def test_uid_zero_does_not_resolve(files_domain_only):
"""
SSSD currently does not resolve the UID 0 even though it can
be resolved through the NSS interface
"""
nss_root = pwd.getpwuid(0)
assert nss_root is not None
res, _ = call_sssd_getpwuid(0)
assert res == NssReturnCode.NOTFOUND
def test_uid_zero_does_not_resolve(files_domain_only):
"""
SSSD currently does not resolve the UID 0 even though it can
be resolved through the NSS interface
"""
nss_root = pwd.getpwuid(0)
assert nss_root is not None
res, _ = call_sssd_getpwuid(0)
assert res == NssReturnCode.NOTFOUND
def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
dir='/home/user1',
shell='/bin/bash'),
dict(name='user3',
passwd='*',
uid=1003,
gid=2003,
gecos='1003',
dir='/home/user3',
shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
# test filtered user
with pytest.raises(KeyError):
pwd.getpwuid(1002)
time.sleep(2)
with pytest.raises(KeyError):
pwd.getpwuid(1002)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
])
ent.assert_each_group_by_name(group_pattern)
# test filtered group
with pytest.raises(KeyError):
grp.getgrgid(2002)
time.sleep(2)
with pytest.raises(KeyError):
grp.getgrgid(2002)
# test that root is always filtered even if filter_users contains other
# entries. This is a regression test for upstream ticket #3460
res, _ = call_sssd_getpwnam("root")
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getgrnam("root")
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getpwuid(0)
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getgrgid(0)
assert res == NssReturnCode.NOTFOUND
def test_files_with_default_domain_suffix(add_user_with_canary,
default_domain_suffix):
"""
Test that when using domain_resolution_order the user won't be using
its fully-qualified name.
"""
ret = poll_canary(call_sssd_getpwuid, CANARY["uid"])
if ret is False:
return NssReturnCode.NOTFOUND, None
res, found_user = call_sssd_getpwuid(USER1["uid"])
assert res == NssReturnCode.SUCCESS
assert found_user == USER1
def test_getpwuid_neg(files_domain_only):
"""
Test that a nonexistent user cannot be resolved by UID
"""
res, _ = call_sssd_getpwuid(12345)
assert res == NssReturnCode.NOTFOUND
def sssd_getpwuid_sync(uid):
ret = poll_canary(call_sssd_getpwnam, CANARY["name"])
if ret is False:
return NssReturnCode.NOTFOUND, None
return call_sssd_getpwuid(uid)
def test_getpwuid_neg(files_domain_only):
"""
Test that a nonexistent user cannot be resolved by UID
"""
res, _ = call_sssd_getpwuid(12345)
assert res == NssReturnCode.NOTFOUND
def sssd_getpwuid_sync(uid):
ret = poll_canary(call_sssd_getpwnam, CANARY["name"])
if ret is False:
return NssReturnCode.NOTFOUND, None
return call_sssd_getpwuid(uid)