def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
# test filtered user
with pytest.raises(KeyError):
pwd.getpwuid(1002)
time.sleep(2)
with pytest.raises(KeyError):
pwd.getpwuid(1002)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
])
ent.assert_each_group_by_name(group_pattern)
# test filtered group
with pytest.raises(KeyError):
grp.getgrgid(2002)
time.sleep(2)
with pytest.raises(KeyError):
grp.getgrgid(2002)
def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
dir='/home/user2', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
dict(name='empty_group', passwd='*', gid=2010,
mem=ent.contains_only()),
dict(name='two_user_group', passwd='*', gid=2012,
mem=ent.contains_only("user1", "user2"))
])
ent.assert_each_group_by_name(group_pattern)
with pytest.raises(KeyError):
pwd.getpwnam("non_existent_user")
with pytest.raises(KeyError):
pwd.getpwuid(1)
with pytest.raises(KeyError):
grp.getgrnam("non_existent_group")
with pytest.raises(KeyError):
grp.getgrgid(1)
def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
dir='/home/user2', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
dict(name='empty_group', passwd='*', gid=2010,
mem=ent.contains_only()),
dict(name='two_user_group', passwd='*', gid=2012,
mem=ent.contains_only("user1", "user2"))
])
ent.assert_each_group_by_name(group_pattern)
with pytest.raises(KeyError):
pwd.getpwnam("non_existent_user")
with pytest.raises(KeyError):
pwd.getpwuid(1)
with pytest.raises(KeyError):
grp.getgrnam("non_existent_group")
with pytest.raises(KeyError):
grp.getgrgid(1)
def test_fallback_homedir(fallback_homedir):
"""Test the effect of the "fallback_homedir" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_homedir_A", uid=1001, dir="/home/A"),
dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_override_shell(override_shell):
"""Test the effect of the "override_shell" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_shell_A", uid=1001, shell="/bin/B"),
dict(name="user_with_shell_B", uid=1002, shell="/bin/B"),
dict(name="user_with_empty_shell", uid=1003, shell="/bin/B")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_fallback_homedir(fallback_homedir):
"""Test the effect of the "fallback_homedir" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_homedir_A", uid=1001, dir="/home/A"),
dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_override_shell(override_shell):
"""Test the effect of the "override_shell" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_shell_A", uid=1001, shell="/bin/B"),
dict(name="user_with_shell_B", uid=1002, shell="/bin/B"),
dict(name="user_with_empty_shell", uid=1003, shell="/bin/B")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_some_groups3_nam(some_groups3):
"""Test "some" scope with group list and getpwnam"""
ent.assert_each_passwd_by_name(dict(
user1=dict(name="user1", uid=1001, shell="/bin/sh1"),
user2=dict(name="user2", uid=1002, shell="/bin/sh2"),
user3=dict(name="user3", uid=1003, shell="/bin/sh3"),
user4=dict(name="user4", uid=1004,
shell=config.SESSION_RECORDING_SHELL),
))
def test_vetoed_shells(vetoed_shells):
"""Test the effect of the "vetoed_shells" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
dict(name="user_with_vetoed_shell", uid=1002, shell="/bin/fallback"),
dict(name="user_with_empty_shell", uid=1003, shell="/bin/default")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_shell_fallback(shell_fallback):
"""Test the effect of the "shell_fallback" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
dict(name="user_with_not_installed_shell", uid=1002,
shell="/bin/fallback"),
dict(name="user_with_empty_shell", uid=1003, shell="")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_shell_fallback(shell_fallback):
"""Test the effect of the "shell_fallback" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
dict(name="user_with_not_installed_shell", uid=1002,
shell="/bin/fallback"),
dict(name="user_with_empty_shell", uid=1003, shell="")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_nss_filters(ldap_conn, sanity_nss_filter):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
# test filtered user
ent.assert_each_passwd_by_name(passwd_pattern)
with pytest.raises(KeyError):
pwd.getpwnam("user2")
with pytest.raises(KeyError):
pwd.getpwuid(1002)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
dict(name='empty_group1', passwd='*', gid=2010,
mem=ent.contains_only()),
dict(name='empty_group2', passwd='*', gid=2011,
mem=ent.contains_only()),
dict(name='two_user_group', passwd='*', gid=2012,
mem=ent.contains_only("user1")),
dict(name='group_empty_group', passwd='*', gid=2013,
mem=ent.contains_only()),
dict(name='group_two_empty_groups', passwd='*', gid=2014,
mem=ent.contains_only()),
dict(name='one_user_group1', passwd='*', gid=2015,
mem=ent.contains_only("user1")),
dict(name='one_user_group2', passwd='*', gid=2016,
mem=ent.contains_only()),
dict(name='group_one_user_group', passwd='*', gid=2017,
mem=ent.contains_only("user1")),
dict(name='group_two_user_group', passwd='*', gid=2018,
mem=ent.contains_only("user1")),
])
# test filtered group
ent.assert_each_group_by_name(group_pattern)
with pytest.raises(KeyError):
grp.getgrnam("group_two_one_user_groups")
with pytest.raises(KeyError):
grp.getgrgid(2019)
# test non-existing user/group
with pytest.raises(KeyError):
pwd.getpwnam("non_existent_user")
with pytest.raises(KeyError):
pwd.getpwuid(9)
with pytest.raises(KeyError):
grp.getgrnam("non_existent_group")
with pytest.raises(KeyError):
grp.getgrgid(14)
def test_some_groups3_nam(some_groups3):
"""Test "some" scope with group list and getpwnam"""
ent.assert_each_passwd_by_name(
dict(
user1=dict(name="user1", uid=1001, shell="/bin/sh1"),
user2=dict(name="user2", uid=1002, shell="/bin/sh2"),
user3=dict(name="user3", uid=1003, shell="/bin/sh3"),
user4=dict(name="user4",
uid=1004,
shell=config.SESSION_RECORDING_SHELL),
))
def test_vetoed_shells(vetoed_shells):
"""Test the effect of the "vetoed_shells" option"""
passwd_pattern = expected_list_to_name_dict([
dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
dict(name="user_with_vetoed_shell", uid=1002,
shell="/bin/fallback"),
dict(name="user_with_empty_shell", uid=1003,
shell="/bin/default")
])
ent.assert_each_passwd_by_name(passwd_pattern)
def test_all_exclude_groups_nam(all_exclude_groups):
"""Test "all" scope with exclude groups list and getpwnam"""
ent.assert_each_passwd_by_name(
dict(
user1=dict(name="user1", uid=1001, shell="/bin/sh1"),
user2=dict(name="user2", uid=1002, shell="/bin/sh2"),
user3=dict(name="user3", uid=1003, shell="/bin/sh3"),
user4=dict(name="user4",
uid=1004,
shell=config.SESSION_RECORDING_SHELL),
))
def test_some_groups_overridden4_nam(some_groups_overridden3):
"""
Test "some" scope with group list containing some
overridden group, and users requested with getpwnam.
"""
ent.assert_each_passwd_by_name(dict(
user1=dict(name="user1", uid=1001,
shell=config.SESSION_RECORDING_SHELL),
user2=dict(name="user2", uid=1002, shell="/bin/sh2"),
user3=dict(name="user3", uid=1003, shell="/bin/sh3"),
user4=dict(name="user4", uid=1004, shell="/bin/sh4"),
))
def test_all_nam(all):
"""Test "all" scope with getpwnam"""
ent.assert_each_passwd_by_name(dict(
user1=dict(name="user1", uid=1001,
shell=config.SESSION_RECORDING_SHELL),
user2=dict(name="user2", uid=1002,
shell=config.SESSION_RECORDING_SHELL),
user3=dict(name="user3", uid=1003,
shell=config.SESSION_RECORDING_SHELL),
user4=dict(name="user4", uid=1004,
shell=config.SESSION_RECORDING_SHELL),
))
def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
dir='/home/user1',
shell='/bin/bash'),
dict(name='user3',
passwd='*',
uid=1003,
gid=2003,
gecos='1003',
dir='/home/user3',
shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
# test filtered user
with pytest.raises(KeyError):
pwd.getpwuid(1002)
time.sleep(2)
with pytest.raises(KeyError):
pwd.getpwuid(1002)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
])
ent.assert_each_group_by_name(group_pattern)
# test filtered group
with pytest.raises(KeyError):
grp.getgrgid(2002)
time.sleep(2)
with pytest.raises(KeyError):
grp.getgrgid(2002)
# test that root is always filtered even if filter_users contains other
# entries. This is a regression test for upstream ticket #3460
res, _ = call_sssd_getpwnam("root")
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getgrnam("root")
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getpwuid(0)
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getgrgid(0)
assert res == NssReturnCode.NOTFOUND
def test_some_groups_overridden4_nam(some_groups_overridden3):
"""
Test "some" scope with group list containing some
overridden group, and users requested with getpwnam.
"""
ent.assert_each_passwd_by_name(
dict(
user1=dict(name="user1",
uid=1001,
shell=config.SESSION_RECORDING_SHELL),
user2=dict(name="user2", uid=1002, shell="/bin/sh2"),
user3=dict(name="user3", uid=1003, shell="/bin/sh3"),
user4=dict(name="user4", uid=1004, shell="/bin/sh4"),
))
def test_assert_each_passwd_by_name(users_and_groups):
ent.assert_each_passwd_by_name({})
ent.assert_each_passwd_by_name(dict(user1=USER1))
ent.assert_each_passwd_by_name(USER_NAME_DICT)
try:
ent.assert_each_passwd_by_name(dict(user3={}))
assert False
except AssertionError as e:
assert str(e) == "'getpwnam(): name not found: user3'"
try:
ent.assert_each_passwd_by_name(dict(user1=dict(name="user2")))
assert False
except AssertionError as e:
assert str(e) == \
"user 'user1' mismatch: 'name' mismatch: 'user2' != 'user1'"
def test_assert_each_passwd_by_name(users_and_groups):
ent.assert_each_passwd_by_name({})
ent.assert_each_passwd_by_name(dict(user1=USER1))
ent.assert_each_passwd_by_name(USER_NAME_DICT)
try:
ent.assert_each_passwd_by_name(dict(user3={}))
assert False
except AssertionError as e:
assert str(e) == "'getpwnam(): name not found: user3'"
try:
ent.assert_each_passwd_by_name(dict(user1=dict(name="user2")))
assert False
except AssertionError as e:
assert str(e) == \
"user 'user1' mismatch: 'name' mismatch: 'user2' != 'user1'"
def test_assert_each_passwd_by_name(users_and_groups):
ent.assert_each_passwd_by_name({})
ent.assert_each_passwd_by_name(dict(user1=USER1))
ent.assert_each_passwd_by_name(USER_NAME_DICT)
try:
ent.assert_each_passwd_by_name(dict(user3={}))
assert False
except AssertionError, e:
assert str(e) == "'getpwnam(): name not found: user3'"
def test_assert_each_passwd_by_name(users_and_groups):
ent.assert_each_passwd_by_name({})
ent.assert_each_passwd_by_name(dict(user1=USER1))
ent.assert_each_passwd_by_name(USER_NAME_DICT)
try:
ent.assert_each_passwd_by_name(dict(user3={}))
assert False
except AssertionError, e:
assert str(e) == "'getpwnam(): name not found: user3'"
def test_all_nam(all):
"""Test "all" scope with getpwnam"""
ent.assert_each_passwd_by_name(
dict(
user1=dict(name="user1",
uid=1001,
shell=config.SESSION_RECORDING_SHELL),
user2=dict(name="user2",
uid=1002,
shell=config.SESSION_RECORDING_SHELL),
user3=dict(name="user3",
uid=1003,
shell=config.SESSION_RECORDING_SHELL),
user4=dict(name="user4",
uid=1004,
shell=config.SESSION_RECORDING_SHELL),
))
except AssertionError, e:
assert re.search("expected users not found:", str(e))
assert not re.search("unexpected users found:", str(e))
def test_assert_each_passwd_by_name(users_and_groups):
ent.assert_each_passwd_by_name({})
ent.assert_each_passwd_by_name(dict(user1=USER1))
ent.assert_each_passwd_by_name(USER_NAME_DICT)
try:
ent.assert_each_passwd_by_name(dict(user3={}))
assert False
except AssertionError, e:
assert str(e) == "'getpwnam(): name not found: user3'"
try:
ent.assert_each_passwd_by_name(dict(user1=dict(name="user2")))
assert False
except AssertionError, e:
assert str(e) == \
"user 'user1' mismatch: 'name' mismatch: 'user2' != 'user1'"
def test_assert_each_passwd_by_uid(users_and_groups):
ent.assert_each_passwd_by_uid({})
ent.assert_each_passwd_by_uid({1001: USER1})
ent.assert_each_passwd_by_uid(USER_UID_DICT)
try:
ent.assert_each_passwd_by_uid({1003: {}})
assert False
except AssertionError, e:
assert str(e) == "'getpwuid(): uid not found: 1003'"
assert False
except AssertionError, e:
assert re.search("expected users not found:", str(e))
assert not re.search("unexpected users found:", str(e))
def test_assert_each_passwd_by_name(users_and_groups):
ent.assert_each_passwd_by_name({})
ent.assert_each_passwd_by_name(dict(user1=USER1))
ent.assert_each_passwd_by_name(USER_NAME_DICT)
try:
ent.assert_each_passwd_by_name(dict(user3={}))
assert False
except AssertionError, e:
assert str(e) == "'getpwnam(): name not found: user3'"
try:
ent.assert_each_passwd_by_name(dict(user1=dict(name="user2")))
assert False
except AssertionError, e:
assert str(e) == \
"user 'user1' mismatch: 'name' mismatch: 'user2' != 'user1'"
def test_assert_each_passwd_by_uid(users_and_groups):
ent.assert_each_passwd_by_uid({})
ent.assert_each_passwd_by_uid({1001:USER1})
ent.assert_each_passwd_by_uid(USER_UID_DICT)
try:
ent.assert_each_passwd_by_uid({1003:{}})
assert False
except AssertionError, e:
assert str(e) == "'getpwuid(): uid not found: 1003'"
try:
