def test_02_FineGrainedPasswordAccesptsValidPassword(self):
'''FGPP: Check fine grained password policy accepts valid password'''
# login as user
result = login_with_new_user(self.computer, self.userName, self.user.password,
newPassword='******', verifyPassword='******')
self.assertTrue(result, 'User was unable to login. Please look at the logs.')
self.addCleanup(self._closeConnection, result)
def test_55_CrossDomainuserLogin(self):
'''vastool: Cross Domain Login'''
crossUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossdomain.prefix), self.upnMode), password="******")
result = login_with_new_user(self.computer, crossUser.name, crossUser.password)
self.assertTrue(result.is_connected, 'Failed to login with cross domain user')
if result.is_connected:
result.closeConnection()
def setUpClass(cls):
cls.openSession = False
cls.groupName = "disGrp-{}".format(random.randrange(1000))
cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix)
cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix)
cls.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode)
cls.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode)
#cls.computer.startPamDebug()
#cls.computer.vastool.configureVas.debug_level('4')
output, result = cls.computer.vastool.setattrs(cls.testUser2Name,
"servicePrincipalName", "{}/{}".format(cls.testUser2Name, cls.defaultDomain.domain))
assert result, "Failed to set attributes"
cls.computer.vastool.configureVas.perm_disconnected_users("{}\\\\{}".format(cls.defaultDomain.prefix_upper, cls.testUser2Name))
cls.computer.libexec.confChangeNotification()
if cls.version < '4.0.2.240':
cls.computer.daemonRestart("vasd")
cls.computer.vasd.isReady()
cls.computer.libexec.vasdis_helper()
cls.computer.vastool.flush.auth()
testUser = User(name=cls.testUser1, password="******")
result = login_with_new_user(cls.computer, testUser.name, testUser.password)
assert result, 'Failed to login with new user'
if result:
result.closeConnection()
# get domain information
cls.forests = cls.computer.getForestDomains()
cls.domains = cls.computer.getServersFromForestDomains(cls.forests)
# Disconnect host from domains
result, cls.reconnectCmd = cls.computer.disconnectHosts(cls.domains)
disconnected.disconnected = True
def test_01_setup(self):
'''Nested User: setup'''
#vasUtilities.start_debug(self.computer, 5, False, True)
NestedUser.nuComputer = login_with_new_user(self.computer, self.nu.name, self.nu.password)
self.assertTrue(NestedUser.nuComputer.is_connected, 'Failed to login with nested user')
rc = self.computer.run("/opt/quest/bin/vastool nssdiag nssflush groups")
self.assertEqual(rc, 0)
if self.computer.os.find("mac") > -1:
self.computer.libexec.vasDSReload()
def test_01_upnLogin(self):
'''Vas.Conf [vasd]: allow-upn-login'''
self.assertTrue(self.computer.vastool.configureVas.allow_upn_login(True), 'Failed to set allow-upn-login to True')
self.addCleanup(self.computer.vastool.configureVas.allow_upn_login, False)
self.computer.daemonRestart("vasd")
TestUserObject = User(name="*****@*****.**", password="******")
loginTests.userLogin = login_with_new_user(loginTests, TestUserObject.name, TestUserObject.password)
self.addCleanup(self._closeConnection, loginTests.userLogin)
self.assertTrue(loginTests.userLogin, 'Failed to login with allowed user')
def test_01_FineGrainedPasswordRejectsInvalidPassword(self):
'''FGPP: Check fine grained password denies simple password'''
# login as user
self.computer.vastool.auth._auth(authUser=self.user, vastoolOptions="-d5")
# TODO: add verify password to login_with_new_user
result = login_with_new_user(self.computer, self.user.name, self.user.password,
newPassword='******', verifyPassword='******')
self.assertFalse(result.is_connected, 'User was able to login. Please look at the logs.')
self.addCleanup(self._closeConnection, result)
def test_03_DenyUsersAreDeniedAccess(self):
"""VGP: Check denied users are denied access"""
denyUser = User(
vasUtilities.get_user_name("deny{}".format(self.computer.suffix.upper()), self.upnMode),
"Test1234",
"/home/deny{}".format(self.computer.suffix.upper()),
)
userLoginDenied = login_with_new_user(self.computer, denyUser.name, denyUser.password)
self.assertFalse(userLoginDenied.is_connected, "User should not have logged in. Should have been denied")
if userLoginDenied:
userLoginDenied.closeConnection()
def setUpClass(cls):
# TODO: we might want some check to make sure vasclnt is installed before we do the test?
SecureIPC.regUser = User("max")
output = cls.computer.run("cat /etc/passwd", True, True)
if output.find("max:") > -1:
cls.computer.run("userdel {}".format(SecureIPC.regUser.name))
# vasUtilities.start_debug(cls.computer)
cls.computer.useradd(SecureIPC.regUser.name, shell="/bin/bash")
SecureIPC.regUserComp = login_with_new_user(cls.computer, SecureIPC.regUser.name, SecureIPC.regUser.password)
# assert SecureIPC.regUserComp.is_connected, "Failed to login with local user 'max'"
vasUtilities.installVasqa(cls.version, cls.computer)
def test_57_CrossForestuserLogin(self):
'''vastool: Cross forest Login'''
crossForestUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossforest.prefix), self.upnMode), password="******")
result = login_with_new_user(self.computer, crossForestUser.name, crossForestUser.password)
self.assertTrue(result.is_connected, 'Failed to login with cross domain user')
if result.is_connected:
result.closeConnection()
self.computer.vastool.configureVas.cross_forest_domains()
self.computer.libexec.confChangeNotification()
if self.version < '4.0.2.240':
self.assertTrue(self.computer.daemonRestart("vasd"), 'Failed to restart vasd')
self.assertTrue(self.computer.vasd.isReady(), 'Failed to verify vasd is running')
def setUpClass(cls):
if cls.computer.os.find("mac") > -1:
qastest = User("qastest")
osxVgp.licenseFile = "/home/qastest/qastest/licenses/VASMCX/4.0/Authentication_Services_for_Group_Policy_for_MAC_4_0.txt"
osxVgp.storage = "storage.qa.lab"
osxVgp.licenseLocation = "/etc/opt/quest/vas/.licenses/"
cls.computer.scp("{}:{}".format(osxVgp.storage, osxVgp.licenseFile), "{}".format(osxVgp.licenseLocation), qastest)
osxVgp.otherUser = login_with_new_user(cls.computer, "tu-{}".format(cls.computer.suffix), "Test123")
osxVgp.dc = ldapModifier(cls.defaultDomain.domain, domainAdmin=cls.domainAdmin)
compLocation = cls.computer.vasUtilities.locateComputerObject()
assert cls.computer.run("mkdir /tmp/denyApp/; ln -s /bin/echo /tmp/denyApp/echo") == 0, "unable to create dummy app"
osxVgp.dc.changeComputerContainer(cls.computer.hostname.split('.')[0],
compLocation, 'OU=macVGP,{}'.format(cls.defaultDomain.dn))
def test_48_ensureLocalUsersStillWork(self):
'''vastool: Ensure Local User'''
homeDirectory="/home/lclmap1"
if self.computer.os.find("mac") > -1:
homeDirectory="/Users/lclmap1"
self.computer.passwd("lclmap1", password="******")
testlocalUser = User(name="lclmap1", password="******", homeDirectory=homeDirectory)
if not self.computer.directoryExists(testlocalUser.homeDirectory):
self.computer.run("mkdir {}".format(testlocalUser.homeDirectory))
self.computer.run("chown {} {}".format(testlocalUser.name, testlocalUser.homeDirectory))
result = login_with_new_user(self.computer, testlocalUser.name, testlocalUser.password)
self.assertTrue(result, 'Failed to login with local user')
if result:
result.closeConnection()
def test_02_username_attr_name(self):
'''Vas.Conf [vasd]: username-attr-name'''
self.assertTrue(self.computer.vastool.configureVas.username_attr_name("userprincipalname"), 'Failed to set username-attr-name to userprincipalname')
self.addCleanup(self.computer.vastool.configureVas.username_attr_name())
(output, rCode, userName, uid) = self.computer.vastool.create.randomUser()
self.assertTrue(rCode, 'Failed to create user')
TestUser = User(userName, "Test123")
self.computer.vastool.setattrs(TestUser.name, attribute="userprincipalname", value="vasConUser")
output, result = self.computer.vastool.schema.cache()
self.assertTrue(result, 'Failed to cache schema')
result = login_with_new_user(self.computer, "vasConUser", "Test123")
self.addCleanup(self._closeConnection, result)
self.addCleanup(self._deleteUser, userName)
self.assertTrue(result, 'session failed to open')
def test_00_gssapiHostPrep(self):
'''GSSAPI: Host Prep'''
if self.computer.os.find('mac') > -1:
self.skipTest("No support for mac")
self.logger.info('No support for mac')
testUser = User(name=vasUtilities.get_user_name("gss-{}".format(self.computer.suffix), self.upnMode), password="******")
gssapi.userLogin = login_with_new_user(self.computer, testUser.name, testUser.password)
self.assertTrue(gssapi.userLogin.is_connected, 'Failed to login with gss user')
gssapi.host, rc = gssapi.userLogin.run("/opt/quest/bin/vastool ktutil list|awk '/host\// {print $3}'|head -1", True)
gssapi.host = gssapi.host.splitlines()
gssapi.host = gssapi.host.pop()
self.computer.run("/opt/quest/bin/vastool -u 'host/' kinit")
def test_06_loginandCheckMembership(self):
"""Virtual Primary Group: Login and check groups
Purpose: Check groups
Tags: vastool
Requirements: QAS installed
Component: vastool
"""
# Use new login
vpgUserSession = User(name=virtualPrimaryGroup.user, password="******")
result = login_with_new_user(self.computer, vpgUserSession.name, vpgUserSession.password)
self.assertTrue(result.is_connected, 'Failed to login with user')
groups, rCode = result.remoteShell.run("groups", returnOutput=True)
self.assertNotIn(virtualPrimaryGroup.user, groups, 'Should not have found name in group membership')
if result:
result.closeConnection()
def test_03(self):
'''admin-users: domain\sam'''
if not "mac" in self.computer.os:
self.skipTest("This test is only for Mac")
self.logger.info('This test is only for Mac')
self.computer.vastool.configureVas.admin_users(self.userDomain)
self.computer.libexec.confChangeNotification()
self.computer.libexec.vasDSReload()
loginShell = login_with_new_user(self.computer, self.domainUser, "Test123")
self.assertTrue(loginShell, 'Failed to login with user')
self.assertTrue(loginShell.run("groups|grep {}".format(self.group1))==0,"Failed to find {}".format(self.group1))
self.assertTrue(loginShell.run("groups|grep {}".format(self.group2))==0,"Failed to find {}".format(self.group2))
self.assertTrue(loginShell.run("groups|grep {}".format(self.group3))==0,"Failed to find {}".format(self.group3))
loginShell.closeConnection()
def test_01(self):
'''admin-users: group'''
if not "mac" in self.computer.os:
self.skipTest("This test is only for Mac")
self.logger.info('This test is only for Mac')
self.computer.vastool.configureVas.admin_users(self.adminGroup)
self.computer.libexec.confChangeNotification()
self.computer.libexec.vasDSReload()
self.computer.dscacheUtilFlush()
time.sleep(10)
loginShell = login_with_new_user(self.computer, self.baseUser, "Test123")
self.assertTrue(loginShell, 'Failed to login with user')
self.assertTrue(loginShell.run("groups|grep {}".format(self.group1))==0,"Failed to find {}".format(self.group1))
self.assertTrue(loginShell.run("groups|grep {}".format(self.group2))==0,"Failed to find {}".format(self.group2))
self.assertTrue(loginShell.run("groups|grep {}".format(self.group3))==0,"Failed to find {}".format(self.group3))
loginShell.closeConnection()
def setUpClass(cls):
allowDisconnectedAuth.openSession = False
allowDisconnectedAuth.groupName = "disGrp-{}".format(random.randrange(1000))
cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix)
cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix)
allowDisconnectedAuth.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode)
allowDisconnectedAuth.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode)
cls.computer.vastool.flush.auth()
result = login_with_new_user(cls.computer, allowDisconnectedAuth.testUser1, "Test123")
assert result, 'Failed to login with new user'
if result:
result.closeConnection()
# get domain information
allowDisconnectedAuth.forests = cls.computer.getForestDomains()
allowDisconnectedAuth.domains = cls.computer.getServersFromForestDomains(allowDisconnectedAuth.forests)
# Disconnect host from domains
result, allowDisconnectedAuth.reconnectCmd = cls.computer.disconnectHosts(allowDisconnectedAuth.domains)
allowDisconnectedAuth.disconnected = True
def test_03_CheckLocalUserUsesADPassword(self):
'''Self Enrollment: Check local user uses AD password'''
#time.sleep(30)
result = login_with_new_user(self.computer, self.localUser.name, self.adUser.password)
self.addCleanup(self._close, result)
self.assertTrue(result.is_connected, 'Login with ad user password failed')
