def test_sc_auth(simple_pam_cert_auth, pam_wrapper_setup, passwd_ops_setup):
passwd_ops_setup.useradd(**USER1)
current_env = os.environ.copy()
current_env['PAM_WRAPPER'] = "1"
current_env['SSSD_INTG_PEER_UID'] = "0"
current_env['SSSD_INTG_PEER_GID'] = "0"
current_env['LD_PRELOAD'] += ':' + os.environ['PAM_WRAPPER_PATH']
sssctl = subprocess.Popen(["sssctl", "user-checks", "user1",
"--action=auth", "--service=pam_sss_service"],
universal_newlines=True,
env=current_env, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
try:
out, err = sssctl.communicate(input="123456")
except:
sssctl.kill()
out, err = sssctl.communicate()
sssctl.stdin.close()
sssctl.stdout.close()
if sssctl.wait() != 0:
raise Exception("sssctl failed")
assert err.find("pam_authenticate for user [user1]: Success") != -1
def simple_pam_cert_auth_name_format(request, passwd_ops_setup):
"""Setup SSSD with pam_cert_auth=True and full_name_format"""
config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH']
conf = format_pam_cert_auth_conf_name_format(config)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
passwd_ops_setup.useradd(**USER1)
passwd_ops_setup.useradd(**USER2)
return None
def setup_for_kcm_renewals_secdb(passwd_ops_setup, request, kdc_instance):
"""
Set up the KCM renewals backed by libsss_secrets
"""
kcm_path = os.path.join(config.RUNSTATEDIR, "kcm.socket")
sssd_conf = create_sssd_conf_renewals(kcm_path, "secdb", "10d", "60s",
"10s")
passwd_ops_setup.useradd(**USER1)
return common_setup_for_kcm_mem(request, kdc_instance, kcm_path, sssd_conf)
def simple_pam_cert_auth(request, passwd_ops_setup):
"""Setup SSSD with pam_cert_auth=True"""
config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH']
conf = format_pam_cert_auth_conf(config)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
create_nssdb_fixture(request)
passwd_ops_setup.useradd(**USER1)
passwd_ops_setup.useradd(**USER2)
return None
def setup_krb5_domains(request, kdc_instance, passwd_ops_setup):
"""
Setup SSSD for Kerberos authentication with 2 users with different
passwords and multiple domains configured in sssd.conf
"""
conf = format_pam_krb5_auth_domains(config, kdc_instance)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
passwd_ops_setup.useradd(**USER1)
passwd_ops_setup.useradd(**USER2)
kdc_instance.add_principal("user1", "Secret123User1")
kdc_instance.add_principal("user2", "Secret123User2")
return None
def simple_pam_cert_auth_no_cert(request, passwd_ops_setup):
"""Setup SSSD with pam_cert_auth=True"""
config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH']
old_softhsm2_conf = os.environ['SOFTHSM2_CONF']
del os.environ['SOFTHSM2_CONF']
conf = format_pam_cert_auth_conf(config)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
os.environ['SOFTHSM2_CONF'] = old_softhsm2_conf
passwd_ops_setup.useradd(**USER1)
passwd_ops_setup.useradd(**USER2)
return None
def simple_pam_cert_auth_no_cert(request, passwd_ops_setup):
"""Setup SSSD with pam_cert_auth=True"""
config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH']
old_softhsm2_conf = os.environ['SOFTHSM2_CONF']
del os.environ['SOFTHSM2_CONF']
conf = format_pam_cert_auth_conf(config)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
create_nssdb_no_cert_fixture(request)
os.environ['SOFTHSM2_CONF'] = old_softhsm2_conf
passwd_ops_setup.useradd(**USER1)
passwd_ops_setup.useradd(**USER2)
return None
def setup_for_kcm_renewals_secdb(passwd_ops_setup, request, kdc_instance):
"""
Set up the KCM renewals backed by libsss_secrets
"""
kcm_path = os.path.join(config.RUNSTATEDIR, "kcm.socket")
sssd_conf = create_sssd_conf_renewals(kcm_path, "secdb", "10d", "60s",
"10s")
testenv = common_setup_for_kcm_mem(request, kdc_instance, kcm_path,
sssd_conf)
user = dict(name='user1',
passwd='x',
uid=testenv.my_uid(),
gid=testenv.my_uid(),
gecos='User for tests',
dir='/home/user1',
shell='/bin/bash')
passwd_ops_setup.useradd(**user)
return testenv
