def test_root_user_override(ldap_conn, env_root_user_override):
"""Test entries are not overriden to root"""
# Override does not have to happen completly, trying to set uid or gid
# to 0 is simply ignored.
ent.assert_passwd_by_name(
"ov_user1",
dict(
name="ov_user1",
passwd="*",
uid=10001,
gid=20001,
gecos="Overriden User 1",
dir="/home/ov/user1",
shell="/bin/ov_user1_shell",
),
)
# We can create override with name root. This test is just for tracking
# that this particular behavior won't change.
ent.assert_passwd_by_name(
"user2",
dict(
name="root",
passwd="*",
uid=10020,
gid=20020,
gecos="Overriden User 2",
dir="/home/ov/user2",
shell="/bin/ov_user2_shell",
),
)
ent.assert_passwd_by_uid(0, dict(name="root"))
def test_user_update_diff_attrs(ldap_conn,
ldb_examine,
setup_rfc2307bis):
"""
Test that a user update with the same modifyTimestamp does not trigger
sysdb cache update
"""
ldb_conn = ldb_examine
old_sysdb_attrs, old_ts_attrs = prime_cache_user(ldb_conn, "user1", 2001)
# modify an argument we don't save to the cache. This will bump the
# modifyTimestamp attribute, but the attributes themselves will be the same
# from sssd's point of view
ldap_conn.modify_s("uid=user1,ou=Users," + ldap_conn.ds_inst.base_dn,
[(ldap.MOD_REPLACE, "loginShell", "/bin/zsh")])
# wait for slapd to change its database
time.sleep(1)
ent.assert_passwd_by_name("user1", dict(name="user1"))
sysdb_attrs, ts_attrs = get_user_attrs(ldb_conn, "user1",
SSSD_DOMAIN, TS_ATTRLIST)
assert_diff_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
assert_diff_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
def test_userdel(passwd_ops_setup):
passwd_ops_setup.useradd(**USER1)
ent.assert_passwd_by_name("user1", USER1)
passwd_ops_setup.userdel("user1")
with pytest.raises(KeyError):
pwd.getpwnam("user1")
def test_extra_attribute_already_exists(ldap_conn, extra_attributes):
"""Test the effect of the "vetoed_shells" option"""
user = '******'
extra_attribute = 'givenName'
given_name = 'unix_user'
user_dn = "uid=" + user + ",ou=Users," + ldap_conn.ds_inst.base_dn
old = {'objectClass': ['top', 'inetOrgPerson', 'posixAccount']}
new = {'objectClass': ['top', 'inetOrgPerson', 'posixAccount',
'extensibleObject']}
ldif = ldap.modlist.modifyModlist(old, new)
ldap_conn.modify_s(user_dn, ldif)
ldap_conn.modify_s(user_dn, [(ldap.MOD_ADD, extra_attribute, given_name)])
ent.assert_passwd_by_name(
user,
dict(name="user", uid=2001, gid=2000, shell="/bin/bash"),
)
domain = 'LDAP'
ldb_conn = sssd_ldb.SssdLdb('LDAP')
val = ldb_conn.get_entry_attr(sssd_ldb.CacheType.sysdb,
sssd_ldb.TsCacheEntry.user,
user, domain, extra_attribute)
assert val == given_name
def env_root_user_override(request, ldap_conn, env_two_users_and_group):
# Assert entries are not overriden
ent.assert_passwd_by_name(
'root',
dict(name='root', uid=0, gid=0))
ent.assert_passwd_by_uid(0, dict(name="root"))
# Override
subprocess.check_call(["sss_override", "user-add", "user1",
"-u", "0",
"-g", "0",
"-n", "ov_user1",
"-c", "Overriden User 1",
"-h", "/home/ov/user1",
"-s", "/bin/ov_user1_shell"])
subprocess.check_call(["sss_override", "user-add", "user2",
"-u", "10020",
"-g", "20020",
"-n", "root",
"-c", "Overriden User 2",
"-h", "/home/ov/user2",
"-s", "/bin/ov_user2_shell"])
# Restart SSSD so the override might take effect
restart_sssd()
def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307):
"""
Test that the memory cache is not created at all with memcache_timeout=0
"""
# No memory cache files must be created
assert len(os.listdir(config.MCACHE_PATH)) == 0
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
stop_sssd()
# sssd is stopped; so the memory cache should not be used
# in long living clients (py.test in this case)
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwuid(1001)
with pytest.raises(KeyError):
grp.getgrnam('group1')
with pytest.raises(KeyError):
grp.getgrgid(2001)
def run_simple_test_with_initgroups():
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_group_by_name(
"group1",
dict(mem=ent.contains_only("user1", "user11", "user21")))
ent.assert_group_by_gid(
2001,
dict(mem=ent.contains_only("user1", "user11", "user21")))
# unrelated group to user1
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user2", "user12", "user22")))
ent.assert_group_by_gid(
2002,
dict(mem=ent.contains_only("user2", "user12", "user22")))
assert_initgroups_equal("user1", 2001, [2000, 2001])
def test_removed_mc(ldap_conn, sanity_rfc2307):
"""
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/2726
"""
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
stop_sssd()
# remove cache without invalidation
for path in os.listdir(config.MCACHE_PATH):
os.unlink(config.MCACHE_PATH + "/" + path)
# sssd is stopped; so the memory cache should not be used
# in long living clients (py.test in this case)
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwuid(1001)
with pytest.raises(KeyError):
grp.getgrnam('group1')
with pytest.raises(KeyError):
grp.getgrgid(2001)
def test_usermod(passwd_ops_setup):
passwd_ops_setup.useradd(**USER1)
ent.assert_passwd_by_name("user1", USER1)
USER1['shell'] = '/bin/zsh'
passwd_ops_setup.usermod(**USER1)
ent.assert_passwd_by_name("user1", USER1)
def test_user_show_basic_fqname_insensitive(ldap_conn,
fqname_case_insensitive_rfc2307,
portable_LC_ALL):
# Fill the cache first
ent.assert_passwd_by_name(
'user1@LDAP',
dict(name='user1@LDAP', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_name(
'CamelCaseUser1@LDAP',
dict(name='camelcaseuser1@LDAP', passwd='*', uid=1002, gid=2002,
gecos='1002', shell='/bin/bash'))
output = get_call_output(["sssctl", "user-show", "user1@LDAP"])
assert output.find("Name: user1@LDAP") != -1
assert output.find("Initgroups expiration time: Initgroups were not yet "
"performed") != -1
assert output.find("Cached in InfoPipe: No") != -1
output = get_call_output(["sssctl", "user-show", "CamelCaseUser1@LDAP"])
assert output.find("Name: camelcaseuser1@LDAP") != -1
assert output.find("Initgroups expiration time: Initgroups were not yet "
"performed") != -1
assert output.find("Cached in InfoPipe: No") != -1
output = get_call_output(["sssctl", "user-show", "camelcaseuser1@LDAP"])
assert output.find("Name: camelcaseuser1@LDAP") != -1
assert output.find("Initgroups expiration time: Initgroups were not yet "
"performed") != -1
assert output.find("Cached in InfoPipe: No") != -1
def env_replace_user_override(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1",
10001,
20001,
gecos='User Number 1',
loginShell='/bin/user1_shell',
homeDirectory='/home/user1')
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overriden
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=10001,
gid=20001,
gecos='User Number 1',
dir='/home/user1',
shell='/bin/user1_shell'))
# Override
subprocess.check_call([
"sss_override", "user-add", "user1", "-u", "10010", "-g", "20010",
"-n", "ov_user1", "-c", "Overriden User 1", "-h", "/home/ov/user1",
"-s", "/bin/ov_user1_shell"
])
# Restart SSSD so the override might take effect
restart_sssd()
# Assert entries are overriden
ent.assert_passwd_by_name(
'user1',
dict(name='ov_user1',
passwd='*',
uid=10010,
gid=20010,
gecos='Overriden User 1',
dir='/home/ov/user1',
shell='/bin/ov_user1_shell'))
# Override of override
subprocess.check_call([
"sss_override", "user-add", "user1", "-u", "10100", "-g", "20100",
"-n", "ov2_user1", "-c", "Overriden2 User 1", "-h", "/home/ov2/user1",
"-s", "/bin/ov2_user1_shell"
])
# Restart SSSD so the override might take effect
restart_sssd()
def test_regr_2757_override(ldap_conn, env_regr_2757_override):
# Assert entries are overridden
ent.assert_passwd_by_name("user1@LDAP", dict(name="alias1@LDAP", passwd="*", uid=10001, gid=20001))
ent.assert_passwd_by_name("alias1@LDAP", dict(name="alias1@LDAP", passwd="*", uid=10001, gid=20001))
with pytest.raises(KeyError):
pwd.getpwnam("user1")
with pytest.raises(KeyError):
pwd.getpwnam("alias1")
def assert_user_overriden():
# There is an issue in nss_wrapper [0] and nss_wrapper always looks into
# the files first before using the NSS module. This lets this check fail
# because the user is found in the file and hence will be returned
# without overridden values.
# In order to work this around while there's no fix for nss_wrapper, let's
# use the fully-qualified name when looking up the USER1
#
# https://bugzilla.samba.org/show_bug.cgi?id=12883)
ent.assert_passwd_by_name(USER1["name"]+"@files", OV_USER1)
ent.assert_passwd_by_name(OV_USER1["name"], OV_USER1)
def assert_user_overriden():
# There is an issue in nss_wrapper [0] and nss_wrapper always looks into
# the files first before using the NSS module. This lets this check fail
# because the user is found in the file and hence will be returned
# without overridden values.
# In order to work this around while there's no fix for nss_wrapper, let's
# use the fully-qualified name when looking up the USER1
#
# https://bugzilla.samba.org/show_bug.cgi?id=12883)
ent.assert_passwd_by_name(USER1["name"] + "@files", OV_USER1)
ent.assert_passwd_by_name(OV_USER1["name"], OV_USER1)
def env_replace_user_override(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001,
gecos='User Number 1',
loginShell='/bin/user1_shell',
homeDirectory='/home/user1')
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overriden
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=10001, gid=20001,
gecos='User Number 1',
dir='/home/user1',
shell='/bin/user1_shell'))
# Override
subprocess.check_call(["sss_override", "user-add", "user1",
"-u", "10010",
"-g", "20010",
"-n", "ov_user1",
"-c", "Overriden User 1",
"-h", "/home/ov/user1",
"-s", "/bin/ov_user1_shell"])
# Restart SSSD so the override might take effect
restart_sssd()
# Assert entries are overriden
ent.assert_passwd_by_name(
'user1',
dict(name='ov_user1', passwd='*', uid=10010, gid=20010,
gecos='Overriden User 1',
dir='/home/ov/user1',
shell='/bin/ov_user1_shell'))
# Override of override
subprocess.check_call(["sss_override", "user-add", "user1",
"-u", "10100",
"-g", "20100",
"-n", "ov2_user1",
"-c", "Overriden2 User 1",
"-h", "/home/ov2/user1",
"-s", "/bin/ov2_user1_shell"])
# Restart SSSD so the override might take effect
restart_sssd()
def test_mix_cased_name_override(ldap_conn, env_mix_cased_name_override):
"""Test if names with upper and lower case letter are overridden"""
# Assert entries are overridden
user1 = dict(
name="ov_user1@LDAP",
passwd="*",
uid=10010,
gid=20010,
gecos="Overriden User 1",
dir="/home/ov/user1",
shell="/bin/ov_user1_shell",
)
user2 = dict(
name="ov_user2@LDAP",
passwd="*",
uid=10020,
gid=20020,
gecos="Overriden User 2",
dir="/home/ov/user2",
shell="/bin/ov_user2_shell",
)
ent.assert_passwd_by_name("user1@LDAP", user1)
ent.assert_passwd_by_name("ov_user1@LDAP", user1)
ent.assert_passwd_by_name("user2@LDAP", user2)
ent.assert_passwd_by_name("ov_user2@LDAP", user2)
def test_regr_2757_override(ldap_conn, env_regr_2757_override):
# Assert entries are overridden
ent.assert_passwd_by_name(
'user1@LDAP',
dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
ent.assert_passwd_by_name(
'alias1@LDAP',
dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwnam('alias1')
def test_regr_2757_override(ldap_conn, env_regr_2757_override):
# Assert entries are overridden
ent.assert_passwd_by_name(
'user1@LDAP',
dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
ent.assert_passwd_by_name(
'alias1@LDAP',
dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwnam('alias1')
def test_mix_cased_name_override(ldap_conn, env_mix_cased_name_override):
"""Test if names with upper and lower case letter are overridden"""
# Assert entries are overridden
user1 = dict(name='ov_user1@LDAP',
passwd='*',
uid=10010,
gid=20010,
gecos='Overriden User 1',
dir='/home/ov/user1',
shell='/bin/ov_user1_shell')
user2 = dict(name='ov_user2@LDAP',
passwd='*',
uid=10020,
gid=20020,
gecos='Overriden User 2',
dir='/home/ov/user2',
shell='/bin/ov_user2_shell')
ent.assert_passwd_by_name('user1@LDAP', user1)
ent.assert_passwd_by_name('ov_user1@LDAP', user1)
ent.assert_passwd_by_name('user2@LDAP', user2)
ent.assert_passwd_by_name('ov_user2@LDAP', user2)
def test_replace_user_override(ldap_conn, env_replace_user_override):
user = dict(name='ov2_user1', passwd='*', uid=10100, gid=20100,
gecos='Overriden2 User 1',
dir='/home/ov2/user1',
shell='/bin/ov2_user1_shell')
ent.assert_passwd_by_name('ov2_user1', user)
ent.assert_passwd_by_name('ov2_user1@LDAP', user)
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1@LDAP')
def assert_user_default():
# Assert entries are not overriden
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user2')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user2@LDAP')
user1 = dict(name='user1', passwd='*', uid=10001, gid=20001,
gecos='User Number 1',
dir='/home/user1',
shell='/bin/user1_shell')
user2 = dict(name='user2', passwd='*', uid=10002, gid=20001,
gecos='User Number 2',
dir='/home/user2',
shell='/bin/user2_shell')
ent.assert_passwd_by_name('user1', user1)
ent.assert_passwd_by_name('user1@LDAP', user1)
ent.assert_passwd_by_name('user2', user2)
ent.assert_passwd_by_name('user2@LDAP', user2)
def test_replace_user_override(ldap_conn, env_replace_user_override):
user = dict(name='ov2_user1', passwd='*', uid=10100, gid=20100,
gecos='Overriden2 User 1',
dir='/home/ov2/user1',
shell='/bin/ov2_user1_shell')
ent.assert_passwd_by_name('ov2_user1', user)
ent.assert_passwd_by_name('ov2_user1@LDAP', user)
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1@LDAP')
def assert_user_default():
# Assert entries are not overriden
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user2')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user2@LDAP')
user1 = dict(name='user1', passwd='*', uid=10001, gid=20001,
gecos='User Number 1',
dir='/home/user1',
shell='/bin/user1_shell')
user2 = dict(name='user2', passwd='*', uid=10002, gid=20001,
gecos='User Number 2',
dir='/home/user2',
shell='/bin/user2_shell')
ent.assert_passwd_by_name('user1', user1)
ent.assert_passwd_by_name('user1@LDAP', user1)
ent.assert_passwd_by_name('user2', user2)
ent.assert_passwd_by_name('user2@LDAP', user2)
def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307):
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
assert_user_gids_equal('user1', [2000, 2001])
stop_sssd()
# group cache is disabled, other caches should work
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
with pytest.raises(KeyError):
grp.getgrnam('group1')
with pytest.raises(KeyError):
grp.getgrgid(2001)
assert_user_gids_equal('user1', [2000, 2001])
def test_assert_passwd_by_name(users_and_groups):
ent.assert_passwd_by_name("user1", {})
ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001))
ent.assert_passwd_by_name("user1", USER1)
try:
ent.assert_passwd_by_name("user3", {})
assert False
except AssertionError as e:
assert str(e) == "'getpwnam(): name not found: user3'"
try:
ent.assert_passwd_by_name("user2", dict(name="user1"))
assert False
except AssertionError as e:
assert str(e) == "'name' mismatch: 'user1' != 'user2'"
def test_assert_passwd_by_name(users_and_groups):
ent.assert_passwd_by_name("user1", {})
ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001))
ent.assert_passwd_by_name("user1", USER1)
try:
ent.assert_passwd_by_name("user3", {})
assert False
except AssertionError as e:
assert str(e) == "'getpwnam(): name not found: user3'"
try:
ent.assert_passwd_by_name("user2", dict(name="user1"))
assert False
except AssertionError as e:
assert str(e) == "'name' mismatch: 'user1' != 'user2'"
def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307):
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
assert_user_gids_equal('user1', [2000, 2001])
stop_sssd()
# initgroups is disabled, other caches should work
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
assert_unsuccessful_initgr('user1')
def test_special_characters_in_names(ldap_conn, sanity_rfc2307):
"""
Test special characters which could cause malformed filter
in ldb_seach.
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/3121
"""
ent.assert_passwd_by_name(
"t(u)ser",
dict(name="t(u)ser", passwd="*", uid=5000, gid=5001,
gecos="5000", shell="/bin/bash"))
ent.assert_group_by_name(
"group(_u)ser1",
dict(name="group(_u)ser1", passwd="*", gid=5001,
mem=ent.contains_only("t(u)ser")))
def test_special_characters_in_names(ldap_conn, sanity_rfc2307):
"""
Test special characters which could cause malformed filter
in ldb_seach.
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/3121
"""
ent.assert_passwd_by_name(
"t(u)ser",
dict(name="t(u)ser", passwd="*", uid=5000, gid=5001,
gecos="5000", shell="/bin/bash"))
ent.assert_group_by_name(
"group(_u)ser1",
dict(name="group(_u)ser1", passwd="*", gid=5001,
mem=ent.contains_only("t(u)ser")))
def test_user_update_same_modstamp(ldap_conn, ldb_examine, setup_rfc2307bis):
"""
Test that a user update with the same modifyTimestamp does not trigger
sysdb cache update
"""
ldb_conn = ldb_examine
old_sysdb_attrs, old_ts_attrs = prime_cache_user(ldb_conn, "user1", 2001)
ent.assert_passwd_by_name("user1", dict(name="user1"))
sysdb_attrs, ts_attrs = get_user_attrs(ldb_conn, "user1", SSSD_DOMAIN,
TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_same_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
def test_replace_user_override(ldap_conn, env_replace_user_override):
user = dict(
name="ov2_user1",
passwd="*",
uid=10100,
gid=20100,
gecos="Overriden2 User 1",
dir="/home/ov2/user1",
shell="/bin/ov2_user1_shell",
)
ent.assert_passwd_by_name("ov2_user1", user)
ent.assert_passwd_by_name("ov2_user1@LDAP", user)
with pytest.raises(KeyError):
pwd.getpwnam("ov_user1")
with pytest.raises(KeyError):
pwd.getpwnam("ov_user1@LDAP")
def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
"""
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/2676
"""
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user1")))
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
time.sleep(15)
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user1")))
def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307):
# the sssd cache was empty and not all user's group were
# resolved with getgr{nm,gid}. Therefore there is a change in
# group membership => user groups should be invalidated
run_simple_test_with_initgroups()
assert_initgroups_equal("user1", 2001, [2000, 2001])
stop_sssd()
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
# unrelated group to user1 must be returned
ent.assert_group_by_name(
"group2", dict(mem=ent.contains_only("user2", "user12", "user22")))
ent.assert_group_by_gid(
2002, dict(mem=ent.contains_only("user2", "user12", "user22")))
assert_initgroups_equal("user1", 2001, [2000, 2001])
# user groups must be invalidated
for group in ["group1", "group0x"]:
with pytest.raises(KeyError):
grp.getgrnam(group)
for gid in [2000, 2001]:
with pytest.raises(KeyError):
grp.getgrgid(gid)
def test_user_update_same_modstamp(ldap_conn,
ldb_examine,
setup_rfc2307bis):
"""
Test that a user update with the same modifyTimestamp does not trigger
sysdb cache update
"""
ldb_conn = ldb_examine
old_sysdb_attrs, old_ts_attrs = prime_cache_user(ldb_conn, "user1", 2001)
ent.assert_passwd_by_name("user1", dict(name="user1"))
sysdb_attrs, ts_attrs = get_user_attrs(ldb_conn, "user1",
SSSD_DOMAIN, TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_same_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
"""
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/2676
"""
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user1")))
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
time.sleep(15)
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user1")))
def test_removed_mc(ldap_conn, sanity_rfc2307):
"""
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/2726
"""
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
stop_sssd()
# remove cache without invalidation
for path in os.listdir(config.MCACHE_PATH):
os.unlink(config.MCACHE_PATH + "/" + path)
# sssd is stopped; so the memory cache should not be used
# in long living clients (py.test in this case)
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwuid(1001)
with pytest.raises(KeyError):
grp.getgrnam('group1')
with pytest.raises(KeyError):
grp.getgrgid(2001)
def env_regr_2757_override(request, ldap_conn):
prepare_sssd(request, ldap_conn, use_fully_qualified_names=True)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001)
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overridden
ent.assert_passwd_by_name("user1@LDAP", dict(name="user1@LDAP", passwd="*", uid=10001, gid=20001))
with pytest.raises(KeyError):
pwd.getpwnam("alias1")
with pytest.raises(KeyError):
pwd.getpwnam("alias1@LDAP")
# Override
subprocess.check_call(["sss_override", "user-add", "user1@LDAP", "-n", "alias1"])
restart_sssd()
def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307):
# Even if initgroups is disabled, passwd should work
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
stop_sssd()
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
def test_colliding_hashes(ldap_conn, sanity_rfc2307):
"""
Regression test for ticket:
https://pagure.io/SSSD/sssd/issue/3571
"""
first_user = '******'
# initialize data in memcache
ent.assert_passwd_by_name(
first_user,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
mem_cache = MemoryCache(config.MCACHE_PATH + '/passwd')
colliding_hash = mem_cache.sss_nss_mc_hash(first_user)
while True:
# string for colliding hash need to be longer then data for user1
# stored in memory cache (almost equivalent to:
# `getent passwd user1 | wc -c` ==> 45
second_user = get_random_string(80)
val = mem_cache.sss_nss_mc_hash(second_user)
if val == colliding_hash:
break
# add new user to LDAP
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user(second_user, 5001, 5001)
ldap_conn.add_s(ent_list[0][0], ent_list[0][1])
ent.assert_passwd_by_name(
second_user,
dict(name=second_user, passwd='*', uid=5001, gid=5001,
gecos='5001', shell='/bin/bash'))
stop_sssd()
# check that both users are stored in cache
ent.assert_passwd_by_name(
first_user,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_name(
second_user,
dict(name=second_user, passwd='*', uid=5001, gid=5001,
gecos='5001', shell='/bin/bash'))
def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307):
"""
Test that the memory cache is not created at all with memcache_timeout=0
"""
# No memory cache files must be created
assert len(os.listdir(config.MCACHE_PATH)) == 0
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
stop_sssd()
# sssd is stopped; so the memory cache should not be used
# in long living clients (py.test in this case)
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwuid(1001)
with pytest.raises(KeyError):
grp.getgrnam('group1')
with pytest.raises(KeyError):
grp.getgrgid(2001)
def env_root_user_override(request, ldap_conn, env_two_users_and_group):
# Assert entries are not overriden
ent.assert_passwd_by_name('root', dict(name='root', uid=0, gid=0))
ent.assert_passwd_by_uid(0, dict(name="root"))
# Override
subprocess.check_call([
"sss_override", "user-add", "user1", "-u", "0", "-g", "0", "-n",
"ov_user1", "-c", "Overriden User 1", "-h", "/home/ov/user1", "-s",
"/bin/ov_user1_shell"
])
subprocess.check_call([
"sss_override", "user-add", "user2", "-u", "10020", "-g", "20020",
"-n", "root", "-c", "Overriden User 2", "-h", "/home/ov/user2", "-s",
"/bin/ov_user2_shell"
])
# Restart SSSD so the override might take effect
restart_sssd()
def test_disabled_mc(ldap_conn, disable_memcache_rfc2307):
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
assert_user_gids_equal('user1', [2000, 2001])
stop_sssd()
# sssd is stopped and the memory cache is disabled;
# so pytest should not be able to find anything
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwuid(1001)
with pytest.raises(KeyError):
grp.getgrnam('group1')
with pytest.raises(KeyError):
grp.getgrgid(2001)
with pytest.raises(KeyError):
(res, errno, gids) = sssd_id.get_user_gids('user1')
def test_root_user_override(ldap_conn, env_root_user_override):
"""Test entries are not overriden to root"""
# Override does not have to happen completly, trying to set uid or gid
# to 0 is simply ignored.
ent.assert_passwd_by_name(
'ov_user1',
dict(name='ov_user1', passwd='*', uid=10001, gid=20001,
gecos='Overriden User 1',
dir='/home/ov/user1',
shell='/bin/ov_user1_shell'))
# We can create override with name root. This test is just for tracking
# that this particular behavior won't change.
ent.assert_passwd_by_name(
'user2',
dict(name='root', passwd='*', uid=10020, gid=20020,
gecos='Overriden User 2',
dir='/home/ov/user2',
shell='/bin/ov_user2_shell'))
ent.assert_passwd_by_uid(0, dict(name="root"))
def test_colliding_hashes(ldap_conn, sanity_rfc2307):
"""
Regression test for ticket:
https://github.com/SSSD/sssd/issues/4595
"""
first_user = '******'
# initialize data in memcache
ent.assert_passwd_by_name(
first_user,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
mem_cache = MemoryCache(config.MCACHE_PATH + '/passwd')
colliding_hash = mem_cache.sss_nss_mc_hash(first_user)
while True:
# string for colliding hash need to be longer then data for user1
# stored in memory cache (almost equivalent to:
# `getent passwd user1 | wc -c` ==> 45
second_user = get_random_string(80)
val = mem_cache.sss_nss_mc_hash(second_user)
if val == colliding_hash:
break
# add new user to LDAP
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user(second_user, 5001, 5001)
ldap_conn.add_s(ent_list[0][0], ent_list[0][1])
ent.assert_passwd_by_name(
second_user,
dict(name=second_user, passwd='*', uid=5001, gid=5001,
gecos='5001', shell='/bin/bash'))
stop_sssd()
# check that both users are stored in cache
ent.assert_passwd_by_name(
first_user,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_name(
second_user,
dict(name=second_user, passwd='*', uid=5001, gid=5001,
gecos='5001', shell='/bin/bash'))
def test_user_show_basic_fqname_insensitive(ldap_conn,
fqname_case_insensitive_rfc2307,
portable_LC_ALL):
# Fill the cache first
ent.assert_passwd_by_name(
'user1@LDAP',
dict(name='user1@LDAP',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'CamelCaseUser1@LDAP',
dict(name='camelcaseuser1@LDAP',
passwd='*',
uid=1002,
gid=2002,
gecos='1002',
shell='/bin/bash'))
output = get_call_output(["sssctl", "user-show", "user1@LDAP"])
assert output.find("Name: user1@LDAP") != -1
assert output.find("Initgroups expiration time: Initgroups were not yet "
"performed") != -1
assert output.find("Cached in InfoPipe: No") != -1
output = get_call_output(["sssctl", "user-show", "CamelCaseUser1@LDAP"])
assert output.find("Name: camelcaseuser1@LDAP") != -1
assert output.find("Initgroups expiration time: Initgroups were not yet "
"performed") != -1
assert output.find("Cached in InfoPipe: No") != -1
output = get_call_output(["sssctl", "user-show", "camelcaseuser1@LDAP"])
assert output.find("Name: camelcaseuser1@LDAP") != -1
assert output.find("Initgroups expiration time: Initgroups were not yet "
"performed") != -1
assert output.find("Cached in InfoPipe: No") != -1
def test_user_2307bis_nested_groups(ldap_conn, sanity_rfc2307_bis):
"""
Test nested groups.
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/3093
"""
primary_gid = 2001
# group1, two_user_group, one_user_group1, group_one_user_group,
# group_two_user_group, group_two_one_user_groups
expected_gids = [2001, 2012, 2015, 2017, 2018, 2019]
ent.assert_passwd_by_name("user1",
dict(name="user1", uid=1001, gid=primary_gid))
(res, errno, gids) = sssd_id.call_sssd_initgroups("user1", primary_gid)
assert res == sssd_id.NssReturnCode.SUCCESS
assert sorted(gids) == sorted(expected_gids), \
"result: %s\n expected %s" % (
", ".join(["%s" % s for s in sorted(gids)]),
", ".join(["%s" % s for s in sorted(expected_gids)])
)
def env_regr_2757_override(request, ldap_conn):
prepare_sssd(request, ldap_conn, use_fully_qualified_names=True)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001)
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overridden
ent.assert_passwd_by_name(
'user1@LDAP',
dict(name='user1@LDAP', passwd='*', uid=10001, gid=20001))
with pytest.raises(KeyError):
pwd.getpwnam('alias1')
with pytest.raises(KeyError):
pwd.getpwnam('alias1@LDAP')
# Override
subprocess.check_call(["sss_override", "user-add", "user1@LDAP",
"-n", "alias1"])
restart_sssd()
def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307):
# the sssd cache was empty and not all user's group were
# resolved with getgr{nm,gid}. Therefore there is a change in
# group membership => user groups should be invalidated
run_simple_test_with_initgroups()
assert_initgroups_equal("user1", 2001, [2000, 2001])
stop_sssd()
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
# unrelated group to user1 must be returned
ent.assert_group_by_name(
"group2",
dict(mem=ent.contains_only("user2", "user12", "user22")))
ent.assert_group_by_gid(
2002,
dict(mem=ent.contains_only("user2", "user12", "user22")))
assert_initgroups_equal("user1", 2001, [2000, 2001])
# user groups must be invalidated
for group in ["group1", "group0x"]:
with pytest.raises(KeyError):
grp.getgrnam(group)
for gid in [2000, 2001]:
with pytest.raises(KeyError):
grp.getgrgid(gid)
def assert_mc_records_for_user1():
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_group_by_name(
"group1",
dict(mem=ent.contains_only("user1", "user11", "user21")))
ent.assert_group_by_gid(
2001,
dict(mem=ent.contains_only("user1", "user11", "user21")))
ent.assert_group_by_name(
"group0x",
dict(mem=ent.contains_only("user1", "user2", "user3")))
ent.assert_group_by_gid(
2000,
dict(mem=ent.contains_only("user1", "user2", "user3")))
assert_initgroups_equal("user1", 2001, [2000, 2001])
def test_user_2307bis_nested_groups(ldap_conn,
sanity_rfc2307_bis):
"""
Test nested groups.
Regression test for ticket:
https://fedorahosted.org/sssd/ticket/3093
"""
primary_gid = 2001
# group1, two_user_group, one_user_group1, group_one_user_group,
# group_two_user_group, group_two_one_user_groups
expected_gids = [2001, 2012, 2015, 2017, 2018, 2019]
ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001,
gid=primary_gid))
(res, errno, gids) = sssd_id.call_sssd_initgroups("user1", primary_gid)
assert res == sssd_id.NssReturnCode.SUCCESS
assert sorted(gids) == sorted(expected_gids), \
"result: %s\n expected %s" % (
", ".join(["%s" % s for s in sorted(gids)]),
", ".join(["%s" % s for s in sorted(expected_gids)])
)
def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307):
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
assert_user_gids_equal('user1', [2000, 2001])
stop_sssd()
# passwd cache is disabled
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwuid(1001)
# Initgroups looks up the user first, hence KeyError from the
# passwd database even if the initgroups cache is active.
with pytest.raises(KeyError):
(res, errno, gids) = sssd_id.get_user_gids('user1')
def assert_mc_records_for_user1():
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_group_by_name(
"group1",
dict(mem=ent.contains_only("user1", "user11", "user21")))
ent.assert_group_by_gid(
2001,
dict(mem=ent.contains_only("user1", "user11", "user21")))
ent.assert_group_by_name(
"group0x",
dict(mem=ent.contains_only("user1", "user2", "user3")))
ent.assert_group_by_gid(
2000,
dict(mem=ent.contains_only("user1", "user2", "user3")))
assert_initgroups_equal("user1", 2001, [2000, 2001])
def test_mix_cased_name_override(ldap_conn, env_mix_cased_name_override):
"""Test if names with upper and lower case letter are overridden"""
# Assert entries are overridden
user1 = dict(name='ov_user1@LDAP', passwd='*', uid=10010, gid=20010,
gecos='Overriden User 1',
dir='/home/ov/user1',
shell='/bin/ov_user1_shell')
user2 = dict(name='ov_user2@LDAP', passwd='*', uid=10020, gid=20020,
gecos='Overriden User 2',
dir='/home/ov/user2',
shell='/bin/ov_user2_shell')
ent.assert_passwd_by_name('user1@LDAP', user1)
ent.assert_passwd_by_name('ov_user1@LDAP', user1)
ent.assert_passwd_by_name('user2@LDAP', user2)
ent.assert_passwd_by_name('ov_user2@LDAP', user2)
def assert_user_default():
# Assert entries are not overriden
with pytest.raises(KeyError):
pwd.getpwnam("ov_user1")
with pytest.raises(KeyError):
pwd.getpwnam("ov_user1@LDAP")
with pytest.raises(KeyError):
pwd.getpwnam("ov_user2")
with pytest.raises(KeyError):
pwd.getpwnam("ov_user2@LDAP")
user1 = dict(
name="user1",
passwd="*",
uid=10001,
gid=20001,
gecos="User Number 1",
dir="/home/user1",
shell="/bin/user1_shell",
)
user2 = dict(
name="user2",
passwd="*",
uid=10002,
gid=20001,
gecos="User Number 2",
dir="/home/user2",
shell="/bin/user2_shell",
)
ent.assert_passwd_by_name("user1", user1)
ent.assert_passwd_by_name("user1@LDAP", user1)
ent.assert_passwd_by_name("user2", user2)
ent.assert_passwd_by_name("user2@LDAP", user2)
def test_getpwnam(ldap_conn, sanity_rfc2307):
ent.assert_passwd_by_name(
'user1',
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1', passwd='*', uid=1001, gid=2001,
gecos='1001', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user2',
dict(name='user2', passwd='*', uid=1002, gid=2002,
gecos='1002', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1002,
dict(name='user2', passwd='*', uid=1002, gid=2002,
gecos='1002', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user3',
dict(name='user3', passwd='*', uid=1003, gid=2003,
gecos='1003', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1003,
dict(name='user3', passwd='*', uid=1003, gid=2003,
gecos='1003', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user11',
dict(name='user11', passwd='*', uid=1011, gid=2001,
gecos='1011', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1011,
dict(name='user11', passwd='*', uid=1011, gid=2001,
gecos='1011', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user12',
dict(name='user12', passwd='*', uid=1012, gid=2002,
gecos='1012', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1012,
dict(name='user12', passwd='*', uid=1012, gid=2002,
gecos='1012', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user13',
dict(name='user13', passwd='*', uid=1013, gid=2003,
gecos='1013', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1013,
dict(name='user13', passwd='*', uid=1013, gid=2003,
gecos='1013', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user21',
dict(name='user21', passwd='*', uid=1021, gid=2001,
gecos='1021', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1021,
dict(name='user21', passwd='*', uid=1021, gid=2001,
gecos='1021', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user22',
dict(name='user22', passwd='*', uid=1022, gid=2002,
gecos='1022', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1022,
dict(name='user22', passwd='*', uid=1022, gid=2002,
gecos='1022', shell='/bin/bash'))
ent.assert_passwd_by_name(
'user23',
dict(name='user23', passwd='*', uid=1023, gid=2003,
gecos='1023', shell='/bin/bash'))
ent.assert_passwd_by_uid(
1023,
dict(name='user23', passwd='*', uid=1023, gid=2003,
gecos='1023', shell='/bin/bash'))
def setup_pw_with_list(request, user_list):
pwd_ops = passwd_ops_setup(request)
for user in user_list:
pwd_ops.useradd(**user)
ent.assert_passwd_by_name(CANARY['name'], CANARY)
return pwd_ops
def test_getpwnam(ldap_conn, sanity_rfc2307):
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1001,
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user2',
dict(name='user2',
passwd='*',
uid=1002,
gid=2002,
gecos='1002',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1002,
dict(name='user2',
passwd='*',
uid=1002,
gid=2002,
gecos='1002',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user3',
dict(name='user3',
passwd='*',
uid=1003,
gid=2003,
gecos='1003',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1003,
dict(name='user3',
passwd='*',
uid=1003,
gid=2003,
gecos='1003',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user11',
dict(name='user11',
passwd='*',
uid=1011,
gid=2001,
gecos='1011',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1011,
dict(name='user11',
passwd='*',
uid=1011,
gid=2001,
gecos='1011',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user12',
dict(name='user12',
passwd='*',
uid=1012,
gid=2002,
gecos='1012',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1012,
dict(name='user12',
passwd='*',
uid=1012,
gid=2002,
gecos='1012',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user13',
dict(name='user13',
passwd='*',
uid=1013,
gid=2003,
gecos='1013',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1013,
dict(name='user13',
passwd='*',
uid=1013,
gid=2003,
gecos='1013',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user21',
dict(name='user21',
passwd='*',
uid=1021,
gid=2001,
gecos='1021',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1021,
dict(name='user21',
passwd='*',
uid=1021,
gid=2001,
gecos='1021',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user22',
dict(name='user22',
passwd='*',
uid=1022,
gid=2002,
gecos='1022',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1022,
dict(name='user22',
passwd='*',
uid=1022,
gid=2002,
gecos='1022',
shell='/bin/bash'))
ent.assert_passwd_by_name(
'user23',
dict(name='user23',
passwd='*',
uid=1023,
gid=2003,
gecos='1023',
shell='/bin/bash'))
ent.assert_passwd_by_uid(
1023,
dict(name='user23',
passwd='*',
uid=1023,
gid=2003,
gecos='1023',
shell='/bin/bash'))
def assert_user_overriden(override_name=True):
if override_name:
name1 = "ov_user1"
name2 = "ov_user2"
else:
name1 = "user1"
name2 = "user2"
user1 = dict(name=name1, passwd='*', uid=10010, gid=20010,
gecos='Overriden User 1',
dir='/home/ov/user1',
shell='/bin/ov_user1_shell')
user2 = dict(name=name2, passwd='*', uid=10020, gid=20020,
gecos='Overriden User 2',
dir='/home/ov/user2',
shell='/bin/ov_user2_shell')
ent.assert_passwd_by_name('user1', user1)
ent.assert_passwd_by_name('user1@LDAP', user1)
if override_name:
ent.assert_passwd_by_name('ov_user1', user1)
ent.assert_passwd_by_name('ov_user1@LDAP', user1)
ent.assert_passwd_by_name('user2', user2)
ent.assert_passwd_by_name('user2@LDAP', user2)
if override_name:
ent.assert_passwd_by_name('ov_user2', user2)
ent.assert_passwd_by_name('ov_user2@LDAP', user2)
def test_override_homedir_option(ldap_conn, env_override_homedir_option):
"""Test if overrides will overwrite override_homedir option"""
# Assert entries are overridden, user1 has no homedir override and
# override_homedir option should be used, user2 has a homedir override
# which should be used.
user1 = dict(name='ov_user1', passwd='*', uid=10010, gid=20010,
gecos='Overriden User 1',
dir='/home/ov_option/ov_user1',
shell='/bin/ov_user1_shell')
user2 = dict(name='ov_user2', passwd='*', uid=10020, gid=20020,
gecos='Overriden User 2',
dir='/home/ov/user2',
shell='/bin/ov_user2_shell')
ent.assert_passwd_by_name('user1@LDAP', user1)
ent.assert_passwd_by_name('ov_user1@LDAP', user1)
ent.assert_passwd_by_name('user1', user1)
ent.assert_passwd_by_name('ov_user1', user1)
ent.assert_passwd_by_name('user2@LDAP', user2)
ent.assert_passwd_by_name('ov_user2@LDAP', user2)
ent.assert_passwd_by_name('user2', user2)
ent.assert_passwd_by_name('ov_user2', user2)
def setup_pw_with_list(pwd_ops, user_list):
for user in user_list:
pwd_ops.useradd(**user)
ent.assert_passwd_by_name(CANARY['name'], CANARY)
return pwd_ops
