URL: https://github.com/SSSD/sssd/pull/5953
Author: aborah-sudo
 Title: #5953: Tests: RFE pass KRB5CCNAME to pam_authenticate environment if 
available
Action: opened

PR body:
"""
Automation of sudo bug 1917379 in sssd tests
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5953/head:pr5953
git checkout pr5953
From 8a55c9f9b2bcfb4f8e5570c4e32de339dbb3080c Mon Sep 17 00:00:00 2001
From: Anuj Borah <abo...@redhat.com>
Date: Tue, 18 Jan 2022 10:56:29 +0530
Subject: [PATCH] Tests: RFE pass KRB5CCNAME to pam_authenticate environment if
 available

Automation of sudo bug 1917379 in sssd tests
---
 src/tests/multihost/ipa/conftest.py  | 24 +++++++++++++
 src/tests/multihost/ipa/test_misc.py | 53 ++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+)

diff --git a/src/tests/multihost/ipa/conftest.py b/src/tests/multihost/ipa/conftest.py
index ab8d85dd93..57261821ea 100644
--- a/src/tests/multihost/ipa/conftest.py
+++ b/src/tests/multihost/ipa/conftest.py
@@ -65,6 +65,30 @@ def remove_ad_user_group():
     return ad_user, ad_group
 
 
+@pytest.fixture(scope="function")
+def backup_config_pam_gssapi_services(session_multihost, request):
+    """ Take backup of files, Configure domain_params
+        Configure /etc/pam.d/sudo
+        Configure /etc/pam.d/sudo-i
+    """
+    tools = sssdTools(session_multihost.client[0])
+    domain_name = tools.get_domain_section_name()
+    client = sssdTools(session_multihost.client[0])
+    domain_params = {'pam_gssapi_services': 'sudo, sudo-i'}
+    client.sssd_conf(f'{domain_name}', domain_params)
+    session_multihost.client[0].service_sssd('restart')
+    session_multihost.client[0].run_command("cp -vf  /etc/pam.d/sudo /etc/pam.d/sudo_bkp")
+    session_multihost.client[0].run_command("cp -vf  /etc/pam.d/sudo-i /etc/pam.d/sudo-i_bkp")
+    session_multihost.client[0].run_command("sed -i '1 a auth sufficient pam_sss_gss.so' /etc/pam.d/sudo")
+    session_multihost.client[0].run_command("sed -i '1 a auth sufficient pam_sss_gss.so' /etc/pam.d/sudo-i")
+
+    def restore():
+        session_multihost.client[0].run_command("cp -vf  /etc/pam.d/sudo_bkp /etc/pam.d/sudo")
+        session_multihost.client[0].run_command("cp -vf  /etc/pam.d/sudo-i_bkp /etc/pam.d/sudo-i")
+
+    request.addfinalizer(restore)
+
+
 @pytest.fixture(scope="function")
 def create_reverse_zone(session_multihost, request):
     """ Creates reverse zone """
diff --git a/src/tests/multihost/ipa/test_misc.py b/src/tests/multihost/ipa/test_misc.py
index 2c25cd0b1e..319b6addf4 100644
--- a/src/tests/multihost/ipa/test_misc.py
+++ b/src/tests/multihost/ipa/test_misc.py
@@ -303,3 +303,56 @@ def test_authentication_indicators(self, multihost):
                                                  ' |tail -10')
         ssh.close()
         assert 'indicators: 2' in search.stdout_text
+
+    def test_pass_krb5cname_to_pam(self, multihost,
+                                   backupsssdconf,
+                                   backup_config_pam_gssapi_services):
+        """
+        :title: pass KRB5CCNAME to pam_authenticate environment
+        if available
+        :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1917379
+        :id: e3a6accc-781d-11ec-a83c-845cf3eff344
+        :steps:
+            1. Take backup of files
+            2. Configure domain_params
+            3. Configure /etc/pam.d/sudo
+            4. Configur /etc/pam.d/sudo-i
+            5. Create IPA sudo rule of /usr/sbin/sssctl
+             for user admin
+            6. Check user admin can use sudo command
+            7. Restore of files
+        :expectedresults:
+            1. Should succeed
+            2. Should succeed
+            3. Should succeed
+            4. Should succeed
+            5. Should succeed
+            6. Should succeed
+            7. Should succeed
+        """
+        tools = sssdTools(multihost.client[0])
+        domain_name = tools.get_domain_section_name()
+        user = "admin"
+        test_password = "Secret123"
+        ssh1 = SSHClient(multihost.client[0].ip,
+                         username=user, password=test_password)
+        (result, result1, exit_status) = ssh1.execute_cmd('kinit',
+                                                          stdin=test_password)
+        assert exit_status == 0
+        (result, result1, exit_status) = ssh1.execute_cmd("ipa sudocmd-add "
+                                                          "/usr/sbin/sssctl")
+        (result, result1, exit_status) = ssh1.execute_cmd("ipa sudorule-add "
+                                                          "idm_user_sssctl")
+        (result, result1, exit_status) = ssh1.execute_cmd("ipa sudorule-add-allow-command "
+                                                          "idm_user_sssctl --sudocmds "
+                                                          "'/usr/sbin/sssctl'")
+        (result, result1, exit_status) = ssh1.execute_cmd(f"ipa sudorule-add-host "
+                                                          f"idm_user_sssctl --hosts "
+                                                          f"{multihost.client[0].sys_hostname}")
+        (result, result1, exit_status) = ssh1.execute_cmd("ipa sudorule-add-user "
+                                                          "idm_user_sssctl "
+                                                          "--users admin")
+        (result, result1, exit_status) = ssh1.execute_cmd("sudo -S /usr/sbin/sssctl "
+                                                          "domain-list",
+                                                          stdin=test_password)
+        assert domain_name+'\n' in result.readlines()
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to