salt/tests/integration/shell/auth.py

128 lines
3.6 KiB
Python
Raw Normal View History

# -*- coding: utf-8 -*-
'''
tests.integration.shell.auth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'''
# Import python libs
from __future__ import absolute_import
import os
2014-07-02 22:28:36 +00:00
import pwd
import grp
2014-07-02 22:28:36 +00:00
import random
# Import Salt Testing libs
from salttesting import skipIf
from salttesting.helpers import (
ensure_in_syspath,
2014-07-01 00:01:38 +00:00
destructiveTest)
ensure_in_syspath('../../')
# Import salt libs
from salt.utils.pycrypto import gen_hash
import integration
2014-11-24 03:03:00 +00:00
# Import 3rd-party libs
from salt.ext.six.moves import range # pylint: disable=import-error,redefined-builtin
2014-06-23 21:36:21 +00:00
def gen_password():
'''
generate a password and hash it
'''
alphabet = ('abcdefghijklmnopqrstuvwxyz'
'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ')
password = ''
# generate password
for _ in range(20):
next_index = random.randrange(len(alphabet))
password += alphabet[next_index]
# hash the password
hashed_pwd = gen_hash('salt', password, 'sha512')
return (password, hashed_pwd)
2014-06-23 21:36:21 +00:00
class AuthTest(integration.ShellCase):
'''
Test auth mechanisms
'''
_call_binary_ = 'salt'
is_not_root = os.geteuid() != 0
userA = 'saltdev'
userB = 'saltadm'
group = 'saltops'
2014-06-23 21:36:21 +00:00
@destructiveTest
@skipIf(is_not_root, 'You must be logged in as root to run this test')
2014-07-01 22:38:30 +00:00
def setUp(self):
# This is a little wasteful but shouldn't be a problem
for user in (self.userA, self.userB):
try:
pwd.getpwnam(user)
except KeyError:
self.run_call('user.add {0} createhome=False'.format(user))
# only put userB into the group for the group auth test
2014-07-01 23:04:16 +00:00
try:
grp.getgrnam(self.group)
2014-07-01 23:04:16 +00:00
except KeyError:
self.run_call('group.add {0}'.format(self.group))
self.run_call('user.chgroups {0} {1} True'.format(self.userB, self.group))
2014-07-01 22:38:30 +00:00
2014-06-23 21:36:21 +00:00
def test_pam_auth_valid_user(self):
'''
2014-06-23 21:36:21 +00:00
test pam auth mechanism is working with a valid user
'''
password, hashed_pwd = gen_password()
self.run_call("shadow.set_password {0} '{1}'".format(self.userA, hashed_pwd))
cmd = ('-a pam "*" test.ping '
'--username {0} --password {1}'.format(self.userA, password))
2014-06-23 21:36:21 +00:00
resp = self.run_salt(cmd)
self.assertTrue(
'minion:' in resp
)
def test_pam_auth_invalid_user(self):
'''
2014-06-23 21:36:21 +00:00
test pam auth mechanism errors for an invalid user
'''
cmd = ('-a pam "*" test.ping '
'--username nouser --password {0}'.format('abcd1234'))
2014-06-23 21:36:21 +00:00
resp = self.run_salt(cmd)
self.assertTrue(
'Failed to authenticate' in ''.join(resp)
)
def test_pam_auth_valid_group(self):
'''
test pam auth mechanism success for a valid group
'''
password, hashed_pwd = gen_password()
self.run_call("shadow.set_password {0} '{1}'".format(self.userB, hashed_pwd))
cmd = ('-a pam "*" test.ping '
'--username {0} --password {1}'.format(self.userB, password))
resp = self.run_salt(cmd)
self.assertTrue(
'minion:' in resp
)
2014-07-01 23:04:16 +00:00
@destructiveTest
@skipIf(is_not_root, 'You must be logged in as root to run this test')
2014-07-01 23:04:16 +00:00
def test_zzzz_tearDown(self):
for user in (self.userA, self.userB):
if pwd.getpwnam(user):
self.run_call('user.delete {0}'.format(user))
if grp.getgrnam(self.group):
self.run_call('group.delete {0}'.format(self.group))
2014-07-01 23:04:16 +00:00
2014-07-02 22:29:40 +00:00
if __name__ == '__main__':
from integration import run_tests
run_tests(AuthTest)