def test_ssh_key_connection(self, tmpdir): """ Integration test for https://pagure.io/SSSD/sssd/issue/3747 """ test_user = '******' external_master_hostname = \ self.master.external_hostname # pylint: disable=no-member pub_keys = [] for i in range(40): ssh_key_pair = tasks.generate_ssh_keypair() pub_keys.append(ssh_key_pair[1]) with open(os.path.join(tmpdir, 'ssh_priv_{}'.format(i)), 'w') as fp: fp.write(ssh_key_pair[0]) tasks.kinit_admin(self.master) self.master.run_command( ['ipa', 'user-add', test_user, '--first=tester', '--last=tester']) keys_opts = ' '.join(['--ssh "{}"'.format(k) for k in pub_keys]) cmd = 'ipa user-mod {} {}'.format(test_user, keys_opts) self.master.run_command(cmd) # connect with first SSH key first_priv_key_path = os.path.join(tmpdir, 'ssh_priv_1') # change private key permission to comply with SS rules os.chmod(first_priv_key_path, 0o600) sshcon = paramiko.SSHClient() sshcon.set_missing_host_key_policy(paramiko.AutoAddPolicy()) # first connection attempt is a workaround for # https://pagure.io/SSSD/sssd/issue/3669 try: sshcon.connect(external_master_hostname, username=test_user, key_filename=first_priv_key_path, timeout=1) except (paramiko.AuthenticationException, paramiko.SSHException): pass try: sshcon.connect(external_master_hostname, username=test_user, key_filename=first_priv_key_path, timeout=1) except (paramiko.AuthenticationException, paramiko.SSHException) as e: pytest.fail('Authentication using SSH key not successful', e) journal_cmd = ['journalctl', '--since=today', '-u', 'sshd'] result = self.master.run_command(journal_cmd) output = result.stdout_text assert not re.search('exited on signal 13', output) # cleanup self.master.run_command(['ipa', 'user-del', test_user])
def test_ssh_key_connection(self, tmpdir): """ Integration test for https://pagure.io/SSSD/sssd/issue/3747 """ test_user = '******' external_master_hostname = \ self.master.external_hostname # pylint: disable=no-member pub_keys = [] for i in range(40): ssh_key_pair = tasks.generate_ssh_keypair() pub_keys.append(ssh_key_pair[1]) with open(os.path.join( tmpdir, 'ssh_priv_{}'.format(i)), 'w') as fp: fp.write(ssh_key_pair[0]) tasks.kinit_admin(self.master) self.master.run_command(['ipa', 'user-add', test_user, '--first=tester', '--last=tester']) keys_opts = ' '.join(['--ssh "{}"'.format(k) for k in pub_keys]) cmd = 'ipa user-mod {} {}'.format(test_user, keys_opts) self.master.run_command(cmd) # connect with first SSH key first_priv_key_path = os.path.join(tmpdir, 'ssh_priv_1') # change private key permission to comply with SS rules os.chmod(first_priv_key_path, 0o600) sshcon = paramiko.SSHClient() sshcon.set_missing_host_key_policy(paramiko.AutoAddPolicy()) # first connection attempt is a workaround for # https://pagure.io/SSSD/sssd/issue/3669 try: sshcon.connect(external_master_hostname, username=test_user, key_filename=first_priv_key_path, timeout=1) except (paramiko.AuthenticationException, paramiko.SSHException): pass try: sshcon.connect(external_master_hostname, username=test_user, key_filename=first_priv_key_path, timeout=1) except (paramiko.AuthenticationException, paramiko.SSHException) as e: pytest.fail('Authentication using SSH key not successful', e) journal_cmd = ['journalctl', '--since=today', '-u', 'sshd'] result = self.master.run_command(journal_cmd) output = result.stdout_text assert not re.search('exited on signal 13', output) # cleanup self.master.run_command(['ipa', 'user-del', test_user])
def nested_group_setup(self, tmpdir): """Setup and Clean up groups and user created""" master = self.master client = self.clients[0] # add a user and set password tasks.create_active_user(master, self.username, self.userpasswd) tasks.kinit_admin(master) privkey, pubkey = tasks.generate_ssh_keypair() with open(os.path.join( tmpdir, 'ssh_priv_key'), 'w') as fp: fp.write(privkey) master.run_command([ 'ipa', 'user-mod', self.username, '--ssh', "{}".format(pubkey) ]) master.put_file_contents('/tmp/user_ssh_priv_key', privkey) master.run_command(['chmod', '600', '/tmp/user_ssh_priv_key']) # add group groupa cmd_output = master.run_command(['ipa', 'group-add', 'groupa']) assert 'Added group "groupa"' in cmd_output.stdout_text # add group groupb cmd_output = master.run_command(['ipa', 'group-add', 'groupb']) assert 'Added group "groupb"' in cmd_output.stdout_text # add group groupc cmd_output = master.run_command(['ipa', 'group-add', 'groupc']) assert 'Added group "groupc"' in cmd_output.stdout_text client.put_file_contents('/tmp/user_ssh_priv_key', privkey) client.run_command(['chmod', '600', '/tmp/user_ssh_priv_key']) yield # test cleanup for group in ['groupa', 'groupb', 'groupc']: self.master.run_command(['ipa', 'group-del', group, '--continue']) self.master.run_command(['ipa', 'user-del', self.username, '--no-preserve', '--continue']) tasks.kdestroy_all(self.master) tasks.kdestroy_all(self.clients[0])