SCAutolib 3.0.0__tar.gz → 3.1.2__tar.gz

{SCAutolib-3.0.0/SCAutolib.egg-info → SCAutolib-3.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: SCAutolib
-Version: 3.0.0
+Version: 3.1.2
 Summary: Python library for automation tests of smart cards using virtualization.
 Home-page: https://github.com/redhat-qe-security/SCAutolib
 Author: Pavel Yadlouski

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/SCAutolib/__init__.py

@@ -27,6 +27,7 @@ LIB_DUMP = LIB_DIR.joinpath("dump")
 LIB_DUMP_USERS = LIB_DUMP.joinpath("users")
 LIB_DUMP_CAS = LIB_DUMP.joinpath("cas")
 LIB_DUMP_CARDS = LIB_DUMP.joinpath("cards")
+LIB_DUMP_CONFS = LIB_DUMP.joinpath("confs")
 
 
 schema_cas = Schema(And(

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/SCAutolib/cli_commands.py

@@ -154,6 +154,18 @@ def setup_user(ctx, name, card_dir, card_type, passwd, pin, user_type):
     exit(ReturnCode.SUCCESS.value)
 
 
+@click.command()
+@click.pass_context
+def cleanup(ctx):
+    """
+    Cleanup all the configurations and system changes done by the prepare
+    command.
+    """
+    ctx.obj["CONTROLLER"].cleanup()
+    exit(ReturnCode.SUCCESS.value)
+
+
 cli.add_command(setup_ca)
 cli.add_command(prepare)
 cli.add_command(setup_user)
+cli.add_command(cleanup)

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/SCAutolib/controller.py

@@ -1,4 +1,5 @@
 import json
+import os
 from pathlib import Path
 from schema import Schema, Use
 from shutil import rmtree
@@ -7,9 +8,10 @@ from typing import Union
 from SCAutolib import exceptions, schema_cas, schema_user, schema_card
 from SCAutolib import (logger, run, LIB_DIR, LIB_BACKUP, LIB_DUMP,
                        LIB_DUMP_USERS, LIB_DUMP_CAS, LIB_DUMP_CARDS,
-                       TEMPLATES_DIR)
+                       LIB_DUMP_CONFS, TEMPLATES_DIR)
 from SCAutolib.models import CA, file, user, card, authselect as auth
 from SCAutolib.models.file import File, OpensslCnf
+from SCAutolib.models.CA import BaseCA
 from SCAutolib.enums import (OSVersion, CardType, UserType)
 from SCAutolib.utils import (_check_selinux, _gen_private_key,
                              _get_os_version, _install_packages,
@@ -63,9 +65,15 @@ class Controller:
         self.lib_conf = self._validate_configuration(tmp_conf, params)
         self.users = []
         for d in (LIB_DIR, LIB_BACKUP, LIB_DUMP, LIB_DUMP_USERS, LIB_DUMP_CAS,
-                  LIB_DUMP_CARDS):
+                  LIB_DUMP_CARDS, LIB_DUMP_CONFS):
             d.mkdir(exist_ok=True)
 
+        if LIB_DUMP_CAS.joinpath("local_ca.json").exists():
+            self.local_ca = BaseCA.load(LIB_DUMP_CAS.joinpath("local_ca.json"))
+
+        if LIB_DUMP_CAS.joinpath("ipa-server.json").exists():
+            self.ipa_ca = BaseCA.load(LIB_DUMP_CAS.joinpath("ipa-server.json"))
+
     def prepare(self, force: bool, gdm: bool, install_missing: bool,
                 graphical: bool):
         """
@@ -390,28 +398,43 @@ class Controller:
         dump_to_json(card)
 
     def cleanup(self):
-        # FIXME Card.delete is not yet implemented, sssd_conf.clean is broken,
-        #  authselect.cleanup is not implemented, local_ca.cleanup is not
-        #  sufficient
         """
         Clean the system after setup. This method restores the SSSD config file,
         deletes created users with cards, remove CA's (local and/or IPA Client)
         """
-        self.sssd_conf.clean()
+        users = {}
 
         for user_file in LIB_DUMP_USERS.iterdir():
-            usr = user.User.load(user_file)
-            usr.delete_user()
+            usr = user.User.load(user_file, ipa_server=self.ipa_ca)
+            users[usr.username] = usr
+            if usr.username != "root":
+                usr.delete_user()
+
         for card_file in LIB_DUMP_CARDS.iterdir():
             if card_file.exists():
-                card.Card.load(card_file).delete()  # TODO implement card.delete
+                card_obj = card.Card.load(card_file)
+                if card_obj.card_type == CardType.virtual:
+                    card_obj.user = users[card_obj.cardholder]
+                    self.revoke_certs(card_obj)
+                    card_obj.delete()
 
         if self.local_ca:
-            self.local_ca.cleanup()  # FIXME restore sssd_auth_ca_db.pem file
+            self.local_ca.cleanup()
+            self.local_ca.restore_ca_db()
         if self.ipa_ca:
             self.ipa_ca.cleanup()
 
-        self.authselect.cleanup()  # TODO implement authselect.cleanup
+        opensc_cache_dir = Path(os.path.expanduser('~') + "/.cache/opensc/")
+        if opensc_cache_dir.exists():
+            for cache_file in opensc_cache_dir.iterdir():
+                cache_file.unlink()
+        logger.debug("Removed opensc file cache")
+
+        self.sssd_conf.restore()
+        pcscd_service = File("/usr/lib/systemd/system/pcscd.service")
+        pcscd_service.restore()
+        opensc_module = File("/usr/share/p11-kit/modules/opensc.module")
+        opensc_module.restore()
 
     @staticmethod
     def _validate_configuration(conf: dict, params: {} = None) -> dict:

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/SCAutolib/models/CA.py

@@ -16,7 +16,8 @@ from python_freeipa.client_meta import ClientMeta
 from shutil import rmtree, copy2
 from socket import gethostname
 
-from SCAutolib import TEMPLATES_DIR, logger, run, LIB_DIR, LIB_DUMP_CAS
+from SCAutolib import TEMPLATES_DIR, logger, run, LIB_DIR, LIB_DUMP_CAS, \
+    LIB_BACKUP
 from SCAutolib.exceptions import SCAutolibException
 from SCAutolib.models.file import OpensslCnf
 from SCAutolib.enums import CAType
@@ -28,6 +29,7 @@ class BaseCA:
     _ca_cert: Path = None
     _ca_key: Path = None
     _ca_pki_db: Path = Path("/etc/sssd/pki/sssd_auth_ca_db.pem")
+    _ca_original_path: Path = LIB_BACKUP.joinpath("ca-db-original.backup")
 
     @property
     def cert(self):
@@ -68,6 +70,8 @@ class BaseCA:
             with self._ca_pki_db.open("a+") as f:
                 f.seek(0)
                 data = f.read()
+                with self._ca_original_path.open('w') as backup:
+                    backup.write(data)
                 if root_cert not in data:
                     f.write(root_cert)
         else:
@@ -81,6 +85,22 @@ class BaseCA:
         run(f"restorecon -v {self._ca_pki_db}")
         logger.info("Local CA is updated")
 
+    def restore_ca_db(self):
+        """
+        restores /etc/sssd/pki/sssd_auth_ca_db.pem to the state it was before.
+        """
+        if self._ca_original_path.exists():
+            logger.debug("Found original version of sssd_auth_ca_db.pem")
+            with self._ca_original_path.open() as backup, \
+                    self._ca_pki_db.open("w") as f:
+                f.write(backup.read())
+            self._ca_original_path.unlink()
+        else:
+            logger.debug("Original version of sssd_auth_ca_db.pem not found")
+            if self._ca_pki_db.exists():
+                self._ca_pki_db.unlink()
+        logger.info(f"Restored {self._ca_pki_db} to original version")
+
     def sign_cert(self):
         """
         Sign the certificate
@@ -309,6 +329,11 @@ class LocalCA(BaseCA):
                 file.unlink()
             elif file.is_dir():
                 shutil.rmtree(file)
+
+        if self.dump_file.exists():
+            self.dump_file.unlink()
+            logger.debug(f"Removed {self.dump_file} dump file")
+
         logger.info(f"Local CA from {self.root_dir} is removed")
 
 

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/SCAutolib/models/card.py

@@ -6,6 +6,7 @@ that we are using in the library. Those types are: virtual smart card, real
 import json
 import re
 import time
+import shutil
 from pathlib import Path
 from traceback import format_exc
 
@@ -315,6 +316,23 @@ class VirtualCard(Card):
 
         return self
 
+    def delete(self):
+        """
+        Deletes the virtual card directory which contains certs, SoftHSM2 token
+        and NSS database. Also removes the systemd service for virtual smart
+        card.
+        """
+        shutil.rmtree(self.card_dir)
+        logger.info(f"Virtual card dir of {self.name} removed")
+
+        self._service_location.unlink()
+        run("systemctl daemon-reload", sleep=3)
+        logger.debug(f"Service {self._service_name} was removed")
+
+        if self.dump_file.exists():
+            self.dump_file.unlink()
+            logger.debug(f"Removed {self.dump_file} dump file")
+
     def gen_csr(self):
         """
         Method for generating user specific CSR file that would be sent to the

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/SCAutolib/models/file.py

@@ -22,8 +22,9 @@ from pathlib import Path
 from shutil import copy2
 from traceback import format_exc
 from typing import Union
+import json
 
-from SCAutolib import logger, TEMPLATES_DIR, LIB_BACKUP, run
+from SCAutolib import logger, TEMPLATES_DIR, LIB_BACKUP, LIB_DUMP_CONFS, run
 from SCAutolib.exceptions import SCAutolibException
 
 
@@ -47,7 +48,6 @@ class File:
     _template = None
     _default_parser = None
     _simple_content = None
-    _backup: dict = dict()
 
     def __init__(self, filepath: Union[str, Path], template: Path = None):
         """
@@ -232,13 +232,21 @@ class File:
                         "backup": str(new_path)}
         return new_path
 
-    def restore(self):
+    def restore(self, name: str = None):
         """
         Copies backup file to original file location.
         """
-        copy2(self._backup["backup"], self._backup["original"])
-        logger.debug(f"File {self._backup['backup']} "
-                     f"is restored to {self._backup['original']}")
+        original_path = LIB_BACKUP.joinpath(
+            f"{name if name else self._conf_file.name}.backup")
+
+        if original_path.exists():
+            with self._conf_file.open("w") as config, \
+                    original_path.open() as backup:
+                config.write(backup.read())
+            original_path.unlink()
+            logger.debug(
+                f"File {self._conf_file} is restored to {original_path}"
+            )
 
 
 class SSSDConf(File):
@@ -259,8 +267,12 @@ class SSSDConf(File):
     _conf_file = Path("/etc/sssd/sssd.conf")
     _backup_original = None
     _backup_default = LIB_BACKUP.joinpath('default-sssd.conf')
+    _backup_current_cont = None
+    _before_last_change_cont = None
     _changed = False
 
+    dump_file: Path = LIB_DUMP_CONFS.joinpath("SSSDConf.json")
+
     def __new__(cls):
         if cls.__instance is None:
             cls.__instance = super(SSSDConf, cls).__new__(cls)
@@ -285,24 +297,47 @@ class SSSDConf(File):
         self._changes = ConfigParser()
         self._changes.optionxform = str
 
+        if self.dump_file.exists():
+            with self.dump_file.open("r") as f:
+                cnt = json.load(f)
+                self._backup_original = Path(cnt['_backup_original'])
+
     def __call__(self, key: str, value: Union[int, str, bool],
                  section: str = None):
+        # We need to save the state of the current unchanged sssd.conf because
+        # __call__ is called before __enter__ in
+        # with SSSDConf(key, value, section):
+        with self._conf_file.open() as config:
+            self._before_last_change_cont = config.read()
+
         self.set(key, value, section)
         self.save()
-        run("systemctl restart sssd", sleep=5)
+        run("systemctl restart sssd", sleep=10)
         return self
 
     def __enter__(self):
+        # Check if we changed the file or not and save version before context
+        # manager was called
+        if self._before_last_change_cont:
+            self._backup_current_cont = self._before_last_change_cont
+        else:
+            with self._conf_file.open() as config:
+                self._backup_current_cont = config.read()
         return self
 
     def __exit__(self, exc_type, exc_value, traceback):
         if self._changed:
-            copy2(self._backup_default, self._conf_file)
+            # Restore sssd.conf to the version before context manager was
+            # called
+            with self._conf_file.open("w") as config:
+                config.write(self._backup_current_cont)
+            self._backup_current_cont = None
+            self._before_last_change_cont = None
             self._changed = False
         if exc_type is not None:
             logger.error("Exception in virtual smart card context")
             logger.error(format_exc())
-        run("systemctl restart sssd", sleep=5)
+        run("systemctl restart sssd", sleep=10)
 
     def create(self):
         """
@@ -313,7 +348,7 @@ class SSSDConf(File):
             with self._conf_file.open() as config:
                 self._default_parser.read_file(config)
             logger.info(f"{self._conf_file} file exists, loading values")
-            self._backup_original = self.backup("original")
+            self._backup_original = self.backup("sssd-conf-original")
 
         except FileNotFoundError:
             logger.warning(f"{self._conf_file} not present")
@@ -327,10 +362,18 @@ class SSSDConf(File):
         with self._backup_default.open("w") as bdefault:
             self._default_parser.write(bdefault)
 
+        with self.dump_file.open("w") as f:
+            json.dump({
+                "_backup_original": str(self._backup_original)
+            }, f)
+
     def set(self, key: str, value: Union[int, str, bool], section: str = None):
         """
         Modify or add content of config file represented by ConfigParser object
 
+        If a value is set outside of a context manager, it is the user's
+        responsibility to revert it.
+
         :param key: key from section of config file to be updated
         :type key: str
         :param value: new value to be stored in [section][key] of config file
@@ -339,7 +382,8 @@ class SSSDConf(File):
         :type section: str
         """
         if len(self._changes.sections()) == 0:
-            self._changes.read_dict(self._default_parser)
+            with self._conf_file.open() as config:
+                self._changes.read_file(config)
 
         if not self._changes.has_section(section):
             logger.warning(f"Section {section} not present.")
@@ -386,18 +430,22 @@ class SSSDConf(File):
         .. note: SSSD service restart is caller's responsibility.
         """
 
-        # FIXME: this implementation would not work in real usage. When setup
-        #  runtime would be finished and in test/cleanup runtime this method
-        #  would be called self._backup_original field would not be set. This
-        #  should be fixed by implementing dump() method that would store all
-        #  required attributes in JSON format load() method that would be used
-        #  in other then setup runtimes to restore (load from JSON) all
-        #  attributes of this object
-
-        if self._backup_original:
-            copy2(self._backup_original, self._conf_file)
+        if self._backup_original and self._backup_original.exists():
+            with self._backup_original.open() as original, \
+                    self._conf_file.open("w") as config:
+                config.write(original.read())
+            self._backup_original.unlink()
         else:
             self.clean()
+
+        if self._backup_default.exists():
+            self._backup_default.unlink()
+
+        if self.dump_file.exists():
+            self.dump_file.unlink()
+            logger.debug(f"Removed {self.dump_file} dump file")
+
+        logger.info("Restored sssd.conf to the original version")
         self._changed = False
 
     def update_default_content(self):

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/SCAutolib/models/user.py

@@ -105,8 +105,11 @@ class User:
             logger.info(f"Deleting the user {self.username}")
             run(['userdel', '-f', self.username], check=True)
         except KeyError:
-            pass
-        logger.info(f"User {self.username} is not present on the system")
+            logger.info(f"User {self.username} is not present on the system")
+
+        if self.dump_file.exists():
+            self.dump_file.unlink()
+            logger.debug(f"Removed {self.dump_file} dump file")
 
 
 class IPAUser(User):

{SCAutolib-3.0.0 → SCAutolib-3.1.2/SCAutolib.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: SCAutolib
-Version: 3.0.0
+Version: 3.1.2
 Summary: Python library for automation tests of smart cards using virtualization.
 Home-page: https://github.com/redhat-qe-security/SCAutolib
 Author: Pavel Yadlouski

{SCAutolib-3.0.0 → SCAutolib-3.1.2}/setup.py

@@ -25,7 +25,7 @@ graphical_reqs = [
 
 setup(
     name="SCAutolib",
-    version="3.0.0",
+    version="3.1.2",
     description=description,
     long_description=long_description,
     long_description_content_type='text/markdown',