def test_login_wrong_password(self, user_creation_deletion): """Test ipa user login with wrong password When ipa user login to machine using wrong password, it should log proper message related: https://github.com/SSSD/sssd/issues/5139 """ # try to login with wrong password sssd_version = tasks.get_sssd_version(self.master) if (sssd_version < tasks.parse_version('2.3.0')): pytest.xfail('Fix is part of sssd 2.3.0 and is' ' available from fedora32 onwards') sshconn = paramiko.SSHClient() sshconn.set_missing_host_key_policy(paramiko.AutoAddPolicy()) since = time.strftime('%H:%M:%S') try: sshconn.connect(self.master.hostname, username=self.testuser, password='******') except paramiko.AuthenticationException: pass sshconn.close() # check if proper message logged exp_msg = ("pam_sss(sshd:auth): received for user {}: 7" " (Authentication failure)".format(self.testuser)) result = self.master.run_command(['journalctl', '-u', 'sshd', '--since={}'.format(since)]) assert exp_msg in result.stdout_text
def test_override_gid_subdomain(self): """Test that override_gid is working for subdomain This is a regression test for sssd bug: https://pagure.io/SSSD/sssd/issue/4061 """ tasks.clear_sssd_cache(self.master) user = self.users['child_ad']['name'] gid = 10264 # verify the user can be retrieved initially self.master.run_command(['id', user]) with self.override_gid_setup(gid): test_gid = self.master.run_command(['id', user]) sssd_version = tasks.get_sssd_version(self.master) with xfail_context(sssd_version < tasks.parse_version('2.3.0'), 'https://pagure.io/SSSD/sssd/issue/4061'): assert 'gid={id}'.format(id=gid) in test_gid.stdout_text
def test_trustdomain_disable_disables_subdomain(self): """Test that users from disabled trustdomains can not use ipa resources This is a regression test for sssd bug: https://pagure.io/SSSD/sssd/issue/4078 """ user = self.users['child_ad']['name'] # verify the user can be retrieved initially self.master.run_command(['id', user]) with self.disabled_trustdomain(): res = self.master.run_command(['id', user], raiseonerr=False) sssd_version = tasks.get_sssd_version(self.master) with xfail_context(sssd_version < tasks.parse_version('2.2.3'), 'https://pagure.io/SSSD/sssd/issue/4078'): assert res.returncode == 1 assert 'no such user' in res.stderr_text # verify the user can be retrieved after re-enabling trustdomain self.master.run_command(['id', user])
def test_aduser_with_idview(self): """Test that trusted AD users should not lose their AD domains. This is a regression test for sssd bug: https://pagure.io/SSSD/sssd/issue/4173 1. Override AD user's UID, GID by adding it in ID view on IPA server. 2. Stop the SSSD, and clear SSSD cache and restart SSSD on a IPA client 3. getent with UID from ID view should return AD domain after default memcache_timeout. """ client = self.clients[0] user = self.users['ad']['name'] idview = 'testview' def verify_retrieved_users_domain(): # Wait for the record to expire in SSSD's cache # (memcache_timeout default value is 300s). test_user = ['su', user, '-c', 'sleep 360; getent passwd 10001'] result = client.run_command(test_user) assert user in result.stdout_text # verify the user can be retrieved initially tasks.clear_sssd_cache(self.master) self.master.run_command(['id', user]) self.master.run_command(['ipa', 'idview-add', idview]) self.master.run_command(['ipa', 'idoverrideuser-add', idview, user]) self.master.run_command([ 'ipa', 'idview-apply', idview, '--hosts={0}'.format(client.hostname) ]) self.master.run_command([ 'ipa', 'idoverrideuser-mod', idview, user, '--uid=10001', '--gid=10000' ]) try: clear_sssd_cache(client) sssd_version = tasks.get_sssd_version(client) with xfail_context(sssd_version < tasks.parse_version('2.3.0'), 'https://pagure.io/SSSD/sssd/issue/4173'): verify_retrieved_users_domain() finally: self.master.run_command(['ipa', 'idview-del', idview])