URL: https://github.com/SSSD/sssd/pull/5755 Author: aborah-sudo Title: #5755: Tests: support subid ranges managed by FreeIPA Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5755/head:pr5755 git checkout pr5755
From 9d095a7cb10a2596fb233636c391f2360e400777 Mon Sep 17 00:00:00 2001 From: Anuj Borah <abo...@redhat.com> Date: Thu, 19 Aug 2021 14:19:26 +0530 Subject: [PATCH] Tests: support subid ranges managed by FreeIPA issue: https://github.com/SSSD/sssd/issues/5197 bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 --- src/tests/multihost/ipa/conftest.py | 54 +++++++ .../multihost/ipa/data/list_subid_ranges.c | 46 ++++++ src/tests/multihost/ipa/test_subid_ranges.py | 132 ++++++++++++++++++ 3 files changed, 232 insertions(+) create mode 100644 src/tests/multihost/ipa/data/list_subid_ranges.c create mode 100644 src/tests/multihost/ipa/test_subid_ranges.py diff --git a/src/tests/multihost/ipa/conftest.py b/src/tests/multihost/ipa/conftest.py index f65ae765d3..291f1008ff 100644 --- a/src/tests/multihost/ipa/conftest.py +++ b/src/tests/multihost/ipa/conftest.py @@ -30,6 +30,33 @@ def pytest_configure(): # ==================== Function Scoped Fixtures ============== +@pytest.fixture(scope='function') +def create_bkp_for_subid_files(session_multihost, request): + """ Back up """ + session_multihost.client[0].run_command("cp -vf " + "/etc/subuid " + "/tmp/subuid_bkp") + session_multihost.client[0].run_command("cp -vf " + "/etc/subgid " + "/tmp/subgid_bkp") + session_multihost.client[0].run_command("cp -vf " + "/etc/nsswitch.conf " + "/tmp/nsswitch.conf_bkp") + + def restore(): + """ Restore """ + session_multihost.client[0].run_command("mv -vf " + "/tmp/subuid_bkp " + "/etc/subuid") + session_multihost.client[0].run_command("mv -vf " + "/tmp/subgid_bkp " + "/etc/subgid") + session_multihost.client[0].run_command("mv -vf " + "/tmp/nsswitch.conf_bkp " + "/etc/nsswitch.conf") + request.addfinalizer(restore) + + @pytest.fixture(scope="function") def hbac_sshd_rule(session_multihost, request): """ @@ -165,6 +192,33 @@ def restoresssdconf(): # ==================== Class Scoped Fixtures ================ +@pytest.fixture(scope='class') +def install_list_subid_ranges(session_multihost, request): + """ + Install necessary packages + """ + session_multihost.client[0].run_command("yum --enablerepo=rhel-CRB install" + " -y shadow-utils*") + session_multihost.client[0].run_command("yum install -y shadow-utils*") + session_multihost.client[0].run_command("yum install -y gcc") + with pytest.raises(subprocess.CalledProcessError): + session_multihost.client[0].run_command(f"grep subid " + f"/etc/nsswitch.conf") + session_multihost.client[0].transport.put_file(os.getcwd() + + '/data/list_subid_ranges.c', + '/tmp/list_subid_ranges.c') + session_multihost.client[0].run_command("gcc /tmp/list_subid_ranges.c " + "-lsubid -o " + "/tmp/list_subid_ranges") + + def remove(): + """ Remove file """ + session_multihost.client[0].run_command("rm -vf " + "/tmp/list_subid_ranges") + + request.addfinalizer(remove) + + @pytest.fixture(scope="class") def default_ipa_users(session_multihost, request): """ Create IPA Users foobar0 to foobar9 """ diff --git a/src/tests/multihost/ipa/data/list_subid_ranges.c b/src/tests/multihost/ipa/data/list_subid_ranges.c new file mode 100644 index 0000000000..05d2e8f048 --- /dev/null +++ b/src/tests/multihost/ipa/data/list_subid_ranges.c @@ -0,0 +1,46 @@ + +#include <stdio.h> +#include <string.h> +#include "shadow/subid.h" +#include "stdlib.h" + +const char *Prog; +FILE *shadow_logfd = NULL; + +void usage(void) +{ + fprintf(stderr, "Usage: %s [-g] user\n", Prog); + fprintf(stderr, " list subuid ranges for user\n"); + fprintf(stderr, " pass -g to list subgid ranges\n"); + exit(EXIT_FAILURE); +} + +int main(int argc, char *argv[]) +{ + int i, count=0; + struct subid_range *ranges; + const char *owner; + + Prog = argv[0]; + shadow_logfd = stderr; + if (argc < 2) + usage(); + owner = argv[1]; + if (argc == 3 && strcmp(argv[1], "-g") == 0) { + owner = argv[2]; + count = get_subgid_ranges(owner, &ranges); + } else if (argc == 2 && strcmp(argv[1], "-h") == 0) { + usage(); + } else { + count = get_subuid_ranges(owner, &ranges); + } + if (!ranges) { + fprintf(stderr, "Error fetching ranges\n"); + exit(1); + } + for (i = 0; i < count; i++) { + printf("%d: %s %lu %lu\n", i, owner, + ranges[i].start, ranges[i].count); + } + return 0; +} diff --git a/src/tests/multihost/ipa/test_subid_ranges.py b/src/tests/multihost/ipa/test_subid_ranges.py new file mode 100644 index 0000000000..916504c2ef --- /dev/null +++ b/src/tests/multihost/ipa/test_subid_ranges.py @@ -0,0 +1,132 @@ +""" Automation of IPA bugs """ + +import pytest +import subprocess +import time +import os +from sssd.testlib.common.utils import SSHClient + + +test_password = "Secret123" +user = 'admin' + + +def execute_cmd(multihost, command): + """ Execute command on client """ + cmd = multihost.client[0].run_command(command) + return cmd + + +@pytest.mark.usefixtures('install_list_subid_ranges', + 'setup_ipa_client') +@pytest.mark.tier1 +class TestSubid(object): + """ + This is for ipa bugs automation + """ + def test_subid_feature(self, multihost, + create_bkp_for_subid_files): + """ + :Title: support subid ranges managed by FreeIPA + :id: 50bcdc28-00c8-11ec-bef4-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 + :steps: + 1. Generate subid for user admin + 2. Test newuidmap command + 3. Test newgidmap command + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + """ + ssh1 = SSHClient(multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.execute_cmd('kinit', + stdin=test_password) + assert exit_status == 0 + (result, result1, exit_status) = ssh1.exec_command('klist') + assert user in str(result1.read()) + (result, result1, exit_status) = ssh1.exec_command(f"ipa " + f"subid-generate " + f"--owner={user}") + (result, result1, exit_status) = ssh1.exec_command(f"ipa " + f"subid-find " + f"--owner " + f"{user}") + user_details = result1.readlines() + uid_start = int(user_details[5].split(': ')[1].split('\n')[0]) + uid_range = int(user_details[6].split(': ')[1].split('\n')[0]) + gid_start = int(user_details[7].split(': ')[1].split('\n')[0]) + gid_range = int(user_details[8].split(': ')[1].split('\n')[0]) + ssh2 = SSHClient(multihost.client[0].sys_hostname, + username=user, password=test_password) + cmd = execute_cmd(multihost, "ps -ef | grep bash").stdout_text + find_admin = f"ps -ef | grep bash | grep {user}" + if user in cmd: + proces_id = [int(i) + for i in execute_cmd(multihost, + find_admin).stdout_text.split() + if i.isdigit()][0] + multihost.client[0].run_command(f'kill -9 {proces_id}') + (results1, results2, results3) = ssh1.exec_command('unshare -U bash') + proces_id = [int(i) + for i in execute_cmd(multihost, + find_admin).stdout_text.split() + if i.isdigit()][0] + ssh1.exec_command(f"newuidmap {proces_id} " + f"{uid_start} {uid_start + 1} 1") + ssh1.exec_command(f"newgidmap " + f"{proces_id} {uid_start} {uid_start + 1} 1") + result = execute_cmd(multihost, f"cat /proc/{proces_id}/uid_map") + assert f'{uid_start}' in result.stdout_text + assert f'{uid_start + 1}' in result.stdout_text + result = execute_cmd(multihost, f"cat /proc/{proces_id}/gid_map") + assert f'{gid_start}' in result.stdout_text + assert f'{gid_start + 1}' in result.stdout_text + multihost.client[0].run_command(f'kill -9 {proces_id}') + ssh2.close() + ssh1.close() + + def test_list_subid_ranges(self, multihost, + create_bkp_for_subid_files): + """ + :Title: support subid ranges managed by FreeIPA + :id: 4ab33f84-00c8-11ec-ad91-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1803943 + :steps: + 1. Configure subid: sss on /etc/nsswitch.conf + 2. Test list_subid_ranges command + 3. Test list_subid_ranges -g command + :expectedresults: + 1. Should succeed + 2. Should succeed + 3. Should succeed + """ + multihost.client[0].run_command("echo 'subid: sss' " + ">> /etc/nsswitch.conf") + ssh1 = SSHClient(multihost.client[0].sys_hostname, + username=user, password=test_password) + (result, result1, exit_status) = ssh1.execute_cmd('kinit', + stdin=test_password) + assert exit_status == 0 + (result, result1, exit_status) = ssh1.exec_command('klist') + assert user in str(result1.read()) + (result, result1, exit_status) = ssh1.exec_command(f"ipa subid-find" + f" --owner " + f"{user}") + user_details = result1.readlines() + uid_start = int(user_details[5].split(': ')[1].split('\n')[0]) + uid_range = int(user_details[6].split(': ')[1].split('\n')[0]) + gid_start = int(user_details[7].split(': ')[1].split('\n')[0]) + gid_range = int(user_details[8].split(': ')[1].split('\n')[0]) + cmd = multihost.client[0].run_command(f"cd /tmp/; " + f"./list_subid_ranges " + f"{user}") + assert f'{uid_start}' in cmd.stdout_text + assert f'{uid_range}' in cmd.stdout_text + cmd = multihost.client[0].run_command(f"cd /tmp/;" + f" ./list_subid_ranges" + f" -g {user}") + assert f'{gid_start}' in cmd.stdout_text + assert f'{gid_range}' in cmd.stdout_text + ssh1.close()
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure