def test_02_FineGrainedPasswordAccesptsValidPassword(self): '''FGPP: Check fine grained password policy accepts valid password''' # login as user result = login_with_new_user(self.computer, self.userName, self.user.password, newPassword='******', verifyPassword='******') self.assertTrue(result, 'User was unable to login. Please look at the logs.') self.addCleanup(self._closeConnection, result)
def test_55_CrossDomainuserLogin(self): '''vastool: Cross Domain Login''' crossUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossdomain.prefix), self.upnMode), password="******") result = login_with_new_user(self.computer, crossUser.name, crossUser.password) self.assertTrue(result.is_connected, 'Failed to login with cross domain user') if result.is_connected: result.closeConnection()
def setUpClass(cls): cls.openSession = False cls.groupName = "disGrp-{}".format(random.randrange(1000)) cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix) cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix) cls.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode) cls.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode) #cls.computer.startPamDebug() #cls.computer.vastool.configureVas.debug_level('4') output, result = cls.computer.vastool.setattrs(cls.testUser2Name, "servicePrincipalName", "{}/{}".format(cls.testUser2Name, cls.defaultDomain.domain)) assert result, "Failed to set attributes" cls.computer.vastool.configureVas.perm_disconnected_users("{}\\\\{}".format(cls.defaultDomain.prefix_upper, cls.testUser2Name)) cls.computer.libexec.confChangeNotification() if cls.version < '4.0.2.240': cls.computer.daemonRestart("vasd") cls.computer.vasd.isReady() cls.computer.libexec.vasdis_helper() cls.computer.vastool.flush.auth() testUser = User(name=cls.testUser1, password="******") result = login_with_new_user(cls.computer, testUser.name, testUser.password) assert result, 'Failed to login with new user' if result: result.closeConnection() # get domain information cls.forests = cls.computer.getForestDomains() cls.domains = cls.computer.getServersFromForestDomains(cls.forests) # Disconnect host from domains result, cls.reconnectCmd = cls.computer.disconnectHosts(cls.domains) disconnected.disconnected = True
def test_01_setup(self): '''Nested User: setup''' #vasUtilities.start_debug(self.computer, 5, False, True) NestedUser.nuComputer = login_with_new_user(self.computer, self.nu.name, self.nu.password) self.assertTrue(NestedUser.nuComputer.is_connected, 'Failed to login with nested user') rc = self.computer.run("/opt/quest/bin/vastool nssdiag nssflush groups") self.assertEqual(rc, 0) if self.computer.os.find("mac") > -1: self.computer.libexec.vasDSReload()
def test_01_upnLogin(self): '''Vas.Conf [vasd]: allow-upn-login''' self.assertTrue(self.computer.vastool.configureVas.allow_upn_login(True), 'Failed to set allow-upn-login to True') self.addCleanup(self.computer.vastool.configureVas.allow_upn_login, False) self.computer.daemonRestart("vasd") TestUserObject = User(name="*****@*****.**", password="******") loginTests.userLogin = login_with_new_user(loginTests, TestUserObject.name, TestUserObject.password) self.addCleanup(self._closeConnection, loginTests.userLogin) self.assertTrue(loginTests.userLogin, 'Failed to login with allowed user')
def test_01_FineGrainedPasswordRejectsInvalidPassword(self): '''FGPP: Check fine grained password denies simple password''' # login as user self.computer.vastool.auth._auth(authUser=self.user, vastoolOptions="-d5") # TODO: add verify password to login_with_new_user result = login_with_new_user(self.computer, self.user.name, self.user.password, newPassword='******', verifyPassword='******') self.assertFalse(result.is_connected, 'User was able to login. Please look at the logs.') self.addCleanup(self._closeConnection, result)
def test_03_DenyUsersAreDeniedAccess(self): """VGP: Check denied users are denied access""" denyUser = User( vasUtilities.get_user_name("deny{}".format(self.computer.suffix.upper()), self.upnMode), "Test1234", "/home/deny{}".format(self.computer.suffix.upper()), ) userLoginDenied = login_with_new_user(self.computer, denyUser.name, denyUser.password) self.assertFalse(userLoginDenied.is_connected, "User should not have logged in. Should have been denied") if userLoginDenied: userLoginDenied.closeConnection()
def setUpClass(cls): # TODO: we might want some check to make sure vasclnt is installed before we do the test? SecureIPC.regUser = User("max") output = cls.computer.run("cat /etc/passwd", True, True) if output.find("max:") > -1: cls.computer.run("userdel {}".format(SecureIPC.regUser.name)) # vasUtilities.start_debug(cls.computer) cls.computer.useradd(SecureIPC.regUser.name, shell="/bin/bash") SecureIPC.regUserComp = login_with_new_user(cls.computer, SecureIPC.regUser.name, SecureIPC.regUser.password) # assert SecureIPC.regUserComp.is_connected, "Failed to login with local user 'max'" vasUtilities.installVasqa(cls.version, cls.computer)
def test_57_CrossForestuserLogin(self): '''vastool: Cross forest Login''' crossForestUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossforest.prefix), self.upnMode), password="******") result = login_with_new_user(self.computer, crossForestUser.name, crossForestUser.password) self.assertTrue(result.is_connected, 'Failed to login with cross domain user') if result.is_connected: result.closeConnection() self.computer.vastool.configureVas.cross_forest_domains() self.computer.libexec.confChangeNotification() if self.version < '4.0.2.240': self.assertTrue(self.computer.daemonRestart("vasd"), 'Failed to restart vasd') self.assertTrue(self.computer.vasd.isReady(), 'Failed to verify vasd is running')
def setUpClass(cls): if cls.computer.os.find("mac") > -1: qastest = User("qastest") osxVgp.licenseFile = "/home/qastest/qastest/licenses/VASMCX/4.0/Authentication_Services_for_Group_Policy_for_MAC_4_0.txt" osxVgp.storage = "storage.qa.lab" osxVgp.licenseLocation = "/etc/opt/quest/vas/.licenses/" cls.computer.scp("{}:{}".format(osxVgp.storage, osxVgp.licenseFile), "{}".format(osxVgp.licenseLocation), qastest) osxVgp.otherUser = login_with_new_user(cls.computer, "tu-{}".format(cls.computer.suffix), "Test123") osxVgp.dc = ldapModifier(cls.defaultDomain.domain, domainAdmin=cls.domainAdmin) compLocation = cls.computer.vasUtilities.locateComputerObject() assert cls.computer.run("mkdir /tmp/denyApp/; ln -s /bin/echo /tmp/denyApp/echo") == 0, "unable to create dummy app" osxVgp.dc.changeComputerContainer(cls.computer.hostname.split('.')[0], compLocation, 'OU=macVGP,{}'.format(cls.defaultDomain.dn))
def test_48_ensureLocalUsersStillWork(self): '''vastool: Ensure Local User''' homeDirectory="/home/lclmap1" if self.computer.os.find("mac") > -1: homeDirectory="/Users/lclmap1" self.computer.passwd("lclmap1", password="******") testlocalUser = User(name="lclmap1", password="******", homeDirectory=homeDirectory) if not self.computer.directoryExists(testlocalUser.homeDirectory): self.computer.run("mkdir {}".format(testlocalUser.homeDirectory)) self.computer.run("chown {} {}".format(testlocalUser.name, testlocalUser.homeDirectory)) result = login_with_new_user(self.computer, testlocalUser.name, testlocalUser.password) self.assertTrue(result, 'Failed to login with local user') if result: result.closeConnection()
def test_02_username_attr_name(self): '''Vas.Conf [vasd]: username-attr-name''' self.assertTrue(self.computer.vastool.configureVas.username_attr_name("userprincipalname"), 'Failed to set username-attr-name to userprincipalname') self.addCleanup(self.computer.vastool.configureVas.username_attr_name()) (output, rCode, userName, uid) = self.computer.vastool.create.randomUser() self.assertTrue(rCode, 'Failed to create user') TestUser = User(userName, "Test123") self.computer.vastool.setattrs(TestUser.name, attribute="userprincipalname", value="vasConUser") output, result = self.computer.vastool.schema.cache() self.assertTrue(result, 'Failed to cache schema') result = login_with_new_user(self.computer, "vasConUser", "Test123") self.addCleanup(self._closeConnection, result) self.addCleanup(self._deleteUser, userName) self.assertTrue(result, 'session failed to open')
def test_00_gssapiHostPrep(self): '''GSSAPI: Host Prep''' if self.computer.os.find('mac') > -1: self.skipTest("No support for mac") self.logger.info('No support for mac') testUser = User(name=vasUtilities.get_user_name("gss-{}".format(self.computer.suffix), self.upnMode), password="******") gssapi.userLogin = login_with_new_user(self.computer, testUser.name, testUser.password) self.assertTrue(gssapi.userLogin.is_connected, 'Failed to login with gss user') gssapi.host, rc = gssapi.userLogin.run("/opt/quest/bin/vastool ktutil list|awk '/host\// {print $3}'|head -1", True) gssapi.host = gssapi.host.splitlines() gssapi.host = gssapi.host.pop() self.computer.run("/opt/quest/bin/vastool -u 'host/' kinit")
def test_06_loginandCheckMembership(self): """Virtual Primary Group: Login and check groups Purpose: Check groups Tags: vastool Requirements: QAS installed Component: vastool """ # Use new login vpgUserSession = User(name=virtualPrimaryGroup.user, password="******") result = login_with_new_user(self.computer, vpgUserSession.name, vpgUserSession.password) self.assertTrue(result.is_connected, 'Failed to login with user') groups, rCode = result.remoteShell.run("groups", returnOutput=True) self.assertNotIn(virtualPrimaryGroup.user, groups, 'Should not have found name in group membership') if result: result.closeConnection()
def test_03(self): '''admin-users: domain\sam''' if not "mac" in self.computer.os: self.skipTest("This test is only for Mac") self.logger.info('This test is only for Mac') self.computer.vastool.configureVas.admin_users(self.userDomain) self.computer.libexec.confChangeNotification() self.computer.libexec.vasDSReload() loginShell = login_with_new_user(self.computer, self.domainUser, "Test123") self.assertTrue(loginShell, 'Failed to login with user') self.assertTrue(loginShell.run("groups|grep {}".format(self.group1))==0,"Failed to find {}".format(self.group1)) self.assertTrue(loginShell.run("groups|grep {}".format(self.group2))==0,"Failed to find {}".format(self.group2)) self.assertTrue(loginShell.run("groups|grep {}".format(self.group3))==0,"Failed to find {}".format(self.group3)) loginShell.closeConnection()
def test_01(self): '''admin-users: group''' if not "mac" in self.computer.os: self.skipTest("This test is only for Mac") self.logger.info('This test is only for Mac') self.computer.vastool.configureVas.admin_users(self.adminGroup) self.computer.libexec.confChangeNotification() self.computer.libexec.vasDSReload() self.computer.dscacheUtilFlush() time.sleep(10) loginShell = login_with_new_user(self.computer, self.baseUser, "Test123") self.assertTrue(loginShell, 'Failed to login with user') self.assertTrue(loginShell.run("groups|grep {}".format(self.group1))==0,"Failed to find {}".format(self.group1)) self.assertTrue(loginShell.run("groups|grep {}".format(self.group2))==0,"Failed to find {}".format(self.group2)) self.assertTrue(loginShell.run("groups|grep {}".format(self.group3))==0,"Failed to find {}".format(self.group3)) loginShell.closeConnection()
def setUpClass(cls): allowDisconnectedAuth.openSession = False allowDisconnectedAuth.groupName = "disGrp-{}".format(random.randrange(1000)) cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix) cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix) allowDisconnectedAuth.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode) allowDisconnectedAuth.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode) cls.computer.vastool.flush.auth() result = login_with_new_user(cls.computer, allowDisconnectedAuth.testUser1, "Test123") assert result, 'Failed to login with new user' if result: result.closeConnection() # get domain information allowDisconnectedAuth.forests = cls.computer.getForestDomains() allowDisconnectedAuth.domains = cls.computer.getServersFromForestDomains(allowDisconnectedAuth.forests) # Disconnect host from domains result, allowDisconnectedAuth.reconnectCmd = cls.computer.disconnectHosts(allowDisconnectedAuth.domains) allowDisconnectedAuth.disconnected = True
def test_03_CheckLocalUserUsesADPassword(self): '''Self Enrollment: Check local user uses AD password''' #time.sleep(30) result = login_with_new_user(self.computer, self.localUser.name, self.adUser.password) self.addCleanup(self._close, result) self.assertTrue(result.is_connected, 'Login with ad user password failed')