bstinson / centos / t_functional

Forked from centos/t_functional 4 years ago
Clone
Source Code
GIT

Blame tests/p_ipa-server/7-addsudo.sh

fix-kernel-signing-keys master
  1.   c86d2c2c13dbffea45101a02b7afb1370ed19d07
  2.   tests
  3.   p_ipa-server
  4.   7-addsudo.sh
Blob History Raw
James Hogarth 62aaba 
#!/bin/bash
James Hogarth 62aaba 
# Author: James Hogarth <james.hogarth@gmail.com>
James Hogarth 62aaba 
#
James Hogarth 62aaba
James Hogarth abe41f 
if (t_GetPkgRel basesystem | grep -qE 'el(6|7)')
James Hogarth 62aaba 
then
James Hogarth 62aaba
James Hogarth 62aaba 
# Need admin credentials
James Hogarth 62aaba 
kdestroy &> /dev/null
James Hogarth 62aaba
James Hogarth 62aaba 
klist 2>&1  | grep "No credentials" &> /dev/null
James Hogarth 62aaba
James Hogarth 62aaba 
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth 62aaba 
expect -f - &> /dev/null <
James Hogarth 62aaba 
set send_human {.1 .3 1 .05 2}
James Hogarth 62aaba 
spawn kinit admin
James Hogarth 62aaba 
sleep 1
James Hogarth 62aaba 
expect "Password for admin@C6IPA.LOCAL:"
James Hogarth 62aaba 
send -h "p455w0rd\r"
James Hogarth 62aaba 
sleep 1
James Hogarth 62aaba 
close
James Hogarth 62aaba 
EOF
James Hogarth 62aaba
James Hogarth 62aaba 
klist | grep "admin@C6IPA.LOCAL" &> /dev/null
James Hogarth 62aaba
James Hogarth 62aaba 
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth 62aaba 
t_Log "Running $0 - test adding sudo command"
James Hogarth 0a8a3f 
ipa sudorule-add test_rule --desc="Test rule in ipa testing" --hostcat=all --cmdcat=all --runasusercat=all --runasgroupcat=all &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
ipa sudorule-add-user test_rule --users="ipatestuser" &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f
James Hogarth 0a8a3f 
t_Log "Running $0 - verifying  sudo command is in freeipa"
James Hogarth 0a8a3f 
sudodetails="$(ipa sudorule-show test_rule)"
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'Rule name: test_rule' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'Description: Test rule in ipa testing' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'Enabled: TRUE' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'Host category: all' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'Command category: all' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'RunAs User category: all' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'RunAs Group category: all' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
echo "$sudodetails" | grep 'Users: ipatestuser' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth 62aaba 
t_Log "Running $0 - test adding sudo configuration"
James Hogarth 0a8a3f 
echo "sudoers: files sss" >> /etc/nsswitch.conf
James Hogarth 0a8a3f 
sed -i 's/services = nss, pam, ssh/services = nss, pam, ssh, sudo/' /etc/sssd/sssd.conf
James Hogarth 0a8a3f 
sed -i 's/id_provider = ipa/id_provider = ipa\nsudo_provider = ldap\nldap_sudo_search_base = ou=sudoers,dc=c6ipa,dc=local\nldap_sasl_mech = GSSAPI/' /etc/sssd/sssd.conf
James Hogarth db0e0b
James Hogarth db0e0b 
t_Log "Running $0 - clearing the sssd cache"
James Hogarth db0e0b 
/sbin/service sssd stop &> /dev/null
James Hogarth db0e0b 
rm -rf /var/lib/sss/db/*
James Hogarth db0e0b 
/sbin/service sssd start &> /dev/null
James Hogarth abe41f 
/sbin/service sssd status | grep 'running' &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f
James Hogarth db0e0b 
## Leaving a little time to settle as there seems to be a slight race condition to go right away
James Hogarth db0e0b 
sleep 10
James Hogarth 62aaba
James Hogarth 62aaba 
t_Log "Running $0 - test sudo works"
James Hogarth 0a8a3f 
expect -f -  &> /tmp/sudotestoutput.ipa-test <
James Hogarth 0a8a3f 
set send_human {.1 .3 1 .05 2}
James Hogarth 0a8a3f 
set timeout 10
James Hogarth 0a8a3f 
spawn \$env(SHELL)
James Hogarth 0a8a3f 
match_max 100000
James Hogarth 0a8a3f 
expect "root@c6test ~\]# "
James Hogarth 0a8a3f 
send -- "su - ipatestuser\r"
James Hogarth 0a8a3f 
expect "sh-4.1\$ "
James Hogarth 0a8a3f 
send -- "sudo -l\r"
James Hogarth 0a8a3f 
expect "password for ipatestuser: "
James Hogarth 0a8a3f 
send -- "newp455w0rd\r"
James Hogarth 0a8a3f 
expect  "(ALL) ALL\r"
James Hogarth 0a8a3f 
EOF
James Hogarth 62aaba
James Hogarth 0a8a3f 
grep 'testuser may run the following commands' /tmp/sudotestoutput.ipa-test &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 0a8a3f 
grep '(ALL) ALL' /tmp/sudotestoutput.ipa-test &> /dev/null
James Hogarth 0a8a3f 
t_CheckExitStatus $?
James Hogarth 62aaba
James Hogarth 62aaba 
else
James Hogarth 62aaba 
    echo "Skipped on CentOS 5"
James Hogarth 62aaba 
fi
James Hogarth 62aaba

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation