Ejemplo n.º 1
0
def test_AuthselectScannerLibrary_process__features(mock_confirm,
                                                    mock_service):
    pam = get_config('''
    auth required pam_faillock.so preauth silent deny=4 unlock_time=1200
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    nsswitch = get_config('''
    passwd:     files sss systemd
    group:      files sss systemd
    sudoers:    files sss
    ''')

    obj = AuthselectScannerLibrary(
        ['pam_unix', 'pam_sss', 'pam_deny', 'pam_faillock'], Authconfig(''),
        DConf(''), PAM(pam), nsswitch)
    mock_confirm.return_value = True
    mock_service.return_value = False
    authselect = obj.process()
    assert authselect.profile == 'sssd'
    assert len(authselect.features) == 2
    assert 'with-faillock' in authselect.features
    assert 'with-sudo' in authselect.features
    assert authselect.confirm
Ejemplo n.º 2
0
def test_AuthselectScannerLibrary_step_detect_if_confirmation_is_required__badlink(
        mock_getmtime, mock_isfile, mock_islink, mock_readlink):
    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(''), '')
    mock_isfile.return_value = True
    mock_islink.return_value = True
    mock_readlink.return_value = ''
    assert obj.step_detect_if_confirmation_is_required()
Ejemplo n.º 3
0
def test_AuthselectScannerLibrary_step_detect_winbind_features__krb5():
    ac = get_config('''
    WINBINDKRB5=yes
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(ac), DConf(''), PAM(''), '')
    features = obj.step_detect_winbind_features('winbind')
    assert features == ['with-krb5']
Ejemplo n.º 4
0
def test_AuthselectScannerLibrary_step_detect_winbind_features__wrong_profile(
):
    ac = get_config('''
    WINBINDKRB5=yes
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(ac), DConf(''), PAM(''), '')
    features = obj.step_detect_winbind_features('sssd')
    assert not features
Ejemplo n.º 5
0
def test_AuthselectScannerLibrary_step_detect_profile__nis(mock_service):
    pam = get_config('''
    auth sufficient pam_unix.so
    auth required pam_deny.so
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(pam), '')
    mock_service.return_value = True
    assert obj.step_detect_profile() == 'nis'
Ejemplo n.º 6
0
def test_PAM_has_unknown_module__false():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = PAM(pam)
    assert not obj.has_unknown_module(['pam_unix', 'pam_sss', 'pam_deny'])
Ejemplo n.º 7
0
def test_PAM_has_unknown_module__empty():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = PAM(pam)
    assert obj.has_unknown_module([])
Ejemplo n.º 8
0
def test_PAM_has__false():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = PAM(pam)
    assert not obj.has('pam_winbind')
Ejemplo n.º 9
0
def test_AuthselectScannerLibrary_step_detect_features__mkhomedir_oddjob():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    session optional pam_oddjob_mkhomedir.so umask=0077
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(pam), '')
    assert obj.step_detect_features() == ['with-mkhomedir']
Ejemplo n.º 10
0
def test_AuthselectScannerLibrary_step_detect_features__access():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    account required pam_access.so
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(pam), '')
    assert obj.step_detect_features() == ['with-pamaccess']
Ejemplo n.º 11
0
def test_AuthselectScannerLibrary_step_detect_features__fingerprint():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth sufficient pam_fprintd.so
    auth required pam_deny.so
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(pam), '')
    assert obj.step_detect_features() == ['with-fingerprint']
Ejemplo n.º 12
0
def test_AuthselectScannerLibrary_step_detect_features__faillock():
    pam = get_config('''
    auth required pam_faillock.so preauth silent deny=4 unlock_time=1200
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(pam), '')
    assert obj.step_detect_features() == ['with-faillock']
Ejemplo n.º 13
0
def test_PAM_has_unknown_module__true():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    session pam_ecryptfs.so
    ''')

    obj = PAM(pam)
    assert obj.has_unknown_module(['pam_unix', 'pam_sss', 'pam_deny'])
def test_RemoveOldPAMModulesScannerLibrary_process__none():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = RemoveOldPAMModulesScannerLibrary(PAM(pam))
    model = obj.process()
    assert not model.modules
Ejemplo n.º 15
0
def test_AuthselectScannerLibrary_step_detect_sssd_features__sudo():
    nsswitch = get_config('''
    passwd:     files sss systemd
    group:      files sss systemd
    sudoers:    files sss
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(''),
                                   nsswitch)
    features = obj.step_detect_sssd_features('sssd')
    assert features == ['with-sudo']
Ejemplo n.º 16
0
def test_AuthselectScannerLibrary_step_detect_sssd_features__wrong_profile():
    nsswitch = get_config('''
    passwd:     files sss systemd
    group:      files sss systemd
    sudoers:    files sss
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(''),
                                   nsswitch)
    features = obj.step_detect_sssd_features('winbind')
    assert not features
Ejemplo n.º 17
0
def test_PAM_has__true():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = PAM(pam)
    assert obj.has('pam_unix')
    assert obj.has('pam_sss')
    assert obj.has('pam_deny')
Ejemplo n.º 18
0
def test_AuthselectScannerLibrary_step_detect_profile__sssd_winbind(
        mock_service):
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_winbind.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(pam), '')
    mock_service.return_value = False
    assert obj.step_detect_profile() is None
def test_RemoveOldPAMModulesScannerLibrary_process__all():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_krb5.so
    auth sufficient pam_pkcs11.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = RemoveOldPAMModulesScannerLibrary(PAM(pam))
    model = obj.process()
    assert len(model.modules) == 2
    assert 'pam_krb5' in model.modules
    assert 'pam_pkcs11' in model.modules
Ejemplo n.º 20
0
def test_PAM_parse():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = PAM('')
    modules = obj.parse(pam)

    assert len(modules) == 3
    assert 'pam_unix' in modules
    assert 'pam_sss' in modules
    assert 'pam_deny' in modules
Ejemplo n.º 21
0
def test_AuthselectScannerLibrary_step_detect_sssd_features__smartcard():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    ac = get_config('''
    USESMARTCARD=yes
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(ac), DConf(''), PAM(pam), '')
    features = obj.step_detect_sssd_features('sssd')
    assert features == ['with-smartcard']
Ejemplo n.º 22
0
def test_AuthselectScannerLibrary_process__simple(mock_confirm, mock_service):
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = AuthselectScannerLibrary(['pam_unix', 'pam_sss', 'pam_deny'],
                                   Authconfig(''), DConf(''), PAM(pam), '')
    mock_confirm.return_value = True
    mock_service.return_value = False
    authselect = obj.process()
    assert authselect.profile == 'sssd'
    assert not authselect.features
    assert authselect.confirm
Ejemplo n.º 23
0
def test_AuthselectScannerLibrary_step_detect_if_confirmation_is_required__pass(
        mock_getmtime, mock_isfile, mock_islink, mock_readlink):
    def my_getmtime(path):
        # Make sysconfig file younger then other files.
        if path == '/etc/sysconfig/authconfig':
            return 200

        return 100

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(''), '')
    mock_isfile.return_value = True
    mock_islink.return_value = True
    mock_readlink.side_effect = '{}-ac'.format
    mock_getmtime.side_effect = my_getmtime
    assert not obj.step_detect_if_confirmation_is_required()
Ejemplo n.º 24
0
def test_AuthselectScannerLibrary_step_detect_sssd_features__smartcard_lock():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    dconf = get_config('''
    [org/gnome/settings-daemon/peripherals/smartcard]
    removal-action='lock-screen'
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(dconf), PAM(pam),
                                   '')
    features = obj.step_detect_sssd_features('sssd')
    assert features == ['with-smartcard-lock-on-removal']
Ejemplo n.º 25
0
def test_AuthselectScannerLibrary_process__unknown_module(
        mock_confirm, mock_service):
    pam = get_config('''
    auth required pam_faillock.so preauth silent deny=4 unlock_time=1200
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    obj = AuthselectScannerLibrary(['pam_unix', 'pam_sss', 'pam_deny'],
                                   Authconfig(''), DConf(''), PAM(pam), '')
    mock_confirm.return_value = True
    mock_service.return_value = False
    authselect = obj.process()
    assert authselect.profile is None
    assert not authselect.features
    assert authselect.confirm
Ejemplo n.º 26
0
def test_AuthselectScannerLibrary_step_detect_features__all():
    pam = get_config('''
    auth required pam_faillock.so preauth silent deny=4 unlock_time=1200
    auth sufficient pam_unix.so
    auth sufficient pam_sss.so
    auth sufficient pam_fprintd.so
    auth required pam_deny.so
    account required pam_access.so
    session optional pam_oddjob_mkhomedir.so umask=0077
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(pam), '')
    features = obj.step_detect_features()
    assert len(features) == 4
    assert 'with-faillock' in features
    assert 'with-fingerprint' in features
    assert 'with-pamaccess' in features
    assert 'with-mkhomedir' in features
Ejemplo n.º 27
0
def test_AuthselectScannerLibrary_step_detect_sssd_features__pkcs11():
    pam = get_config('''
    auth sufficient pam_unix.so
    auth sufficient pam_pkcs11.so
    auth sufficient pam_sss.so
    auth required pam_deny.so
    ''')

    ac = get_config('''
    USESMARTCARD=yes
    FORCESMARTCARD=yes
    ''')

    dconf = get_config('''
    [org/gnome/settings-daemon/peripherals/smartcard]
    removal-action='lock-screen'
    ''')

    obj = AuthselectScannerLibrary([], Authconfig(ac), DConf(dconf), PAM(pam),
                                   '')
    features = obj.step_detect_sssd_features('sssd')
    assert not features
Ejemplo n.º 28
0
def test_AuthselectScannerLibrary_step_detect_profile__None(mock_service):
    obj = AuthselectScannerLibrary([], Authconfig(''), DConf(''), PAM(''), '')
    mock_service.return_value = False
    assert obj.step_detect_profile() is None