex))
assert re.search(testuser_regex, result.stdout_text)
def test_getent_treedomain_ad_group(self):
if not self.ad_treedomain:
raise unittest.SkipTest('AD tree root domain is not available')
self.clear_sssd_caches()
testgroup = 'treetestgroup@{0}'.format(self.ad_treedomain)
result = self.legacy_client.run_command(['getent', 'group', testgroup])
testgroup_stdout = r"{0}:\*:{1}:".format(
testgroup, self.treedomain_testuser_gid_regex)
assert re.search(testgroup_stdout, result.stdout_text)
def test_id_treedomain_ad_user(self):
if not self.ad_treedomain:
raise unittest.SkipTest('AD tree root domain is not available')
self.clear_sssd_caches()
testuser = 'treetestuser@{0}'.format(self.ad_treedomain)
testgroup = 'treetestgroup@{0}'.format(self.ad_treedomain)
result = self.legacy_client.run_command(['id', testuser])
# Only for POSIX trust testing does the testuser belong to the
# testgroup
group_name = '\({}\)'.format(testgroup) if self.posix_trust else ''
uid_regex = "uid={0}\({1}\)".format(
self.treedomain_testuser_uid_regex, testuser)
gid_regex = "gid={0}{1}".format(
self.treedomain_testuser_gid_regex, group_name)
group_regex = "groups={0}{1}".format(
self.treedomain_testuser_gid_regex, group_name)
assert re.search(uid_regex, result.stdout_text)
assert re.search(gid_regex, result.stdout_text)
assert re.search(group_regex, result.stdout_text)
def test_login_treedomain_ad_user(self):
if not self.ad_treedomain:
raise unittest.SkipTest('AD tree root domain is not available.')
if not self.master.transport.file_exists('/usr/bin/sshpass'):
raise unittest.SkipTest(
'Package sshpass not available on {}'.format(
self.master.hostname)
)
result = self.master.run_command(
'sshpass -p {0} ssh -o StrictHostKeyChecking=no '
'-l admin {1} "echo test"'.format(
self.legacy_client.config.admin_password,
self.legacy_client.external_hostname))
assert "test" in result.stdout_text
@classmethod
def install(cls, mh):
super(BaseTestLegacyClient, cls).install(mh)
@@ -435,18 +354,10 @@ class BaseTestLegacyClient(object):
try:
child_ad = cls.host_by_role(cls.optional_extra_roles[0])
cls.ad_subdomain = '.'.join(
child_ad.hostname.split('.')[1:])
child_ad.hostname.split('.')[1:])
except LookupError:
cls.ad_subdomain = None
# Determine whether the tree domain AD is available
try:
cls.tree_ad = cls.host_by_role(cls.optional_extra_roles[1])
cls.ad_treedomain = '.'.join(
cls.tree_ad.hostname.split('.')[1:])
except LookupError:
cls.ad_treedomain = None
tasks.apply_common_fixes(cls.legacy_client)
for f in cls.backup_files:
@@ -457,10 +368,6 @@ class BaseTestLegacyClient(object):
cls.master.run_command(['ipa', 'user-del', 'disabledipauser'],
raiseonerr=False)
# Remove information about trust from AD, if domain was defined
if hasattr(cls, 'ad_domain'):
tasks.remove_trust_info_from_ad(cls.master, cls.ad_domain)
# Also unapply fixes on the legacy client, if defined
if hasattr(cls, 'legacy_client'):
tasks.unapply_fixes(cls.legacy_client)
@@ -474,14 +381,14 @@ class BaseTestLegacySSSDBefore19RedHat(object):
advice_id = 'config-redhat-sssd-before-1-9'
required_extra_roles = ['legacy_client_sssd_redhat']
optional_extra_roles = ['ad_subdomain', 'ad_treedomain']
optional_extra_roles = ['ad_subdomain']
class BaseTestLegacyNssPamLdapdRedHat(object):
advice_id = 'config-redhat-nss-pam-ldapd'
required_extra_roles = ['legacy_client_nss_pam_ldapd_redhat']
optional_extra_roles = ['ad_subdomain', 'ad_treedomain']
optional_extra_roles = ['ad_subdomain']
def clear_sssd_caches(self):
tasks.clear_sssd_cache(self.master)
@@ -491,7 +398,7 @@ class BaseTestLegacyNssLdapRedHat(object):
advice_id = 'config-redhat-nss-ldap'
required_extra_roles = ['legacy_client_nss_ldap_redhat']
optional_extra_roles = ['ad_subdomain', 'ad_treedomain']
optional_extra_roles = ['ad_subdomain']
def clear_sssd_caches(self):
tasks.clear_sssd_cache(self.master)
@@ -507,8 +414,6 @@ class BaseTestLegacyClientPosix(BaseTestLegacyClient,
testuser_gid_regex = '10047'
subdomain_testuser_uid_regex = '10142'
subdomain_testuser_gid_regex = '10147'
treedomain_testuser_uid_regex = '10242'
treedomain_testuser_gid_regex = '10247'
posix_trust = True
def test_remove_trust_with_posix_attributes(self):
@@ -518,12 +423,10 @@ class BaseTestLegacyClientPosix(BaseTestLegacyClient,
class BaseTestLegacyClientNonPosix(BaseTestLegacyClient,
trust_tests.TestBasicADTrust):
testuser_uid_regex = r'(?!10042)(\d+)'
testuser_gid_regex = r'(?!10047)(\d+)'
subdomain_testuser_uid_regex = r'(?!10142)(\d+)'
subdomain_testuser_gid_regex = r'(?!10147)(\d+)'
treedomain_testuser_uid_regex = r'(?!10242)(\d+)'
treedomain_testuser_gid_regex = r'(?!10247)(\d+)'
testuser_uid_regex = '(?!10042)(\d+)'
testuser_gid_regex = '(?!10047)(\d+)'
subdomain_testuser_uid_regex = '(?!10142)(\d+)'
subdomain_testuser_gid_regex = '(?!10147)(\d+)'
def test_remove_nonposix_trust(self):
pass