Home Esplora Aiuto
Registrati Accedi
nee2c
/
salt
mirror da https://github.com/nee2c/salt.git
1
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): 9c9f46e92b
Rami (Branch) Tag
salt
/
tests
/
integration
/
shell
/
test_auth.py

test_auth.py 4.5 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. # -*- coding: utf-8 -*-
    2. 

  2. '''
    3. 

  3.     tests.integration.shell.auth
    4. 

  4.     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    5. 

  5. '''
    6. 

  6. 

  7. # Import Python libs
    8. 

  8. from __future__ import absolute_import, print_function, unicode_literals
    9. 

  9. import logging
    10. 

  10. try:
    11. 

  11.     import pwd
    12. 

  12.     import grp
    13. 

  13. except ImportError:
    14. 

  14.     pwd, grp = None, None
    15. 

  15. import random
    16. 

  16. 

  17. # Import Salt Testing libs
    18. 

  18. from tests.support.case import ShellCase
    19. 

  19. from tests.support.unit import skipIf
    20. 

  20. 

  21. # Import Salt libs
    22. 

  22. import salt.utils.platform
    23. 

  23. from salt.utils.pycrypto import gen_hash
    24. 

  24. 

  25. # Import 3rd-party libs
    26. 

  26. import pytest
    27. 

  27. from salt.ext.six.moves import range  # pylint: disable=import-error,redefined-builtin
    28. 

  28. 

  29. log = logging.getLogger(__name__)
    30. 

  30. 

  31. 

  32. def gen_password():
    33. 

  33.     '''
    34. 

  34.     generate a password and hash it
    35. 

  35.     '''
    36. 

  36.     alphabet = ('abcdefghijklmnopqrstuvwxyz'
    37. 

  37.                 '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ')
    38. 

  38.     password = ''
    39. 

  39.     # generate password
    40. 

  40.     for _ in range(20):
    41. 

  41.         next_index = random.randrange(len(alphabet))
    42. 

  42.         password += alphabet[next_index]
    43. 

  43. 

  44.     # hash the password
    45. 

  45.     hashed_pwd = gen_hash('salt', password, 'sha512')
    46. 

  46. 

  47.     return (password, hashed_pwd)
    48. 

  48. 

  49. 

  50. @pytest.mark.skip_if_not_root
    51. 

  51. @skipIf(pwd is None, 'Skip if no pwd module exists')
    52. 

  52. @pytest.mark.destructive_test
    53. 

  53. class AuthTest(ShellCase):
    54. 

  54.     '''
    55. 

  55.     Test auth mechanisms
    56. 

  56.     '''
    57. 

  57. 

  58.     _call_binary_ = 'salt'
    59. 

  59. 

  60.     userA = 'saltdev'
    61. 

  61.     userB = 'saltadm'
    62. 

  62.     group = 'saltops'
    63. 

  63. 

  64.     def setUp(self):
    65. 

  65.         for user in (self.userA, self.userB):
    66. 

  66.             try:
    67. 

  67.                 if salt.utils.platform.is_darwin() and user not in str(self.run_call('user.list_users')):
    68. 

  68.                     # workaround for https://github.com/saltstack/salt-jenkins/issues/504
    69. 

  69.                     raise KeyError
    70. 

  70.                 pwd.getpwnam(user)
    71. 

  71.             except KeyError:
    72. 

  72.                 self.run_call('user.add {0} createhome=False'.format(user))
    73. 

  73. 

  74.         # only put userB into the group for the group auth test
    75. 

  75.         try:
    76. 

  76.             if salt.utils.platform.is_darwin() and self.group not in str(self.run_call('group.info {0}'.format(self.group))):
    77. 

  77.                 # workaround for https://github.com/saltstack/salt-jenkins/issues/504
    78. 

  78.                 raise KeyError
    79. 

  79.             grp.getgrnam(self.group)
    80. 

  80.         except KeyError:
    81. 

  81.             self.run_call('group.add {0}'.format(self.group))
    82. 

  82.             self.run_call('user.chgroups {0} {1} True'.format(self.userB, self.group))
    83. 

  83. 

  84.     def tearDown(self):
    85. 

  85.         for user in (self.userA, self.userB):
    86. 

  86.             try:
    87. 

  87.                 pwd.getpwnam(user)
    88. 

  88.             except KeyError:
    89. 

  89.                 pass
    90. 

  90.             else:
    91. 

  91.                 self.run_call('user.delete {0}'.format(user))
    92. 

  92.         try:
    93. 

  93.             grp.getgrnam(self.group)
    94. 

  94.         except KeyError:
    95. 

  95.             pass
    96. 

  96.         else:
    97. 

  97.             self.run_call('group.delete {0}'.format(self.group))
    98. 

  98. 

  99.     def test_pam_auth_valid_user(self):
    100. 

  100.         '''
    101. 

  101.         test that pam auth mechanism works with a valid user
    102. 

  102.         '''
    103. 

  103.         password, hashed_pwd = gen_password()
    104. 

  104. 

  105.         # set user password
    106. 

  106.         set_pw_cmd = "shadow.set_password {0} '{1}'".format(
    107. 

  107.                 self.userA,
    108. 

  108.                 password if salt.utils.platform.is_darwin() else hashed_pwd
    109. 

  109.         )
    110. 

  110.         self.run_call(set_pw_cmd)
    111. 

  111. 

  112.         # test user auth against pam
    113. 

  113.         cmd = ('-a pam "*" test.ping '
    114. 

  114.                '--username {0} --password {1}'.format(self.userA, password))
    115. 

  115.         resp = self.run_salt(cmd)
    116. 

  116.         log.debug('resp = %s', resp)
    117. 

  117.         self.assertTrue(
    118. 

  118.             'minion:' in resp
    119. 

  119.         )
    120. 

  120. 

  121.     def test_pam_auth_invalid_user(self):
    122. 

  122.         '''
    123. 

  123.         test pam auth mechanism errors for an invalid user
    124. 

  124.         '''
    125. 

  125.         cmd = ('-a pam "*" test.ping '
    126. 

  126.                '--username nouser --password {0}'.format('abcd1234'))
    127. 

  127.         resp = self.run_salt(cmd)
    128. 

  128.         self.assertTrue(
    129. 

  129.             'Authentication error occurred.' in ''.join(resp)
    130. 

  130.         )
    131. 

  131. 

  132.     def test_pam_auth_valid_group(self):
    133. 

  133.         '''
    134. 

  134.         test that pam auth mechanism works for a valid group
    135. 

  135.         '''
    136. 

  136.         password, hashed_pwd = gen_password()
    137. 

  137. 

  138.         # set user password
    139. 

  139.         set_pw_cmd = "shadow.set_password {0} '{1}'".format(
    140. 

  140.                 self.userB,
    141. 

  141.                 password if salt.utils.platform.is_darwin() else hashed_pwd
    142. 

  142.         )
    143. 

  143.         self.run_call(set_pw_cmd)
    144. 

  144. 

  145.         # test group auth against pam: saltadm is not configured in
    146. 

  146.         # external_auth, but saltops is and saldadm is a member of saltops
    147. 

  147.         cmd = ('-a pam "*" test.ping '
    148. 

  148.                '--username {0} --password {1}'.format(self.userB, password))
    149. 

  149.         resp = self.run_salt(cmd)
    150. 

  150.         self.assertTrue(
    151. 

  151.             'minion:' in resp
    152. 

  152.         )
    153.