def format_basic_conf(ldap_conn, schema):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
if schema == SCHEMA_RFC2307_BIS:
schema_conf += "ldap_group_object_class = groupOfNames\n"
valgrind_cmd = "valgrind --log-file=%s/valgrind_ifp.log" % config.LOG_PATH
ifp_command = "%s %s/sssd/sssd_ifp " % (valgrind_cmd, config.LIBEXEC_PATH)
return unindent("""\
[sssd]
debug_level = 0xffff
domains = LDAP, app
services = nss, ifp
enable_files_domain = false
[nss]
memcache_timeout = 0
[ifp]
# it need to be executed with valgrind because there is a problem
# problem with "ifp" + client regristration in monitor
# There is not such problem in 1st test. Just in following tests.
command = {ifp_command} --uid 0 --gid 0 --debug-to-files
[domain/LDAP]
{schema_conf}
id_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
[application/app]
inherit_from = LDAP
""").format(**locals())
def format_basic_conf(ldap_conn, schema):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
if schema == SCHEMA_RFC2307_BIS:
schema_conf += "ldap_group_object_class = groupOfNames\n"
valgrind_cmd = "valgrind --log-file=%s/valgrind_ifp.log" % config.LOG_PATH
ifp_command = "%s %s/sssd/sssd_ifp " % (valgrind_cmd, config.LIBEXEC_PATH)
return unindent("""\
[sssd]
debug_level = 0xffff
domains = LDAP, app
services = nss, ifp
enable_files_domain = false
[nss]
memcache_timeout = 0
[ifp]
# it need to be executed with valgrind because there is a problem
# problem with "ifp" + client regristration in monitor
# There is not such problem in 1st test. Just in following tests.
command = {ifp_command} --uid 0 --gid 0 --debug-to-files
[domain/LDAP]
{schema_conf}
id_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
[application/app]
inherit_from = LDAP
""").format(**locals())
def format_basic_conf(ldap_conn, schema):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
if schema == SCHEMA_RFC2307_BIS:
schema_conf += "ldap_group_object_class = groupOfNames\n"
return unindent("""\
[sssd]
debug_level = 0xffff
domains = LDAP
services = nss, pam
[nss]
debug_level = 0xffff
memcache_timeout = 0
entry_negative_timeout = 1
[pam]
debug_level = 0xffff
[domain/LDAP]
ldap_auth_disable_tls_never_use_in_production = true
debug_level = 0xffff
{schema_conf}
id_provider = ldap
auth_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
""").format(**locals())
def create_sssd_conf_renewals(kcm_path,
ccache_storage,
renew_lifetime,
lifetime,
renew_interval,
max_secrets=MAX_SECRETS):
return unindent("""\
[sssd]
domains = files
services = nss
[domain/files]
id_provider = files
[kcm]
socket_path = {kcm_path}
ccache_storage = {ccache_storage}
tgt_renewal = true
krb5_renewable_lifetime = {renew_lifetime}
krb5_lifetime = {lifetime}
krb5_renew_interval = {renew_interval}
[secrets]
max_secrets = {max_secrets}
""").format(**locals())
def format_basic_conf(ldap_conn, schema):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
if schema == SCHEMA_RFC2307_BIS:
schema_conf += "ldap_group_object_class = groupOfNames\n"
iphost_search_base = "ou=Hosts," + ldap_conn.ds_inst.base_dn
ipnetwork_search_base = "ou=Networks," + ldap_conn.ds_inst.base_dn
return unindent("""\
[sssd]
debug_level = 0xffff
domains = LDAP
services = nss
[nss]
debug_level = 0xffff
memcache_timeout = 0
entry_negative_timeout = 1
[domain/LDAP]
ldap_auth_disable_tls_never_use_in_production = true
debug_level = 0xffff
{schema_conf}
id_provider = ldap
auth_provider = ldap
resolver_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
ldap_iphost_search_base = {iphost_search_base}
ldap_ipnetwork_search_base = {ipnetwork_search_base}
""").format(**locals())
def _format_kdc_conf(self):
database_path = self.kdc_basedir + "/principal"
key_stash = self.kdc_basedir + "/stash." + self.realm
kdc_logfile = "FILE:" + self.kdc_logdir + "/krb5kdc.log"
kadmin_logfile = "FILE:" + self.kdc_logdir + "/kadmin.log"
libkrb5_logfile = "FILE:" + self.kdc_logdir + "/libkrb5.log"
kdc_conf = unindent("""
[kdcdefaults]
kdc_ports = {self.kdc_port}
kdc_tcp_ports = {self.kdc_port}
[realms]
{self.realm} = {{
kadmind_port = {self.kadmin_port}
database_name = {database_path}
key_stash_file = {key_stash}
max_life = 7d
max_renewable_life = 14d
acl_file = {self.acl_file}
}}
[logging]
kdc = {kdc_logfile}
admin_server = {kadmin_logfile}
default = {libkrb5_logfile}
""").format(**locals())
return kdc_conf
def files_multiple_sources_nocreate(request):
"""
Sets up SSSD with multiple sources, but does not actually create
the files.
"""
alt_passwd_path = tempfile.mktemp(prefix='altpasswd')
request.addfinalizer(lambda: os.unlink(alt_passwd_path))
alt_group_path = tempfile.mktemp(prefix='altgroup')
request.addfinalizer(lambda: os.unlink(alt_group_path))
passwd_list = ",".join([os.environ["NSS_WRAPPER_PASSWD"], alt_passwd_path])
group_list = ",".join([os.environ["NSS_WRAPPER_GROUP"], alt_group_path])
conf = unindent("""\
[sssd]
domains = files
services = nss
[nss]
debug_level = 10
[domain/files]
id_provider = files
passwd_files = {passwd_list}
group_files = {group_list}
debug_level = 10
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return alt_passwd_path, alt_group_path
def format_basic_conf(ldap_conn, schema, config):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
schema_conf += "ldap_group_object_class = groupOfNames\n"
return unindent("""\
[sssd]
domains = LDAP
services = nss, ssh
[nss]
[ssh]
debug_level=10
ca_db = {config.PAM_CERT_DB_PATH}
[pam]
pam_cert_auth = True
[domain/LDAP]
{schema_conf}
id_provider = ldap
auth_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
ldap_sudo_use_host_filter = false
debug_level=10
ldap_user_certificate = userCertificate;binary
""").format(**locals())
def prepare_sssd(request,
ldap_conn,
use_fully_qualified_names=False,
case_sensitive=True):
"""Prepare SSSD with defaults"""
conf = unindent("""\
[sssd]
domains = LDAP
services = nss
[nss]
memcache_timeout = 1
[domain/LDAP]
ldap_auth_disable_tls_never_use_in_production = true
ldap_schema = rfc2307
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
use_fully_qualified_names = {use_fully_qualified_names}
case_sensitive = {case_sensitive}
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def teardown():
# remove user export file
try:
os.unlink(OVERRIDE_FILENAME)
except:
pass
request.addfinalizer(teardown)
def files_multiple_sources_nocreate(request):
"""
Sets up SSSD with multiple sources, but does not actually create
the files.
"""
alt_passwd_path = tempfile.mktemp(prefix='altpasswd')
request.addfinalizer(lambda: os.unlink(alt_passwd_path))
alt_group_path = tempfile.mktemp(prefix='altgroup')
request.addfinalizer(lambda: os.unlink(alt_group_path))
passwd_list = ",".join([os.environ["NSS_WRAPPER_PASSWD"], alt_passwd_path])
group_list = ",".join([os.environ["NSS_WRAPPER_GROUP"], alt_group_path])
conf = unindent("""\
[sssd]
domains = files
services = nss
[nss]
debug_level = 10
[domain/files]
id_provider = files
passwd_files = {passwd_list}
group_files = {group_list}
debug_level = 10
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return alt_passwd_path, alt_group_path
def prepare_sssd(request, ldap_conn, use_fully_qualified_names=False,
case_sensitive=True):
"""Prepare SSSD with defaults"""
conf = unindent("""\
[sssd]
domains = LDAP
services = nss
[nss]
memcache_timeout = 1
[domain/LDAP]
ldap_auth_disable_tls_never_use_in_production = true
ldap_schema = rfc2307
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
use_fully_qualified_names = {use_fully_qualified_names}
case_sensitive = {case_sensitive}
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def teardown():
# remove user export file
try:
os.unlink(OVERRIDE_FILENAME)
except:
pass
request.addfinalizer(teardown)
def files_multiple_sources(request):
_, alt_passwd_path = tempfile.mkstemp(prefix='altpasswd')
request.addfinalizer(lambda: os.unlink(alt_passwd_path))
alt_pwops = PasswdOps(alt_passwd_path)
_, alt_group_path = tempfile.mkstemp(prefix='altgroup')
request.addfinalizer(lambda: os.unlink(alt_group_path))
alt_grops = GroupOps(alt_group_path)
passwd_list = ",".join([os.environ["NSS_WRAPPER_PASSWD"], alt_passwd_path])
group_list = ",".join([os.environ["NSS_WRAPPER_GROUP"], alt_group_path])
conf = unindent("""\
[sssd]
domains = files
services = nss
[nss]
debug_level = 10
[domain/files]
id_provider = files
passwd_files = {passwd_list}
group_files = {group_list}
debug_level = 10
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return alt_pwops, alt_grops
def sanity_nss_filter_cached(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
ent_list.add_user("root", 1004, 2004)
ent_list.add_user("zerouid", 0, 0)
ent_list.add_group_bis("group1", 2001)
ent_list.add_group_bis("group2", 2002)
ent_list.add_group_bis("group3", 2003)
ent_list.add_group_bis("root", 2004)
ent_list.add_group_bis("zerogid", 0)
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
unindent("""
[nss]
filter_users = user2
filter_groups = group2
entry_negative_timeout = 1
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def mpg_setup(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
ent_list.add_group_bis("group1", 2001)
ent_list.add_group_bis("group2", 2002)
ent_list.add_group_bis("group3", 2003)
ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
create_ldap_entries(ldap_conn, ent_list)
create_ldap_cleanup(request, ldap_conn, None)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
unindent("""
[domain/LDAP]
auto_private_groups = True
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def format_basic_conf(ldap_conn, schema, config):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
if schema == SCHEMA_RFC2307_BIS:
schema_conf += "ldap_group_object_class = groupOfNames\n"
return unindent("""\
[sssd]
debug_level = 0xffff
domains = LDAP, app
services = nss, ifp
enable_files_domain = false
[nss]
memcache_timeout = 0
[ifp]
debug_level = 0xffff
user_attributes = +extraName
ca_db = {config.PAM_CERT_DB_PATH}
[domain/LDAP]
{schema_conf}
id_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
ldap_user_extra_attrs = extraName:uid
ldap_user_certificate = userCert
[application/app]
inherit_from = LDAP
""").format(**locals())
def files_multiple_sources(request):
_, alt_passwd_path = tempfile.mkstemp(prefix='altpasswd')
request.addfinalizer(lambda: os.unlink(alt_passwd_path))
alt_pwops = PasswdOps(alt_passwd_path)
_, alt_group_path = tempfile.mkstemp(prefix='altgroup')
request.addfinalizer(lambda: os.unlink(alt_group_path))
alt_grops = GroupOps(alt_group_path)
passwd_list = ",".join([os.environ["NSS_WRAPPER_PASSWD"], alt_passwd_path])
group_list = ",".join([os.environ["NSS_WRAPPER_GROUP"], alt_group_path])
conf = unindent("""\
[sssd]
domains = files
services = nss
[nss]
debug_level = 10
[domain/files]
id_provider = files
passwd_files = {passwd_list}
group_files = {group_list}
debug_level = 10
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return alt_pwops, alt_grops
def disable_memcache_rfc2307(request, ldap_conn):
load_data_to_ldap(request, ldap_conn)
conf = unindent("""\
[sssd]
domains = LDAP
services = nss
[nss]
memcache_size_group = 0
memcache_size_passwd = 0
memcache_size_initgroups = 0
[domain/LDAP]
ldap_auth_disable_tls_never_use_in_production = true
ldap_schema = rfc2307
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def zero_nesting_sssd_conf(ldap_conn, schema):
"""Format an SSSD configuration with group nesting disabled"""
return \
format_basic_conf(ldap_conn, schema) + \
unindent("""
[domain/LDAP]
ldap_group_nesting_level = 0
""").format(INTERACTIVE_TIMEOUT)
def format_certificate_conf(ldap_conn, schema, config):
"""Format an SSSD configuration with all caches refreshing in 4 seconds"""
return \
format_basic_conf(ldap_conn, schema, config) + \
unindent("""
[certmap/LDAP/user1]
matchrule = <SUBJECT>.*CN = SSSD test cert 0001.*
""").format(**locals())
def no_sssd_domain(request):
conf = unindent("""\
[sssd]
services = nss
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def zero_nesting_sssd_conf(ldap_conn, schema):
"""Format an SSSD configuration with group nesting disabled"""
return \
format_basic_conf(ldap_conn, schema) + \
unindent("""
[domain/LDAP]
ldap_group_nesting_level = 0
""").format(INTERACTIVE_TIMEOUT)
def no_sssd_domain(request):
conf = unindent("""\
[sssd]
services = nss
enable_files_domain = true
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def conf_snippets_only(request):
snip = unindent("""\
[sssd]
services = nss, pam, ssh
[nss]
[pam]
[ssh]
""")
create_conf_fixture(request, None, snip)
return None
def files_domain_only(request):
conf = unindent("""\
[sssd]
domains = files
services = nss
[domain/files]
id_provider = files
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def no_files_domain(request):
conf = unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def all(request, ldap_conn, users_and_groups):
"""
Fixture with scope "all".
"""
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[session_recording]
scope = all
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def some_empty(request, ldap_conn, users_and_groups):
"""
Fixture with scope "some", but no users or groups listed.
"""
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[session_recording]
scope = some
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def files_domain_only(request):
conf = unindent("""\
[sssd]
domains = files
services = nss
[domain/files]
id_provider = files
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def setup_for_cli_timeout_test(request):
"""
Same as the generic setup, except a short client_idle_timeout so that
the test_cli_idle_timeout() test closes the fd towards the client.
"""
conf = generate_sec_config() + \
unindent("""
client_idle_timeout = 10
""").format()
create_conf_fixture(request, conf)
return create_sssd_secrets_fixture(request)
def files_domain_only(request):
conf = unindent("""\
[sssd]
services = nss, pac
enable_files_domain = true
[nss]
memcache_timeout = 0
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def setup_for_cli_timeout_test(request):
"""
Same as the generic setup, except a short client_idle_timeout so that
the test_cli_idle_timeout() test closes the fd towards the client.
"""
conf = generate_sec_config() + \
unindent("""
client_idle_timeout = 10
""").format()
create_conf_fixture(request, conf)
return create_sssd_secrets_fixture(request)
def generate_sec_config():
return unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
[secrets]
max_secrets = 10
max_payload_size = 2
""")
def some_groups4(request, ldap_conn, users_and_groups):
"""
Fixture with scope "some", specifying two primary groups.
"""
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[session_recording]
scope = some
groups = group1, group3
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def format_rfc2307bis_deref_conf(ldap_conn, schema):
"""Format an SSSD configuration with all caches refreshing in 4 seconds"""
return \
format_basic_conf(ldap_conn, schema) + \
unindent("""
[nss]
memcache_timeout = 0
entry_negative_timeout = 0
[domain/LDAP]
entry_cache_timeout = {0}
ldap_deref_threshold = 1
""").format(INTERACTIVE_TIMEOUT)
def domain_resolution_order(request):
conf = unindent("""\
[sssd]
domains = files
services = nss
domain_resolution_order = foo
[domain/files]
id_provider = files
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def disabled_files_domain(request):
conf = unindent("""\
[sssd]
domains = local
services = nss
enable_files_domain = false
[domain/local]
id_provider = local
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def create_sssd_conf(kcm_path, ccache_storage):
return unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
[kcm]
socket_path = {kcm_path}
ccache_storage = {ccache_storage}
""").format(**locals())
def domain_resolution_order(request):
conf = unindent("""\
[sssd]
domains = files
services = nss
domain_resolution_order = foo
[domain/files]
id_provider = files
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def no_files_domain(request):
conf = unindent("""\
[sssd]
services = nss
enable_files_domain = true
[domain/disabled.files]
id_provider = files
fallback_to_nss = False
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def setup_for_resp_timeout_test(request):
"""
Same as the generic setup, except a short responder_idle_timeout
so that the test_responder_idle_timeout() test verifies that the
responder has been shot down.
"""
conf = generate_sec_config() + \
unindent("""
responder_idle_timeout = 60
""").format()
create_conf_fixture(request, conf)
return create_sssd_secrets_fixture(request, False)
def generate_sec_config():
return unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
[secrets]
max_secrets = 10
max_payload_size = 2
""")
def format_interactive_conf(ldap_conn, schema):
"""Format an SSSD configuration with all caches refreshing in 4 seconds"""
return \
format_basic_conf(ldap_conn, schema) + \
unindent("""
[nss]
memcache_timeout = 0
entry_negative_timeout = 0
[domain/LDAP]
ldap_purge_cache_timeout = 1
entry_cache_timeout = {0}
""").format(INTERACTIVE_TIMEOUT)
def setup_for_resp_timeout_test(request):
"""
Same as the generic setup, except a short responder_idle_timeout
so that the test_responder_idle_timeout() test verifies that the
responder has been shot down.
"""
conf = generate_sec_config() + \
unindent("""
responder_idle_timeout = 60
""").format()
create_conf_fixture(request, conf)
return create_sssd_secrets_fixture(request, False)
def format_interactive_conf(ldap_conn, schema):
"""Format an SSSD configuration with all caches refreshing in 4 seconds"""
return \
format_basic_conf(ldap_conn, schema) + \
unindent("""
[nss]
memcache_timeout = 0
entry_negative_timeout = 0
[domain/LDAP]
ldap_purge_cache_timeout = 1
entry_cache_timeout = {0}
""").format(INTERACTIVE_TIMEOUT)
def format_rfc2307bis_deref_conf(ldap_conn, schema):
"""Format an SSSD configuration with all caches refreshing in 4 seconds"""
return \
format_basic_conf(ldap_conn, schema) + \
unindent("""
[nss]
memcache_timeout = 0
entry_negative_timeout = 0
[domain/LDAP]
entry_cache_timeout = {0}
ldap_deref_threshold = 1
""").format(INTERACTIVE_TIMEOUT)
def common_setup_for_kcm_mem(request, kdc_instance, kcm_path, sssd_conf):
kcm_socket_include = unindent("""
[libdefaults]
default_ccache_name = KCM:
kcm_socket = {kcm_path}
""").format(**locals())
kdc_instance.add_config({'kcm_socket': kcm_socket_include})
create_conf_fixture(request, sssd_conf)
create_sssd_kcm_fixture(kcm_path, request)
k5util = krb5utils.Krb5Utils(kdc_instance.krb5_conf_path)
return KcmTestEnv(kdc_instance, k5util)
def extra_attributes(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user", 2001, 2000)
ent_list.add_group("group", 2000)
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[domain/LDAP]
ldap_user_extra_attrs = mail, name:uid, givenName
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def create_sssd_conf(kcm_path, ccache_storage, max_secrets=MAX_SECRETS):
return unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
[kcm]
socket_path = {kcm_path}
ccache_storage = {ccache_storage}
[secrets]
max_secrets = {max_secrets}
""").format(**locals())
def fallback_homedir(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user_with_homedir_A", 1001, 2001,
homeDirectory="/home/A")
ent_list.add_user("user_with_homedir_B", 1002, 2002,
homeDirectory="/home/B")
ent_list.add_user("user_with_empty_homedir", 1003, 2003,
homeDirectory="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
fallback_homedir = /home/B
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def setup_for_global_quota(request):
conf = unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
[secrets]
max_secrets = 10
max_payload_size = 2
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_secrets_fixture(request)
return None
def proxy_to_files_domain_only(request):
conf = unindent("""\
[sssd]
domains = proxy, local
services = nss
[domain/local]
id_provider = local
[domain/proxy]
id_provider = proxy
proxy_lib_name = files
auth_provider = none
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def override_shell(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user_with_shell_A", 1001, 2001,
loginShell="/bin/A")
ent_list.add_user("user_with_shell_B", 1002, 2002,
loginShell="/bin/B")
ent_list.add_user("user_with_empty_shell", 1003, 2003,
loginShell="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
override_shell = /bin/B
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def as_xml(self):
tmpl = util.unindent('''
<parameter>
<name>%s</name>
<value>%e</value>
<confidenceinterval>
<interval>68</interval>
<low>%e</low>
<high>%e</high>
<low_unclear>%i</low_unclear>
<high_unclear>%i</high_unclear>
</confidenceinterval>
</parameter>
''')
return tmpl % (self.paramname.title(), self.best,
self.percentile16, self.percentile84,
self.percentile16_warn, self.percentile84_warn)
def local_domain_only(request):
conf = unindent("""\
[sssd]
domains = LOCAL
services = nss
[nss]
memcache_timeout = 0
[domain/LOCAL]
id_provider = local
min_id = 10000
max_id = 20000
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def override_homedir_and_shell(request):
conf = unindent("""\
[sssd]
domains = files
services = nss
[domain/files]
id_provider = files
override_homedir = /test/bar
override_shell = /bin/bar
[nss]
override_homedir = /test/foo
override_shell = /bin/foo
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def shell_fallback(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user_with_sh_shell", 1001, 2001,
loginShell="/bin/sh")
ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
loginShell="/bin/not_installed")
ent_list.add_user("user_with_empty_shell", 1003, 2003,
loginShell="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
shell_fallback = /bin/fallback
allowed_shells = /bin/not_installed
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def format_basic_conf(ldap_conn, schema):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
schema_conf += "ldap_group_object_class = groupOfNames\n"
return unindent("""\
[sssd]
domains = LDAP
services = nss
disable_netlink = true
[domain/LDAP]
{schema_conf}
id_provider = ldap
auth_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
ldap_netgroup_search_base = ou=Netgroups,{ldap_conn.ds_inst.base_dn}
""").format(**locals())
def setup_for_uid_limit(request):
conf = unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
[secrets]
[secrets/secrets]
max_secrets = 10
max_uid_secrets = 5
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_secrets_fixture(request)
return None
def setup_for_secrets(request):
"""
Just set up the local provider for tests and enable the secrets
responder
"""
conf = unindent("""\
[sssd]
domains = local
services = nss
[domain/local]
id_provider = local
[secrets]
max_secrets = 10
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_secrets_fixture(request)
return None
def refresh_after_cleanup_task(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_group_bis("group1", 2001, ["user1"])
ent_list.add_group_bis("group2", 2002, [], ["group1"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
unindent("""
[domain/LDAP]
entry_cache_user_timeout = 1
entry_cache_group_timeout = 5000
ldap_purge_cache_timeout = 3
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None