def install(cls, mh):
super(TestIDViews, cls).install(mh)
master = cls.master
client = cls.clients[0]
tasks.kinit_admin(master)
tasks.user_add(master,
cls.user1,
first='Test1',
extra_args=[
'--uid',
str(cls.user1_uid),
'--gidnumber',
str(cls.user1_gid),
])
tasks.user_add(master,
cls.user2,
first='Test2',
extra_args=[
'--uid',
str(cls.user2_uid),
'--gidnumber',
str(cls.user2_gid),
])
tasks.group_add(master,
cls.group1,
extra_args=['--gid', str(cls.group1_gid)])
master.run_command(['ipa', 'idview-add', cls.idview])
# add overrides for user1 and its default user group
master.run_command([
'ipa', 'idoverrideuser-add', cls.idview, cls.user1, '--uid',
str(cls.user1_uid_override), '--gid',
str(cls.user1_gid_override), '--homedir',
'/special-home/{}'.format(cls.user1), '--shell', '/bin/special'
])
master.run_command([
'ipa',
'idoverridegroup-add',
cls.idview,
cls.group1,
'--gid',
str(cls.group1_gid_override),
])
# ID view overrides don't work on IPA masters
master.run_command(
['ipa', 'idview-apply', cls.idview, '--hosts', client.hostname])
# finally restart SSSD to materialize idviews
client.run_command(['systemctl', 'restart', 'sssd.service'])
def create_test_objects(cls):
tasks.group_add(cls.master, cls.ipa_group)
for role in [
cls.test_role, cls.collision_role1, cls.collision_role2,
cls.collision_role3, cls.test_role_with_nonposix_chars
]:
cls.master.run_command(['ipa', 'role-add', role])
cls.master.run_command(['ipa', 'hbacrule-add', cls.test_hbac_rule])
cls.master.run_command([
'ipa', 'selinuxusermap-add', cls.test_selinux_map, '--selinuxuser',
cls.selinuxuser
])
def install(cls, mh):
super(TestIDViews, cls).install(mh)
master = cls.master
client = cls.clients[0]
tasks.kinit_admin(master)
tasks.user_add(
master, cls.user1, first='Test1',
extra_args=[
'--uid', str(cls.user1_uid),
'--gidnumber', str(cls.user1_gid),
]
)
tasks.user_add(
master, cls.user2, first='Test2',
extra_args=[
'--uid', str(cls.user2_uid),
'--gidnumber', str(cls.user2_gid),
]
)
tasks.group_add(
master, cls.group1, extra_args=['--gid', str(cls.group1_gid)]
)
master.run_command(['ipa', 'idview-add', cls.idview])
# add overrides for user1 and its default user group
master.run_command([
'ipa', 'idoverrideuser-add', cls.idview, cls.user1,
'--uid', str(cls.user1_uid_override),
'--gid', str(cls.user1_gid_override),
'--homedir', '/special-home/{}'.format(cls.user1),
'--shell', '/bin/special'
])
master.run_command([
'ipa', 'idoverridegroup-add', cls.idview, cls.group1,
'--gid', str(cls.group1_gid_override),
])
# ID view overrides don't work on IPA masters
master.run_command([
'ipa', 'idview-apply', cls.idview,
'--hosts', client.hostname
])
# finally restart SSSD to materialize idviews
client.run_command(['systemctl', 'restart', 'sssd.service'])
def test_ext_grp_with_ldap(self):
"""User and group with same name should not break reading AD user data.
Regression test for https://pagure.io/SSSD/sssd/issue/4073
When aduser is added in extrnal group and this group is added
in group with same name of nonprivate ipa user and possix id, then
lookup of aduser and group should be successful when cache is empty.
"""
cmd = self.master.run_command(['sssd', '--version'])
sssd_version = platform_tasks.parse_ipa_version(
cmd.stdout_text.strip())
if sssd_version <= platform_tasks.parse_ipa_version('2.2.2'):
pytest.skip("Fix for https://pagure.io/SSSD/sssd/issue/4073 "
"unavailable with sssd-2.2.2")
client = self.clients[0]
user = '******'
userid = '100996'
ext_group = 'ext-ipatest'
tasks.kinit_admin(self.master)
# add user with same uid and gidnumber
tasks.user_add(
self.master,
user,
extra_args=['--noprivate', '--uid', userid, '--gidnumber', userid])
# add group with same as user_name and user_id.
tasks.group_add(self.master, user, extra_args=['--gid', userid])
tasks.group_add(self.master, ext_group, extra_args=['--external'])
self.master.run_command(
['ipa', 'group-add-member', '--group', ext_group, user])
self.master.run_command([
'ipa', '-n', 'group-add-member', '--external',
self.users['ad']['name'], ext_group
])
tasks.clear_sssd_cache(self.master)
tasks.clear_sssd_cache(client)
try:
result = client.run_command(['id', self.users['ad']['name']])
assert '{uid}({name})'.format(uid=userid,
name=user) in result.stdout_text
finally:
self.master.run_command(['ipa', 'user-del', user])
self.master.run_command(['ipa', 'group-del', user, ext_group])
def install(cls, mh):
super(TestMemberManager, cls).install(mh)
master = cls.master
tasks.create_active_user(master, USER_MM, PASSWORD)
tasks.create_active_user(master, USER_INDIRECT, PASSWORD)
tasks.create_active_user(master, USER1, PASSWORD)
tasks.kinit_admin(master)
tasks.group_add(master, GROUP_INDIRECT)
master.run_command([
'ipa', 'group-add-member', GROUP_INDIRECT, '--users', USER_INDIRECT
])
tasks.user_add(master, USER2)
tasks.group_add(master, GROUP1)
tasks.group_add(master, GROUP2)
master.run_command(['ipa', 'hostgroup-add', HOSTGROUP1])
# make mmuser a member manager for group and hostgroup
master.run_command([
'ipa', 'group-add-member-manager', GROUP1,
'--users', USER_MM
])
master.run_command([
'ipa', 'hostgroup-add-member-manager', HOSTGROUP1,
'--users', USER_MM
])
# make indirect group member manager for group and hostgroup
master.run_command([
'ipa', 'group-add-member-manager', GROUP1,
'--groups', GROUP_INDIRECT
])
master.run_command([
'ipa', 'hostgroup-add-member-manager', HOSTGROUP1,
'--groups', GROUP_INDIRECT
])
tasks.kdestroy_all(master)