def test_user_show_basic_fqname(ldap_conn, fqname_rfc2307, portable_LC_ALL): # Fill the cache first ent.assert_passwd_by_name( 'user1@LDAP', dict(name='user1@LDAP', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_name( 'CamelCaseUser1@LDAP', dict(name='CamelCaseUser1@LDAP', passwd='*', uid=1002, gid=2002, gecos='1002', shell='/bin/bash')) output = get_call_output(["sssctl", "user-show", "user1@LDAP"]) assert output.find("Name: user1@LDAP") != -1 assert output.find("Initgroups expiration time: Initgroups were not yet " "performed") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "user-show", "CamelCaseUser1@LDAP"]) assert output.find("Name: CamelCaseUser1@LDAP") != -1 assert output.find("Initgroups expiration time: Initgroups were not yet " "performed") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "user-show", "camelcaseuser1@LDAP"]) assert output.find("User camelcaseuser1 is not present in cache.") != -1
def test_user_show_basic_fqname_insensitive(ldap_conn, fqname_case_insensitive_rfc2307, portable_LC_ALL): # Fill the cache first ent.assert_passwd_by_name( 'user1@LDAP', dict(name='user1@LDAP', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_name( 'CamelCaseUser1@LDAP', dict(name='camelcaseuser1@LDAP', passwd='*', uid=1002, gid=2002, gecos='1002', shell='/bin/bash')) output = get_call_output(["sssctl", "user-show", "user1@LDAP"]) assert output.find("Name: user1@LDAP") != -1 assert output.find("Initgroups expiration time: Initgroups were not yet " "performed") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "user-show", "CamelCaseUser1@LDAP"]) assert output.find("Name: camelcaseuser1@LDAP") != -1 assert output.find("Initgroups expiration time: Initgroups were not yet " "performed") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "user-show", "camelcaseuser1@LDAP"]) assert output.find("Name: camelcaseuser1@LDAP") != -1 assert output.find("Initgroups expiration time: Initgroups were not yet " "performed") != -1 assert output.find("Cached in InfoPipe: No") != -1
def test_ssh_pubkey_retrieve(add_user_with_ssh_key): """ Test that we can retrieve an SSH public key for a user who has one and can't retrieve a key for a user who does not have one. """ sshpubkey = get_call_output(["sss_ssh_authorizedkeys", "user1"]) assert sshpubkey == USER1_PUBKEY1 + '\n' + USER1_PUBKEY2 + '\n' sshpubkey = get_call_output(["sss_ssh_authorizedkeys", "user2"]) assert len(sshpubkey) == 0
def test_ssh_pubkey_retrieve(add_user_with_ssh_key): """ Test that we can retrieve an SSH public key for a user who has one and can't retrieve a key for a user who does not have one. """ sshpubkey = get_call_output(["sss_ssh_authorizedkeys", "user1"]) assert sshpubkey == USER1_PUBKEY1 + '\n' + USER1_PUBKEY2 + '\n' sshpubkey = get_call_output(["sss_ssh_authorizedkeys", "user2"]) assert len(sshpubkey) == 0
def test_netgroup_show(ldap_conn, sanity_rfc2307, portable_LC_ALL, add_tripled_netgroup): output = get_call_output(["sssctl", "netgroup-show", "tripled_netgroup"]) assert "Name: tripled_netgroup" not in output res, _, netgrps = sssd_netgroup.get_sssd_netgroups("tripled_netgroup") assert res == sssd_netgroup.NssReturnCode.SUCCESS assert netgrps == [("host", "user", "domain")] output = get_call_output(["sssctl", "netgroup-show", "tripled_netgroup"]) assert "Name: tripled_netgroup" in output
def test_sudo_rule_for_user(add_common_rules, sudocli_tool): """ Test that user1 is allowed in the rule but user2 is not """ user1_rules = get_call_output([sudocli_tool, "user1"]) reply = SudoReply(user1_rules) assert len(reply.sudo_rules.rules) == 1 assert reply.sudo_rules.rules[0]['cn'] == 'user1_allow_less_shadow' user2_rules = get_call_output([sudocli_tool, "user2"]) reply = SudoReply(user2_rules) assert len(reply.sudo_rules.rules) == 0
def test_sudo_rule_for_user(add_common_rules, sudocli_tool): """ Test that user1 is allowed in the rule but user2 is not """ user1_rules = get_call_output([sudocli_tool, "user1"]) reply = SudoReply(user1_rules) assert len(reply.sudo_rules.rules) == 1 assert reply.sudo_rules.rules[0]['cn'] == 'user1_allow_less_shadow' user2_rules = get_call_output([sudocli_tool, "user2"]) reply = SudoReply(user2_rules) assert len(reply.sudo_rules.rules) == 0
def test_netgroup_show(ldap_conn, sanity_rfc2307, portable_LC_ALL, add_tripled_netgroup): output = get_call_output(["sssctl", "netgroup-show", "tripled_netgroup"]) assert "Name: tripled_netgroup" not in output res, _, netgrps = sssd_netgroup.get_sssd_netgroups("tripled_netgroup") assert res == sssd_netgroup.NssReturnCode.SUCCESS assert netgrps == [("host", "user", "domain")] output = get_call_output(["sssctl", "netgroup-show", "tripled_netgroup"]) assert "Name: tripled_netgroup" in output
def test_debug_level_no_sssd(): # Once we are sure all tests run using Python 3.5 or newer, # we can remove the redirections STDOUT > STDERR and check cpe.stderr. try: get_call_output(["sssctl", "debug-level"], check=True, stderr_output=subprocess.STDOUT) except subprocess.CalledProcessError as cpe: assert cpe.returncode == 1 assert "SSSD is not running" in cpe.output try: get_call_output(["sssctl", "debug-level", "0x70"], check=True, stderr_output=subprocess.STDOUT) except subprocess.CalledProcessError as cpe: assert cpe.returncode == 1 assert "SSSD is not running" in cpe.output try: get_call_output(["sssctl", "debug-level", "--nss"], check=True, stderr_output=subprocess.STDOUT) except subprocess.CalledProcessError as cpe: assert cpe.returncode == 1 assert "SSSD is not running" in cpe.output try: get_call_output(["sssctl", "debug-level", "--nss", "0x70"], check=True, stderr_output=subprocess.STDOUT) except subprocess.CalledProcessError as cpe: assert cpe.returncode == 1 assert "SSSD is not running" in cpe.output
def test_sudo_rule_duplicate_sudo_user(add_double_qualified_rules, sudocli_tool): """ Test that despite user1 and user1@LDAP meaning the same user, the rule is still usable """ # Try several users to make sure we don't mangle the list for u in ["user1", "user2", "user3"]: user_rules = get_call_output([sudocli_tool, u]) reply = SudoReply(user_rules) assert len(reply.sudo_rules.rules) == 1 assert reply.sudo_rules.rules[0]['cn'] == 'user1_allow_less_shadow' user4_rules = get_call_output([sudocli_tool, "user4"]) reply = SudoReply(user4_rules) assert len(reply.sudo_rules.rules) == 0
def test_sssctl_domain_list_app_domain(dbus_system_bus, ldap_conn, sanity_rfc2307): output = get_call_output(["sssctl", "domain-list"], subprocess.STDOUT) assert "Error" not in output assert output.find("LDAP") != -1 assert output.find("app") != -1
def test_sudo_rule_duplicate_sudo_user(add_double_qualified_rules, sudocli_tool): """ Test that despite user1 and user1@LDAP meaning the same user, the rule is still usable """ # Try several users to make sure we don't mangle the list for u in ["user1", "user2", "user3"]: user_rules = get_call_output([sudocli_tool, u]) reply = SudoReply(user_rules) assert len(reply.sudo_rules.rules) == 1 assert reply.sudo_rules.rules[0]['cn'] == 'user1_allow_less_shadow' user4_rules = get_call_output([sudocli_tool, "user4"]) reply = SudoReply(user4_rules) assert len(reply.sudo_rules.rules) == 0
def test_group_show_basic_sanity(ldap_conn, sanity_rfc2307, portable_LC_ALL): # Fill the cache first ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user1"))) ent.assert_group_by_name("CamelCaseGroup1", dict(mem=ent.contains_only("CamelCaseUser1"))) output = get_call_output(["sssctl", "group-show", "group1"]) assert output.find("Name: group1") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "group-show", "CamelCaseGroup1"]) assert output.find("Name: CamelCaseGroup1") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "group-show", "camelcasegroup1"]) assert output.find("Group camelcasegroup1 is not present in cache.") != -1
def test_sssctl_domain_list_app_domain(dbus_system_bus, ldap_conn, sanity_rfc2307): output = get_call_output(["sssctl", "domain-list"], subprocess.STDOUT) assert "Error" not in output assert output.find("LDAP") != -1 assert output.find("app") != -1
def test_group_show_basic_fqname(ldap_conn, fqname_rfc2307, portable_LC_ALL): # Fill the cache first ent.assert_group_by_name( "group1@LDAP", dict(mem=ent.contains_only("user1@LDAP"))) ent.assert_group_by_name( "CamelCaseGroup1@LDAP", dict(mem=ent.contains_only("CamelCaseUser1@LDAP"))) output = get_call_output(["sssctl", "group-show", "group1@LDAP"]) assert output.find("Name: group1@LDAP") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "group-show", "CamelCaseGroup1@LDAP"]) assert output.find("Name: CamelCaseGroup1@LDAP") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "group-show", "camelcasegroup1@LDAP"]) assert output.find("Group camelcasegroup1 is not present in cache.") != -1
def test_group_show_basic_fqname_insensitive(ldap_conn, fqname_case_insensitive_rfc2307, portable_LC_ALL): # Fill the cache first ent.assert_group_by_name("group1@LDAP", dict(mem=ent.contains_only("user1@LDAP"))) ent.assert_group_by_name( "camelcasegroup1@LDAP", dict(mem=ent.contains_only("camelcaseuser1@LDAP"))) output = get_call_output(["sssctl", "group-show", "group1@LDAP"]) assert output.find("Name: group1@LDAP") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "group-show", "CamelCaseGroup1@LDAP"]) assert output.find("Name: camelcasegroup1@LDAP") != -1 assert output.find("Cached in InfoPipe: No") != -1 output = get_call_output(["sssctl", "group-show", "camelcasegroup1@LDAP"]) assert output.find("Name: camelcasegroup1@LDAP") != -1 assert output.find("Cached in InfoPipe: No") != -1
def test_ssh_pubkey_retrieve_cert(add_user_with_ssh_cert): """ Test that we can retrieve an SSH public key derived from a cert in ldap. Compare with the sshpubkey derived via ssh-keygen, they should match. """ for u in [1, 7]: pubsshkey_path = os.path.dirname(config.PAM_CERT_DB_PATH) pubsshkey_path += "/SSSD_test_cert_pubsshkey_000%s.pub" % u with open(pubsshkey_path, 'r') as f: pubsshkey = f.read() sshpubkey = get_call_output(["sss_ssh_authorizedkeys", "user%s" % u]) print(sshpubkey) print(pubsshkey) assert sshpubkey == pubsshkey
def test_sssctl_no_config(portable_LC_ALL): output = get_call_output(["sssctl", "config-check"]) assert "There is no configuration" in output
def test_debug_level_sanity(ldap_conn, sanity_rfc2307, portable_LC_ALL): output = get_call_output(["sssctl", "debug-level", "0x00F0"], check=True) assert output.strip() == "" output = get_call_output(["sssctl", "debug-level"], check=True) for line in output.splitlines(): elems = line.split() assert elems[0] in [ "sssd", "nss", "domain/LDAP", "domain/implicit_files" ] assert elems[1] == "0x00f0" output = get_call_output(["sssctl", "debug-level", "--sssd", "0x0270"], check=True) assert output.strip() == "" output = get_call_output(["sssctl", "debug-level", "--sssd"], check=True) assert "sssd " in output assert "0x0270" in output output = get_call_output(["sssctl", "debug-level", "--nss", "0x0370"], check=True) assert output.strip() == "" output = get_call_output(["sssctl", "debug-level", "--nss"], check=True) assert "nss " in output assert "0x0370" in output output = get_call_output(["sssctl", "debug-level", "--domain=LDAP", "8"], check=True) assert output.strip() == "" output = get_call_output(["sssctl", "debug-level", "--domain=LDAP"], check=True) assert "domain/LDAP " in output assert "0x37f0" in output try: get_call_output(["sssctl", "debug-level", "--domain=FAKE"], check=True) except subprocess.CalledProcessError as cpe: assert cpe.returncode == 1 assert "domain/FAKE " in cpe.output assert " Unknown domain" in cpe.output try: get_call_output(["sssctl", "debug-level", "--pac"], check=True) except subprocess.CalledProcessError as cpe: assert cpe.returncode == 1 assert "pac " in cpe.output assert " Unreachable service" in cpe.output try: get_call_output(["sssctl", "debug-level", "--domain=FAKE", "8"], check=True) except subprocess.CalledProcessError as cpe: assert cpe.returncode == 1 assert cpe.output.strip() == ""
def test_sssctl_snippets_only(conf_snippets_only, portable_LC_ALL): output = get_call_output(["sssctl", "config-check"]) assert "There is no configuration" not in output assert config.CONF_SNIPPET_PATH in output