def realm_discover_failure_with_exception_test(self, execWithCapture): """Test the realm discover setup task - discovery failed with exception.""" execWithCapture.return_value = "" execWithCapture.side_effect = OSError() with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm"))) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with('realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct self.assertFalse(new_realm_data.discovered) # if realm discover invocation fails hard, we don't add realmd as a required package self.assertListEqual(new_realm_data.required_packages, [])
def test_realm_discover_failure(self, execWithCapture): """Test the realm discover setup task - discovery failed.""" execWithCapture.return_value = "" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with( 'realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct assert not new_realm_data.discovered # if realm discover invocation fails to discover a realm, we still add realmd as a required package assert new_realm_data.required_packages == ["realmd"]
def realm_discover_success_no_extra_packages_with_garbage_task_test(self, execWithCapture): """Test the realm discover setup task - success, no extra packages, garbage in output.""" execWithCapture.return_value = """foo-domain-discovered stuff, stuff stuff dsdsd dadasd """ with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm"))) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with('realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct self.assertTrue(new_realm_data.discovered) self.assertListEqual(new_realm_data.required_packages, ["realmd"])
def test_realm_discover_success_with_garbage_task(self, execWithCapture): """Test the realm discover setup task - success with garbage in output.""" execWithCapture.return_value = """foo-domain-discovered stuff-foo required-package:package-foo required-package:package-bar required-package:package-baz required-package: unrelatedstuff""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with( 'realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct assert new_realm_data.discovered assert new_realm_data.required_packages == [ "realmd", "package-foo", "package-bar", "package-baz" ]
def test_realm_discover_configured(self, publisher): """Test module in configured state with realm discover task.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] self.security_interface.SetRealm(RealmData.to_structure(realm)) realm_discover_task_path = self.security_interface.DiscoverRealmWithTask() obj = check_task_creation(realm_discover_task_path, publisher, RealmDiscoverTask) assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.discover_options == ["--client-software=sssd"]
def test_realmd_requirements(self): """Test that package requirements in realm data propagate correctly.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True realm.required_packages = ["realmd", "foo", "bar"] self.security_interface.SetRealm(RealmData.to_structure(realm)) # check that the teamd package is requested assert self.security_interface.CollectRequirements() == [{ "type": get_variant(Str, "package"), "name": get_variant(Str, "realmd"), "reason": get_variant(Str, "Needed to join a realm.") }, { "type": get_variant(Str, "package"), "name": get_variant(Str, "foo"), "reason": get_variant(Str, "Needed to join a realm.") }, { "type": get_variant(Str, "package"), "name": get_variant(Str, "bar"), "reason": get_variant(Str, "Needed to join a realm.") }]
def process_kickstart(self, data): """Process the kickstart data.""" if data.selinux.selinux is not None: self.set_selinux(SELinuxMode(data.selinux.selinux)) if data.authselect.authselect: self.set_authselect(shlex.split(data.authselect.authselect)) if data.realm.join_realm: realm = RealmData() realm.name = data.realm.join_realm realm.discover_options = data.realm.discover_options realm.join_options = data.realm.join_args self.set_realm(realm)
def setup(self): security_proxy = SECURITY.get_proxy() realm = RealmData.from_structure(security_proxy.Realm) if not realm.name: return try: argv = ["discover", "--verbose"] + realm.discover_options + [realm.name] output = util.execWithCapture("realm", argv, filter_stderr=True) except OSError: # TODO: A lousy way of propagating what will usually be # 'no such realm' # The error message is logged by util return # Now parse the output for the required software. First line is the # realm name, and following lines are information as "name: value" self.packages = ["realmd"] self.discovered = "" lines = output.split("\n") if not lines: return self.discovered = lines.pop(0).strip() realm_log.info("Realm discovered: %s", self.discovered) for line in lines: parts = line.split(":", 1) if len(parts) == 2 and parts[0].strip() == "required-package": self.packages.append(parts[1].strip()) realm_log.info("Realm %s needs packages %s", self.discovered, ", ".join(self.packages))
def execute(self): if not self.discovered: return security_proxy = SECURITY.get_proxy() realm = RealmData.from_structure(security_proxy.Realm) for arg in realm.join_options: if arg.startswith("--no-password") or arg.startswith( "--one-time-password"): pw_args = [] break else: # no explicit password arg using implicit --no-password pw_args = ["--no-password"] argv = ["join", "--install", conf.target.system_root, "--verbose" ] + pw_args + realm.join_options rc = -1 try: rc = util.execWithRedirect("realm", argv) except OSError: pass if rc == 0: realm_log.info("Joined realm %s", realm.name)
def setup(self): security_proxy = SECURITY.get_proxy() realm = RealmData.from_structure(security_proxy.Realm) if not realm.name: return try: argv = ["discover", "--verbose" ] + realm.discover_options + [realm.name] output = util.execWithCapture("realm", argv, filter_stderr=True) except OSError: # TODO: A lousy way of propagating what will usually be # 'no such realm' # The error message is logged by util return # Now parse the output for the required software. First line is the # realm name, and following lines are information as "name: value" self.packages = ["realmd"] self.discovered = "" lines = output.split("\n") if not lines: return self.discovered = lines.pop(0).strip() realm_log.info("Realm discovered: %s", self.discovered) for line in lines: parts = line.split(":", 1) if len(parts) == 2 and parts[0].strip() == "required-package": self.packages.append(parts[1].strip()) realm_log.info("Realm %s needs packages %s", self.discovered, ", ".join(self.packages))
def SetRealm(self, realm: Structure): """Specify of the enrollment in a realm. The DBus structure is defined by RealmData. :param realm: a dictionary with a specification """ self.implementation.set_realm(RealmData.from_structure(realm))
def test_realm_join_not_discovered(self, execWithRedirect): """Test the realm join install task - no realm discovered.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "foo-realm" realm_data.join_options = ["--bar", "baz"] realm_data.discovered = False task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data) task.run() # check if the realm command invocation looks right execWithRedirect.assert_not_called()
def install_with_tasks_configured_test(self, publisher): """Test install tasks - module in configured state.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True self.security_interface.SetRealm(RealmData.to_structure(realm)) self.security_interface.SetSELinux(SELINUX_PERMISSIVE) tasks = self.security_interface.InstallWithTasks() selinux_task_path = tasks[0] publisher.assert_called() # SELinux configuration object_path = publisher.call_args_list[0][0][0] obj = publisher.call_args_list[0][0][1] self.assertEqual(selinux_task_path, object_path) self.assertIsInstance(obj, TaskInterface) self.assertIsInstance(obj.implementation, ConfigureSELinuxTask) self.assertEqual(obj.implementation._selinux_mode, SELinuxMode.PERMISSIVE)
def test_install_with_tasks_configured(self, publisher): """Test install tasks - module in configured state.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True authselect = ['select', 'sssd'] fingerprint = True self.security_interface.SetRealm(RealmData.to_structure(realm)) self.security_interface.SetSELinux(SELINUX_PERMISSIVE) self.security_interface.SetAuthselect(authselect) self.security_interface.SetFingerprintAuthEnabled(fingerprint) task_classes = [ ConfigureSELinuxTask, ConfigureFingerprintAuthTask, ConfigureAuthselectTask, ] task_paths = self.security_interface.InstallWithTasks() task_objs = check_task_creation_list(task_paths, publisher, task_classes) # ConfigureSELinuxTask obj = task_objs[0] assert obj.implementation._selinux_mode == SELinuxMode.PERMISSIVE # ConfigureFingerprintAuthTask obj = task_objs[1] assert obj.implementation._fingerprint_auth_enabled == fingerprint # ConfigureAuthselectTask obj = task_objs[2] assert obj.implementation._authselect_options == authselect
def test_realm_join(self, execWithRedirect): """Test the realm join install task.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "foo-realm" realm_data.join_options = ["--bar", "baz"] realm_data.discovered = True task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data) task.run() # check if the realm command invocation looks right execWithRedirect.assert_called_once_with('realm', ['join', '--install', sysroot, '--verbose', '--no-password', '--bar', 'baz'])
def realm_join_one_time_password_test(self, execWithRedirect): """Test the realm join install task - one time password.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm"))) realm_data = RealmData() realm_data.name = "foo-realm" realm_data.join_options=["--one-time-password", "abcdefgh"] realm_data.discovered = True task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data) task.run() # check if the realm command invocation looks right execWithRedirect.assert_called_once_with('realm', ['join', '--install', sysroot, '--verbose', '--one-time-password', 'abcdefgh'])
def test_realm_discover_no_realm_name(self, execWithCapture): """Test the realm discover setup task - no realm name.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "" realm_data.discover_options = [] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_not_called() # no realm name so it can not be discovered assert not new_realm_data.discovered # if realm can't be discovered, we can't join it so no extra packages are needed assert new_realm_data.required_packages == []
def __init__(self): super().__init__() self.selinux_changed = Signal() self._selinux = SELinuxMode.DEFAULT self.authselect_changed = Signal() self._authselect_args = [] self.fingerprint_auth_enabled_changed = Signal() self._fingerprint_auth_enabled = False self.realm_changed = Signal() self._realm = RealmData()
def __init__(self): super().__init__() self.selinux_changed = Signal() self._selinux = SELinuxMode.DEFAULT self.authselect_changed = Signal() self._authselect_args = [] self.authconfig_changed = Signal() self._authconfig_args = [] self.realm_changed = Signal() self._realm = RealmData()
def test_realm_join_configured(self, publisher): """Test module in configured state with realm join task.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True self.security_interface.SetRealm(RealmData.to_structure(realm)) realm_join_task_path = self.security_interface.JoinRealmWithTask() obj = check_task_creation(realm_join_task_path, publisher, RealmJoinTask) assert obj.implementation._realm_data.discovered is True assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.join_options == ["--one-time-password=password"]
def execute(self): if not self.discovered: return security_proxy = SECURITY.get_proxy() realm = RealmData.from_structure(security_proxy.Realm) for arg in realm.join_options: if arg.startswith("--no-password") or arg.startswith("--one-time-password"): pw_args = [] break else: # no explicit password arg using implicit --no-password pw_args = ["--no-password"] argv = ["join", "--install", util.getSysroot(), "--verbose"] + pw_args + realm.join_options rc = -1 try: rc = util.execWithRedirect("realm", argv) except OSError: pass if rc == 0: realm_log.info("Joined realm %s", realm.name)
def create_realm(self): """Create a new instance of realm data. :return: an instance of RealmData """ return RealmData()
def Realm(self) -> Structure: """Specification of the enrollment in a realm. :return: a dictionary with a specification """ return RealmData.to_structure(self.implementation.realm)
def test_realm_data_propagation(self, publisher): """Test that realm data changes propagate to realm join task.""" # We connect to the realm_changed signal and update the realm data holder # in the realm join task when the signal is triggered. realm1 = RealmData() realm1.name = "domain.example.com" realm1.discover_options = ["--client-software=sssd"] realm1.discovered = False self.security_interface.SetRealm(RealmData.to_structure(realm1)) realm_join_task_path = self.security_interface.JoinRealmWithTask() # realm join - after task creation obj = check_task_creation(realm_join_task_path, publisher, RealmJoinTask) assert obj.implementation._realm_data.discovered is False assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.join_options == [] # change realm data and check the changes propagate to the realm join task realm2 = RealmData() realm2.name = "domain.example.com" realm2.discover_options = ["--client-software=sssd"] realm2.join_options = ["--one-time-password=password"] realm2.discovered = True self.security_interface.SetRealm(RealmData.to_structure(realm2)) # realm join - after realm data update assert obj.implementation._realm_data.discovered is True assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.join_options == [ "--one-time-password=password" ]