def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) ent.assert_each_passwd_by_name(passwd_pattern) # test filtered user with pytest.raises(KeyError): pwd.getpwuid(1002) time.sleep(2) with pytest.raises(KeyError): pwd.getpwuid(1002) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), ]) ent.assert_each_group_by_name(group_pattern) # test filtered group with pytest.raises(KeyError): grp.getgrgid(2002) time.sleep(2) with pytest.raises(KeyError): grp.getgrgid(2002)
def test_sanity_rfc2307(ldap_conn, sanity_rfc2307): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002', dir='/home/user2', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) ent.assert_each_passwd_by_name(passwd_pattern) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), dict(name='empty_group', passwd='*', gid=2010, mem=ent.contains_only()), dict(name='two_user_group', passwd='*', gid=2012, mem=ent.contains_only("user1", "user2")) ]) ent.assert_each_group_by_name(group_pattern) with pytest.raises(KeyError): pwd.getpwnam("non_existent_user") with pytest.raises(KeyError): pwd.getpwuid(1) with pytest.raises(KeyError): grp.getgrnam("non_existent_group") with pytest.raises(KeyError): grp.getgrgid(1)
def test_fallback_homedir(fallback_homedir): """Test the effect of the "fallback_homedir" option""" passwd_pattern = expected_list_to_name_dict([ dict(name="user_with_homedir_A", uid=1001, dir="/home/A"), dict(name="user_with_homedir_B", uid=1002, dir="/home/B"), dict(name="user_with_empty_homedir", uid=1003, dir="/home/B") ]) ent.assert_each_passwd_by_name(passwd_pattern)
def test_override_shell(override_shell): """Test the effect of the "override_shell" option""" passwd_pattern = expected_list_to_name_dict([ dict(name="user_with_shell_A", uid=1001, shell="/bin/B"), dict(name="user_with_shell_B", uid=1002, shell="/bin/B"), dict(name="user_with_empty_shell", uid=1003, shell="/bin/B") ]) ent.assert_each_passwd_by_name(passwd_pattern)
def test_some_groups3_nam(some_groups3): """Test "some" scope with group list and getpwnam""" ent.assert_each_passwd_by_name(dict( user1=dict(name="user1", uid=1001, shell="/bin/sh1"), user2=dict(name="user2", uid=1002, shell="/bin/sh2"), user3=dict(name="user3", uid=1003, shell="/bin/sh3"), user4=dict(name="user4", uid=1004, shell=config.SESSION_RECORDING_SHELL), ))
def test_vetoed_shells(vetoed_shells): """Test the effect of the "vetoed_shells" option""" passwd_pattern = expected_list_to_name_dict([ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"), dict(name="user_with_vetoed_shell", uid=1002, shell="/bin/fallback"), dict(name="user_with_empty_shell", uid=1003, shell="/bin/default") ]) ent.assert_each_passwd_by_name(passwd_pattern)
def test_shell_fallback(shell_fallback): """Test the effect of the "shell_fallback" option""" passwd_pattern = expected_list_to_name_dict([ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"), dict(name="user_with_not_installed_shell", uid=1002, shell="/bin/fallback"), dict(name="user_with_empty_shell", uid=1003, shell="") ]) ent.assert_each_passwd_by_name(passwd_pattern)
def test_nss_filters(ldap_conn, sanity_nss_filter): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) # test filtered user ent.assert_each_passwd_by_name(passwd_pattern) with pytest.raises(KeyError): pwd.getpwnam("user2") with pytest.raises(KeyError): pwd.getpwuid(1002) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), dict(name='empty_group1', passwd='*', gid=2010, mem=ent.contains_only()), dict(name='empty_group2', passwd='*', gid=2011, mem=ent.contains_only()), dict(name='two_user_group', passwd='*', gid=2012, mem=ent.contains_only("user1")), dict(name='group_empty_group', passwd='*', gid=2013, mem=ent.contains_only()), dict(name='group_two_empty_groups', passwd='*', gid=2014, mem=ent.contains_only()), dict(name='one_user_group1', passwd='*', gid=2015, mem=ent.contains_only("user1")), dict(name='one_user_group2', passwd='*', gid=2016, mem=ent.contains_only()), dict(name='group_one_user_group', passwd='*', gid=2017, mem=ent.contains_only("user1")), dict(name='group_two_user_group', passwd='*', gid=2018, mem=ent.contains_only("user1")), ]) # test filtered group ent.assert_each_group_by_name(group_pattern) with pytest.raises(KeyError): grp.getgrnam("group_two_one_user_groups") with pytest.raises(KeyError): grp.getgrgid(2019) # test non-existing user/group with pytest.raises(KeyError): pwd.getpwnam("non_existent_user") with pytest.raises(KeyError): pwd.getpwuid(9) with pytest.raises(KeyError): grp.getgrnam("non_existent_group") with pytest.raises(KeyError): grp.getgrgid(14)
def test_some_groups3_nam(some_groups3): """Test "some" scope with group list and getpwnam""" ent.assert_each_passwd_by_name( dict( user1=dict(name="user1", uid=1001, shell="/bin/sh1"), user2=dict(name="user2", uid=1002, shell="/bin/sh2"), user3=dict(name="user3", uid=1003, shell="/bin/sh3"), user4=dict(name="user4", uid=1004, shell=config.SESSION_RECORDING_SHELL), ))
def test_all_exclude_groups_nam(all_exclude_groups): """Test "all" scope with exclude groups list and getpwnam""" ent.assert_each_passwd_by_name( dict( user1=dict(name="user1", uid=1001, shell="/bin/sh1"), user2=dict(name="user2", uid=1002, shell="/bin/sh2"), user3=dict(name="user3", uid=1003, shell="/bin/sh3"), user4=dict(name="user4", uid=1004, shell=config.SESSION_RECORDING_SHELL), ))
def test_some_groups_overridden4_nam(some_groups_overridden3): """ Test "some" scope with group list containing some overridden group, and users requested with getpwnam. """ ent.assert_each_passwd_by_name(dict( user1=dict(name="user1", uid=1001, shell=config.SESSION_RECORDING_SHELL), user2=dict(name="user2", uid=1002, shell="/bin/sh2"), user3=dict(name="user3", uid=1003, shell="/bin/sh3"), user4=dict(name="user4", uid=1004, shell="/bin/sh4"), ))
def test_all_nam(all): """Test "all" scope with getpwnam""" ent.assert_each_passwd_by_name(dict( user1=dict(name="user1", uid=1001, shell=config.SESSION_RECORDING_SHELL), user2=dict(name="user2", uid=1002, shell=config.SESSION_RECORDING_SHELL), user3=dict(name="user3", uid=1003, shell=config.SESSION_RECORDING_SHELL), user4=dict(name="user4", uid=1004, shell=config.SESSION_RECORDING_SHELL), ))
def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached): passwd_pattern = expected_list_to_name_dict([ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', dir='/home/user1', shell='/bin/bash'), dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', dir='/home/user3', shell='/bin/bash') ]) ent.assert_each_passwd_by_name(passwd_pattern) # test filtered user with pytest.raises(KeyError): pwd.getpwuid(1002) time.sleep(2) with pytest.raises(KeyError): pwd.getpwuid(1002) group_pattern = expected_list_to_name_dict([ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), ]) ent.assert_each_group_by_name(group_pattern) # test filtered group with pytest.raises(KeyError): grp.getgrgid(2002) time.sleep(2) with pytest.raises(KeyError): grp.getgrgid(2002) # test that root is always filtered even if filter_users contains other # entries. This is a regression test for upstream ticket #3460 res, _ = call_sssd_getpwnam("root") assert res == NssReturnCode.NOTFOUND res, _ = call_sssd_getgrnam("root") assert res == NssReturnCode.NOTFOUND res, _ = call_sssd_getpwuid(0) assert res == NssReturnCode.NOTFOUND res, _ = call_sssd_getgrgid(0) assert res == NssReturnCode.NOTFOUND
def test_some_groups_overridden4_nam(some_groups_overridden3): """ Test "some" scope with group list containing some overridden group, and users requested with getpwnam. """ ent.assert_each_passwd_by_name( dict( user1=dict(name="user1", uid=1001, shell=config.SESSION_RECORDING_SHELL), user2=dict(name="user2", uid=1002, shell="/bin/sh2"), user3=dict(name="user3", uid=1003, shell="/bin/sh3"), user4=dict(name="user4", uid=1004, shell="/bin/sh4"), ))
def test_assert_each_passwd_by_name(users_and_groups): ent.assert_each_passwd_by_name({}) ent.assert_each_passwd_by_name(dict(user1=USER1)) ent.assert_each_passwd_by_name(USER_NAME_DICT) try: ent.assert_each_passwd_by_name(dict(user3={})) assert False except AssertionError as e: assert str(e) == "'getpwnam(): name not found: user3'" try: ent.assert_each_passwd_by_name(dict(user1=dict(name="user2"))) assert False except AssertionError as e: assert str(e) == \ "user 'user1' mismatch: 'name' mismatch: 'user2' != 'user1'"
def test_assert_each_passwd_by_name(users_and_groups): ent.assert_each_passwd_by_name({}) ent.assert_each_passwd_by_name(dict(user1=USER1)) ent.assert_each_passwd_by_name(USER_NAME_DICT) try: ent.assert_each_passwd_by_name(dict(user3={})) assert False except AssertionError, e: assert str(e) == "'getpwnam(): name not found: user3'"
def test_all_nam(all): """Test "all" scope with getpwnam""" ent.assert_each_passwd_by_name( dict( user1=dict(name="user1", uid=1001, shell=config.SESSION_RECORDING_SHELL), user2=dict(name="user2", uid=1002, shell=config.SESSION_RECORDING_SHELL), user3=dict(name="user3", uid=1003, shell=config.SESSION_RECORDING_SHELL), user4=dict(name="user4", uid=1004, shell=config.SESSION_RECORDING_SHELL), ))
except AssertionError, e: assert re.search("expected users not found:", str(e)) assert not re.search("unexpected users found:", str(e)) def test_assert_each_passwd_by_name(users_and_groups): ent.assert_each_passwd_by_name({}) ent.assert_each_passwd_by_name(dict(user1=USER1)) ent.assert_each_passwd_by_name(USER_NAME_DICT) try: ent.assert_each_passwd_by_name(dict(user3={})) assert False except AssertionError, e: assert str(e) == "'getpwnam(): name not found: user3'" try: ent.assert_each_passwd_by_name(dict(user1=dict(name="user2"))) assert False except AssertionError, e: assert str(e) == \ "user 'user1' mismatch: 'name' mismatch: 'user2' != 'user1'" def test_assert_each_passwd_by_uid(users_and_groups): ent.assert_each_passwd_by_uid({}) ent.assert_each_passwd_by_uid({1001: USER1}) ent.assert_each_passwd_by_uid(USER_UID_DICT) try: ent.assert_each_passwd_by_uid({1003: {}}) assert False except AssertionError, e: assert str(e) == "'getpwuid(): uid not found: 1003'"
assert False except AssertionError, e: assert re.search("expected users not found:", str(e)) assert not re.search("unexpected users found:", str(e)) def test_assert_each_passwd_by_name(users_and_groups): ent.assert_each_passwd_by_name({}) ent.assert_each_passwd_by_name(dict(user1=USER1)) ent.assert_each_passwd_by_name(USER_NAME_DICT) try: ent.assert_each_passwd_by_name(dict(user3={})) assert False except AssertionError, e: assert str(e) == "'getpwnam(): name not found: user3'" try: ent.assert_each_passwd_by_name(dict(user1=dict(name="user2"))) assert False except AssertionError, e: assert str(e) == \ "user 'user1' mismatch: 'name' mismatch: 'user2' != 'user1'" def test_assert_each_passwd_by_uid(users_and_groups): ent.assert_each_passwd_by_uid({}) ent.assert_each_passwd_by_uid({1001:USER1}) ent.assert_each_passwd_by_uid(USER_UID_DICT) try: ent.assert_each_passwd_by_uid({1003:{}}) assert False except AssertionError, e: assert str(e) == "'getpwuid(): uid not found: 1003'" try: