diff options
| author | Milan KubĂk <mkubik@redhat.com> | 2015-09-22 15:21:33 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2015-10-27 09:57:48 +0100 |
| commit | d2ff5e4639157a839fe7d3c36b462e2195c32f4a (patch) | |
| tree | 8947c0c90e2a295615ce28e001f002ca91741829 /ipatests/util.py | |
| parent | 8d64485b2ea2512ad7254c7e5bd2906aa6ba45ed (diff) | |
| download | freeipa-d2ff5e4639157a839fe7d3c36b462e2195c32f4a.tar.gz freeipa-d2ff5e4639157a839fe7d3c36b462e2195c32f4a.tar.xz freeipa-d2ff5e4639157a839fe7d3c36b462e2195c32f4a.zip | |
ipatests: added unlock_principal_password and change_principal
The unlock_principal_password unlocks the (new) user by running
ldappasswd as the user.
change_principal is an context manager that changes identity
for the supplied api object by disconnecting and reconnecting
the rpcclient in and outside of requested kerberos context.
This context manager allows to run tests that cannot be
executed as an admin user which can for example override
an CA ACL.
https://fedorahosted.org/freeipa/ticket/57
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipatests/util.py')
| -rw-r--r-- | ipatests/util.py | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/ipatests/util.py b/ipatests/util.py index c70e8cfff..c3c69816e 100644 --- a/ipatests/util.py +++ b/ipatests/util.py @@ -27,6 +27,8 @@ from os import path import tempfile import shutil import re +import uuid +from contextlib import contextmanager import six import ldap @@ -34,9 +36,12 @@ import ldap.sasl import ldap.modlist import ipalib +from ipalib import api from ipalib.plugable import Plugin from ipalib.request import context from ipapython.dn import DN +from ipapython.ipautil import private_ccache, kinit_password, run +from ipaplatform.paths import paths if six.PY3: unicode = str @@ -666,3 +671,38 @@ def prepare_config(template, values): config.write(template.format(**values)) return config.name + + +def unlock_principal_password(user, oldpw, newpw): + userdn = "uid={},{},{}".format( + user, api.env.container_user, api.env.basedn) + + args = [paths.LDAPPASSWD, '-D', userdn, '-w', oldpw, '-a', oldpw, + '-s', newpw, '-x'] + return run(args) + + +@contextmanager +def change_principal(user, password, client=None, path=None): + + if path: + ccache_name = path + else: + ccache_name = os.path.join('/tmp', str(uuid.uuid4())) + + if client is None: + client = api + + + client.Backend.rpcclient.disconnect() + + with private_ccache(ccache_name): + kinit_password(user, password, ccache_name) + client.Backend.rpcclient.connect() + + try: + yield + finally: + client.Backend.rpcclient.disconnect() + + client.Backend.rpcclient.connect() |