Skip to content

Commit

Permalink
authentication: adding hostname parameter to ssh method
Browse files Browse the repository at this point in the history
  • Loading branch information
Dan Lavu authored and jakub-vavra-cz committed Jan 20, 2025
1 parent ebd77c8 commit a5ea0d1
Showing 1 changed file with 16 additions and 8 deletions.
24 changes: 16 additions & 8 deletions sssd_test_framework/utils/authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -599,14 +599,18 @@ def __init__(self, host: MultihostHost) -> None:
self.opts = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
"""SSH CLI options."""

def password_with_output(self, username: str, password: str) -> tuple[int, int, str, str]:
def password_with_output(
self, username: str, password: str, hostname: str = "localhost"
) -> tuple[int, int, str, str]:
"""
SSH to the remote host and authenticate the user with password and captures standard output and error.
:param username: Username.
:type username: str
:param password: User password.
:type password: str
:param hostname: The hostname to connect to.
:type hostname: str
:return: Tuple containing [except return code, command exit code, stdout, stderr].
:rtype: Tuple[int, int, str, str]
"""
Expand Down Expand Up @@ -639,7 +643,7 @@ def password_with_output(self, username: str, password: str) -> tuple[int, int,
spawn ssh {self.opts} \
-o PreferredAuthentications=password \
-o NumberOfPasswordPrompts=1 \
-l "{username}" localhost
-l "{username}" "{hostname}"
expect {{
"password:" {{send "{password}\n"}}
Expand All @@ -649,7 +653,7 @@ def password_with_output(self, username: str, password: str) -> tuple[int, int,
expect {{
-re $prompt {{exitmsg "Password authentication successful" 0}}
"{username}@localhost: Permission denied" {{exitmsg "Authentication failure" 1}}
"{username}@{hostname}: Permission denied" {{exitmsg "Authentication failure" 1}}
"Connection closed by * port *" {{exitmsg "Connection closed" 2}}
"Current Password:" {{exitmsg "Password change requested" 3 }}
timeout {{exitmsg "Unexpected output" 201}}
Expand All @@ -674,21 +678,23 @@ def password_with_output(self, username: str, password: str) -> tuple[int, int,

return result.rc, cmdrc, stdout, result.stderr

def password(self, username: str, password: str) -> bool:
def password(self, username: str, password: str, hostname: str = "localhost") -> bool:
"""
SSH to the remote host and authenticate the user with password.
:param username: Username.
:type username: str
:param password: User password.
:type password: str
:param hostname: The hostname to connect to.
:type hostname: str
:return: True if authentication was successful, False otherwise.
:rtype: bool
"""
rc, _, _, _ = self.password_with_output(username, password)
rc, _, _, _ = self.password_with_output(username, password, hostname)
return rc == 0

def password_expired(self, username: str, password: str, new_password: str) -> bool:
def password_expired(self, username: str, password: str, new_password: str, hostname: str = "localhost") -> bool:
"""
SSH to the remote host and authenticate the user with password, expect
that the password is expired and change it to the new password.
Expand All @@ -699,6 +705,8 @@ def password_expired(self, username: str, password: str, new_password: str) -> b
:type password: str
:param new_password: New user password.
:type new_password: str
:param hostname: The hostname to connect to.
:type hostname: str
:return: True if authentication and password change was successful, False otherwise.
:rtype: bool
"""
Expand All @@ -711,7 +719,7 @@ def password_expired(self, username: str, password: str, new_password: str) -> b
spawn ssh {self.opts} \
-o PreferredAuthentications=password \
-o NumberOfPasswordPrompts=1 \
-l "{username}" localhost
-l "{username}" "{hostname}"
expect {{
"password:" {{send "{password}\n"}}
Expand All @@ -722,7 +730,7 @@ def password_expired(self, username: str, password: str, new_password: str) -> b
expect {{
"Password expired. Change your password now." {{ }}
-re $prompt {{puts "expect result: Authentication succeeded without password change"; exit 2}}
"{username}@localhost: Permission denied" {{puts "expect result: Authentication failure"; exit 1}}
"{username}@{hostname}: Permission denied" {{puts "expect result: Authentication failure"; exit 1}}
timeout {{puts "expect result: Unexpected output"; exit 201}}
eof {{puts "expect result: Unexpected end of file"; exit 202}}
}}
Expand Down

0 comments on commit a5ea0d1

Please sign in to comment.