def test_03_vastoolListUserintoCache(self):
"""Workstation Mode: List user into cache
Purpose: List a user into cache
Tags: vastool, list users, workstation
Requirements: QAS installed and joined
Component: vastool
Steps:
1. Install current release of QAS; QAS should install without errors
* /mnt/vas/dev-builds/QAS-4.0.3.130/install.sh -q vasclnt vasgp vasyp vasproxy; Should install QAS and components without errors
2. Join using the -w option: vasstool -u Administrator -w test123 join -f -w a.sb; Should join in workstation mode without errors
3. List user: vastool list user tu-1-a; Should have listed the user into the cache in workstation mode.
"""
self.assertTrue(
self.computer.vastool.list.user(
vasUtilities.get_user_name("tu-1-{}".format(self.defaultDomain.prefix), self.upnMode)
)[1],
"Should have listed user into cache",
)
self.assertTrue(
self.computer.vastool.list.user(
vasUtilities.get_user_name("tu-1-{}".format(self.defaultDomain.prefix), self.upnMode), "c"
)[1],
"Failed to list users",
)
def setUpClass(cls):
# Override Fields
cls.userOverRideFile = "/etc/opt/quest/vas/user-override"
cls.groupOverRideFile = "/etc/opt/quest/vas/group-override"
#vasUtilities.start_ds_plugin_debug(cls.computer)
#vasUtilities.start_debug(cls.computer, 4, True, True)
cls.testUser1 = vasUtilities.get_user_name("Ouser-{}1".format(cls.computer.suffix), cls.upnMode)
cls.testUser2 = vasUtilities.get_user_name("Ouser-{}2".format(cls.computer.suffix), cls.upnMode)
cls.testUser3 = vasUtilities.get_user_name("Ouser-{}3".format(cls.computer.suffix), cls.upnMode)
cls.testUser4 = vasUtilities.get_user_name("Ouser-{}4".format(cls.computer.suffix), cls.upnMode)
cls.testUser5 = vasUtilities.get_user_name("Ouser-{}5".format(cls.computer.suffix), cls.upnMode)
cls.testGroup1 = "og-{}1".format(cls.computer.suffix)
cls.testGroup2 = "og-{}2".format(cls.computer.suffix)
cls.testGroup3 = "og-{}3".format(cls.computer.suffix)
cls.testGroup4 = "og-{}4".format(cls.computer.suffix)
cls.overrideUserObject = User(name="spango", password='******')
cls.computer.clearFile(cls.userOverRideFile)
cls.computer.clearFile(cls.groupOverRideFile)
cls.computer.vasUtilities.addUserOverride(cls.testUser1, "spango", "311113", "1066", "spancos", "/home/spango", "/bin/sh", upnMode=cls.upnMode)
cls.computer.vasUtilities.addUserOverride(cls.testUser2, shell="/bin/ksh", upnMode=cls.upnMode)
cls.computer.vasUtilities.addUserOverride(cls.testUser3, homedir="/home/skywalker", upnMode=cls.upnMode)
cls.computer.vasUtilities.addUserOverride(cls.testUser4, gecos="Luke", upnMode=cls.upnMode)
cls.computer.vasUtilities.addUserOverride(cls.testUser5, uid="1224", gid="2002", upnMode=cls.upnMode)
cls.computer.vasUtilities.addGroupOverride(cls.testGroup1, name="SpangoGroup", gid="5150", members="joeDirt")
cls.computer.vasUtilities.addGroupOverride(cls.testGroup2, gid="3113")
cls.computer.vasUtilities.addGroupOverride(cls.testGroup3, members="darthVader")
cls.computer.vasUtilities.addGroupOverride(cls.testGroup4, name="singleGroup")
cls.computer.libexec.vas_ovrdupd("-d -g5")
def setUpClass(cls):
cls.allowFile = "/etc/opt/quest/vas/users.allow"
cls.denyFile = "/etc/opt/quest/vas/users.deny"
cls.openSession = False
cls.acGroup = "tg-32tu-{}".format(cls.defaultDomain.prefix)
#logonUser = "******"
#logonUserObject = User(name=logonUser, password='******')
cls.badHostName = "BogusHost"
cls.winDenyUser = "******".format(cls.defaultDomain.prefix)
cls.winDenyUserName = vasUtilities.get_user_name(cls.winDenyUser, cls.upnMode)
cls.winDenyUserObject = User(name=cls.winDenyUserName, password='******')
cls.winAllowUser = "******".format(cls.defaultDomain.prefix)
cls.winAllowUserName = vasUtilities.get_user_name(cls.winAllowUser, cls.upnMode)
cls.winAllowUserObject = User(name=cls.winAllowUserName, password='******')
cls.dc = ldapModifier(cls.defaultDomain.domain, cls.domainAdmin)
cls.Hname = cls.computer.hostname.split(".")[0]
cls.newHostname = "{}-{}".format(cls.computer.hostname,random.randrange(99))
cls.computer.vastool.configureVas.use_log_on_to(True)
cls.computer.vastool.join(cls.domain,altUsersPath=cls.computer.ou,altGroupPath=cls.computer.ou,computer=cls.newHostname, upnMode=cls.upnMode)
(output, returnCode, cls.logonUser, uid) = cls.computer.vastool.create.randomUser()
cls.logonUserObject = User(name=cls.logonUser, password='******')
def setUpClass(cls):
cls.openSession = False
cls.groupName = "disGrp-{}".format(random.randrange(1000))
cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix)
cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix)
cls.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode)
cls.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode)
#cls.computer.startPamDebug()
#cls.computer.vastool.configureVas.debug_level('4')
output, result = cls.computer.vastool.setattrs(cls.testUser2Name,
"servicePrincipalName", "{}/{}".format(cls.testUser2Name, cls.defaultDomain.domain))
assert result, "Failed to set attributes"
cls.computer.vastool.configureVas.perm_disconnected_users("{}\\\\{}".format(cls.defaultDomain.prefix_upper, cls.testUser2Name))
cls.computer.libexec.confChangeNotification()
if cls.version < '4.0.2.240':
cls.computer.daemonRestart("vasd")
cls.computer.vasd.isReady()
cls.computer.libexec.vasdis_helper()
cls.computer.vastool.flush.auth()
testUser = User(name=cls.testUser1, password="******")
result = login_with_new_user(cls.computer, testUser.name, testUser.password)
assert result, 'Failed to login with new user'
if result:
result.closeConnection()
# get domain information
cls.forests = cls.computer.getForestDomains()
cls.domains = cls.computer.getServersFromForestDomains(cls.forests)
# Disconnect host from domains
result, cls.reconnectCmd = cls.computer.disconnectHosts(cls.domains)
disconnected.disconnected = True
def setUpClass(cls):
cls.user = "******".format(cls.defaultDomain.prefix)
cls.userName = vasUtilities.get_user_name(cls.user, cls.upnMode)
cls.otherUser = "******".format(cls.defaultDomain.prefix)
cls.otherUserName = vasUtilities.get_user_name(cls.otherUser, cls.upnMode)
password = "******"
cls.computer.vastool.configureVas.renew_lifetime("6000")
cls.computer.vastool.configureVas.ticket_lifetime("300")
cls.computer.libexec.confChangeNotification()
autoTicketRenew.ticketShell = False
cls.userObject = User(name=cls.userName, password=password)
cls.otherUserObject = User(name=cls.otherUserName, password=password)
def setUpClass(cls):
vasypBuild.resume = True
cls.domainName = cls.defaultDomain.domain
cls.nisOU = "ou=nis,{}".format(cls.defaultDomain.dn)
cls.userName = "******".format(cls.computer.suffix)
cls.user = vasUtilities.get_user_name(cls.userName, cls.upnMode)
cls.group = "tg-{}".format(cls.computer.suffix)
cls.newmap = "new{}{}".format(cls.computer.suffix, random.randrange(99))
if 'mac' not in cls.computer.os:
cls.computer.run("date", False, False)
if 'HP-UX' in cls.computer.os:
nameserverFile = "/etc/rc.config.d/namesvrs"
cls.computer.run("perl -pi -e 's/NIS_DOMAIN=.*/NIS_DOMAIN={}/' {}".format(cls.domainName, nameserverFile))
cls.computer.configureNisClient(cls.domainName)
cls.computer.vastool.configure.vas("vasypd", "search-base", "{}".format(cls.nisOU))
cls.computer.remoteShell.run('/bin/domainname {}'.format(cls.domainName))
cls.computer.run('/opt/quest/sbin/vasypd -x')
cls.computer.vasypd.start()
output, result = cls.computer.psg('yp')
output, result = cls.computer.psg('vasypd')
assert result==0, 'vasypd is not running'
cls.computer.ypbind('start')
cls.computer.vastool.flush()
if 'aix' in cls.computer.os:
cls.computer.run("ypset localhost")
def setUpClass(cls):
cls.denyFile = "/etc/opt/quest/vas/users.deny"
cls.allowFile = "/etc/opt/quest/vas/users.allow"
cls.group = "tg-{}".format(cls.computer.suffix)
cls.user = "******".format(cls.computer.suffix)
cls.allowUser = "******".format(cls.defaultDomain.prefix)
cls.denyUser = "******".format(cls.defaultDomain.prefix)
cls.computer.vasUtilities.addDenyRule(cls.denyUser)
cls.computer.vasUtilities.addAllowRule(cls.allowUser)
cls.computer.libexec.vasac_helperSetLocal()
cls.changeUser = cls.computer.vastool.create.randomUser()[2]
cls.changedName = "new{}".format(cls.changeUser)
cls.adUser_Name = "adse{}".format(cls.computer.suffix)
cls.adUserName = vasUtilities.get_user_name(cls.adUser_Name, cls.upnMode)
cls.adgroup = cls.computer.vastool.create.group(
"adg{}{}".format(cls.computer.suffix, random.randrange(99)), unixEnabled=False
)
gid = cls.computer.vasUtilities.generateUniqueGID()
cls.changeGroup = cls.computer.vastool.create.group(
"cgrp{}{}".format(cls.computer.suffix, random.randrange(99)), gid=gid
)
cls.changedGName = "new{}".format(cls.changeGroup)
cls.cduser = "******".format(cls.crossdomain.prefix)
cls.cdgroup = "tg-1-{}".format(cls.crossdomain.prefix)
cls.cfuser = "******".format(cls.crossdomain.prefix_upper, cls.crossdomain.prefix)
cls.cfgroup = "{}\\tg-1-{}".format(cls.crossdomain.prefix_upper, cls.crossdomain.prefix)
cls.ladUser = "******".format(cls.computer.suffix, random.randrange(99))
cls.computer.vastool.create.user(cls.ladUser, password="******", unixEnabled=False)
cls.ladGroup = "ladg{}{}".format(cls.computer.suffix, random.randrange(99))
cls.computer.vastool.create.group(cls.ladGroup, unixEnabled=False)
def test_55_CrossDomainuserLogin(self):
'''vastool: Cross Domain Login'''
crossUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossdomain.prefix), self.upnMode), password="******")
result = login_with_new_user(self.computer, crossUser.name, crossUser.password)
self.assertTrue(result.is_connected, 'Failed to login with cross domain user')
if result.is_connected:
result.closeConnection()
def test_56_crossForestListUser(self):
'''vastool: list cross forest user'''
#self.computer.libexec.confChangeNotification() #This shouldn't be here, but might be what's causing bug 27888
if self.version < '4.0.2.240':
self.assertTrue(self.computer.daemonRestart("vasd"), 'Failed to restart vasd')
self.assertTrue(self.computer.vasd.isReady(), 'Failed to verify vasd is running')
output, result = self.computer.vastool.list.user(vasUtilities.get_user_name("tu-5-{}".format(self.crossforest.prefix), self.upnMode))
self.assertIsNotNone(output, 'Failed to list user from cross forest')
self.assertTrue(result, 'Failed to list user')
def setUpClass(cls):
cls.authuser = User("{}@{}".format(cls.winUser, cls.schemalessDomain.domain_upper), cls.winPasswd)
# Users and Groups information
cls.testUser = vasUtilities.get_user_name("ssu", cls.upnMode)
cls.groupName = "ssg"
cls.userLogin = None
cls.userCreated = False
cls.groupCreated = False
def setUpClass(cls):
pamPrompts.pwlCheck = False
pamPrompts.pwCheck = False
pamPrompts.loCheck = False
cls.pwPrompt = "ENTER PASSWORD FOR {}: "
cls.pwUserName = "******".format(cls.defaultDomain.prefix)
cls.pwUser = vasUtilities.get_user_name(cls.pwUserName, cls.upnMode)
cls.pwPass = "******"
cls.pwLclPrompt = "ENTER PASSWORD FOR LOCAL {}: "
cls.pwLclUser = "******"
cls.pwLclPass = "******"
cls.pwDisPrompt = "CALL HELPDESK FOR {} "
cls.pwDisUserName = "******".format(cls.defaultDomain.prefix)
cls.pwDisUser = vasUtilities.get_user_name(cls.pwDisUserName, cls.upnMode)
cls.pwDisPass = "******"
cls.loUserName = "******" #This user is on b.sb. Hopefully he doesn't get deleted.
cls.loUser = vasUtilities.get_user_name(cls.loUserName, cls.upnMode)
cls.lockPrompt = "Locked out, Yo."
cls.computer.vastool.list.user(cls.loUser, "f")
def setUpClass(cls):
cls.sysUser = "******".format(cls.computer.suffix)
vastool.gid = cls.computer.vasUtilities.generateUniqueGID()
cls.computer.vastool.configureVas.cross_forest_domains(cls.crossforest.domain)
#vasUtilities.start_ds_plugin_debug(cls.computer)
#vasUtilities.start_debug(cls.computer, 4, True)
vastool.groupName = "stg{}".format(random.randrange(99999))
vastool.loadUser = vasUtilities.get_user_name("slu{}".format(random.randrange(99999)), cls.upnMode)
vastool.loadGroup = "slg{}".format(random.randrange(99999))
vastool.localUser = "******".format(random.randrange(9999))
def test_03_DenyUsersAreDeniedAccess(self):
"""VGP: Check denied users are denied access"""
denyUser = User(
vasUtilities.get_user_name("deny{}".format(self.computer.suffix.upper()), self.upnMode),
"Test1234",
"/home/deny{}".format(self.computer.suffix.upper()),
)
userLoginDenied = login_with_new_user(self.computer, denyUser.name, denyUser.password)
self.assertFalse(userLoginDenied.is_connected, "User should not have logged in. Should have been denied")
if userLoginDenied:
userLoginDenied.closeConnection()
def setUpClass(cls):
legacyAuth.testUser = vasUtilities.get_user_name("tu-{}".format(cls.computer.suffix), cls.upnMode)
cls.computer.vastool.configureVas.cache_unix_password("true")
cls.computer.vastool.configureVas.unix_password_attr_name("userPrincipalName")
cls.computer.vastool.configureVas.provide_password_hash("true")
cls.computer.libexec.confChangeNotification()
if cls.version < '4.0.2.240':
cls.computer.daemonRestart("vasd")
cls.computer.vasd.isReady()
cls.computer.vastool.flush.default()
legacyAuth.configured = True
def test_20(self):
'''vasyp: ypmatch cross-domain user'''
self.skipIfOsIs('mac')
if vasypBuild.resume:
cduserName = "******".format(self.crossdomain.prefix)
cduser = vasUtilities.get_user_name(cduserName, self.upnMode)
self.computer.vastool.list.user(cduser)
output, result = self.computer.ypmatch("passwd", cduser)
self.assertTrue(result, "ypmatch passwd did not find {}".format(cduser))
self.assertGreater(output.find(cduser), -1, 'user was not displayed from ypmatch')
else:
self.assertTrue(vasypBuild.resume, 'Previous tests failed so we are skipping')
def test_57_CrossForestuserLogin(self):
'''vastool: Cross forest Login'''
crossForestUser = User(name=vasUtilities.get_user_name("tu-5-{}".format(self.crossforest.prefix), self.upnMode), password="******")
result = login_with_new_user(self.computer, crossForestUser.name, crossForestUser.password)
self.assertTrue(result.is_connected, 'Failed to login with cross domain user')
if result.is_connected:
result.closeConnection()
self.computer.vastool.configureVas.cross_forest_domains()
self.computer.libexec.confChangeNotification()
if self.version < '4.0.2.240':
self.assertTrue(self.computer.daemonRestart("vasd"), 'Failed to restart vasd')
self.assertTrue(self.computer.vasd.isReady(), 'Failed to verify vasd is running')
def test_01(self):
'''Pam Logging: log-all-auths'''
self.computer.vastool.configureVas.log_all_auths(True)
self.computer.libexec.confChangeNotification()
checkMe = User(vasUtilities.get_user_name('tu-{}'.format(self.computer.suffix), self.upnMode), 'Test123')
self.computer.userLoginLogout(checkMe.name, checkMe.password)
#if self.version > '4.1':
# checkThis = "'login: <succeeded> type: <Active Directory> user:'******'Authentication <succeeded> for <Active Directory> user'"
self.assertTrue(self.computer.remoteShell.run('grep {} {}'.format(checkThis, pamLogging.logFile)) == 0,
'Could not find log-all-auths logging')
def setUpClass(cls):
allowDisconnectedAuth.openSession = False
allowDisconnectedAuth.groupName = "disGrp-{}".format(random.randrange(1000))
cls.testUser1Name = "DUser-{}1".format(cls.computer.suffix)
cls.testUser2Name = "DUser-{}2".format(cls.computer.suffix)
allowDisconnectedAuth.testUser1 = vasUtilities.get_user_name(cls.testUser1Name, cls.upnMode)
allowDisconnectedAuth.testUser2 = vasUtilities.get_user_name(cls.testUser2Name, cls.upnMode)
cls.computer.vastool.flush.auth()
result = login_with_new_user(cls.computer, allowDisconnectedAuth.testUser1, "Test123")
assert result, 'Failed to login with new user'
if result:
result.closeConnection()
# get domain information
allowDisconnectedAuth.forests = cls.computer.getForestDomains()
allowDisconnectedAuth.domains = cls.computer.getServersFromForestDomains(allowDisconnectedAuth.forests)
# Disconnect host from domains
result, allowDisconnectedAuth.reconnectCmd = cls.computer.disconnectHosts(allowDisconnectedAuth.domains)
allowDisconnectedAuth.disconnected = True
def test_23(self):
'''vasyp: ypmatch lowercase user'''
self.skipIfOsIs('mac')
if vasypBuild.resume:
self.computer.vastool.configureVas.lowercase_names("true")
self.computer.vastool.flush()
lowuserName = "******".format(self.defaultDomain.prefix)
lowuser = vasUtilities.get_user_name(lowuserName, self.upnMode)
self.computer.vastool.list.user(lowuser)
output, result = self.computer.ypmatch("passwd", lowuser)
self.assertTrue(result, "ypmatch passwd did not find {}".format(lowuser))
self.assertGreater(output.find(lowuser.lower()), -1, 'user was not displayed in lowercase')
else:
self.assertTrue(vasypBuild.resume, 'Previous tests failed so we are skipping')
def test_00_gssapiHostPrep(self):
'''GSSAPI: Host Prep'''
if self.computer.os.find('mac') > -1:
self.skipTest("No support for mac")
self.logger.info('No support for mac')
testUser = User(name=vasUtilities.get_user_name("gss-{}".format(self.computer.suffix), self.upnMode), password="******")
gssapi.userLogin = login_with_new_user(self.computer, testUser.name, testUser.password)
self.assertTrue(gssapi.userLogin.is_connected, 'Failed to login with gss user')
gssapi.host, rc = gssapi.userLogin.run("/opt/quest/bin/vastool ktutil list|awk '/host\// {print $3}'|head -1", True)
gssapi.host = gssapi.host.splitlines()
gssapi.host = gssapi.host.pop()
self.computer.run("/opt/quest/bin/vastool -u 'host/' kinit")
def setUpClass(cls):
bDisconnected.openSession = False
cls.testUser1name = "DUser-{}1".format(cls.computer.suffix)
cls.testUser2name = "DUser-{}2".format(cls.computer.suffix)
bDisconnected.testUser1 = vasUtilities.get_user_name(cls.testUser1name, cls.upnMode)
bDisconnected.testUser2 = vasUtilities.get_user_name(cls.testUser2name, cls.upnMode)
cls.pdUsername = "******".format(cls.computer.suffix)
bDisconnected.pdUser = vasUtilities.get_user_name(cls.pdUsername, cls.upnMode)
bDisconnected.pdGroup = "A\\\\tg-{}".format(cls.computer.suffix)
cls.computer.vastool.flush.auth()
testUser = User(name=bDisconnected.testUser1, password="******")
cls.computer.userLoginLogout(testUser.name, testUser.password)
cls.prompt = "Disconnected Prompt:"
cls.pdprompt = "Permanent Disconnected Password:"******"3")
cls.computer.libexec.confChangeNotification()
def setUpClass(cls):
#setup user localse{suffix} adse{suffix}
cls.adUser_Name = "adse{}".format(cls.computer.suffix)
cls.adUserName = vasUtilities.get_user_name(cls.adUser_Name, cls.upnMode)
cls.localUser = User("localse{}".format(cls.computer.suffix), "Test311")
cls.adUser = User("{}/{}".format(cls.domain, cls.adUser_Name), "Test1234")
cls.computer.run("cat /dev/null > /etc/opt/quest/vas/automatic_mappings")
#cls.computer.run("/opt/quest/libexec/pam/config_pam MODIFY -m pam_vas3 -c auth -s sshd -o debug")
cls.computer.vastool.configureVas.enable_self_enrollment("true")
#vasUtilities.start_debug(cls.computer, 4, True, True)
cls.computer.libexec.confChangeNotification()
if cls.version < '4.0.2.240':
cls.computer.daemonRestart("vasd")
cls.computer.vasd.isReady()
def setUpClass(cls):
cls.mapDir = "/tmp/mapMe"
cls.adUser1Name = "MUser-{}1".format(cls.computer.suffix)
cls.adUser2Name = "MUser-{}2".format(cls.computer.suffix)
cls.adUser1 = vasUtilities.get_user_name(cls.adUser1Name, cls.upnMode)
cls.adUser2 = vasUtilities.get_user_name(cls.adUser2Name, cls.upnMode)
cls.localUser1 = "lclmap1"
cls.localUser2 = "lclmap2"
# Create user map directory
cls.computer.run("touch {}".format(cls.mapDir))
# Map ad user to local user
cls.logger.info("Creating mapfile...")
cls.computer.run("printf '{}:{}pn@{}' > {}".format(cls.localUser1, cls.adUser1Name, cls.defaultDomain.domain, cls.mapDir))
# Configure user mapping by editing the /etc/passwd file with perl lclmap2:!:219:1::/home/lclmap2:/usr/bin/ksh
if not 'mac' in cls.computer.os:
cls.logger.info("Adding AD user to /etc/passwd")
cls.logger.warning("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser2,
cls.adUser2, cls.defaultDomain.domain))
cls.computer.run("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser2,
cls.adUser2, cls.defaultDomain.domain))
def setUpClass(cls):
cls.denyFile = "/etc/opt/quest/vas/users.deny"
cls.allowFile = "/etc/opt/quest/vas/users.allow"
cls.user = "******".format(cls.defaultDomain.prefix)
cls.userName = vasUtilities.get_user_name(cls.user, cls.upnMode)
cls.uid = "1004" #will probably have to fix this...
cls.computer.vasUtilities.addDenyRule(cls.user)
cls.computer.libexec.vasac_helperSetLocal()
cls.computer.vastool.configureVas.check_host_access(True)
cls.computer.libexec.confChangeNotification()
#cls.computer.daemonRestart("vasd")
#cls.computer.vasd.isReady()
cls.computer.vastool.list.user(cls.userName,"f") #trying this for a while
if cls.computer.os == "mac":
cls.computer.dscacheUtilFlush()
if cls.computer.os == "solaris":
cls.computer.run("""/etc/init.d/nscd stop""")
cls.computer.run("""/etc/init.d/nscd start""")
if cls.computer.os == "solaris" or "hpux":
time.sleep(10)
def setUpClass(cls):
# TODO: Functionalize fine grained password policy setup
cls.userName = '******'.format(cls.computer.suffix)
cls.user = User(vasUtilities.get_user_name(cls.userName, cls.upnMode), "TestMe!")
cls.group = 'fineGrained{}'.format(cls.computer.suffix)
#if cls.computer.os.find("HP-UX") == -1:
#cls.computer.startPamDebug()
#cls.computer.vastool.configureVas.debug_level('4')
#cls.computer.libexec.confChangeNotification()
#cls.computer.run("cat /etc/opt/quest/vas/vas.conf")
#cls.computer.libexec.sqllite('/var/opt/quest/vas/vasd/vas_misc.vdb', "select * from misc;")
##if cls.version < '4.0.2.240':
##cls.computer.daemonRestart("vasd")
##cls.computer.vasd.isReady()
cls.computer.vastool.passwd(cls.userName, cls.user.password,
cls.user.password, options='x')
cls.computer.vastool.group.add(cls.group,
cls.user.name)
cls.computer.vastool.flush.default()
cls.computer.vasd.isReady()
def test_02(self):
'''Pam Logging: log-session-info'''
self.skipIfOsIs("mac", "10.6")
if self.version > '4.1':
self.skipTest("This test isn't in versions over 4.1")
self.logger.info("This test isn't in versions over 4.1")
self.computer.vastool.configureVas.log_all_auths()
self.computer.vastool.configureVas.log_session_info(True)
self.computer.libexec.confChangeNotification()
checkMe = User(vasUtilities.get_user_name('tu-{}'.format(self.computer.suffix), self.upnMode), 'Test123')
self.computer.userLoginLogout(checkMe.name, checkMe.password)
checkThis = "'VAS user logon success for <Active Directory> user'"
checkThisToo = "'VAS user logoff closing last active logon session for <Active Directory> user'"
time.sleep(2)
if "mac" not in self.computer.os:
self.assertTrue(self.computer.remoteShell.run('grep {} {}'.format(checkThis, pamLogging.logFile)) == 0,
'Could not find log-session-info login message')
if 'hpux' in self.computer.os:
time.sleep(10)
self.assertTrue(self.computer.remoteShell.run('grep {} {}'.format(checkThisToo, pamLogging.logFile)) == 0,
'Could not find log-session-info logout message')
def test_02(self):
"""check-host-access: OU, group, OU in allow"""
ou1 = "ou=ou1,{}".format(self.defaultDomain.dn)
ou2 = "ou=pou,{}".format(self.defaultDomain.dn)
group = "tg-14-{}".format(self.defaultDomain.prefix)
userName = "******".format(self.defaultDomain.prefix)
user = vasUtilities.get_user_name(userName, self.upnMode)
uid = "1006" #hard code!
time.sleep(3)
output, result = self.computer.vastool.nss.getpwnam(user)
self.assertTrue(result, 'Did not get a passing return code for nss getpwnam')
output, result = self.computer.vastool.nss.getpwuid(uid)
self.assertTrue(result, 'Did not get a passing return code for nss getpwuid')
self.computer.vasUtilities.addAclEntry("allow", ou1)
self.computer.vasUtilities.addAclEntry("allow", group)
self.computer.vasUtilities.addAclEntry("allow", ou2)
self.computer.libexec.vasac_helperSetLocal()
output, result = self.computer.vastool.nss.getpwnam(user)
self.assertTrue(result, 'Did not get a passing return code for nss getpwnam')
output, result = self.computer.vastool.nss.getpwuid(uid)
self.assertTrue(result, 'Did not get a passing return code for nss getpwuid')
self.computer.vastool.flush.users()
if self.computer.os == "mac":
self.computer.vastool.nss.getpwnam(user)
self.computer.dscacheUtilFlush()
time.sleep(5)
self.computer.vastool.nss.getpwnam(user)
time.sleep(10)
self.computer.dscacheUtilFlush()
output, result = self.computer.vastool.nss.getpwnam(user)
self.assertIn("/bin/false", output, 'Failed to find denied shell with nss')
time.sleep(1)
output, result = self.computer.vastool.nss.getpwuid(uid)
self.assertIn("/bin/false", output, 'Failed to find denied shell with nss')
def test_18_user_login(self):
"""QAS ISO Test: User Login
Purpose: Checks that a user can login
Tags: iso, packages
Requirements: QAS mount
Component: iso
"""
self.user = vasUtilities.get_user_name("tu-1-{}".format(self.defaultDomain.prefix), self.upnMode)
self.userAuth = User(name=self.user, password=self.loginuserpasswd)
tries = 0
while tries < 5:
output, exitCode = self.computer.vastool.user.checklogin(self.user, authUser=self.userAuth)
if output.find("You will be unable to log in with a username") > -1:
time.sleep(2)
tries+=1
else:
break
self.assertTrue(exitCode, 'Did not get a passing exit code')
result = self.computer.userLoginLogout("tu-1-{}".format(self.defaultDomain.prefix), self.loginuserpasswd)
self.assertTrue(result, 'Login should have succeeded')
def setUpClass(cls):
cls.adUserName = "******".format(cls.computer.suffix)
cls.adUser = vasUtilities.get_user_name(cls.adUserName, cls.upnMode)
cls.localUser = "******"
#create AD user
cls.adUserB = "adMfNSS-{}".format(random.randrange(99))
cls.computer.vastool.create.user(cls.adUserB, password="******", unixEnabled=False)
# Map ad user to local user
cls.logger.info("Creating mapfile...")
assert cls.computer.remoteShell.run("printf '{}:{}@{}' > {}".format(
cls.localUser, cls.adUserB, cls.defaultDomain.domain, cls.mapDir)) == 0, "failed to map ad user to local user"
# Configure user mapping by editing the /etc/passwd file with perl lclmap2:!:219:1::/home/lclmap2:/usr/bin/ksh
if not "mac" in cls.computer.os:
cls.logger.info("Adding AD user to /etc/passwd")
cls.logger.warning("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser, cls.adUser, cls.domain))
assert cls.computer.remoteShell.run("perl -pi -e 's/^({}):[^:]*:(.*)$/\\1:{}\@{}:\\2/' /etc/passwd".format(cls.localUser,
cls.adUser, cls.defaultDomain.domain)) == 0, "failed to add ad user to /etc/password"
cls.computer.vastool.configureVas.map_from_nss("first")
cls.computer.vastool.configureVas.user_map_files(cls.mapDir)
cls.computer.libexec.confChangeNotification()
cls.computer.libexec.vas_muupd()
def test_01_basicMatrix(self):
'''ACMatrix: Basic Access Control Matrix'''
self.computer.vastool.join(self.defaultDomain.domain,altUsersPath=self.computer.ou,altGroupPath=self.computer.ou, upnMode=self.upnMode)
testcount = 0
failedTests = []
totaltests = 36
passCount = 0
failedCount = 0
result = True
mUser = "******".format(self.defaultDomain.prefix)
mUserName = vasUtilities.get_user_name(mUser, self.upnMode)
userObject = User(name=mUserName, password='******')
mGroup = "tg-16tu-{}".format(self.defaultDomain.prefix)
aNo_file = None
aUser = "******".format(self.defaultDomain.prefix_upper, mUser)
aGroup = "{}\\\{}".format(self.defaultDomain.prefix_upper, mGroup)
aOu = "CN=Users,{}".format(self.defaultDomain.dn)
aRealm = "@{}".format(self.defaultDomain.domain)
aNot_in_file = "Group"
testList = acMatrix.createTable(self, aUser, aGroup, aOu, aRealm, aNot_in_file, aNo_file)
for test in testList:
testcount +=1
self.logger.info("Running test number: %s of %s" % (testcount, totaltests))
self.logger.info("******************************************************************************")
self.logger.info("Allow entry: '%s' Deny Entry: '%s' Should login be allowed: '%s'" % (test["allow"], test["deny"], test["allowed"]))
self.logger.info("******************************************************************************")
self.computer.removeFile(acMatrix.allowFile)
self.computer.removeFile(acMatrix.denyFile)
for kind in ["allow", "deny"]:
if test[kind] != None:
self.computer.vasUtilities.addAclEntry(kind, test[kind])
self.computer.libexec.vasac_helperSetLocal()
userLogin = self.computer.userLoginLogout(userObject.name, userObject.password)
if userLogin:
if not test["allowed"]:
failedTests.append(test)
self.logger.info("******************* FAILED ****************************")
failedCount +=1
self.logger.info("\n *** Failed: %s Passed: %s ***" % (failedCount, passCount))
else:
self.logger.info("******************* PASSED ****************************")
passCount +=1
self.logger.info("\n *** Failed: %s Passed: %s ***" % (failedCount, passCount))
else:
if test["allowed"]:
failedTests.append(test)
self.logger.info("******************* FAILED ****************************")
failedCount +=1
self.logger.info("\n *** Failed: %s Passed: %s ***" % (failedCount, passCount))
else:
self.logger.info("******************* PASSED ****************************")
passCount +=1
self.logger.info("\n *** Failed: %s Passed: %s ***" % (failedCount, passCount))
if len(failedTests) > 0:
result = False
self.logger.info("The following tests failed:")
for test in failedTests:
self.logger.info("Allow entry: '%s' Deny Entry: '%s' Should login be allowed: '%s'" % (test["allow"], test["deny"], test["allowed"]))
self.computer.removeFile(acMatrix.allowFile)
self.computer.removeFile(acMatrix.denyFile)
self.assertTrue(result, 'Not all tests passed')
