Blame tests/p_ipa-server/7-addsudo.sh

James Hogarth 62aaba
#!/bin/bash
James Hogarth 62aaba
# Author: James Hogarth <james.hogarth@gmail.com>
James Hogarth 62aaba
#
James Hogarth 62aaba
James Hogarth abe41f
if (t_GetPkgRel basesystem | grep -qE 'el(6|7)')
James Hogarth 62aaba
then
James Hogarth 62aaba
James Hogarth 62aaba
# Need admin credentials
James Hogarth 62aaba
kdestroy &> /dev/null
James Hogarth 62aaba
James Hogarth 62aaba
klist 2>&1  | grep "No credentials" &> /dev/null
James Hogarth 62aaba
James Hogarth 62aaba
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth 19cf3b
expect -f - <
James Hogarth 62aaba
set send_human {.1 .3 1 .05 2}
James Hogarth 62aaba
spawn kinit admin
James Hogarth 62aaba
sleep 1
James Hogarth 62aaba
expect "Password for admin@C6IPA.LOCAL:"
James Hogarth 62aaba
send -h "p455w0rd\r"
James Hogarth 8030de
sleep 5
James Hogarth 62aaba
close
James Hogarth 62aaba
EOF
James Hogarth 62aaba
James Hogarth 62aaba
klist | grep "admin@C6IPA.LOCAL" &> /dev/null
James Hogarth 62aaba
James Hogarth 62aaba
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth 62aaba
t_Log "Running $0 - test adding sudo command"
James Hogarth 0a8a3f
ipa sudorule-add test_rule --desc="Test rule in ipa testing" --hostcat=all --cmdcat=all --runasusercat=all --runasgroupcat=all &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
ipa sudorule-add-user test_rule --users="ipatestuser" &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
James Hogarth 0a8a3f
t_Log "Running $0 - verifying  sudo command is in freeipa"
James Hogarth 0a8a3f
sudodetails="$(ipa sudorule-show test_rule)"
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'Rule name: test_rule' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'Description: Test rule in ipa testing' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'Enabled: TRUE' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'Host category: all' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'Command category: all' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'RunAs User category: all' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'RunAs Group category: all' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
echo "$sudodetails" | grep 'Users: ipatestuser' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth a1b77e
# EL6.6 auto configures sudo but 7 does not
James Hogarth a1b77e
if t_GetPkgRel basesystem | grep -q el7 
James Hogarth a1b77e
then
James Hogarth a1b77e
t_Log "Running $0 - test adding sudo configuration"
James Hogarth a1b77e
echo "sudoers: files sss" >> /etc/nsswitch.conf
James Hogarth 8a96a3
sed -i 's/services = nss, pam, ssh/services = nss, pam, ssh, sudo/' /etc/sssd/sssd.conf
James Hogarth a1b77e
sed -i 's/id_provider = ipa/id_provider = ipa\nsudo_provider = ldap\nldap_sudo_search_base = ou=sudoers,dc=c6ipa,dc=local\nldap_sasl_mech = GSSAPI/' /etc/sssd/sssd.conf
James Hogarth a1b77e
fi
James Hogarth a1b77e
James Hogarth db0e0b
t_Log "Running $0 - clearing the sssd cache"
James Hogarth db0e0b
/sbin/service sssd stop &> /dev/null
James Hogarth db0e0b
rm -rf /var/lib/sss/db/*
James Hogarth db0e0b
/sbin/service sssd start &> /dev/null
James Hogarth abe41f
/sbin/service sssd status | grep 'running' &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
James Hogarth db0e0b
## Leaving a little time to settle as there seems to be a slight race condition to go right away
James Hogarth db0e0b
sleep 10
James Hogarth 62aaba
James Hogarth 62aaba
t_Log "Running $0 - test sudo works"
James Hogarth 0a8a3f
expect -f -  &> /tmp/sudotestoutput.ipa-test <
James Hogarth 0a8a3f
set send_human {.1 .3 1 .05 2}
James Hogarth 0a8a3f
set timeout 10
James Hogarth 0a8a3f
spawn \$env(SHELL)
James Hogarth 0a8a3f
match_max 100000
James Hogarth 0a8a3f
expect "root@c6test ~\]# "
James Hogarth 0a8a3f
send -- "su - ipatestuser\r"
James Hogarth 0a8a3f
expect "sh-4.1\$ "
James Hogarth 0a8a3f
send -- "sudo -l\r"
James Hogarth 0a8a3f
expect "password for ipatestuser: "
James Hogarth 0a8a3f
send -- "newp455w0rd\r"
James Hogarth 0a8a3f
expect  "(ALL) ALL\r"
James Hogarth 0a8a3f
EOF
James Hogarth 62aaba
James Hogarth 0a8a3f
grep 'testuser may run the following commands' /tmp/sudotestoutput.ipa-test &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 0a8a3f
grep '(ALL) ALL' /tmp/sudotestoutput.ipa-test &> /dev/null
James Hogarth 0a8a3f
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth 62aaba
else
James Hogarth 62aaba
    echo "Skipped on CentOS 5"
James Hogarth 62aaba
fi
James Hogarth 62aaba