ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.Rfrom sssd.testlib.common.utils import SSHClient

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.Rimport ConfigParser

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.Rimport paramiko

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.Rimport pytest

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.Rimport time

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.Rclass Test_basic_sssd(object):

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R def test_ssh_user_login(self, multihost):

8a53449ad0353d5c18296b79b52a2a7b957f6421René Genz """ Check ssh login as LDAP user with Kerberos credentials """

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R try:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh = SSHClient(multihost.master[0].sys_hostname,

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R username='foo1', password='Secret123')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R except paramiko.ssh_exception.AuthenticationException:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R pytest.fail("Authentication Failed as user %s" % ('foo1'))

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R else:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert True

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh.close()

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R def test_kinit(self, multihost):

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R """ Run kinit after user login """

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R try:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh = SSHClient(multihost.master[0].sys_hostname,

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R username='foo2', password='Secret123')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R except paramiko.ssh_exception.AuthenticationException:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R pytest.fail("Authentication Failed as user %s" % ('foo2'))

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R else:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R (_, _, exit_status) = ssh.execute_cmd(args='kinit',

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R stdin='Secret123')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert exit_status == 0

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R (stdout, _, _) = ssh.execute_cmd('klist')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R for line in stdout.readlines():

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R print(line)

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert exit_status == 0

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh.close()

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R def test_kinit_kcm(self, multihost):

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R """ Run kinit with KRB5CCNAME=KCM: """

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R try:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh = SSHClient(multihost.master[0].sys_hostname,

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R username='foo3', password='Secret123')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R except paramiko.ssh_exception.AuthenticationException:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R pytest.fail("Authentication Failed as user %s" % ('foo3'))

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R else:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R (_, _, exit_status) = ssh.execute_cmd('KRB5CCNAME=KCM:; kinit',

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R stdin='Secret123')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert exit_status == 0

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R (stdout, _, _) = ssh.execute_cmd('KRB5CCNAME=KCM:;klist')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R for line in stdout.readlines():

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R if 'Ticket cache: KCM:14583103' in str(line.strip()):

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert True

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R break

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R else:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert False

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert exit_status == 0

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh.close()

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R def test_offline_ssh_login(self, multihost):

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R """ Test Offline ssh login """

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R '/tmp/sssd.conf')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R sssdconfig = ConfigParser.RawConfigParser()

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R sssdconfig.read('/tmp/sssd.conf')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R if domain_section in sssdconfig.sections():

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R sssdconfig.set(domain_section, 'cache_credentials', 'True')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R sssdconfig.set(domain_section, 'krb5_store_password_if_offline',

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R 'True')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R sssdconfig.set('pam', 'offline_credentials_expiration', '0')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R with open('/tmp/sssd.conf', "wb") as fd:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R sssdconfig.write(fd)

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R else:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R print("Could not fetch sssd.conf")

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R assert False

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R multihost.master[0].transport.put_file('/tmp/sssd.conf',

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R '/etc/sssd/sssd.conf')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R multihost.master[0].service_sssd('restart')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R time.sleep(5)

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R try:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh = SSHClient(multihost.master[0].sys_hostname,

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R username='foo4', password='Secret123')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R except paramiko.ssh_exception.AuthenticationException:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R pytest.fail("Unable to authenticate as %s" % ('foo4'))

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R else:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh.close()

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R multihost.master[0].run_command(['systemctl',

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R 'stop',

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R 'dirsrv@example1'])

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R multihost.master[0].run_command(['systemctl', 'stop', 'krb5kdc'])

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R try:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh = SSHClient(multihost.master[0].sys_hostname,

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R username='foo4', password='Secret123')

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R except paramiko.ssh_exception.AuthenticationException:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R pytest.fail("Unable to authenticate as %s" % ('foo4'))

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R else:

ee1e4c0fa7e8a973ecf16b7535664b8f47fc7e75Niranjan M.R ssh.close()