def test_sanity_rfc2307(ldap_conn, sanity_rfc2307): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002', dir='/home/user2', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) ent.assert_each_passwd_by_name(passwd_pattern) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), dict(name='empty_group', passwd='*', gid=2010, mem=ent.contains_only()), dict(name='two_user_group', passwd='*', gid=2012, mem=ent.contains_only("user1", "user2")) ]) ent.assert_each_group_by_name(group_pattern) with pytest.raises(KeyError): pwd.getpwnam("non_existent_user") with pytest.raises(KeyError): pwd.getpwuid(1) with pytest.raises(KeyError): grp.getgrnam("non_existent_group") with pytest.raises(KeyError): grp.getgrgid(1)
def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) ent.assert_each_passwd_by_name(passwd_pattern) # test filtered user with pytest.raises(KeyError): pwd.getpwuid(1002) time.sleep(2) with pytest.raises(KeyError): pwd.getpwuid(1002) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), ]) ent.assert_each_group_by_name(group_pattern) # test filtered group with pytest.raises(KeyError): grp.getgrgid(2002) time.sleep(2) with pytest.raises(KeyError): grp.getgrgid(2002)
def test_nss_filters(ldap_conn, sanity_nss_filter): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) # test filtered user ent.assert_each_passwd_by_name(passwd_pattern) with pytest.raises(KeyError): pwd.getpwnam("user2") with pytest.raises(KeyError): pwd.getpwuid(1002) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), dict(name='empty_group1', passwd='*', gid=2010, mem=ent.contains_only()), dict(name='empty_group2', passwd='*', gid=2011, mem=ent.contains_only()), dict(name='two_user_group', passwd='*', gid=2012, mem=ent.contains_only("user1")), dict(name='group_empty_group', passwd='*', gid=2013, mem=ent.contains_only()), dict(name='group_two_empty_groups', passwd='*', gid=2014, mem=ent.contains_only()), dict(name='one_user_group1', passwd='*', gid=2015, mem=ent.contains_only("user1")), dict(name='one_user_group2', passwd='*', gid=2016, mem=ent.contains_only()), dict(name='group_one_user_group', passwd='*', gid=2017, mem=ent.contains_only("user1")), dict(name='group_two_user_group', passwd='*', gid=2018, mem=ent.contains_only("user1")), ]) # test filtered group ent.assert_each_group_by_name(group_pattern) with pytest.raises(KeyError): grp.getgrnam("group_two_one_user_groups") with pytest.raises(KeyError): grp.getgrgid(2019) # test non-existing user/group with pytest.raises(KeyError): pwd.getpwnam("non_existent_user") with pytest.raises(KeyError): pwd.getpwuid(9) with pytest.raises(KeyError): grp.getgrnam("non_existent_group") with pytest.raises(KeyError): grp.getgrgid(14)
def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) ent.assert_each_passwd_by_name(passwd_pattern) # test filtered user with pytest.raises(KeyError): pwd.getpwuid(1002) time.sleep(2) with pytest.raises(KeyError): pwd.getpwuid(1002) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), ]) ent.assert_each_group_by_name(group_pattern) # test filtered group with pytest.raises(KeyError): grp.getgrgid(2002) time.sleep(2) with pytest.raises(KeyError): grp.getgrgid(2002) # test that root is always filtered even if filter_users contains other # entries. This is a regression test for upstream ticket #3460 res, _ = call_sssd_getpwnam("root") assert res == NssReturnCode.NOTFOUND res, _ = call_sssd_getgrnam("root") assert res == NssReturnCode.NOTFOUND res, _ = call_sssd_getpwuid(0) assert res == NssReturnCode.NOTFOUND res, _ = call_sssd_getgrgid(0) assert res == NssReturnCode.NOTFOUND
def test_assert_each_group_by_name(users_and_groups): ent.assert_each_group_by_name({}) ent.assert_each_group_by_name(dict(group1=GROUP1)) ent.assert_each_group_by_name(GROUP_NAME_DICT) try: ent.assert_each_group_by_name(dict(group3={})) assert False except AssertionError as e: assert str(e) == "'getgrnam(): name not found: group3'" try: ent.assert_each_group_by_name(dict(group1=dict(name="group2"))) assert False except AssertionError as e: assert str(e) == "group 'group1' mismatch: " + \ "'name' mismatch: 'group2' != 'group1'"
def test_assert_each_group_by_name(users_and_groups): ent.assert_each_group_by_name({}) ent.assert_each_group_by_name(dict(group1=GROUP1)) ent.assert_each_group_by_name(GROUP_NAME_DICT) try: ent.assert_each_group_by_name(dict(group3={})) assert False except AssertionError, e: assert str(e) == "'getgrnam(): name not found: group3'"
assert False except AssertionError, e: assert re.search("expected groups not found:", str(e)) assert not re.search("unexpected groups found:", str(e)) def test_assert_each_group_by_name(users_and_groups): ent.assert_each_group_by_name({}) ent.assert_each_group_by_name(dict(group1=GROUP1)) ent.assert_each_group_by_name(GROUP_NAME_DICT) try: ent.assert_each_group_by_name(dict(group3={})) assert False except AssertionError, e: assert str(e) == "'getgrnam(): name not found: group3'" try: ent.assert_each_group_by_name(dict(group1=dict(name="group2"))) assert False except AssertionError, e: assert str(e) == "group 'group1' mismatch: " + \ "'name' mismatch: 'group2' != 'group1'" def test_assert_each_group_by_gid(users_and_groups): ent.assert_each_group_by_gid({}) ent.assert_each_group_by_gid({2001:GROUP1}) ent.assert_each_group_by_gid(GROUP_GID_DICT) try: ent.assert_each_group_by_gid({2003:{}}) assert False except AssertionError, e: assert str(e) == "'getgrgid(): gid not found: 2003'" try:
except AssertionError, e: assert re.search("expected groups not found:", str(e)) assert not re.search("unexpected groups found:", str(e)) def test_assert_each_group_by_name(users_and_groups): ent.assert_each_group_by_name({}) ent.assert_each_group_by_name(dict(group1=GROUP1)) ent.assert_each_group_by_name(GROUP_NAME_DICT) try: ent.assert_each_group_by_name(dict(group3={})) assert False except AssertionError, e: assert str(e) == "'getgrnam(): name not found: group3'" try: ent.assert_each_group_by_name(dict(group1=dict(name="group2"))) assert False except AssertionError, e: assert str(e) == "group 'group1' mismatch: " + \ "'name' mismatch: 'group2' != 'group1'" def test_assert_each_group_by_gid(users_and_groups): ent.assert_each_group_by_gid({}) ent.assert_each_group_by_gid({2001: GROUP1}) ent.assert_each_group_by_gid(GROUP_GID_DICT) try: ent.assert_each_group_by_gid({2003: {}}) assert False except AssertionError, e: assert str(e) == "'getgrgid(): gid not found: 2003'"