1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
""" SSSD Sanity Test Cases
:requirement: IDM-SSSD-REQ : KRB5 Provider
:casecomponent: sssd
:subsystemteam: sst_idm_sssd
:upstream: yes
:status: approved
"""
import pytest
import time
import configparser as ConfigParser
from sssd.testlib.common.utils import sssdTools
class TestSanitySSSD(object):
""" Basic Sanity Test cases """
@pytest.mark.converted('test_authentication.py', 'test_authentication__login')
@staticmethod
def test_ssh_user_login(multihost):
"""
:title: Login: Check ssh login as LDAP user with Kerberos credentials
:id: b7600a46-1827-486a-ae2e-cbedad6ddf41
"""
client = sssdTools(multihost.master[0])
ssh0 = client.auth_from_client("foo1", 'Secret123') == 3
assert ssh0, "Authentication Failed as user foo1"
@pytest.mark.converted('test_kcm.py', 'test_kcm__simple_kinit')
@staticmethod
def test_kinit(multihost):
"""
:title: Login: Verify kinit is successfull after user login
:id: 5e15e9e9-c559-49b8-a164-abe13d82d0fd
"""
user = 'foo2'
cmd = multihost.master[0].run_command(
f'su - {user} -c "kinit"', stdin_text='Secret123',
raiseonerr=False)
assert cmd.returncode == 0, "kinit failed!"
cmd2 = multihost.master[0].run_command(
f'su - {user} -c "klist"', raiseonerr=False)
assert cmd2.returncode == 0, "klist failed!"
@pytest.mark.converted('test_authentication.py', 'test_authentication__offline_login')
@staticmethod
def test_offline_ssh_login(multihost):
"""
:title: Login: Verify offline ssh login
:id: 90e9a834-a1f9-4bef-bdae-57a7b411cce4
"""
multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',
'/tmp/sssd.conf')
sssdconfig = ConfigParser.RawConfigParser()
sssdconfig.read('/tmp/sssd.conf')
domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST')
if domain_section in sssdconfig.sections():
sssdconfig.set(domain_section, 'cache_credentials', 'True')
sssdconfig.set(domain_section, 'krb5_store_password_if_offline',
'True')
sssdconfig.set('pam', 'offline_credentials_expiration', '0')
with open('/tmp/sssd.conf', "w") as file_d:
sssdconfig.write(file_d)
else:
print("Could not fetch sssd.conf")
assert False
multihost.master[0].transport.put_file('/tmp/sssd.conf',
'/etc/sssd/sssd.conf')
multihost.master[0].service_sssd('restart')
time.sleep(5)
client = sssdTools(multihost.master[0])
user = 'foo4'
ssh0 = client.auth_from_client(user, password='Secret123') == 3
assert ssh0, f"Initial ssh login as {user} failed."
stop_dirsrv = 'systemctl stop dirsrv@example1'
stop_krb5kdc = 'systemctl stop krb5kdc'
multihost.master[0].run_command(stop_dirsrv)
multihost.master[0].run_command(stop_krb5kdc)
ssh1 = client.auth_from_client(user, password='Secret123') == 3
start_dirsrv = 'systemctl start dirsrv@example1'
start_krb5kdc = 'systemctl start krb5kdc'
multihost.master[0].run_command(start_dirsrv)
multihost.master[0].run_command(start_krb5kdc)
assert ssh1, f"Offline ssh login as {user} failed."
|
