URL: https://github.com/SSSD/sssd/pull/5943 Author: jakub-vavra-cz Title: #5943: Tests: Add a test for bz1859315 - sssd does not use kerberos port that is set Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5943/head:pr5943 git checkout pr5943
From c46bf478d1d4b7edd5b26be5f6739beca75c420d Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jva...@redhat.com> Date: Thu, 6 Jan 2022 08:56:39 +0100 Subject: [PATCH] Tests: Add a test for bz1859315 - sssd does not use kerberos port that is set. Verifies: SSSD-2827 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1859315 --- .../multihost/ad/test_adparameters_ported.py | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index 4048c27704..895e133bf4 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -14,6 +14,8 @@ from sssd.testlib.common.utils import sssdTools from sssd.testlib.common.utils import SSSDException from sssd.testlib.common.utils import ADOperations +from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.exceptions import SSHLoginException @pytest.fixture(scope="function", name="create_plain_aduser_group") @@ -3535,3 +3537,89 @@ def test_0042_ad_parameters_nonroot_user_sssd( assert usr_cmd.returncode == 0, f"User {aduser} was not found." assert grp_cmd.returncode == 0, f"Group {adgroup} was not found." assert ps_cmd.returncode == 0, "Sssd is not running under user!" + + @staticmethod + @pytest.mark.tier1_2 + def test_0043_sssd_not_using_given_krb_port( + multihost, adjoin, create_aduser_group): + """ + :title: IDM-SSSD-TC: SSSD does not use kerberos port that is set. + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1859315 + :id: 558f692b-01c5-46f4-ad39-6b190dd7c017 + :steps: + 1. Start SSSD with alternate port in config + 2. Call 'kinit username@domain' + 3. Call 'ssh -l username@domain localhost' and check sssd logs + :expectedresults: + 1. SSSD should start + 2. Should succeed + 3. Logs contain info about right port being used + Logs do not contain wrong (default) port being used + """ + + adjoin(membersw='adcli') + ad_realm = multihost.ad[0].domainname.upper() + + # Create AD user and group + (aduser, _) = create_aduser_group + + # Configure sssd + client = sssdTools(multihost.client[0], multihost.ad[0]) + client.backup_sssd_conf() + + dom_section = f'domain/{client.get_domain_section_name()}' + sssd_params = { + 'ad_domain': multihost.ad[0].domainname, + 'debug_level': '0x4000', + 'use_fully_qualified_names': 'True', + 'cache_credentials': 'True', + 'krb5_store_password_if_offline': 'True', + 'krb5_server': f'{multihost.ad[0].hostname}:6666', + 'id_provider': 'ad', + 'auth_provider': 'krb5', + 'access_provider': 'ad', + 'krb5_realm': ad_realm, + } + client.sssd_conf(dom_section, sssd_params) + + # Clear cache and restart SSSD + client.clear_sssd_cache() + + # Debug + multihost.client[0].run_command( + 'cat /etc/sssd/sssd.conf', raiseonerr=False) + + # Run kinit for the user + kinit_cmd = multihost.client[0].run_command( + f'kinit {aduser}@{ad_realm}', stdin_text='Secret123', + raiseonerr=False) + + client_ssh = pexpect_ssh(multihost.client[0].sys_hostname, + f'{aduser}@{ad_realm}', 'Secret123', + debug=False) + try: + client_ssh.login(login_timeout=30, sync_multiplier=5, + auto_prompt_reset=False) + except SSHLoginException: + pass + else: + client_ssh.logout() + + # Download all logs + log_str = multihost.client[0].run_command( + "cat /var/log/sssd/*.log").stdout_text + + # TEARDOWN + client.restore_sssd_conf() + client.clear_sssd_cache() + + # Evaluate test results + assert f"Option krb5_server has value " \ + f"{multihost.ad[0].sys_hostname}:6666" in log_str + assert f"Sending initial UDP request to dgram " \ + f"{multihost.ad[0].ip}:88" not in log_str + assert f"Initiating TCP connection to stream {multihost.ad[0].ip}:88" \ + not in log_str + assert f"Initiating TCP connection to stream " \ + f"{multihost.ad[0].ip}:6666" in log_str + assert kinit_cmd.returncode == 0, "kinit failed."
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
