Skip to content

Update tests to match support for physical cards of SCAutolib #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
GeorgePantelakis merged 2 commits into from
Mar 3, 2026
Merged

Update tests to match support for physical cards of SCAutolib #45

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b08c75f
Change password expect to regex
GeorgePantelakis Jun 25, 2024
92e265c
Update tests to match support for physical cards of SCAutolib
GeorgePantelakis Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 59 additions & 54 deletions Graphical/local-user-graphical-login.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
from SCAutolib.models.log import assert_log
import pytest
from time import sleep
from conftest import check_multicert

SECURE_LOG = '/var/log/secure'

Expand All @@ -56,19 +57,20 @@ def test_login_with_sc(local_user, required):
expected_log = (
r'.* gdm-smartcard\]\[[0-9]+\]: '
r'pam_sss\(gdm-smartcard:auth\): authentication success;'
r'.*user=' + local_user.username + r'@shadowutils.*'
rf'.*user=({local_user.username}@shadowutils)?.*'
)

with (GUI() as gui,
Authselect(required=required), local_user.card(insert=True)):
gui.assert_text('PIN', timeout=60)
gui.kb_write(local_user.pin)
with (GUI(wait_time=10) as gui, Authselect(required=required)):
for i in range(local_user.total_cards):
with getattr(local_user, f"card_{i}")(insert=True) as sc:
check_multicert(gui=gui)
gui.assert_text('PIN', timeout=60)

with assert_log(SECURE_LOG, expected_log):
gui.kb_send('enter', wait_time=20)
# Mandatory wait to switch display from GDM to GNOME
# Not waiting can actually mess up the output
gui.check_home_screen()
with assert_log(SECURE_LOG, expected_log):
gui.kb_write(sc.pin)
# Mandatory wait to switch display from GDM to GNOME
# Not waiting can actually mess up the output
gui.check_home_screen()


@pytest.mark.parametrize("required", [(True), (False)])
Expand All @@ -91,20 +93,24 @@ def test_login_with_sc_wrong(local_user, required):
expected_log = (
r'.* gdm-smartcard\]\[[0-9]+\]: '
r'pam_sss\(gdm-smartcard:auth\): authentication failure;'
r'.*user=' + local_user.username + r'@shadowutils.*'
rf'.*user=({local_user.username}@shadowutils)?.*'
)

with (GUI() as gui,
Authselect(required=required), local_user.card(insert=True)):
gui.assert_text('PIN', timeout=20)
gui.kb_write(local_user.pin[:-1])
with (GUI(wait_time=10) as gui, Authselect(required=required)):
for i in range(local_user.total_cards):
with getattr(local_user, f"card_{i}")(insert=True) as sc:
multicert = check_multicert(gui=gui)
gui.assert_text('PIN', timeout=20)

with assert_log(SECURE_LOG, expected_log):
gui.kb_send('enter', wait_time=20)
# Mandatory wait to switch display from GDM to GNOME
# Not waiting can actually mess up the output
gui.check_home_screen(False)
gui.assert_text('PIN', timeout=20)
with assert_log(SECURE_LOG, expected_log):
gui.kb_write(sc.pin[:-1])
# Mandatory wait to switch display from GDM to GNOME
# Not waiting can actually mess up the output
gui.check_home_screen(False)
if multicert:
gui.assert_text('certificate', timeout=20)
else:
gui.assert_text('PIN', timeout=20)


def test_login_password(local_user):
Expand All @@ -123,13 +129,12 @@ def test_login_password(local_user):
"""
expected_log = (
r'.* pam_unix\(gdm-password:session\): session opened for user .*'
)
)

with GUI() as gui, Authselect(required=False):
with GUI(wait_time=10) as gui, Authselect(required=False):
gui.click_on(local_user.username)
gui.kb_write(local_user.password)
with assert_log(SECURE_LOG, expected_log):
gui.kb_send('enter', wait_time=20)
gui.kb_write(local_user.password)
gui.check_home_screen()


Expand All @@ -151,14 +156,13 @@ def test_login_password_wrong(local_user):
expected_log = (
r'.* gdm-password\]\[[0-9]+\]: '
r'pam_unix\(gdm-password:auth\): authentication failure;'
r'.*user=' + local_user.username + r'.*'
rf'.*user=({local_user.username}@shadowutils)?.*'
)

with GUI() as gui, Authselect(required=False):
with GUI(wait_time=10) as gui, Authselect(required=False):
gui.click_on(local_user.username)
gui.kb_write(local_user.password[:-1])
with assert_log(SECURE_LOG, expected_log):
gui.kb_send('enter', wait_time=20)
gui.kb_write(local_user.password[:-1])

gui.check_home_screen(False)
gui.assert_text('Password', timeout=20)
Expand All @@ -182,28 +186,29 @@ def test_insert_card_prompt(local_user, lock_on_removal):
C. GDM shows "insert PIN" prompt
D. User is logged in successfully.
"""
with (GUI() as gui,
Authselect(required=True, lock_on_removal=lock_on_removal),
local_user.card(insert=False) as card):
try:
gui.assert_text('insert', timeout=20)
except Exception:
gui.click_on(local_user.username)

gui.assert_text('insert', timeout=20)
card.insert()
sleep(10)
gui.assert_text('PIN')
gui.kb_write(local_user.pin)

expected_log = (
r'.* gdm-smartcard\]\[[0-9]+\]: '
r'pam_sss\(gdm-smartcard:auth\): authentication success;'
r'.*user=' + local_user.username + r'(@shadowutils)?.*'
)

with assert_log(SECURE_LOG, expected_log):
gui.kb_send('enter', wait_time=20)
# Mandatory wait to switch display from GDM to GNOME
# Not waiting can actually mess up the output
gui.check_home_screen()
with (GUI(wait_time=10) as gui,
Authselect(required=True, lock_on_removal=lock_on_removal)):
for i in range(local_user.total_cards):
with getattr(local_user, f"card_{i}")(insert=True) as sc:
try:
gui.assert_text('insert', timeout=20)
except Exception:
gui.click_on(local_user.username)

gui.assert_text('insert', timeout=20)
sc.insert()
sleep(10)
check_multicert(gui=gui)
gui.assert_text('PIN')

expected_log = (
r'.* gdm-smartcard\]\[[0-9]+\]: '
r'pam_sss\(gdm-smartcard:auth\): authentication success;'
rf'.*user=({local_user.username}@shadowutils)?.*'
)

with assert_log(SECURE_LOG, expected_log):
gui.kb_write(sc.pin)
# Mandatory wait to switch display from GDM to GNOME
# Not waiting can actually mess up the output
gui.check_home_screen()
144 changes: 74 additions & 70 deletions Graphical/local-user-lock-on-removal.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
from SCAutolib.models.authselect import Authselect
from SCAutolib.models.gui import GUI, keyboard
from time import sleep
from conftest import check_multicert
import pytest


Expand All @@ -50,36 +51,39 @@ def test_lock_on_removal(local_user, required):
C. The system locks itself after the card is removed
D. The system is unlocked
"""
with (GUI() as gui, Authselect(required=required, lock_on_removal=True)):
with (GUI(wait_time=10) as gui,
Authselect(required=required, lock_on_removal=True)):
# insert the card and sign in a standard way
with local_user.card(insert=True) as card:
sleep(5)
gui.assert_text('PIN', timeout=20)
gui.kb_write(local_user.pin)
gui.kb_send('enter', wait_time=20)
# confirm that you are logged in
gui.check_home_screen()

# remove the card and wait for the screen to lock
card.remove()
sleep(5)
# Locking the screen in GNOME apparently does not generate any log.
# This could be checked by monitoring D-Bus signals

# Wake up the black screen by pressing enter
gui.kb_send('enter', screenshot=False)
# Confirm that the screen is locked
# After the screen has been locked, there should be no Activities
gui.check_home_screen(False)
gui.assert_text('insert', timeout=20)

card.insert()
# click on the password field
gui.click_on('PIN')
gui.kb_write(local_user.pin)
gui.kb_send('enter', wait_time=20)
# confirm that you are logged back in
gui.check_home_screen()

for i in range(local_user.total_cards):
with getattr(local_user, f"card_{i}")(insert=True) as sc:
sleep(5)
check_multicert(gui=gui)
gui.assert_text('PIN', timeout=20)
gui.kb_write(sc.pin)
# confirm that you are logged in
gui.check_home_screen()

# remove the card and wait for the screen to lock
sc.remove()
sleep(5)
# Locking the screen in GNOME apparently does not generate any log.
# This could be checked by monitoring D-Bus signals

# Wake up the black screen by pressing enter
gui.kb_send('enter', screenshot=False)
# Confirm that the screen is locked
# After the screen has been locked, there should be no Activities
gui.check_home_screen(False)
gui.assert_text('insert', timeout=20)

sc.insert()
check_multicert(gui=gui)
# click on the password field
gui.click_on('PIN')
gui.kb_write(sc.pin)
# confirm that you are logged back in
gui.check_home_screen()


def test_lock_on_removal_password(local_user):
Expand All @@ -99,24 +103,25 @@ def test_lock_on_removal_password(local_user):
C. Nothing happens
D. Nothing happens - system will not lock on card removal
"""
with (GUI() as gui, Authselect(required=False, lock_on_removal=True)):
with local_user.card(insert=False) as card:
gui.click_on(local_user.username)
gui.kb_write(local_user.password)
gui.kb_send('enter', wait_time=20)
gui.check_home_screen()
with (GUI(wait_time=10) as gui,
Authselect(required=False, lock_on_removal=True)):
for i in range(local_user.total_cards):
with getattr(local_user, f"card_{i}")() as sc:
gui.click_on(local_user.username)
gui.kb_write(local_user.password)
gui.check_home_screen()

card.insert()
sleep(10)
card.remove()
sleep(10)
sc.insert()
sleep(10)
sc.remove()
sleep(10)

# Screen should be unlocked
gui.check_home_screen()
# Screen should be unlocked
gui.check_home_screen()


@pytest.mark.parametrize("lock_on_removal", [(True), (False)])
def test_lockscreen_password(local_user, lock_on_removal):
def test_lockscreen_password(local_user, check_multicert, lock_on_removal):
"""Local user unlocks screen using password, even if the smart card is
inserted (after the password login). Screen unlocking requires the same
method (PIN vs password) as was used for login.
Expand All @@ -137,31 +142,30 @@ def test_lockscreen_password(local_user, lock_on_removal):
D. The screen is locked
E. Screen is unlocked successfully
"""
with (GUI() as gui,
Authselect(required=False, lock_on_removal=lock_on_removal),
local_user.card(insert=False) as card):
gui.click_on(local_user.username)
gui.kb_write(local_user.password)
gui.kb_send('enter', wait_time=20)
gui.check_home_screen()

card.insert()
sleep(10)
# press shortcut to lock the screen
# keyboard.send('windows+l') cannot be parsed properly
# this is a workaround for keyboard library
keyboard.press((125, 126),)
keyboard.send('l')
keyboard.release((125, 126),)
sleep(10)

# Wake up the black screen by pressing enter
gui.kb_send('enter', screenshot=False)
# Confirm that the screen is locked
# After the screen has been locked, there should be no Activities
gui.check_home_screen(False)
gui.click_on('Password', check_difference=False)
gui.kb_write(local_user.password)
gui.kb_send('enter', wait_time=10)
# confirm that you are logged back in
gui.check_home_screen()
with (GUI(wait_time=10) as gui,
Authselect(required=False, lock_on_removal=lock_on_removal)):
for i in range(local_user.total_cards):
with getattr(local_user, f"card_{i}")() as sc:
gui.click_on(local_user.username)
gui.kb_write(local_user.password)
gui.check_home_screen()

sc.insert()
sleep(10)
# press shortcut to lock the screen
# keyboard.send('windows+l') cannot be parsed properly
# this is a workaround for keyboard library
keyboard.press((125, 126),)
keyboard.send('l')
keyboard.release((125, 126),)
sleep(10)

# Wake up the black screen by pressing enter
gui.kb_send('enter', screenshot=False)
# Confirm that the screen is locked
# After the screen has been locked, there should be no Activities
gui.check_home_screen(False)
gui.click_on('Password', check_difference=False)
gui.kb_write(local_user.password)
# confirm that you are logged back in
gui.check_home_screen()
4 changes: 2 additions & 2 deletions Kerberos/test_kerberos_ssh_login.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import pytest

from SCAutolib.models.authselect import Authselect
from SCAutolib.isDistro import isDistro
from SCAutolib.utils import isDistro


def test_krb_user_ssh(ipa_user, user_shell):
Expand Down Expand Up @@ -67,7 +67,7 @@ def test_krb_change_passwd_ssh(ipa_user, user_shell, ipa_login):
user_shell.expect_exact(ipa_user.username)
user_shell.sendline(f"passwd")
if isDistro(['rhel', 'centos'], '>=10') or isDistro('fedora', '>=40'):
user_shell.expect_exact(f"Current password")
user_shell.expect(r"[cC]urrent [pP]assword")
else:
user_shell.expect_exact(f"Changing password for user {ipa_user.username}.")

Expand Down
4 changes: 2 additions & 2 deletions Kerberos/test_kerberos_user_change_password.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

import conftest
from SCAutolib.models.authselect import Authselect
from SCAutolib.isDistro import isDistro
from SCAutolib.utils import isDistro


@pytest.mark.parametrize("required,insert,expect,secret",
Expand Down Expand Up @@ -68,6 +68,6 @@ def test_kerberos_change_passwd(ipa_user, user_shell, required, insert, expect,
user_shell.expect_exact(expect)
user_shell.sendline(secret)
if isDistro(['rhel', 'centos'], '>=10') or isDistro('fedora', '>=40'):
user_shell.expect_exact(f"Current password")
user_shell.expect(r"[cC]urrent [pP]assword")
else:
user_shell.expect_exact(f"Changing password for user {ipa_user.username}.")
Loading