Hi,
this patch adds authentication test (specifically "kinit -E
ipauser@IPADOMAIN") to basic trust test suite, as requested by Sumit.
Intended to be applied after my patches 25.4 and 26.3 (already waiting
to be pushed).
Lenka
From 394304d23ef752c30cf1f4d69d5e6116fd41ad2d Mon Sep 17 00:00:00 2001
From: Lenka Doudova <ldoud...@redhat.com>
Date: Mon, 18 Jul 2016 14:38:18 +0200
Subject: [PATCH] Tests: Adding authentication test to basic trust test suite
Providing missing test case verifying authentication as IPA user, namely "kinit -E ipauser@IPADOMAIN".
---
ipatests/test_integration/test_trust.py | 19 +++++++++++++++++++
ipatests/test_integration/util.py | 13 +++++++++++++
2 files changed, 32 insertions(+)
diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
index e3fe9c89e9cd1357c8913d8fcd98699906f07f85..3dc1056dea82d0fe21a983ffe5354ff33e8ad8a3 100644
--- a/ipatests/test_integration/test_trust.py
+++ b/ipatests/test_integration/test_trust.py
@@ -161,6 +161,25 @@ class TestBasicADTrust(ADTrustBase):
assert re.search(testuser_regex, result.stdout_text)
+ def test_ipauser_authentication(self):
+ ipauser = u'tuser'
+ original_passwd = 'Secret123'
+ new_passwd = 'userPasswd123'
+
+ # create an ipauser for this test
+ self.master.run_command(['ipa', 'user-add', ipauser, '--first=Test',
+ '--last=User', '--password'],
+ stdin_text=original_passwd)
+
+ # change password for the user to be able to kinit
+ util.unlock_principal_password(ipauser, original_passwd, new_passwd,
+ self.master)
+
+ # try to kinit as ipauser
+ self.master.run_command(
+ ['kinit', '-E','{0}@{1}'.format(ipauser, self.master.domain.name)],
+ stdin_text=new_passwd)
+
def test_remove_nonposix_trust(self):
tasks.remove_trust_with_ad(self.master, self.ad_domain)
tasks.clear_sssd_cache(self.master)
diff --git a/ipatests/test_integration/util.py b/ipatests/test_integration/util.py
index 594737b6d753d476cd06aeb0d5cd376b7ca46467..b317beed7756bdc50c6a17c199f4970b5af15303 100644
--- a/ipatests/test_integration/util.py
+++ b/ipatests/test_integration/util.py
@@ -20,6 +20,8 @@
import time
import re
+from ipaplatform.paths import paths
+from ipapython.ipautil import run
def run_repeatedly(host, command, assert_zero_rc=True, test=None,
timeout=30, **kwargs):
@@ -75,3 +77,14 @@ def get_host_ip_with_hostmask(host):
if match:
return match.group('full_ip')
+
+
+def unlock_principal_password(user, oldpw, newpw, master):
+ container_user = "cn=users,cn=accounts"
+ basedn = master.domain.basedn
+
+ userdn = "uid={},{},{}".format(user, container_user, basedn)
+
+ args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw,
+ '-s', newpw, '-x']
+ return run(args)
--
2.7.4
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
