def realm_discover_failure_with_exception_test(self, execWithCapture):
"""Test the realm discover setup task - discovery failed with exception."""
execWithCapture.return_value = ""
execWithCapture.side_effect = OSError()
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm")))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with('realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
self.assertFalse(new_realm_data.discovered)
# if realm discover invocation fails hard, we don't add realmd as a required package
self.assertListEqual(new_realm_data.required_packages, [])
def test_realm_discover_failure(self, execWithCapture):
"""Test the realm discover setup task - discovery failed."""
execWithCapture.return_value = ""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with(
'realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
assert not new_realm_data.discovered
# if realm discover invocation fails to discover a realm, we still add realmd as a required package
assert new_realm_data.required_packages == ["realmd"]
def realm_discover_success_no_extra_packages_with_garbage_task_test(self, execWithCapture):
"""Test the realm discover setup task - success, no extra packages, garbage in output."""
execWithCapture.return_value = """foo-domain-discovered
stuff, stuff
stuff
dsdsd dadasd
"""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm")))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with('realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
self.assertTrue(new_realm_data.discovered)
self.assertListEqual(new_realm_data.required_packages, ["realmd"])
def test_realm_discover_success_with_garbage_task(self, execWithCapture):
"""Test the realm discover setup task - success with garbage in output."""
execWithCapture.return_value = """foo-domain-discovered
stuff-foo
required-package:package-foo
required-package:package-bar
required-package:package-baz
required-package:
unrelatedstuff"""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with(
'realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
assert new_realm_data.discovered
assert new_realm_data.required_packages == [
"realmd", "package-foo", "package-bar", "package-baz"
]
def test_realm_discover_configured(self, publisher):
"""Test module in configured state with realm discover task."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
self.security_interface.SetRealm(RealmData.to_structure(realm))
realm_discover_task_path = self.security_interface.DiscoverRealmWithTask()
obj = check_task_creation(realm_discover_task_path, publisher, RealmDiscoverTask)
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.discover_options == ["--client-software=sssd"]
def test_realmd_requirements(self):
"""Test that package requirements in realm data propagate correctly."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
realm.required_packages = ["realmd", "foo", "bar"]
self.security_interface.SetRealm(RealmData.to_structure(realm))
# check that the teamd package is requested
assert self.security_interface.CollectRequirements() == [{
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "realmd"),
"reason":
get_variant(Str, "Needed to join a realm.")
}, {
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "foo"),
"reason":
get_variant(Str, "Needed to join a realm.")
}, {
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "bar"),
"reason":
get_variant(Str, "Needed to join a realm.")
}]
def process_kickstart(self, data):
"""Process the kickstart data."""
if data.selinux.selinux is not None:
self.set_selinux(SELinuxMode(data.selinux.selinux))
if data.authselect.authselect:
self.set_authselect(shlex.split(data.authselect.authselect))
if data.realm.join_realm:
realm = RealmData()
realm.name = data.realm.join_realm
realm.discover_options = data.realm.discover_options
realm.join_options = data.realm.join_args
self.set_realm(realm)
def setup(self):
security_proxy = SECURITY.get_proxy()
realm = RealmData.from_structure(security_proxy.Realm)
if not realm.name:
return
try:
argv = ["discover", "--verbose"] + realm.discover_options + [realm.name]
output = util.execWithCapture("realm", argv, filter_stderr=True)
except OSError:
# TODO: A lousy way of propagating what will usually be
# 'no such realm'
# The error message is logged by util
return
# Now parse the output for the required software. First line is the
# realm name, and following lines are information as "name: value"
self.packages = ["realmd"]
self.discovered = ""
lines = output.split("\n")
if not lines:
return
self.discovered = lines.pop(0).strip()
realm_log.info("Realm discovered: %s", self.discovered)
for line in lines:
parts = line.split(":", 1)
if len(parts) == 2 and parts[0].strip() == "required-package":
self.packages.append(parts[1].strip())
realm_log.info("Realm %s needs packages %s",
self.discovered, ", ".join(self.packages))
def execute(self):
if not self.discovered:
return
security_proxy = SECURITY.get_proxy()
realm = RealmData.from_structure(security_proxy.Realm)
for arg in realm.join_options:
if arg.startswith("--no-password") or arg.startswith(
"--one-time-password"):
pw_args = []
break
else:
# no explicit password arg using implicit --no-password
pw_args = ["--no-password"]
argv = ["join", "--install", conf.target.system_root, "--verbose"
] + pw_args + realm.join_options
rc = -1
try:
rc = util.execWithRedirect("realm", argv)
except OSError:
pass
if rc == 0:
realm_log.info("Joined realm %s", realm.name)
def setup(self):
security_proxy = SECURITY.get_proxy()
realm = RealmData.from_structure(security_proxy.Realm)
if not realm.name:
return
try:
argv = ["discover", "--verbose"
] + realm.discover_options + [realm.name]
output = util.execWithCapture("realm", argv, filter_stderr=True)
except OSError:
# TODO: A lousy way of propagating what will usually be
# 'no such realm'
# The error message is logged by util
return
# Now parse the output for the required software. First line is the
# realm name, and following lines are information as "name: value"
self.packages = ["realmd"]
self.discovered = ""
lines = output.split("\n")
if not lines:
return
self.discovered = lines.pop(0).strip()
realm_log.info("Realm discovered: %s", self.discovered)
for line in lines:
parts = line.split(":", 1)
if len(parts) == 2 and parts[0].strip() == "required-package":
self.packages.append(parts[1].strip())
realm_log.info("Realm %s needs packages %s", self.discovered,
", ".join(self.packages))
def SetRealm(self, realm: Structure):
"""Specify of the enrollment in a realm.
The DBus structure is defined by RealmData.
:param realm: a dictionary with a specification
"""
self.implementation.set_realm(RealmData.from_structure(realm))
def SetRealm(self, realm: Structure):
"""Specify of the enrollment in a realm.
The DBus structure is defined by RealmData.
:param realm: a dictionary with a specification
"""
self.implementation.set_realm(RealmData.from_structure(realm))
def test_realm_join_not_discovered(self, execWithRedirect):
"""Test the realm join install task - no realm discovered."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-realm"
realm_data.join_options = ["--bar", "baz"]
realm_data.discovered = False
task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data)
task.run()
# check if the realm command invocation looks right
execWithRedirect.assert_not_called()
def install_with_tasks_configured_test(self, publisher):
"""Test install tasks - module in configured state."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
tasks = self.security_interface.InstallWithTasks()
selinux_task_path = tasks[0]
publisher.assert_called()
# SELinux configuration
object_path = publisher.call_args_list[0][0][0]
obj = publisher.call_args_list[0][0][1]
self.assertEqual(selinux_task_path, object_path)
self.assertIsInstance(obj, TaskInterface)
self.assertIsInstance(obj.implementation, ConfigureSELinuxTask)
self.assertEqual(obj.implementation._selinux_mode,
SELinuxMode.PERMISSIVE)
def test_install_with_tasks_configured(self, publisher):
"""Test install tasks - module in configured state."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
authselect = ['select', 'sssd']
fingerprint = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
self.security_interface.SetAuthselect(authselect)
self.security_interface.SetFingerprintAuthEnabled(fingerprint)
task_classes = [
ConfigureSELinuxTask,
ConfigureFingerprintAuthTask,
ConfigureAuthselectTask,
]
task_paths = self.security_interface.InstallWithTasks()
task_objs = check_task_creation_list(task_paths, publisher,
task_classes)
# ConfigureSELinuxTask
obj = task_objs[0]
assert obj.implementation._selinux_mode == SELinuxMode.PERMISSIVE
# ConfigureFingerprintAuthTask
obj = task_objs[1]
assert obj.implementation._fingerprint_auth_enabled == fingerprint
# ConfigureAuthselectTask
obj = task_objs[2]
assert obj.implementation._authselect_options == authselect
def test_realm_join(self, execWithRedirect):
"""Test the realm join install task."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-realm"
realm_data.join_options = ["--bar", "baz"]
realm_data.discovered = True
task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data)
task.run()
# check if the realm command invocation looks right
execWithRedirect.assert_called_once_with('realm',
['join', '--install', sysroot, '--verbose',
'--no-password', '--bar', 'baz'])
def realm_join_one_time_password_test(self, execWithRedirect):
"""Test the realm join install task - one time password."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm")))
realm_data = RealmData()
realm_data.name = "foo-realm"
realm_data.join_options=["--one-time-password", "abcdefgh"]
realm_data.discovered = True
task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data)
task.run()
# check if the realm command invocation looks right
execWithRedirect.assert_called_once_with('realm',
['join', '--install', sysroot, '--verbose',
'--one-time-password', 'abcdefgh'])
def test_realm_discover_no_realm_name(self, execWithCapture):
"""Test the realm discover setup task - no realm name."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = ""
realm_data.discover_options = []
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_not_called()
# no realm name so it can not be discovered
assert not new_realm_data.discovered
# if realm can't be discovered, we can't join it so no extra packages are needed
assert new_realm_data.required_packages == []
def __init__(self):
super().__init__()
self.selinux_changed = Signal()
self._selinux = SELinuxMode.DEFAULT
self.authselect_changed = Signal()
self._authselect_args = []
self.fingerprint_auth_enabled_changed = Signal()
self._fingerprint_auth_enabled = False
self.realm_changed = Signal()
self._realm = RealmData()
def __init__(self):
super().__init__()
self.selinux_changed = Signal()
self._selinux = SELinuxMode.DEFAULT
self.authselect_changed = Signal()
self._authselect_args = []
self.authconfig_changed = Signal()
self._authconfig_args = []
self.realm_changed = Signal()
self._realm = RealmData()
def test_realm_join_configured(self, publisher):
"""Test module in configured state with realm join task."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
realm_join_task_path = self.security_interface.JoinRealmWithTask()
obj = check_task_creation(realm_join_task_path, publisher, RealmJoinTask)
assert obj.implementation._realm_data.discovered is True
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == ["--one-time-password=password"]
def execute(self):
if not self.discovered:
return
security_proxy = SECURITY.get_proxy()
realm = RealmData.from_structure(security_proxy.Realm)
for arg in realm.join_options:
if arg.startswith("--no-password") or arg.startswith("--one-time-password"):
pw_args = []
break
else:
# no explicit password arg using implicit --no-password
pw_args = ["--no-password"]
argv = ["join", "--install", util.getSysroot(), "--verbose"] + pw_args + realm.join_options
rc = -1
try:
rc = util.execWithRedirect("realm", argv)
except OSError:
pass
if rc == 0:
realm_log.info("Joined realm %s", realm.name)
def create_realm(self):
"""Create a new instance of realm data.
:return: an instance of RealmData
"""
return RealmData()
def Realm(self) -> Structure:
"""Specification of the enrollment in a realm.
:return: a dictionary with a specification
"""
return RealmData.to_structure(self.implementation.realm)
def Realm(self) -> Structure:
"""Specification of the enrollment in a realm.
:return: a dictionary with a specification
"""
return RealmData.to_structure(self.implementation.realm)
def test_realm_data_propagation(self, publisher):
"""Test that realm data changes propagate to realm join task."""
# We connect to the realm_changed signal and update the realm data holder
# in the realm join task when the signal is triggered.
realm1 = RealmData()
realm1.name = "domain.example.com"
realm1.discover_options = ["--client-software=sssd"]
realm1.discovered = False
self.security_interface.SetRealm(RealmData.to_structure(realm1))
realm_join_task_path = self.security_interface.JoinRealmWithTask()
# realm join - after task creation
obj = check_task_creation(realm_join_task_path, publisher,
RealmJoinTask)
assert obj.implementation._realm_data.discovered is False
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == []
# change realm data and check the changes propagate to the realm join task
realm2 = RealmData()
realm2.name = "domain.example.com"
realm2.discover_options = ["--client-software=sssd"]
realm2.join_options = ["--one-time-password=password"]
realm2.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm2))
# realm join - after realm data update
assert obj.implementation._realm_data.discovered is True
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == [
"--one-time-password=password"
]
