def smime_user(request):
    username = u'alice'
    api.Command.user_add(uid=username, givenname=u'Alice', sn=u'SMIME',
                         userpassword=SMIME_USER_INIT_PW)

    unlock_principal_password(username, SMIME_USER_INIT_PW, SMIME_USER_PW)

    def fin():
        api.Command.user_del(username)
    request.addfinalizer(fin)

    return username
示例#2
0
    def test_delete(self, globalCfg, userCfg, allowDelLast, user):
        """
        Test the deletion of the last otp token

        The user auth type can be defined at a global level, or
        per-user if the override is not disabled.
        Depending on the resulting setting, the deletion of last token
        is allowed or forbidden.
        """
        # Save current global config
        result = api.Command.config_show()
        current_globalCfg = result.get('ipauserauthtype', None)

        try:
            # Set the global config for the test
            api.Command.config_mod(ipauserauthtype=globalCfg)
        except errors.EmptyModlist:
            pass

        try:
            user.ensure_exists()
            api.Command.user_mod(user.name, userpassword=user_password)
            unlock_principal_password(user.name,
                                      user_password, user_password)
            # Set the user config for the test
            api.Command.user_mod(user.name, ipauserauthtype=userCfg)

            # Connect as user, create and delete the token
            with change_principal(user.name, user_password):
                api.Command.otptoken_add(u'lastotp', description=u'last otp',
                                         ipatokenowner=user.name)
                if allowDelLast:
                    # We are expecting the del command to succeed
                    api.Command.otptoken_del(u'lastotp')
                else:
                    # We are expecting the del command to fail
                    with pytest.raises(errors.DatabaseError):
                        api.Command.otptoken_del(u'lastotp')

        finally:
            # Make sure the token is removed
            try:
                api.Command.otptoken_del(u'lastotp',)
            except errors.NotFound:
                pass

            # Restore the previous ipauserauthtype
            try:
                api.Command.config_mod(ipauserauthtype=current_globalCfg)
            except errors.EmptyModlist:
                pass
示例#3
0
    def test_authenticate_with_user_alias(self, krbalias_user):
        krbalias_user.ensure_exists()

        alias = u"{name}-alias".format(name=krbalias_user.name)

        krbalias_user.add_principal(alias)

        oldpw, newpw = u"Secret1234", u"Secret123"

        pwdmod = krbalias_user.make_update_command({'userpassword': oldpw})
        pwdmod()

        unlock_principal_password(krbalias_user.name, oldpw, newpw)

        with change_principal(alias, newpw, canonicalize=True):
            api.Command.ping()
    def test_authenticate_with_user_alias(self, krbalias_user):
        krbalias_user.ensure_exists()

        alias = u"{name}-alias".format(name=krbalias_user.name)

        krbalias_user.add_principal(alias)

        oldpw, newpw = u"Secret1234", u"Secret123"

        pwdmod = krbalias_user.make_update_command({'userpassword': oldpw})
        pwdmod()

        unlock_principal_password(krbalias_user.name, oldpw, newpw)

        with change_principal(alias, newpw, canonicalize=True):
            api.Command.ping()
示例#5
0
    def test_whoami_users(self, krb_user):
        """
        Testing whoami as user
        """
        krb_user.ensure_exists()

        pwdmod = krb_user.make_update_command({'userpassword': self.oldpw})
        pwdmod()

        unlock_principal_password(krb_user.name, self.oldpw, self.newpw)

        with change_principal(krb_user.name, self.newpw):
            result = api.Command.whoami()
            expected = {u'object': u'user',
                        u'command': u'user_show/1',
                        u'arguments': (krb_user.name,)}
            assert_deepequal(expected, result)
示例#6
0
    def test_whoami_users(self, krb_user):
        """
        Testing whoami as user
        """
        krb_user.ensure_exists()

        pwdmod = krb_user.make_update_command({'userpassword': self.oldpw})
        pwdmod()

        unlock_principal_password(krb_user.name, self.oldpw, self.newpw)

        with change_principal(krb_user.name, self.newpw):
            result = api.Command.whoami()
            expected = {
                u'object': u'user',
                u'command': u'user_show/1',
                u'arguments': (krb_user.name, )
            }
            assert_deepequal(expected, result)
示例#7
0
def certmap_user_permissions(request, bindtype_permission):
    tmp_password = u'Initial123'

    priv_name = u'test_certmap_privilege'
    role_name = u'test_certmap_role'

    api.Command.user_add(CERTMAP_USER,
                         givenname=u'Certmap',
                         sn=u'User',
                         userpassword=tmp_password)
    unlock_principal_password(CERTMAP_USER, tmp_password, CERTMAP_PASSWD)

    api.Command.privilege_add(priv_name)
    for perm_name in request.param:
        # add to privilege for user
        api.Command.privilege_add_permission(priv_name, permission=perm_name)
    api.Command.role_add(role_name)
    api.Command.role_add_privilege(role_name, privilege=priv_name)
    api.Command.role_add_member(role_name, user=CERTMAP_USER)

    def finalize():
        try:
            api.Command.user_del(CERTMAP_USER)
        except Exception:
            pass
        try:
            api.Command.role_del(role_name)
        except Exception:
            pass
        try:
            api.Command.privilege_del(priv_name)
        except Exception:
            pass

    request.addfinalizer(finalize)

    return request.param
示例#8
0
def certmap_user_permissions(request, bindtype_permission):
    tmp_password = u'Initial123'

    priv_name = u'test_certmap_privilege'
    role_name = u'test_certmap_role'

    api.Command.user_add(CERTMAP_USER, givenname=u'Certmap', sn=u'User',
                         userpassword=tmp_password)
    unlock_principal_password(CERTMAP_USER, tmp_password,
                              CERTMAP_PASSWD)

    api.Command.privilege_add(priv_name)
    for perm_name in request.param:
        # add to privilege for user
        api.Command.privilege_add_permission(priv_name, permission=perm_name)
    api.Command.role_add(role_name)
    api.Command.role_add_privilege(role_name, privilege=priv_name)
    api.Command.role_add_member(role_name, user=CERTMAP_USER)

    def finalize():
        try:
            api.Command.user_del(CERTMAP_USER)
        except Exception:
            pass
        try:
            api.Command.role_del(role_name)
        except Exception:
            pass
        try:
            api.Command.privilege_del(priv_name)
        except Exception:
            pass

    request.addfinalizer(finalize)

    return request.param