def samba_share_permissions(session_multihost, request):
""" Set permissions on samba share """
smbTools = sambaTools(session_multihost.master[0], session_multihost.ad[0])
adops = ADOperations(session_multihost.ad[0])
share_name = 'share1'
share_path = '/mnt/samba/%s' % share_name
smbTools.create_samba_share(share_path)
realm = session_multihost.ad[0].realm
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
all_group = 'idmfooallgroup'
adops.delete_ad_user_group(ad_group)
adops.delete_ad_user_group(ad_user)
adops.delete_ad_user_group(all_group)
adops.create_ad_unix_group(all_group)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
adops.create_ad_unix_user_group(ad_user, ad_group)
adops.add_user_member_of_group(all_group, ad_user)
session_multihost.master[0].service_sssd('restart')
time.sleep(30)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
directory = '/mnt/samba/share1/idmfoogroup%d' % idx
create_dir = 'mkdir -p %s' % directory
session_multihost.master[0].run_command(create_dir)
chmod = 'chmod 2770 %s' % directory
session_multihost.master[0].run_command(chmod)
chgrp = "chgrp '%s@%s' %s " % (ad_group, realm, directory)
session_multihost.master[0].run_command(chgrp)
all_group = 'idmfooallgroup'
common_dir = 'mkdir -p /mnt/samba/share1/allgroup'
session_multihost.master[0].run_command(common_dir)
chgrp = "chgrp '%s@%s' /mnt/samba/share1/allgroup " % (all_group, realm)
chmod = "chmod 2770 /mnt/samba/share1/allgroup"
session_multihost.master[0].run_command(chgrp)
session_multihost.master[0].run_command(chmod)
# create mount point on client
mount_point = 'mkdir -p %s' % share_path
session_multihost.client[0].run_command(mount_point)
def delete_share_directory():
""" Delete share directory """
print("we are deleting samba share directory")
smbTools.delete_samba_share(share_path)
remove_mount_point = "rm -rf %s" % share_path
session_multihost.client[0].run_command(remove_mount_point)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
all_group = 'idmfooallgroup'
adops.delete_ad_user_group(ad_group)
adops.delete_ad_user_group(all_group)
adops.delete_ad_user_group(ad_user)
request.addfinalizer(delete_share_directory)
def test_idview_override_group_fails(multihost, create_aduser_group):
"""
:title: IPA clients fail to resolve override group names in custom view
:id: 7a0dc871-fdad-4c07-9d07-a092baa83178
:customerscenario: true
:bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=2004406
https://bugzilla.redhat.com/show_bug.cgi?id=2031729
:description: Overriding both user and group names and ids in
an idview for user and group from AD results in error in sssd
when running id command.
:setup:
1. Create user and group (group1) on AD.
2. Make AD user member of group1.
3. Create additional group (group2) on AD.
:steps:
1. ID views to override AD groupname and gid of group1.
2. ID views to override AD groupname and gid of group2.
3. ID view to override AD username, uid and gid (to gid of group2).
4. Run an "id" command for the override user.
:expectedresults:
1. View with an override is created.
2. View with an override is created.
3. User override is added to the view.
4. Id command succeeds, group override is visible, all groups are
properly resolved.
"""
(aduser, adgroup) = create_aduser_group
run_id_int = random.randint(9999, 999999)
adgroup2 = f"group2_{run_id_int}"
ado = ADOperations(multihost.ad[0])
ado.create_ad_unix_group(adgroup2)
domain = multihost.ad[0].domainname
ipa_client = sssdTools(multihost.client[0])
ipa_client.clear_sssd_cache()
view = f'prygl_trust_view_{run_id_int}'
create_view = f'ipa idview-add {view}'
multihost.master[0].run_command(create_view, raiseonerr=False)
create_grp_override = f'ipa idoverridegroup-add "{view}" ' \
f'{adgroup}@{domain} --group-name ' \
f'"borci{run_id_int}" --gid={run_id_int+1}'
multihost.master[0].run_command(create_grp_override, raiseonerr=False)
create_grp2_override = f'ipa idoverridegroup-add "{view}" ' \
f'{adgroup2}@{domain} --group-name ' \
f'"magori{run_id_int}" --gid={run_id_int+2}'
multihost.master[0].run_command(create_grp2_override, raiseonerr=False)
create_user_override = f'ipa idoverrideuser-add "{view}" ' \
f'{aduser}@{domain} --login ferko{run_id_int} ' \
f'--uid=50001 --gidnumber={run_id_int+2}'
multihost.master[0].run_command(create_user_override, raiseonerr=False)
# Apply the view on client
multihost.master[0].run_command(
f"ipa idview-apply '{view}' --hosts="
f"{multihost.client[0].sys_hostname}",
raiseonerr=False)
ipa_client.clear_sssd_cache()
time.sleep(5)
cmd = multihost.client[0].run_command(f'id ferko{run_id_int}@{domain}',
raiseonerr=False)
# TEARDOWN
ado.delete_ad_user_group(adgroup2)
multihost.master[0].run_command(f'ipa idview-del {view}',
raiseonerr=False)
# Test result Evaluation
assert cmd.returncode == 0, f"User {aduser} was not found."
assert f"borci{run_id_int}@{domain}" in cmd.stdout_text,\
f"Group 1 {adgroup} name was not overridden/resolved."
assert f"magori{run_id_int}@{domain}" in cmd.stdout_text,\
f"Group 2 {adgroup2} name was not overridden/resolved."
assert f"{run_id_int+1}" in cmd.stdout_text,\
"Group 1 id was not overridden."
assert f"{run_id_int+2}" in cmd.stdout_text,\
"Group 2 id was not overridden."
assert f"domain users@{domain}" in cmd.stdout_text, \
"Group domain users is missing."