[SSSD] [sssd PR#782][opened] TESTS: Test changing LDAP password with extended operation and modification

Mon, 18 Mar 2019 02:57:22 -0700 

   URL: https://github.com/SSSD/sssd/pull/782
Author: jhrozek
 Title: #782: TESTS: Test changing LDAP password with extended operation and 
modification
Action: opened

PR body:
"""
A test for: https://pagure.io/SSSD/sssd/issue/1314
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/782/head:pr782
git checkout pr782

From ca7be292faf29631996b3bf1beae2f47f4abccb1 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 18 Mar 2019 10:54:57 +0100
Subject: [PATCH 1/3] TESTS: Install expect to drive password-change
 modifications

---
 src/tests/multihost/basic/conftest.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index a9e9cf0a61..9fd576b371 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -38,7 +38,8 @@ def package_install(session_multihost):
     distro = session_multihost.master[0].distro
     pkg_list = 'authselect nss-tools 389-ds-base krb5-server '\
                'openldap-clients krb5-workstation '\
-               '389-ds-base-legacy-tools sssd sssd-dbus sssd-kcm'
+               '389-ds-base-legacy-tools sssd sssd-dbus sssd-kcm ' \
+               'expect'
     if 'Fedora' in distro:
         cmd = 'dnf install -y %s' % (pkg_list)
     elif '8.' in distro.split()[5]:

From 6f0492d4a2057e58c0df037a95df0a571cae3fba Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 18 Mar 2019 10:53:19 +0100
Subject: [PATCH 2/3] TESTS: Also add LDAP password when creating users

---
 src/tests/multihost/basic/conftest.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py
index 9fd576b371..afc4c67e9a 100644
--- a/src/tests/multihost/basic/conftest.py
+++ b/src/tests/multihost/basic/conftest.py
@@ -376,7 +376,8 @@ def create_posix_usersgroups(session_multihost):
         user_info = {'cn': 'foo%d' % i,
                      'uid': 'foo%d' % i,
                      'uidNumber': '1458310%d' % i,
-                     'gidNumber': '14564100'}
+                     'gidNumber': '14564100',
+                     'userPassword' : 'Secret123'}
         if ldap_inst.posix_user("ou=People", "dc=example,dc=test", user_info):
             krb.add_principal('foo%d' % i, 'user', 'Secret123')
         else:

From 7892e7b8c31a443eea28d29265d127bfe7d8b3c0 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Mon, 18 Mar 2019 10:55:05 +0100
Subject: [PATCH 3/3] TESTS: Test changing LDAP password with extended
 operation and modification

A test for:
https://pagure.io/SSSD/sssd/issue/1314
---
 src/tests/multihost/basic/test_ldap.py | 153 +++++++++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100644 src/tests/multihost/basic/test_ldap.py

diff --git a/src/tests/multihost/basic/test_ldap.py b/src/tests/multihost/basic/test_ldap.py
new file mode 100644
index 0000000000..e667a1abe3
--- /dev/null
+++ b/src/tests/multihost/basic/test_ldap.py
@@ -0,0 +1,153 @@
+""" SSSD LDAP provider tests """
+
+import re
+import time
+from sssd.testlib.common.utils import SSHClient
+import pytest
+try:
+    import ConfigParser
+except ImportError:
+    import configparser as ConfigParser
+
+UNINDENT_RE = re.compile("^ +", re.MULTILINE)
+
+
+def unindent(text):
+    """
+        Unindent text by removing at most the number of spaces present in
+        the first non-empty line from the beginning of every line.
+    """
+    indent_ref = [0]
+
+    def replace(match):
+        if indent_ref[0] == 0:
+            indent_ref[0] = len(match.group())
+        return match.group()[indent_ref[0]:]
+    return UNINDENT_RE.sub(replace, text)
+
+
+def expect_chpass_script(current_pass, new_pass):
+    return unindent("""\
+    set timeout 15
+    spawn passwd
+    expect "Changing password for user puser."
+    expect "Current Password:"
+    send "{current_pass}\r"
+    expect "New password:"
+    send "{new_pass}\r"
+    expect "Retype new password:"
+    send "{new_pass}\r"
+    expect "passwd: all authentication tokens updated successfully"
+    expect EOF
+    """).format(**locals())
+
+
+def run_expect_script(multihost, ssh_conn, expect_string):
+    expect_file = '/tmp/expect_multihost'
+    try:
+        multihost.master[0].run_command('rm -f ' + expect_file)
+        multihost.master[0].put_file_contents(expect_file, expect_string)
+        ssh_conn.execute_cmd('expect -f ' + expect_file)
+    except Exception as err:
+        raise err
+    finally:
+        multihost.master[0].run_command('rm -f ' + expect_file)
+
+
+def chpass(multihost, ssh_conn, current_pass, new_pass):
+    script = expect_chpass_script(current_pass, new_pass)
+    run_expect_script(multihost, ssh_conn, script)
+
+@pytest.fixture
+def set_ldap_auth_provider(session_multihost, request):
+    """ Set entry cache sudo timeout in sssd.conf """
+    bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig'
+    session_multihost.master[0].run_command(bkup_sssd)
+    session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',
+                                                   '/tmp/sssd.conf')
+    sssdconfig = ConfigParser.ConfigParser()
+    sssdconfig.read('/tmp/sssd.conf')
+    domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST')
+    if domain_section in sssdconfig.sections():
+        sssdconfig.set(domain_section, 'auth_provider', 'ldap')
+        sssdconfig.set(domain_section,
+                       'ldap_auth_disable_tls_never_use_in_production',
+                       'true')
+        with open('/tmp/sssd.conf', "w") as sssconf:
+            sssdconfig.write(sssconf)
+    session_multihost.master[0].transport.put_file('/tmp/sssd.conf',
+                                                   '/etc/sssd/sssd.conf')
+    session_multihost.master[0].service_sssd('restart')
+
+    def restore_sssd():
+        """ Restore sssd.conf """
+        restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf'
+        session_multihost.master[0].run_command(restore_sssd)
+        session_multihost.master[0].service_sssd('restart')
+    request.addfinalizer(restore_sssd)
+
+
+@pytest.fixture
+def set_ldap_pwmodify_mode_ldap_modify(session_multihost, request):
+    """ Set entry cache sudo timeout in sssd.conf """
+    bkup_sssd = 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig'
+    session_multihost.master[0].run_command(bkup_sssd)
+    session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf',
+                                                   '/tmp/sssd.conf')
+    sssdconfig = ConfigParser.ConfigParser()
+    sssdconfig.read('/tmp/sssd.conf')
+    domain_section = "%s/%s" % ('domain', 'EXAMPLE.TEST')
+    if domain_section in sssdconfig.sections():
+        sssdconfig.set(domain_section, 'ldap_pwmodify_mode', 'ldap_modify')
+        with open('/tmp/sssd.conf', "w") as sssconf:
+            sssdconfig.write(sssconf)
+    session_multihost.master[0].transport.put_file('/tmp/sssd.conf',
+                                                   '/etc/sssd/sssd.conf')
+    session_multihost.master[0].service_sssd('restart')
+
+    def restore_sssd():
+        """ Restore sssd.conf """
+        restore_sssd = 'cp -f /etc/sssd/sssd.conf.orig /etc/sssd/sssd.conf'
+        session_multihost.master[0].run_command(restore_sssd)
+        session_multihost.master[0].service_sssd('restart')
+    request.addfinalizer(restore_sssd)
+
+
+class TestLDAPChpass(object):
+    """ Test changing LDAP password """
+
+    def _change_test_reset_password(self, multihost):
+        try:
+            ssh = SSHClient(multihost.master[0].sys_hostname,
+                            username='foo1', password='Secret123')
+        except paramiko.ssh_exception.AuthenticationException:
+            pytest.fail("Authentication Failed as user %s" % ('foo1'))
+
+        expect_script = chpass(multihost, ssh, 'Secret123', 'Secret1234')
+        ssh.close()
+
+        # Try logging in with the new password
+        try:
+            ssh = SSHClient(multihost.master[0].sys_hostname,
+                            username='foo1', password='Secret1234')
+        except paramiko.ssh_exception.AuthenticationException:
+            pytest.fail("Authentication Failed as user %s" % ('foo1'))
+
+        # Clean up and change the password back
+        expect_script = chpass(multihost, ssh, 'Secret1234', 'Secret123')
+        ssh.close()
+
+    def test_ldap_chpass_extop(self, multihost):
+        """
+        Test password change using the default extended operation
+        """
+        self._change_test_reset_password(multihost)
+
+    def test_ldap_chpass_modify(self,
+                                multihost,
+                                set_ldap_auth_provider,
+                                set_ldap_pwmodify_mode_ldap_modify):
+        """
+        Test password change using LDAP modify
+        """
+        self._change_test_reset_password(multihost)

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

Reply via email to