def test_sc_auth(simple_pam_cert_auth, pam_wrapper_setup, passwd_ops_setup): passwd_ops_setup.useradd(**USER1) current_env = os.environ.copy() current_env['PAM_WRAPPER'] = "1" current_env['SSSD_INTG_PEER_UID'] = "0" current_env['SSSD_INTG_PEER_GID'] = "0" current_env['LD_PRELOAD'] += ':' + os.environ['PAM_WRAPPER_PATH'] sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", "--action=auth", "--service=pam_sss_service"], universal_newlines=True, env=current_env, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) try: out, err = sssctl.communicate(input="123456") except: sssctl.kill() out, err = sssctl.communicate() sssctl.stdin.close() sssctl.stdout.close() if sssctl.wait() != 0: raise Exception("sssctl failed") assert err.find("pam_authenticate for user [user1]: Success") != -1
def simple_pam_cert_auth_name_format(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True and full_name_format""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] conf = format_pam_cert_auth_conf_name_format(config) create_conf_fixture(request, conf) create_sssd_fixture(request) passwd_ops_setup.useradd(**USER1) passwd_ops_setup.useradd(**USER2) return None
def setup_for_kcm_renewals_secdb(passwd_ops_setup, request, kdc_instance): """ Set up the KCM renewals backed by libsss_secrets """ kcm_path = os.path.join(config.RUNSTATEDIR, "kcm.socket") sssd_conf = create_sssd_conf_renewals(kcm_path, "secdb", "10d", "60s", "10s") passwd_ops_setup.useradd(**USER1) return common_setup_for_kcm_mem(request, kdc_instance, kcm_path, sssd_conf)
def simple_pam_cert_auth(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] conf = format_pam_cert_auth_conf(config) create_conf_fixture(request, conf) create_sssd_fixture(request) create_nssdb_fixture(request) passwd_ops_setup.useradd(**USER1) passwd_ops_setup.useradd(**USER2) return None
def setup_krb5_domains(request, kdc_instance, passwd_ops_setup): """ Setup SSSD for Kerberos authentication with 2 users with different passwords and multiple domains configured in sssd.conf """ conf = format_pam_krb5_auth_domains(config, kdc_instance) create_conf_fixture(request, conf) create_sssd_fixture(request) passwd_ops_setup.useradd(**USER1) passwd_ops_setup.useradd(**USER2) kdc_instance.add_principal("user1", "Secret123User1") kdc_instance.add_principal("user2", "Secret123User2") return None
def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] old_softhsm2_conf = os.environ['SOFTHSM2_CONF'] del os.environ['SOFTHSM2_CONF'] conf = format_pam_cert_auth_conf(config) create_conf_fixture(request, conf) create_sssd_fixture(request) os.environ['SOFTHSM2_CONF'] = old_softhsm2_conf passwd_ops_setup.useradd(**USER1) passwd_ops_setup.useradd(**USER2) return None
def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] old_softhsm2_conf = os.environ['SOFTHSM2_CONF'] del os.environ['SOFTHSM2_CONF'] conf = format_pam_cert_auth_conf(config) create_conf_fixture(request, conf) create_sssd_fixture(request) create_nssdb_no_cert_fixture(request) os.environ['SOFTHSM2_CONF'] = old_softhsm2_conf passwd_ops_setup.useradd(**USER1) passwd_ops_setup.useradd(**USER2) return None
def setup_for_kcm_renewals_secdb(passwd_ops_setup, request, kdc_instance): """ Set up the KCM renewals backed by libsss_secrets """ kcm_path = os.path.join(config.RUNSTATEDIR, "kcm.socket") sssd_conf = create_sssd_conf_renewals(kcm_path, "secdb", "10d", "60s", "10s") testenv = common_setup_for_kcm_mem(request, kdc_instance, kcm_path, sssd_conf) user = dict(name='user1', passwd='x', uid=testenv.my_uid(), gid=testenv.my_uid(), gecos='User for tests', dir='/home/user1', shell='/bin/bash') passwd_ops_setup.useradd(**user) return testenv