1
0
mirror of https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git synced 2024-11-23 14:33:08 +00:00
os-autoinst-distri-fedora/tests/domain_client.pm

80 lines
2.8 KiB
Perl
Raw Permalink Normal View History

use base "installedtest";
use strict;
use testapi;
use utils;
sub run {
my $self = shift;
my $admin = get_var("REALMD_ADMIN_USER", "admin");
my $tcadmin = ucfirst($admin);
my $domain = get_var("REALMD_DOMAIN", "test.openqa.fedoraproject.org");
my $shortdom = uc((split(/\./, $domain))[0]);
my $udomain = uc($domain);
my $qdomain = quotemeta($domain);
my $qudomain = uc($qdomain);
# switch to tty1 (we're usually there already, but just in case
# we're carrying on from a failed freeipa_webui that didn't fail
# at tty1)
select_console "tty1-console";
wait_still_screen 1;
if (get_var("KICKSTART")) {
# we don't have sssd debugging enabled yet
assert_script_run 'dnf -y install sssd-tools', 240;
assert_script_run 'sss_debuglevel 9';
}
# check domain is listed in 'realm list'
validate_script_output 'realm list', sub { $_ =~ m/domain-name: $qdomain.*configured: kerberos-member/s };
# check we can resolve domain accounts
if ($domain =~ m/samdom/) {
# give this two tries, to see if it helps the problem where
# it sometimes fails for no reason
if (script_run "getent passwd '$shortdom\\$tcadmin'") {
assert_script_run "getent passwd '$shortdom\\$tcadmin'";
}
}
else {
assert_script_run "getent passwd $admin\@$udomain";
}
# check keytab entries
# on AD clients, this isn't automatically installed
assert_script_run "dnf -y install krb5-workstation", 180;
my $hostname = script_output 'hostname';
my $qhost = quotemeta($hostname);
validate_script_output 'klist -k', sub { $_ =~ m/$qhost\@$qudomain/ };
# check we can kinit with the host principal
if ($domain =~ m/samdom/) {
my $shorthost = uc((split(/\./, $hostname))[0]);
assert_script_run "kinit -k $shorthost\\\$\@$udomain";
}
else {
assert_script_run "kinit -k host/$hostname\@$udomain";
}
# Set a longer timeout for login(1) to workaround RHBZ #1661273
assert_script_run 'echo "LOGIN_TIMEOUT 180" >> /etc/login.defs';
# switch to tty2 for login tests
select_console "tty2-console";
# try and login as test1, should work
console_login(user => "test1\@$domain", password => 'batterystaple');
type_string "exit\n";
unless ($domain =~ m/samdom/) {
# try and login as test2, should fail. we cannot use console_login
# as it takes 10 seconds to complete when login fails, and
# "permission denied" message doesn't last that long
sleep 2;
assert_screen "text_console_login";
type_string "test2\@$udomain\n";
assert_screen "console_password_required";
type_string "batterystaple\n";
assert_screen "login_permission_denied";
}
}
sub test_flags {
return {fatal => 1};
}
1;
# vim: set sw=4 et: