def test_03_vastoolListUserintoCache(self):
     """Workstation Mode: List user into cache
     Purpose: List a user into cache
     Tags: vastool, list users, workstation
     Requirements: QAS installed and joined
     Component: vastool 
     
     Steps:
     1. Install current release of QAS; QAS should install without errors
     * /mnt/vas/dev-builds/QAS-4.0.3.130/install.sh -q vasclnt vasgp vasyp vasproxy; Should install QAS and components without errors
     2. Join using the -w option: vasstool -u Administrator -w test123 join -f -w a.sb; Should join in workstation mode without errors
     3. List user: vastool list user tu-1-a; Should have listed the user into the cache in workstation mode. 
     """
     self.assertTrue(
         self.computer.vastool.list.user(
             vasUtilities.get_user_name("tu-1-{}".format(self.defaultDomain.prefix), self.upnMode)
         )[1],
         "Should have listed user into cache",
     )
     self.assertTrue(
         self.computer.vastool.list.user(
             vasUtilities.get_user_name("tu-1-{}".format(self.defaultDomain.prefix), self.upnMode), "c"
         )[1],
         "Failed to list users",
     )
 def setUpClass(cls):
     # Override Fields
     cls.userOverRideFile = "/etc/opt/quest/vas/user-override"
     cls.groupOverRideFile = "/etc/opt/quest/vas/group-override"
     
     #vasUtilities.start_ds_plugin_debug(cls.computer)
     #vasUtilities.start_debug(cls.computer, 4, True, True)
     cls.testUser1 = vasUtilities.get_user_name("Ouser-{}1".format(cls.computer.suffix), cls.upnMode)
     cls.testUser2 = vasUtilities.get_user_name("Ouser-{}2".format(cls.computer.suffix), cls.upnMode)
     cls.testUser3 = vasUtilities.get_user_name("Ouser-{}3".format(cls.computer.suffix), cls.upnMode)
     cls.testUser4 = vasUtilities.get_user_name("Ouser-{}4".format(cls.computer.suffix), cls.upnMode)
     cls.testUser5 = vasUtilities.get_user_name("Ouser-{}5".format(cls.computer.suffix), cls.upnMode)
     
     cls.testGroup1 = "og-{}1".format(cls.computer.suffix)
     cls.testGroup2 = "og-{}2".format(cls.computer.suffix)
     cls.testGroup3 = "og-{}3".format(cls.computer.suffix)
     cls.testGroup4 = "og-{}4".format(cls.computer.suffix)
     
     cls.overrideUserObject = User(name="spango", password='******')
     
     cls.computer.clearFile(cls.userOverRideFile)
     cls.computer.clearFile(cls.groupOverRideFile)
     
     cls.computer.vasUtilities.addUserOverride(cls.testUser1, "spango", "311113", "1066", "spancos", "/home/spango", "/bin/sh", upnMode=cls.upnMode)
     cls.computer.vasUtilities.addUserOverride(cls.testUser2, shell="/bin/ksh", upnMode=cls.upnMode)
     cls.computer.vasUtilities.addUserOverride(cls.testUser3, homedir="/home/skywalker", upnMode=cls.upnMode)
     cls.computer.vasUtilities.addUserOverride(cls.testUser4, gecos="Luke", upnMode=cls.upnMode)
     cls.computer.vasUtilities.addUserOverride(cls.testUser5, uid="1224", gid="2002", upnMode=cls.upnMode)
     
     cls.computer.vasUtilities.addGroupOverride(cls.testGroup1, name="SpangoGroup", gid="5150", members="joeDirt")
     cls.computer.vasUtilities.addGroupOverride(cls.testGroup2, gid="3113")
     cls.computer.vasUtilities.addGroupOverride(cls.testGroup3, members="darthVader")
     cls.computer.vasUtilities.addGroupOverride(cls.testGroup4, name="singleGroup")
     
     cls.computer.libexec.vas_ovrdupd("-d -g5") 
    def setUpClass(cls):
	
	cls.allowFile = "/etc/opt/quest/vas/users.allow"
	cls.denyFile = "/etc/opt/quest/vas/users.deny"
	cls.openSession = False
	       
	cls.acGroup = "tg-32tu-{}".format(cls.defaultDomain.prefix)
	    
	#logonUser = "******"
	#logonUserObject = User(name=logonUser, password='******')
	cls.badHostName = "BogusHost"
	
	cls.winDenyUser = "******".format(cls.defaultDomain.prefix)
	cls.winDenyUserName = vasUtilities.get_user_name(cls.winDenyUser, cls.upnMode)
	cls.winDenyUserObject = User(name=cls.winDenyUserName, password='******')
	cls.winAllowUser = "******".format(cls.defaultDomain.prefix)
	cls.winAllowUserName = vasUtilities.get_user_name(cls.winAllowUser, cls.upnMode)
	cls.winAllowUserObject = User(name=cls.winAllowUserName, password='******')
	
        cls.dc = ldapModifier(cls.defaultDomain.domain, cls.domainAdmin)
        cls.Hname = cls.computer.hostname.split(".")[0]
        cls.newHostname = "{}-{}".format(cls.computer.hostname,random.randrange(99)) 
        cls.computer.vastool.configureVas.use_log_on_to(True)
        cls.computer.vastool.join(cls.domain,altUsersPath=cls.computer.ou,altGroupPath=cls.computer.ou,computer=cls.newHostname, upnMode=cls.upnMode)
	(output, returnCode, cls.logonUser, uid) = cls.computer.vastool.create.randomUser()
	cls.logonUserObject = User(name=cls.logonUser, password='******')
 def setUpClass(cls):
     cls.openSession = False
     cls.groupName = "disGrp-{}".format(random.randrange(1000))
     
     cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix)
     cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix)
     cls.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode)
     cls.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode)
     
     #cls.computer.startPamDebug()
     #cls.computer.vastool.configureVas.debug_level('4')
     output, result = cls.computer.vastool.setattrs(cls.testUser2Name, 
                                                    "servicePrincipalName", "{}/{}".format(cls.testUser2Name, cls.defaultDomain.domain))
     assert result, "Failed to set attributes"
     cls.computer.vastool.configureVas.perm_disconnected_users("{}\\\\{}".format(cls.defaultDomain.prefix_upper, cls.testUser2Name))
     cls.computer.libexec.confChangeNotification()
     if cls.version < '4.0.2.240':
         cls.computer.daemonRestart("vasd")
         cls.computer.vasd.isReady() 
     cls.computer.libexec.vasdis_helper()
     cls.computer.vastool.flush.auth()
     
     testUser = User(name=cls.testUser1, password="******")
     result = login_with_new_user(cls.computer, testUser.name, testUser.password)
     assert result, 'Failed to login with new user'
     if result:
         result.closeConnection()
     
     # get domain information
     cls.forests = cls.computer.getForestDomains()
     cls.domains = cls.computer.getServersFromForestDomains(cls.forests)
     
     # Disconnect host from domains
     result, cls.reconnectCmd = cls.computer.disconnectHosts(cls.domains)
     disconnected.disconnected = True
    def setUpClass(cls):
        
        cls.user = "******".format(cls.defaultDomain.prefix)
        cls.userName = vasUtilities.get_user_name(cls.user, cls.upnMode)
        cls.otherUser = "******".format(cls.defaultDomain.prefix)
        cls.otherUserName = vasUtilities.get_user_name(cls.otherUser, cls.upnMode)
        password = "******"
        cls.computer.vastool.configureVas.renew_lifetime("6000")
        cls.computer.vastool.configureVas.ticket_lifetime("300")        
        cls.computer.libexec.confChangeNotification()
        autoTicketRenew.ticketShell = False

        cls.userObject = User(name=cls.userName, password=password)
        cls.otherUserObject = User(name=cls.otherUserName, password=password)
예제 #6
0
    def setUpClass(cls):
        
        vasypBuild.resume = True

        cls.domainName = cls.defaultDomain.domain
        cls.nisOU = "ou=nis,{}".format(cls.defaultDomain.dn)
        cls.userName = "******".format(cls.computer.suffix)
        cls.user = vasUtilities.get_user_name(cls.userName, cls.upnMode)
        
        cls.group = "tg-{}".format(cls.computer.suffix)
        cls.newmap = "new{}{}".format(cls.computer.suffix, random.randrange(99))
        if 'mac' not in cls.computer.os:
            cls.computer.run("date", False, False)
            if 'HP-UX' in cls.computer.os:
                nameserverFile = "/etc/rc.config.d/namesvrs"
                cls.computer.run("perl -pi -e 's/NIS_DOMAIN=.*/NIS_DOMAIN={}/' {}".format(cls.domainName, nameserverFile))
            cls.computer.configureNisClient(cls.domainName)
            cls.computer.vastool.configure.vas("vasypd", "search-base", "{}".format(cls.nisOU))
            cls.computer.remoteShell.run('/bin/domainname {}'.format(cls.domainName))
            cls.computer.run('/opt/quest/sbin/vasypd -x')
            cls.computer.vasypd.start()  
            output, result = cls.computer.psg('yp')
            output, result = cls.computer.psg('vasypd')
            assert result==0, 'vasypd is not running'
            
            cls.computer.ypbind('start')
            cls.computer.vastool.flush()
            if 'aix' in cls.computer.os:
                cls.computer.run("ypset localhost")
    def setUpClass(cls):
        cls.denyFile = "/etc/opt/quest/vas/users.deny"
        cls.allowFile = "/etc/opt/quest/vas/users.allow"
        cls.group = "tg-{}".format(cls.computer.suffix)
        cls.user = "******".format(cls.computer.suffix)

        cls.allowUser = "******".format(cls.defaultDomain.prefix)
        cls.denyUser = "******".format(cls.defaultDomain.prefix)
        cls.computer.vasUtilities.addDenyRule(cls.denyUser)
        cls.computer.vasUtilities.addAllowRule(cls.allowUser)
        cls.computer.libexec.vasac_helperSetLocal()

        cls.changeUser = cls.computer.vastool.create.randomUser()[2]
        cls.changedName = "new{}".format(cls.changeUser)
        cls.adUser_Name = "adse{}".format(cls.computer.suffix)
        cls.adUserName = vasUtilities.get_user_name(cls.adUser_Name, cls.upnMode)
        cls.adgroup = cls.computer.vastool.create.group(
            "adg{}{}".format(cls.computer.suffix, random.randrange(99)), unixEnabled=False
        )
        gid = cls.computer.vasUtilities.generateUniqueGID()
        cls.changeGroup = cls.computer.vastool.create.group(
            "cgrp{}{}".format(cls.computer.suffix, random.randrange(99)), gid=gid
        )
        cls.changedGName = "new{}".format(cls.changeGroup)
        cls.cduser = "******".format(cls.crossdomain.prefix)
        cls.cdgroup = "tg-1-{}".format(cls.crossdomain.prefix)
        cls.cfuser = "******".format(cls.crossdomain.prefix_upper, cls.crossdomain.prefix)
        cls.cfgroup = "{}\\tg-1-{}".format(cls.crossdomain.prefix_upper, cls.crossdomain.prefix)
        cls.ladUser = "******".format(cls.computer.suffix, random.randrange(99))
        cls.computer.vastool.create.user(cls.ladUser, password="******", unixEnabled=False)
        cls.ladGroup = "ladg{}{}".format(cls.computer.suffix, random.randrange(99))
        cls.computer.vastool.create.group(cls.ladGroup, unixEnabled=False)
 def test_55_CrossDomainuserLogin(self):
     '''vastool: Cross Domain Login'''
     crossUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossdomain.prefix), self.upnMode), password="******")
     result = login_with_new_user(self.computer, crossUser.name, crossUser.password)
     self.assertTrue(result.is_connected, 'Failed to login with cross domain user')
     if result.is_connected:
         result.closeConnection()
 def test_56_crossForestListUser(self):
     '''vastool: list cross forest user'''
     #self.computer.libexec.confChangeNotification() #This shouldn't be here, but might be what's causing bug 27888
     if self.version < '4.0.2.240':
         self.assertTrue(self.computer.daemonRestart("vasd"), 'Failed to restart vasd')
         self.assertTrue(self.computer.vasd.isReady(), 'Failed to verify vasd is running')
     output, result = self.computer.vastool.list.user(vasUtilities.get_user_name("tu-5-{}".format(self.crossforest.prefix), self.upnMode))
     self.assertIsNotNone(output, 'Failed to list user from cross forest')
     self.assertTrue(result, 'Failed to list user')
 def setUpClass(cls):
     cls.authuser = User("{}@{}".format(cls.winUser, cls.schemalessDomain.domain_upper), cls.winPasswd)
     
     # Users and Groups information
     cls.testUser = vasUtilities.get_user_name("ssu", cls.upnMode)
     cls.groupName = "ssg"
     cls.userLogin = None
     cls.userCreated = False
     cls.groupCreated = False 
예제 #11
0
 def setUpClass(cls):
     pamPrompts.pwlCheck = False
     pamPrompts.pwCheck = False
     pamPrompts.loCheck = False
     cls.pwPrompt = "ENTER PASSWORD FOR {}:     "
     cls.pwUserName = "******".format(cls.defaultDomain.prefix)
     cls.pwUser = vasUtilities.get_user_name(cls.pwUserName, cls.upnMode)
     cls.pwPass = "******"
     cls.pwLclPrompt = "ENTER PASSWORD FOR LOCAL {}:     "
     cls.pwLclUser = "******"
     cls.pwLclPass = "******"
     cls.pwDisPrompt = "CALL HELPDESK FOR {}     "
     cls.pwDisUserName = "******".format(cls.defaultDomain.prefix)
     cls.pwDisUser = vasUtilities.get_user_name(cls.pwDisUserName, cls.upnMode)
     cls.pwDisPass = "******"
     cls.loUserName = "******" #This user is on b.sb. Hopefully he doesn't get deleted.
     cls.loUser = vasUtilities.get_user_name(cls.loUserName, cls.upnMode)
     cls.lockPrompt = "Locked out, Yo."
     cls.computer.vastool.list.user(cls.loUser, "f")
예제 #12
0
 def setUpClass(cls):
     cls.sysUser = "******".format(cls.computer.suffix)
     vastool.gid = cls.computer.vasUtilities.generateUniqueGID()
     cls.computer.vastool.configureVas.cross_forest_domains(cls.crossforest.domain)
     #vasUtilities.start_ds_plugin_debug(cls.computer)
     #vasUtilities.start_debug(cls.computer, 4, True)
     
     vastool.groupName = "stg{}".format(random.randrange(99999))
     vastool.loadUser = vasUtilities.get_user_name("slu{}".format(random.randrange(99999)), cls.upnMode)
     vastool.loadGroup = "slg{}".format(random.randrange(99999))
     vastool.localUser = "******".format(random.randrange(9999))
 def test_03_DenyUsersAreDeniedAccess(self):
     """VGP: Check denied users are denied access"""
     denyUser = User(
         vasUtilities.get_user_name("deny{}".format(self.computer.suffix.upper()), self.upnMode),
         "Test1234",
         "/home/deny{}".format(self.computer.suffix.upper()),
     )
     userLoginDenied = login_with_new_user(self.computer, denyUser.name, denyUser.password)
     self.assertFalse(userLoginDenied.is_connected, "User should not have logged in. Should have been denied")
     if userLoginDenied:
         userLoginDenied.closeConnection()
 def setUpClass(cls):
     legacyAuth.testUser = vasUtilities.get_user_name("tu-{}".format(cls.computer.suffix), cls.upnMode)
     cls.computer.vastool.configureVas.cache_unix_password("true")
     cls.computer.vastool.configureVas.unix_password_attr_name("userPrincipalName")
     cls.computer.vastool.configureVas.provide_password_hash("true")
     cls.computer.libexec.confChangeNotification()
     if cls.version < '4.0.2.240':
         cls.computer.daemonRestart("vasd")
         cls.computer.vasd.isReady()
     cls.computer.vastool.flush.default()
     legacyAuth.configured = True
예제 #15
0
 def test_20(self):
     '''vasyp: ypmatch cross-domain user'''
     self.skipIfOsIs('mac')
     if vasypBuild.resume:
         cduserName = "******".format(self.crossdomain.prefix)
         cduser = vasUtilities.get_user_name(cduserName, self.upnMode)
         self.computer.vastool.list.user(cduser)
         output, result = self.computer.ypmatch("passwd", cduser)
         self.assertTrue(result, "ypmatch passwd did not find {}".format(cduser))
         self.assertGreater(output.find(cduser), -1, 'user was not displayed from ypmatch')
     else:
         self.assertTrue(vasypBuild.resume, 'Previous tests failed so we are skipping')
예제 #16
0
 def test_57_CrossForestuserLogin(self):
     '''vastool: Cross forest Login'''
     crossForestUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossforest.prefix), self.upnMode), password="******")
     result = login_with_new_user(self.computer, crossForestUser.name, crossForestUser.password)
     self.assertTrue(result.is_connected, 'Failed to login with cross domain user')
     if result.is_connected:
         result.closeConnection()
     self.computer.vastool.configureVas.cross_forest_domains()
     self.computer.libexec.confChangeNotification()
     if self.version < '4.0.2.240':
         self.assertTrue(self.computer.daemonRestart("vasd"), 'Failed to restart vasd')
         self.assertTrue(self.computer.vasd.isReady(), 'Failed to verify vasd is running')
예제 #17
0
 def test_01(self):
     '''Pam Logging: log-all-auths'''
     
     self.computer.vastool.configureVas.log_all_auths(True)
     self.computer.libexec.confChangeNotification()
     checkMe = User(vasUtilities.get_user_name('tu-{}'.format(self.computer.suffix), self.upnMode), 'Test123')
     self.computer.userLoginLogout(checkMe.name, checkMe.password)
     #if self.version > '4.1':
     #    checkThis = "'login: <succeeded> type: <Active Directory> user:'******'Authentication <succeeded> for <Active Directory> user'" 
     self.assertTrue(self.computer.remoteShell.run('grep {} {}'.format(checkThis, pamLogging.logFile)) == 0, 
                     'Could not find log-all-auths logging')
    def setUpClass(cls):
        allowDisconnectedAuth.openSession = False
        allowDisconnectedAuth.groupName = "disGrp-{}".format(random.randrange(1000))

        cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix)
        cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix) 
        allowDisconnectedAuth.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode)
        allowDisconnectedAuth.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode)
        
        cls.computer.vastool.flush.auth()
        
        result = login_with_new_user(cls.computer, allowDisconnectedAuth.testUser1, "Test123")
        assert result, 'Failed to login with new user'
        if result:
            result.closeConnection()
        
        # get domain information
        allowDisconnectedAuth.forests = cls.computer.getForestDomains()
        allowDisconnectedAuth.domains = cls.computer.getServersFromForestDomains(allowDisconnectedAuth.forests)
        
        # Disconnect host from domains
        result, allowDisconnectedAuth.reconnectCmd = cls.computer.disconnectHosts(allowDisconnectedAuth.domains)
        allowDisconnectedAuth.disconnected = True
예제 #19
0
 def test_23(self):
     '''vasyp: ypmatch lowercase user'''
     self.skipIfOsIs('mac')
     if vasypBuild.resume:
         self.computer.vastool.configureVas.lowercase_names("true")
         self.computer.vastool.flush()
         lowuserName = "******".format(self.defaultDomain.prefix)
         lowuser = vasUtilities.get_user_name(lowuserName, self.upnMode)
         self.computer.vastool.list.user(lowuser)
         output, result = self.computer.ypmatch("passwd", lowuser)
         self.assertTrue(result, "ypmatch passwd did not find {}".format(lowuser))
         self.assertGreater(output.find(lowuser.lower()), -1, 'user was not displayed in lowercase')
     else:
         self.assertTrue(vasypBuild.resume, 'Previous tests failed so we are skipping')
예제 #20
0
    def test_00_gssapiHostPrep(self):
        '''GSSAPI: Host Prep'''
        if self.computer.os.find('mac') > -1:
            self.skipTest("No support for mac")
            self.logger.info('No support for mac')
        
        testUser = User(name=vasUtilities.get_user_name("gss-{}".format(self.computer.suffix), self.upnMode), password="******")            
        gssapi.userLogin = login_with_new_user(self.computer, testUser.name, testUser.password)
        self.assertTrue(gssapi.userLogin.is_connected, 'Failed to login with gss user')

        gssapi.host, rc = gssapi.userLogin.run("/opt/quest/bin/vastool ktutil list|awk '/host\// {print $3}'|head -1", True)
        gssapi.host = gssapi.host.splitlines()
        gssapi.host = gssapi.host.pop()
        self.computer.run("/opt/quest/bin/vastool -u 'host/' kinit")
    def setUpClass(cls):
        bDisconnected.openSession = False

        cls.testUser1name = "DUser-{}1".format(cls.computer.suffix)
        cls.testUser2name = "DUser-{}2".format(cls.computer.suffix)
        bDisconnected.testUser1 = vasUtilities.get_user_name(cls.testUser1name, cls.upnMode)
        bDisconnected.testUser2 = vasUtilities.get_user_name(cls.testUser2name, cls.upnMode)
        
        cls.pdUsername = "******".format(cls.computer.suffix)
        bDisconnected.pdUser = vasUtilities.get_user_name(cls.pdUsername, cls.upnMode)
        bDisconnected.pdGroup = "A\\\\tg-{}".format(cls.computer.suffix)
        
        cls.computer.vastool.flush.auth()
        
        testUser = User(name=bDisconnected.testUser1, password="******")
        cls.computer.userLoginLogout(testUser.name, testUser.password)        

        cls.prompt = "Disconnected Prompt:"
        cls.pdprompt = "Permanent Disconnected Password:"******"3")
        cls.computer.libexec.confChangeNotification()
 def setUpClass(cls):
     #setup user localse{suffix} adse{suffix}    
     cls.adUser_Name = "adse{}".format(cls.computer.suffix)
     cls.adUserName = vasUtilities.get_user_name(cls.adUser_Name, cls.upnMode)
     cls.localUser = User("localse{}".format(cls.computer.suffix), "Test311")
     cls.adUser = User("{}/{}".format(cls.domain, cls.adUser_Name), "Test1234")
     cls.computer.run("cat /dev/null > /etc/opt/quest/vas/automatic_mappings")
     #cls.computer.run("/opt/quest/libexec/pam/config_pam MODIFY -m pam_vas3 -c auth -s sshd -o debug")
     cls.computer.vastool.configureVas.enable_self_enrollment("true")
     #vasUtilities.start_debug(cls.computer, 4, True, True)
     cls.computer.libexec.confChangeNotification()
     if cls.version < '4.0.2.240':
         cls.computer.daemonRestart("vasd")
         cls.computer.vasd.isReady()
    def setUpClass(cls):  
        cls.mapDir = "/tmp/mapMe"
        cls.adUser1Name = "MUser-{}1".format(cls.computer.suffix)
        cls.adUser2Name = "MUser-{}2".format(cls.computer.suffix)
        cls.adUser1 = vasUtilities.get_user_name(cls.adUser1Name, cls.upnMode)
        cls.adUser2 = vasUtilities.get_user_name(cls.adUser2Name, cls.upnMode)
        cls.localUser1 = "lclmap1"
        cls.localUser2 = "lclmap2"

        # Create user map directory
        cls.computer.run("touch {}".format(cls.mapDir))
        
        # Map ad user to local user
        cls.logger.info("Creating mapfile...")
        cls.computer.run("printf '{}:{}pn@{}' > {}".format(cls.localUser1, cls.adUser1Name, cls.defaultDomain.domain, cls.mapDir))
        
        # Configure user mapping by editing the /etc/passwd file with perl  lclmap2:!:219:1::/home/lclmap2:/usr/bin/ksh
        if not 'mac' in cls.computer.os:
            cls.logger.info("Adding AD user to /etc/passwd")
            cls.logger.warning("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser2,
                                                cls.adUser2, cls.defaultDomain.domain))
            cls.computer.run("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser2, 
                                                                                                    cls.adUser2, cls.defaultDomain.domain))
 def setUpClass(cls):
     cls.denyFile = "/etc/opt/quest/vas/users.deny" 
     cls.allowFile = "/etc/opt/quest/vas/users.allow"
     cls.user = "******".format(cls.defaultDomain.prefix)
     cls.userName = vasUtilities.get_user_name(cls.user, cls.upnMode)
     cls.uid = "1004" #will probably have to fix this...
     cls.computer.vasUtilities.addDenyRule(cls.user)
     cls.computer.libexec.vasac_helperSetLocal()
     cls.computer.vastool.configureVas.check_host_access(True)
     cls.computer.libexec.confChangeNotification()
     #cls.computer.daemonRestart("vasd") 
     #cls.computer.vasd.isReady()
     cls.computer.vastool.list.user(cls.userName,"f") #trying this for a while
     if cls.computer.os == "mac":           
         cls.computer.dscacheUtilFlush()
     if cls.computer.os == "solaris":
         cls.computer.run("""/etc/init.d/nscd stop""")
         cls.computer.run("""/etc/init.d/nscd start""")
     if cls.computer.os == "solaris" or "hpux":
         time.sleep(10)            
 def setUpClass(cls):
     # TODO: Functionalize fine grained password policy setup
     cls.userName = '******'.format(cls.computer.suffix)
     cls.user = User(vasUtilities.get_user_name(cls.userName, cls.upnMode), "TestMe!")
     cls.group = 'fineGrained{}'.format(cls.computer.suffix)
     
     #if cls.computer.os.find("HP-UX") == -1:
         #cls.computer.startPamDebug()
         #cls.computer.vastool.configureVas.debug_level('4')
         #cls.computer.libexec.confChangeNotification()
         #cls.computer.run("cat /etc/opt/quest/vas/vas.conf")
         #cls.computer.libexec.sqllite('/var/opt/quest/vas/vasd/vas_misc.vdb', "select * from misc;")
         ##if cls.version < '4.0.2.240':
             ##cls.computer.daemonRestart("vasd")
             ##cls.computer.vasd.isReady()
     
     cls.computer.vastool.passwd(cls.userName, cls.user.password, 
                                 cls.user.password, options='x')
     cls.computer.vastool.group.add(cls.group,
                                    cls.user.name)
     cls.computer.vastool.flush.default()
     cls.computer.vasd.isReady()
예제 #26
0
    def test_02(self):
        '''Pam Logging: log-session-info'''
        self.skipIfOsIs("mac", "10.6")
        if self.version > '4.1':
            self.skipTest("This test isn't in versions over 4.1")
            self.logger.info("This test isn't in versions over 4.1")
        self.computer.vastool.configureVas.log_all_auths()
        self.computer.vastool.configureVas.log_session_info(True)
        self.computer.libexec.confChangeNotification()
        checkMe = User(vasUtilities.get_user_name('tu-{}'.format(self.computer.suffix), self.upnMode), 'Test123')

        self.computer.userLoginLogout(checkMe.name, checkMe.password)
        checkThis = "'VAS user logon success for <Active Directory> user'" 
        checkThisToo = "'VAS user logoff closing last active logon session for <Active Directory> user'"
        time.sleep(2)
        if "mac" not in self.computer.os:
            self.assertTrue(self.computer.remoteShell.run('grep {} {}'.format(checkThis, pamLogging.logFile)) == 0, 
                            'Could not find log-session-info login message')
        if 'hpux' in self.computer.os:
            time.sleep(10)
        self.assertTrue(self.computer.remoteShell.run('grep {} {}'.format(checkThisToo, pamLogging.logFile)) == 0, 
                        'Could not find log-session-info logout message')
 def test_02(self):
     """check-host-access: OU, group, OU in allow"""        
     ou1 = "ou=ou1,{}".format(self.defaultDomain.dn)
     ou2 = "ou=pou,{}".format(self.defaultDomain.dn)
     group = "tg-14-{}".format(self.defaultDomain.prefix)
     userName = "******".format(self.defaultDomain.prefix)
     user = vasUtilities.get_user_name(userName, self.upnMode)
     uid = "1006" #hard code!
     
     time.sleep(3)
     
     output, result = self.computer.vastool.nss.getpwnam(user)
     self.assertTrue(result, 'Did not get a passing return code for nss getpwnam')
     output, result = self.computer.vastool.nss.getpwuid(uid)
     self.assertTrue(result, 'Did not get a passing return code for nss getpwuid')
     
     self.computer.vasUtilities.addAclEntry("allow", ou1)
     self.computer.vasUtilities.addAclEntry("allow", group)
     self.computer.vasUtilities.addAclEntry("allow", ou2)
     self.computer.libexec.vasac_helperSetLocal()
     output, result = self.computer.vastool.nss.getpwnam(user)
     self.assertTrue(result, 'Did not get a passing return code for nss getpwnam')
     output, result = self.computer.vastool.nss.getpwuid(uid)
     self.assertTrue(result, 'Did not get a passing return code for nss getpwuid')
     self.computer.vastool.flush.users()        
     if self.computer.os == "mac":
         self.computer.vastool.nss.getpwnam(user)
         self.computer.dscacheUtilFlush()
         time.sleep(5)
         self.computer.vastool.nss.getpwnam(user)
         time.sleep(10)
         self.computer.dscacheUtilFlush()
         
             
     output, result = self.computer.vastool.nss.getpwnam(user)
     self.assertIn("/bin/false", output, 'Failed to find denied shell with nss')
     time.sleep(1)
     output, result = self.computer.vastool.nss.getpwuid(uid)
     self.assertIn("/bin/false", output, 'Failed to find denied shell with nss')
예제 #28
0
 def test_18_user_login(self):
     """QAS ISO Test: User Login
     Purpose: Checks that a user can login
     Tags: iso, packages
     Requirements: QAS mount
     Component: iso
     """ 
     self.user = vasUtilities.get_user_name("tu-1-{}".format(self.defaultDomain.prefix), self.upnMode)
     self.userAuth = User(name=self.user, password=self.loginuserpasswd)
     
     tries = 0
     while tries < 5:
         output, exitCode = self.computer.vastool.user.checklogin(self.user, authUser=self.userAuth)
         if output.find("You will be unable to log in with a username") > -1:
             time.sleep(2)
             tries+=1
         else:
             break
             
     self.assertTrue(exitCode, 'Did not get a passing exit code')
         
     result = self.computer.userLoginLogout("tu-1-{}".format(self.defaultDomain.prefix), self.loginuserpasswd)
     self.assertTrue(result, 'Login should have succeeded')
예제 #29
0
 def setUpClass(cls):        
     cls.adUserName = "******".format(cls.computer.suffix)
     cls.adUser = vasUtilities.get_user_name(cls.adUserName, cls.upnMode)
     cls.localUser = "******"
             
     #create AD user
     cls.adUserB = "adMfNSS-{}".format(random.randrange(99))
     cls.computer.vastool.create.user(cls.adUserB, password="******", unixEnabled=False)
     # Map ad user to local user
     cls.logger.info("Creating mapfile...")
     assert cls.computer.remoteShell.run("printf '{}:{}@{}' > {}".format(
         cls.localUser, cls.adUserB, cls.defaultDomain.domain, cls.mapDir)) == 0, "failed to map ad user to local user"      
     
     # Configure user mapping by editing the /etc/passwd file with perl  lclmap2:!:219:1::/home/lclmap2:/usr/bin/ksh
     if not "mac" in cls.computer.os:
         cls.logger.info("Adding AD user to /etc/passwd")
         cls.logger.warning("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser, cls.adUser, cls.domain))
         assert cls.computer.remoteShell.run("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser,
                                             cls.adUser, cls.defaultDomain.domain)) == 0, "failed to add ad user to /etc/password"        
     
     cls.computer.vastool.configureVas.map_from_nss("first")
     cls.computer.vastool.configureVas.user_map_files(cls.mapDir)
     cls.computer.libexec.confChangeNotification()
     cls.computer.libexec.vas_muupd()
 def test_01_basicMatrix(self):
     '''ACMatrix: Basic Access Control Matrix'''
     self.computer.vastool.join(self.defaultDomain.domain,altUsersPath=self.computer.ou,altGroupPath=self.computer.ou, upnMode=self.upnMode)
     testcount = 0
     failedTests = []
     totaltests = 36
     passCount = 0
     failedCount = 0 
     result = True
     mUser = "******".format(self.defaultDomain.prefix)
     mUserName = vasUtilities.get_user_name(mUser, self.upnMode)
     userObject = User(name=mUserName, password='******')      
     mGroup = "tg-16tu-{}".format(self.defaultDomain.prefix)
 
     aNo_file = None
     aUser = "******".format(self.defaultDomain.prefix_upper, mUser)
     aGroup = "{}\\\{}".format(self.defaultDomain.prefix_upper, mGroup)
     aOu = "CN=Users,{}".format(self.defaultDomain.dn)
     aRealm = "@{}".format(self.defaultDomain.domain)
     aNot_in_file = "Group"
     
     testList = acMatrix.createTable(self, aUser, aGroup, aOu, aRealm, aNot_in_file, aNo_file)
     for test in testList:
         
         testcount +=1
         self.logger.info("Running test number: %s of %s" % (testcount, totaltests))
         self.logger.info("******************************************************************************")
         self.logger.info("Allow entry: '%s'   Deny Entry: '%s'    Should login be allowed: '%s'" % (test["allow"], test["deny"], test["allowed"]))
         self.logger.info("******************************************************************************")           
         self.computer.removeFile(acMatrix.allowFile)
         self.computer.removeFile(acMatrix.denyFile)
         for kind in ["allow", "deny"]:
             if test[kind] != None:
                 self.computer.vasUtilities.addAclEntry(kind, test[kind])   
         self.computer.libexec.vasac_helperSetLocal()
         
         userLogin = self.computer.userLoginLogout(userObject.name, userObject.password)
         if userLogin:
             if not test["allowed"]:
                 failedTests.append(test)
                 self.logger.info("*******************  FAILED  ****************************")
                 failedCount +=1
                 self.logger.info("\n *** Failed: %s      Passed: %s ***" % (failedCount, passCount))
             else:
                 self.logger.info("*******************  PASSED  ****************************")
                 passCount +=1
                 self.logger.info("\n *** Failed: %s      Passed: %s ***" % (failedCount, passCount))
         else:
             if test["allowed"]:
                 failedTests.append(test)
                 self.logger.info("*******************  FAILED  ****************************")
                 failedCount +=1
                 self.logger.info("\n *** Failed: %s      Passed: %s ***" % (failedCount, passCount))
             else:
                 self.logger.info("*******************  PASSED  ****************************")
                 passCount +=1
                 self.logger.info("\n *** Failed: %s      Passed: %s ***" % (failedCount, passCount))       
     
     if len(failedTests) > 0:
         result = False
         self.logger.info("The following tests failed:")
         for test in failedTests:
             self.logger.info("Allow entry: '%s'   Deny Entry: '%s'    Should login be allowed: '%s'" % (test["allow"], test["deny"], test["allowed"]))
     
     self.computer.removeFile(acMatrix.allowFile)
     self.computer.removeFile(acMatrix.denyFile)
     self.assertTrue(result, 'Not all tests passed')