def install(cls, mh):
if cls.domain_level is not None:
domain_level = cls.domain_level
else:
domain_level = cls.master.config.domain_level
tasks.install_topo(cls.topology,
cls.master, cls.replicas,
cls.clients, domain_level,
clients_extra_args=('--mkhomedir',))
cls.ad = cls.ads[0]
cls.smbserver = cls.clients[0]
cls.smbclient = cls.clients[1]
cls.ad_user = '******'.format(cls.ad_user_login, cls.ad.domain.name)
tasks.config_host_resolvconf_with_master_data(cls.master,
cls.smbclient)
tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.configure_windows_dns_for_trust(cls.ad, cls.master)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name,
extra_args=['--two-way=true'])
tasks.create_active_user(cls.master, cls.ipa_user1,
password=cls.ipa_user1_password)
tasks.create_active_user(cls.master, cls.ipa_user2,
password=cls.ipa_user2_password)
# Trigger creation of home directories on the SMB server
for user in [cls.ipa_user1, cls.ipa_user2, cls.ad_user]:
tasks.run_command_as_user(cls.smbserver, user, ['stat', '.'])
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
tasks.install_adtrust(cls.master)
for client in cls.replicas + cls.clients:
cls.fix_resolv_conf(client, cls.master)
tasks.install_client(cls.master, client,
extra_args=['--mkhomedir'])
cls.replicas[0].collect_log('/var/log/samba/')
cls.master.collect_log('/var/log/samba/')
def install(cls, mh):
if not cls.master.transport.file_exists('/usr/bin/rpcclient'):
raise unittest.SkipTest("Package samba-client not available "
"on {}".format(cls.master.hostname))
super(TestTrust, cls).install(mh)
cls.ad = cls.ads[0] # pylint: disable=no-member
cls.ad_domain = cls.ad.domain.name
tasks.install_adtrust(cls.master)
cls.check_sid_generation()
cls.child_ad = cls.ad_subdomains[0] # pylint: disable=no-member
cls.ad_subdomain = cls.child_ad.domain.name
cls.tree_ad = cls.ad_treedomains[0] # pylint: disable=no-member
cls.ad_treedomain = cls.tree_ad.domain.name
def install(cls, mh):
super(TestSSSDAuthCache, cls).install(mh)
cls.ad = cls.ads[0] # pylint: disable=no-member
tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
cls.users['ad']['name'] = cls.users['ad']['name_tmpl'].format(
domain=cls.ad.domain.name)
tasks.user_add(cls.master, cls.intermed_user)
tasks.create_active_user(cls.master, cls.ipa_user,
cls.ipa_user_password)
def install(cls, mh):
if not cls.master.transport.file_exists('/usr/bin/rpcclient'):
raise unittest.SkipTest("Package samba-client not available "
"on {}".format(cls.master.hostname))
super(TestTrust, cls).install(mh)
cls.ad = cls.ads[0] # pylint: disable=no-member
cls.ad_domain = cls.ad.domain.name
tasks.install_adtrust(cls.master)
cls.check_sid_generation()
cls.child_ad = cls.ad_subdomains[0] # pylint: disable=no-member
cls.ad_subdomain = cls.child_ad.domain.name
cls.tree_ad = cls.ad_treedomains[0] # pylint: disable=no-member
cls.ad_treedomain = cls.tree_ad.domain.name
def install(cls, mh):
super(TestSSSDWithAdTrust, cls).install(mh)
cls.ad = cls.ads[0]
tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
cls.users['ad']['name'] = cls.users['ad']['name_tmpl'].format(
domain=cls.ad.domain.name)
cls.users['ad']['group'] = cls.users['ad']['group_tmpl'].format(
domain=cls.ad.domain.name)
tasks.user_add(cls.master, cls.intermed_user)
tasks.create_active_user(cls.master, cls.ipa_user,
cls.ipa_user_password)
def install(cls, mh):
super(TestSSSDWithAdTrust, cls).install(mh)
cls.ad = cls.ads[0]
tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
cls.users['ad']['name'] = cls.users['ad']['name_tmpl'].format(
domain=cls.ad.domain.name)
# Regression tests for cached_auth_timeout option
# https://bugzilla.redhat.com/show_bug.cgi?id=1685581
tasks.user_add(cls.master, cls.intermed_user)
tasks.create_active_user(cls.master, cls.ipa_user,
cls.ipa_user_password)
def install(cls, mh):
super(TestWinsyncMigrate, cls).install(mh)
cls.ad = cls.ads[0] # pylint: disable=no-member
cls.trust_test_user = '******' % (cls.ad_user, cls.ad.domain.name)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.install_adtrust(cls.master)
cls.create_test_objects()
establish_winsync_agreement(cls.master, cls.ad)
tasks.kinit_admin(cls.master)
cls.setup_user_memberships(cls.ad_user)
# store user uid and gid
result = cls.master.run_command(['getent', 'passwd', cls.ad_user])
testuser_regex = (r"^{0}:\*:(\d+):(\d+):{0}:/home/{0}:/bin/sh$".format(
cls.ad_user))
m = re.match(testuser_regex, result.stdout_text)
cls.test_user_uid, cls.test_user_gid = m.groups()
def install(cls, mh):
if not cls.master.transport.file_exists('/usr/bin/rpcclient'):
raise unittest.SkipTest("Package samba-client not available "
"on {}".format(cls.master.hostname))
super(BaseTestTrust, cls).install(mh)
cls.ad = cls.ads[0] # pylint: disable=no-member
cls.ad_domain = cls.ad.domain.name
tasks.install_adtrust(cls.master)
cls.check_sid_generation()
cls.child_ad = cls.ad_subdomains[0] # pylint: disable=no-member
cls.ad_subdomain = cls.child_ad.domain.name
cls.tree_ad = cls.ad_treedomains[0] # pylint: disable=no-member
cls.ad_treedomain = cls.tree_ad.domain.name
# values used in workaround for
# https://bugzilla.redhat.com/show_bug.cgi?id=1711958
cls.srv_gc_record_name = \
'_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs'
cls.srv_gc_record_value = '0 100 389 {}.'.format(cls.master.hostname)
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=True)
cls.ad = cls.ads[0]
tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name)
def install(cls, mh):
super(TestCertsInIDOverrides, cls).install(mh)
cls.ad = config.ad_domains[0].ads[0]
cls.ad_domain = cls.ad.domain.name
cls.aduser = "******" % cls.ad_domain
master = cls.master
# A setup for test_dbus_user_lookup
master.run_command(['dnf', 'install', '-y', 'sssd-dbus'],
raiseonerr=False)
# The tasks.modify_sssd_conf way did not work because
# sssd_domain.set_option knows nothing about 'services' parameter of
# the sssd config file. Therefore I am using sed approach
master.run_command("sed -i '/^services/ s/$/, ifp/' %s" %
paths.SSSD_CONF)
master.run_command("sed -i 's/= 7/= 0xFFF0/' %s" % paths.SSSD_CONF,
raiseonerr=False)
master.run_command(['systemctl', 'restart', 'sssd.service'])
# End of setup for test_dbus_user_lookup
# AD-related stuff
tasks.install_adtrust(master)
tasks.sync_time(master, cls.ad)
tasks.establish_trust_with_ad(
cls.master,
cls.ad_domain,
extra_args=['--range-type', 'ipa-ad-trust'])
cls.reqdir = os.path.join(master.config.test_dir, "certs")
cls.reqfile1 = os.path.join(cls.reqdir, "test1.csr")
cls.reqfile2 = os.path.join(cls.reqdir, "test2.csr")
cls.pwname = os.path.join(cls.reqdir, "pwd")
# Create a NSS database folder
master.run_command(['mkdir', cls.reqdir], raiseonerr=False)
# Create an empty password file
master.run_command(["touch", cls.pwname], raiseonerr=False)
# Initialize NSS database
tasks.run_certutil(master, ["-N", "-f", cls.pwname], cls.reqdir)
# Now generate self-signed certs for a windows user
stdin_text = string.digits + string.ascii_letters[2:] + '\n'
tasks.run_certutil(master, [
'-S', '-s',
"cn=%s,dc=ad,dc=test" % cls.adcert1, '-n', cls.adcert1, '-x', '-t',
'CT,C,C', '-v', '120', '-m', '1234'
],
cls.reqdir,
stdin=stdin_text)
tasks.run_certutil(master, [
'-S', '-s',
"cn=%s,dc=ad,dc=test" % cls.adcert2, '-n', cls.adcert2, '-x', '-t',
'CT,C,C', '-v', '120', '-m', '1234'
],
cls.reqdir,
stdin=stdin_text)
# Export the previously generated cert
tasks.run_certutil(
master, ['-L', '-n', cls.adcert1, '-a', '>', cls.adcert1_file],
cls.reqdir)
tasks.run_certutil(
master, ['-L', '-n', cls.adcert2, '-a', '>', cls.adcert2_file],
cls.reqdir)
cls.cert1_base64 = cls.master.run_command(
"openssl x509 -outform der -in %s | base64 -w 0" %
cls.adcert1_file).stdout_text
cls.cert2_base64 = cls.master.run_command(
"openssl x509 -outform der -in %s | base64 -w 0" %
cls.adcert2_file).stdout_text
cls.cert1_pem = cls.master.run_command(
"openssl x509 -in %s -outform pem" % cls.adcert1_file).stdout_text
cls.cert2_pem = cls.master.run_command(
"openssl x509 -in %s -outform pem" % cls.adcert2_file).stdout_text
def install(cls, mh):
super(TestCertsInIDOverrides, cls).install(mh)
cls.ad = config.ad_domains[0].ads[0]
cls.ad_domain = cls.ad.domain.name
cls.aduser = "******" % cls.ad_domain
master = cls.master
# A setup for test_dbus_user_lookup
master.run_command(['dnf', 'install', '-y', 'sssd-dbus'],
raiseonerr=False)
# The tasks.modify_sssd_conf way did not work because
# sssd_domain.set_option knows nothing about 'services' parameter of
# the sssd config file. Therefore I am using sed approach
master.run_command(
"sed -i '/^services/ s/$/, ifp/' %s" % paths.SSSD_CONF)
master.run_command(
"sed -i 's/= 7/= 0xFFF0/' %s" % paths.SSSD_CONF, raiseonerr=False)
master.run_command(['systemctl', 'restart', 'sssd.service'])
# End of setup for test_dbus_user_lookup
# AD-related stuff
tasks.install_adtrust(master)
tasks.sync_time(master, cls.ad)
tasks.establish_trust_with_ad(cls.master, cls.ad_domain,
extra_args=['--range-type',
'ipa-ad-trust'])
cls.reqdir = os.path.join(master.config.test_dir, "certs")
cls.reqfile1 = os.path.join(cls.reqdir, "test1.csr")
cls.reqfile2 = os.path.join(cls.reqdir, "test2.csr")
cls.pwname = os.path.join(cls.reqdir, "pwd")
# Create a NSS database folder
master.run_command(['mkdir', cls.reqdir], raiseonerr=False)
# Create an empty password file
master.run_command(["touch", cls.pwname], raiseonerr=False)
# Initialize NSS database
tasks.run_certutil(master, ["-N", "-f", cls.pwname], cls.reqdir)
# Now generate self-signed certs for a windows user
stdin_text = string.digits+string.ascii_letters[2:] + '\n'
tasks.run_certutil(master, ['-S', '-s',
"cn=%s,dc=ad,dc=test" % cls.adcert1, '-n',
cls.adcert1, '-x', '-t', 'CT,C,C', '-v',
'120', '-m', '1234'],
cls.reqdir, stdin=stdin_text)
tasks.run_certutil(master, ['-S', '-s',
"cn=%s,dc=ad,dc=test" % cls.adcert2, '-n',
cls.adcert2, '-x', '-t', 'CT,C,C', '-v',
'120', '-m', '1234'],
cls.reqdir, stdin=stdin_text)
# Export the previously generated cert
tasks.run_certutil(master, ['-L', '-n', cls.adcert1, '-a', '>',
cls.adcert1_file], cls.reqdir)
tasks.run_certutil(master, ['-L', '-n', cls.adcert2, '-a', '>',
cls.adcert2_file], cls.reqdir)
cls.cert1_base64 = cls.master.run_command(
"openssl x509 -outform der -in %s | base64 -w 0" % cls.adcert1_file
).stdout_text
cls.cert2_base64 = cls.master.run_command(
"openssl x509 -outform der -in %s | base64 -w 0" % cls.adcert2_file
).stdout_text
cls.cert1_pem = cls.master.run_command(
"openssl x509 -in %s -outform pem" % cls.adcert1_file
).stdout_text
cls.cert2_pem = cls.master.run_command(
"openssl x509 -in %s -outform pem" % cls.adcert2_file
).stdout_text
def install_adtrust(cls):
"""Test adtrust support installation"""
tasks.install_adtrust(cls.master)
def install(cls, mh):
super(TestCertsInIDOverrides, cls).install(mh)
cls.ad = config.ad_domains[0].ads[0]
cls.ad_domain = cls.ad.domain.name
cls.aduser = "******" % cls.ad_domain
master = cls.master
# A setup for test_dbus_user_lookup
master.run_command(['dnf', 'install', '-y', 'sssd-dbus'],
raiseonerr=False)
master.run_command("sed -i 's/= 7/= 0xFFF0/' %s" % paths.SSSD_CONF,
raiseonerr=False)
with tasks.remote_sssd_config(master) as sssd_config:
try:
sssd_config.new_service('ifp')
except ServiceAlreadyExists:
pass
sssd_config.activate_service('ifp')
master.run_command(['systemctl', 'restart', 'sssd.service'])
# End of setup for test_dbus_user_lookup
# AD-related stuff
tasks.install_adtrust(master)
tasks.sync_time(master, cls.ad)
tasks.configure_dns_for_trust(master, cls.ad)
tasks.establish_trust_with_ad(
cls.master,
cls.ad_domain,
extra_args=['--range-type', 'ipa-ad-trust'])
cls.reqdir = os.path.join(master.config.test_dir, "certs")
cls.reqfile1 = os.path.join(cls.reqdir, "test1.csr")
cls.reqfile2 = os.path.join(cls.reqdir, "test2.csr")
cls.pwname = os.path.join(cls.reqdir, "pwd")
# Create a NSS database folder
master.run_command(['mkdir', cls.reqdir], raiseonerr=False)
# Create an empty password file
master.run_command(["touch", cls.pwname], raiseonerr=False)
# Initialize NSS database
tasks.run_certutil(master, ["-N", "-f", cls.pwname], cls.reqdir)
# Now generate self-signed certs for a windows user
stdin_text = string.digits + string.ascii_letters[2:] + '\n'
tasks.run_certutil(master, [
'-S', '-s',
"cn=%s,dc=ad,dc=test" % cls.adcert1, '-n', cls.adcert1, '-x', '-t',
'CT,C,C', '-v', '120', '-m', '1234'
],
cls.reqdir,
stdin=stdin_text)
tasks.run_certutil(master, [
'-S', '-s',
"cn=%s,dc=ad,dc=test" % cls.adcert2, '-n', cls.adcert2, '-x', '-t',
'CT,C,C', '-v', '120', '-m', '1234'
],
cls.reqdir,
stdin=stdin_text)
# Export the previously generated cert
res = tasks.run_certutil(master, ['-L', '-n', cls.adcert1, '-a'],
cls.reqdir)
master.put_file_contents(
os.path.join(master.config.test_dir, cls.adcert1_file),
res.stdout_text)
res = tasks.run_certutil(master, ['-L', '-n', cls.adcert2, '-a'],
cls.reqdir)
master.put_file_contents(
os.path.join(master.config.test_dir, cls.adcert2_file),
res.stdout_text)
cls.cert1_base64 = cls.master.run_command(
"openssl x509 -outform der -in %s | base64 -w 0" %
cls.adcert1_file).stdout_text
cls.cert2_base64 = cls.master.run_command(
"openssl x509 -outform der -in %s | base64 -w 0" %
cls.adcert2_file).stdout_text
cls.cert1_pem = cls.master.run_command(
"openssl x509 -in %s -outform pem" % cls.adcert1_file).stdout_text
cls.cert2_pem = cls.master.run_command(
"openssl x509 -in %s -outform pem" % cls.adcert2_file).stdout_text
