From 1856bef9f23d7609b9a6c0fa9f23dfbddcf3b55b Mon Sep 17 00:00:00 2001 From: shridhargadekar Date: Fri, 22 Mar 2024 11:29:06 +0530 Subject: [PATCH] Tests: sudo defaults rule Fixed minor doc-string set up --- src/tests/system/tests/test_sudo.py | 32 +++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/tests/system/tests/test_sudo.py b/src/tests/system/tests/test_sudo.py index 3afe86f3f49..bf739f13fcf 100644 --- a/src/tests/system/tests/test_sudo.py +++ b/src/tests/system/tests/test_sudo.py @@ -556,3 +556,35 @@ def test_sudo__local_users_negative_cache(client: Client, provider: LDAP, sssd_s result = client.tools.tshark(["-r", "/tmp/sssd.pcap", "-V", "-2", "-R", "ldap.filter"]) assert "uid=user-1" not in result.stdout + + +@pytest.mark.importance("critical") +@pytest.mark.authorization +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_sudo__defaults_rule(client: Client, provider: GenericProvider): + """ + :title: defaults sudo rule behavior with no authentication + :setup: + 1. Create user "user-1" + 2. Create a sudorule named defaults with option '!authenticate' + 3. Create a sudorule named allow-user-1 to allow user-1 to run all commands on all hosts with password + authentication required + 4. Enable SSSD sudo responder + 5. Start SSSD + :steps: + 1. List sudo rules for "user-1" + 2. Run "sudo /bin/ls root" as user-1 + :expectedresults: + 1. User is able to run sudo commands on client with password authentication + 2. Command is successful without password authentication + :customerscenario: False + """ + provider.user("user-1").add() + provider.sudorule("defaults").add(option="!authenticate") + provider.sudorule("allow-user-1").add(user="user-1", host="ALL", command="ALL") + + client.sssd.common.sudo() + client.sssd.start() + + assert client.auth.sudo.list("user-1", expected=["(root) ALL"]) + assert client.auth.sudo.run("user-1", command="/bin/ls /root")