def test_ssh_key_connection(self, tmpdir):
"""
Integration test for https://pagure.io/SSSD/sssd/issue/3747
"""
test_user = '******'
external_master_hostname = \
self.master.external_hostname # pylint: disable=no-member
pub_keys = []
for i in range(40):
ssh_key_pair = tasks.generate_ssh_keypair()
pub_keys.append(ssh_key_pair[1])
with open(os.path.join(tmpdir, 'ssh_priv_{}'.format(i)),
'w') as fp:
fp.write(ssh_key_pair[0])
tasks.kinit_admin(self.master)
self.master.run_command(
['ipa', 'user-add', test_user, '--first=tester', '--last=tester'])
keys_opts = ' '.join(['--ssh "{}"'.format(k) for k in pub_keys])
cmd = 'ipa user-mod {} {}'.format(test_user, keys_opts)
self.master.run_command(cmd)
# connect with first SSH key
first_priv_key_path = os.path.join(tmpdir, 'ssh_priv_1')
# change private key permission to comply with SS rules
os.chmod(first_priv_key_path, 0o600)
sshcon = paramiko.SSHClient()
sshcon.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# first connection attempt is a workaround for
# https://pagure.io/SSSD/sssd/issue/3669
try:
sshcon.connect(external_master_hostname,
username=test_user,
key_filename=first_priv_key_path,
timeout=1)
except (paramiko.AuthenticationException, paramiko.SSHException):
pass
try:
sshcon.connect(external_master_hostname,
username=test_user,
key_filename=first_priv_key_path,
timeout=1)
except (paramiko.AuthenticationException, paramiko.SSHException) as e:
pytest.fail('Authentication using SSH key not successful', e)
journal_cmd = ['journalctl', '--since=today', '-u', 'sshd']
result = self.master.run_command(journal_cmd)
output = result.stdout_text
assert not re.search('exited on signal 13', output)
# cleanup
self.master.run_command(['ipa', 'user-del', test_user])
def test_ssh_key_connection(self, tmpdir):
"""
Integration test for https://pagure.io/SSSD/sssd/issue/3747
"""
test_user = '******'
external_master_hostname = \
self.master.external_hostname # pylint: disable=no-member
pub_keys = []
for i in range(40):
ssh_key_pair = tasks.generate_ssh_keypair()
pub_keys.append(ssh_key_pair[1])
with open(os.path.join(
tmpdir, 'ssh_priv_{}'.format(i)), 'w') as fp:
fp.write(ssh_key_pair[0])
tasks.kinit_admin(self.master)
self.master.run_command(['ipa', 'user-add', test_user,
'--first=tester', '--last=tester'])
keys_opts = ' '.join(['--ssh "{}"'.format(k) for k in pub_keys])
cmd = 'ipa user-mod {} {}'.format(test_user, keys_opts)
self.master.run_command(cmd)
# connect with first SSH key
first_priv_key_path = os.path.join(tmpdir, 'ssh_priv_1')
# change private key permission to comply with SS rules
os.chmod(first_priv_key_path, 0o600)
sshcon = paramiko.SSHClient()
sshcon.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# first connection attempt is a workaround for
# https://pagure.io/SSSD/sssd/issue/3669
try:
sshcon.connect(external_master_hostname, username=test_user,
key_filename=first_priv_key_path, timeout=1)
except (paramiko.AuthenticationException, paramiko.SSHException):
pass
try:
sshcon.connect(external_master_hostname, username=test_user,
key_filename=first_priv_key_path, timeout=1)
except (paramiko.AuthenticationException,
paramiko.SSHException) as e:
pytest.fail('Authentication using SSH key not successful', e)
journal_cmd = ['journalctl', '--since=today', '-u', 'sshd']
result = self.master.run_command(journal_cmd)
output = result.stdout_text
assert not re.search('exited on signal 13', output)
# cleanup
self.master.run_command(['ipa', 'user-del', test_user])
def nested_group_setup(self, tmpdir):
"""Setup and Clean up groups and user created"""
master = self.master
client = self.clients[0]
# add a user and set password
tasks.create_active_user(master, self.username, self.userpasswd)
tasks.kinit_admin(master)
privkey, pubkey = tasks.generate_ssh_keypair()
with open(os.path.join(
tmpdir, 'ssh_priv_key'), 'w') as fp:
fp.write(privkey)
master.run_command([
'ipa', 'user-mod', self.username, '--ssh', "{}".format(pubkey)
])
master.put_file_contents('/tmp/user_ssh_priv_key', privkey)
master.run_command(['chmod', '600', '/tmp/user_ssh_priv_key'])
# add group groupa
cmd_output = master.run_command(['ipa', 'group-add', 'groupa'])
assert 'Added group "groupa"' in cmd_output.stdout_text
# add group groupb
cmd_output = master.run_command(['ipa', 'group-add', 'groupb'])
assert 'Added group "groupb"' in cmd_output.stdout_text
# add group groupc
cmd_output = master.run_command(['ipa', 'group-add', 'groupc'])
assert 'Added group "groupc"' in cmd_output.stdout_text
client.put_file_contents('/tmp/user_ssh_priv_key',
privkey)
client.run_command(['chmod', '600', '/tmp/user_ssh_priv_key'])
yield
# test cleanup
for group in ['groupa', 'groupb', 'groupc']:
self.master.run_command(['ipa', 'group-del', group, '--continue'])
self.master.run_command(['ipa', 'user-del', self.username,
'--no-preserve', '--continue'])
tasks.kdestroy_all(self.master)
tasks.kdestroy_all(self.clients[0])
