def format_basic_conf(ldap_conn, schema): """Format a basic SSSD configuration""" schema_conf = "ldap_schema = " + schema + "\n" if schema == SCHEMA_RFC2307_BIS: schema_conf += "ldap_group_object_class = groupOfNames\n" valgrind_cmd = "valgrind --log-file=%s/valgrind_ifp.log" % config.LOG_PATH ifp_command = "%s %s/sssd/sssd_ifp " % (valgrind_cmd, config.LIBEXEC_PATH) return unindent("""\ [sssd] debug_level = 0xffff domains = LDAP, app services = nss, ifp enable_files_domain = false [nss] memcache_timeout = 0 [ifp] # it need to be executed with valgrind because there is a problem # problem with "ifp" + client regristration in monitor # There is not such problem in 1st test. Just in following tests. command = {ifp_command} --uid 0 --gid 0 --debug-to-files [domain/LDAP] {schema_conf} id_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} [application/app] inherit_from = LDAP """).format(**locals())
def format_basic_conf(ldap_conn, schema): """Format a basic SSSD configuration""" schema_conf = "ldap_schema = " + schema + "\n" if schema == SCHEMA_RFC2307_BIS: schema_conf += "ldap_group_object_class = groupOfNames\n" return unindent("""\ [sssd] debug_level = 0xffff domains = LDAP services = nss, pam [nss] debug_level = 0xffff memcache_timeout = 0 entry_negative_timeout = 1 [pam] debug_level = 0xffff [domain/LDAP] ldap_auth_disable_tls_never_use_in_production = true debug_level = 0xffff {schema_conf} id_provider = ldap auth_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} """).format(**locals())
def create_sssd_conf_renewals(kcm_path, ccache_storage, renew_lifetime, lifetime, renew_interval, max_secrets=MAX_SECRETS): return unindent("""\ [sssd] domains = files services = nss [domain/files] id_provider = files [kcm] socket_path = {kcm_path} ccache_storage = {ccache_storage} tgt_renewal = true krb5_renewable_lifetime = {renew_lifetime} krb5_lifetime = {lifetime} krb5_renew_interval = {renew_interval} [secrets] max_secrets = {max_secrets} """).format(**locals())
def format_basic_conf(ldap_conn, schema): """Format a basic SSSD configuration""" schema_conf = "ldap_schema = " + schema + "\n" if schema == SCHEMA_RFC2307_BIS: schema_conf += "ldap_group_object_class = groupOfNames\n" iphost_search_base = "ou=Hosts," + ldap_conn.ds_inst.base_dn ipnetwork_search_base = "ou=Networks," + ldap_conn.ds_inst.base_dn return unindent("""\ [sssd] debug_level = 0xffff domains = LDAP services = nss [nss] debug_level = 0xffff memcache_timeout = 0 entry_negative_timeout = 1 [domain/LDAP] ldap_auth_disable_tls_never_use_in_production = true debug_level = 0xffff {schema_conf} id_provider = ldap auth_provider = ldap resolver_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} ldap_iphost_search_base = {iphost_search_base} ldap_ipnetwork_search_base = {ipnetwork_search_base} """).format(**locals())
def _format_kdc_conf(self): database_path = self.kdc_basedir + "/principal" key_stash = self.kdc_basedir + "/stash." + self.realm kdc_logfile = "FILE:" + self.kdc_logdir + "/krb5kdc.log" kadmin_logfile = "FILE:" + self.kdc_logdir + "/kadmin.log" libkrb5_logfile = "FILE:" + self.kdc_logdir + "/libkrb5.log" kdc_conf = unindent(""" [kdcdefaults] kdc_ports = {self.kdc_port} kdc_tcp_ports = {self.kdc_port} [realms] {self.realm} = {{ kadmind_port = {self.kadmin_port} database_name = {database_path} key_stash_file = {key_stash} max_life = 7d max_renewable_life = 14d acl_file = {self.acl_file} }} [logging] kdc = {kdc_logfile} admin_server = {kadmin_logfile} default = {libkrb5_logfile} """).format(**locals()) return kdc_conf
def files_multiple_sources_nocreate(request): """ Sets up SSSD with multiple sources, but does not actually create the files. """ alt_passwd_path = tempfile.mktemp(prefix='altpasswd') request.addfinalizer(lambda: os.unlink(alt_passwd_path)) alt_group_path = tempfile.mktemp(prefix='altgroup') request.addfinalizer(lambda: os.unlink(alt_group_path)) passwd_list = ",".join([os.environ["NSS_WRAPPER_PASSWD"], alt_passwd_path]) group_list = ",".join([os.environ["NSS_WRAPPER_GROUP"], alt_group_path]) conf = unindent("""\ [sssd] domains = files services = nss [nss] debug_level = 10 [domain/files] id_provider = files passwd_files = {passwd_list} group_files = {group_list} debug_level = 10 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return alt_passwd_path, alt_group_path
def format_basic_conf(ldap_conn, schema, config): """Format a basic SSSD configuration""" schema_conf = "ldap_schema = " + schema + "\n" schema_conf += "ldap_group_object_class = groupOfNames\n" return unindent("""\ [sssd] domains = LDAP services = nss, ssh [nss] [ssh] debug_level=10 ca_db = {config.PAM_CERT_DB_PATH} [pam] pam_cert_auth = True [domain/LDAP] {schema_conf} id_provider = ldap auth_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} ldap_sudo_use_host_filter = false debug_level=10 ldap_user_certificate = userCertificate;binary """).format(**locals())
def prepare_sssd(request, ldap_conn, use_fully_qualified_names=False, case_sensitive=True): """Prepare SSSD with defaults""" conf = unindent("""\ [sssd] domains = LDAP services = nss [nss] memcache_timeout = 1 [domain/LDAP] ldap_auth_disable_tls_never_use_in_production = true ldap_schema = rfc2307 id_provider = ldap auth_provider = ldap sudo_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} use_fully_qualified_names = {use_fully_qualified_names} case_sensitive = {case_sensitive} """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) def teardown(): # remove user export file try: os.unlink(OVERRIDE_FILENAME) except: pass request.addfinalizer(teardown)
def files_multiple_sources(request): _, alt_passwd_path = tempfile.mkstemp(prefix='altpasswd') request.addfinalizer(lambda: os.unlink(alt_passwd_path)) alt_pwops = PasswdOps(alt_passwd_path) _, alt_group_path = tempfile.mkstemp(prefix='altgroup') request.addfinalizer(lambda: os.unlink(alt_group_path)) alt_grops = GroupOps(alt_group_path) passwd_list = ",".join([os.environ["NSS_WRAPPER_PASSWD"], alt_passwd_path]) group_list = ",".join([os.environ["NSS_WRAPPER_GROUP"], alt_group_path]) conf = unindent("""\ [sssd] domains = files services = nss [nss] debug_level = 10 [domain/files] id_provider = files passwd_files = {passwd_list} group_files = {group_list} debug_level = 10 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return alt_pwops, alt_grops
def sanity_nss_filter_cached(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_user("user3", 1003, 2003) ent_list.add_user("root", 1004, 2004) ent_list.add_user("zerouid", 0, 0) ent_list.add_group_bis("group1", 2001) ent_list.add_group_bis("group2", 2002) ent_list.add_group_bis("group3", 2003) ent_list.add_group_bis("root", 2004) ent_list.add_group_bis("zerogid", 0) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ unindent(""" [nss] filter_users = user2 filter_groups = group2 entry_negative_timeout = 1 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def mpg_setup(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_user("user3", 1003, 2003) ent_list.add_group_bis("group1", 2001) ent_list.add_group_bis("group2", 2002) ent_list.add_group_bis("group3", 2003) ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"]) ent_list.add_group_bis("one_user_group1", 2015, ["user1"]) ent_list.add_group_bis("one_user_group2", 2016, ["user2"]) create_ldap_entries(ldap_conn, ent_list) create_ldap_cleanup(request, ldap_conn, None) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ unindent(""" [domain/LDAP] auto_private_groups = True """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def format_basic_conf(ldap_conn, schema, config): """Format a basic SSSD configuration""" schema_conf = "ldap_schema = " + schema + "\n" if schema == SCHEMA_RFC2307_BIS: schema_conf += "ldap_group_object_class = groupOfNames\n" return unindent("""\ [sssd] debug_level = 0xffff domains = LDAP, app services = nss, ifp enable_files_domain = false [nss] memcache_timeout = 0 [ifp] debug_level = 0xffff user_attributes = +extraName ca_db = {config.PAM_CERT_DB_PATH} [domain/LDAP] {schema_conf} id_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} ldap_user_extra_attrs = extraName:uid ldap_user_certificate = userCert [application/app] inherit_from = LDAP """).format(**locals())
def disable_memcache_rfc2307(request, ldap_conn): load_data_to_ldap(request, ldap_conn) conf = unindent("""\ [sssd] domains = LDAP services = nss [nss] memcache_size_group = 0 memcache_size_passwd = 0 memcache_size_initgroups = 0 [domain/LDAP] ldap_auth_disable_tls_never_use_in_production = true ldap_schema = rfc2307 id_provider = ldap auth_provider = ldap sudo_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def zero_nesting_sssd_conf(ldap_conn, schema): """Format an SSSD configuration with group nesting disabled""" return \ format_basic_conf(ldap_conn, schema) + \ unindent(""" [domain/LDAP] ldap_group_nesting_level = 0 """).format(INTERACTIVE_TIMEOUT)
def format_certificate_conf(ldap_conn, schema, config): """Format an SSSD configuration with all caches refreshing in 4 seconds""" return \ format_basic_conf(ldap_conn, schema, config) + \ unindent(""" [certmap/LDAP/user1] matchrule = <SUBJECT>.*CN = SSSD test cert 0001.* """).format(**locals())
def no_sssd_domain(request): conf = unindent("""\ [sssd] services = nss """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def no_sssd_domain(request): conf = unindent("""\ [sssd] services = nss enable_files_domain = true """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def conf_snippets_only(request): snip = unindent("""\ [sssd] services = nss, pam, ssh [nss] [pam] [ssh] """) create_conf_fixture(request, None, snip) return None
def files_domain_only(request): conf = unindent("""\ [sssd] domains = files services = nss [domain/files] id_provider = files """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def no_files_domain(request): conf = unindent("""\ [sssd] domains = local services = nss [domain/local] id_provider = local """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def all(request, ldap_conn, users_and_groups): """ Fixture with scope "all". """ conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [session_recording] scope = all """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def some_empty(request, ldap_conn, users_and_groups): """ Fixture with scope "some", but no users or groups listed. """ conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [session_recording] scope = some """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def setup_for_cli_timeout_test(request): """ Same as the generic setup, except a short client_idle_timeout so that the test_cli_idle_timeout() test closes the fd towards the client. """ conf = generate_sec_config() + \ unindent(""" client_idle_timeout = 10 """).format() create_conf_fixture(request, conf) return create_sssd_secrets_fixture(request)
def files_domain_only(request): conf = unindent("""\ [sssd] services = nss, pac enable_files_domain = true [nss] memcache_timeout = 0 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def generate_sec_config(): return unindent("""\ [sssd] domains = local services = nss [domain/local] id_provider = local [secrets] max_secrets = 10 max_payload_size = 2 """)
def some_groups4(request, ldap_conn, users_and_groups): """ Fixture with scope "some", specifying two primary groups. """ conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [session_recording] scope = some groups = group1, group3 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def format_rfc2307bis_deref_conf(ldap_conn, schema): """Format an SSSD configuration with all caches refreshing in 4 seconds""" return \ format_basic_conf(ldap_conn, schema) + \ unindent(""" [nss] memcache_timeout = 0 entry_negative_timeout = 0 [domain/LDAP] entry_cache_timeout = {0} ldap_deref_threshold = 1 """).format(INTERACTIVE_TIMEOUT)
def domain_resolution_order(request): conf = unindent("""\ [sssd] domains = files services = nss domain_resolution_order = foo [domain/files] id_provider = files """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def disabled_files_domain(request): conf = unindent("""\ [sssd] domains = local services = nss enable_files_domain = false [domain/local] id_provider = local """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def create_sssd_conf(kcm_path, ccache_storage): return unindent("""\ [sssd] domains = local services = nss [domain/local] id_provider = local [kcm] socket_path = {kcm_path} ccache_storage = {ccache_storage} """).format(**locals())
def no_files_domain(request): conf = unindent("""\ [sssd] services = nss enable_files_domain = true [domain/disabled.files] id_provider = files fallback_to_nss = False """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def setup_for_resp_timeout_test(request): """ Same as the generic setup, except a short responder_idle_timeout so that the test_responder_idle_timeout() test verifies that the responder has been shot down. """ conf = generate_sec_config() + \ unindent(""" responder_idle_timeout = 60 """).format() create_conf_fixture(request, conf) return create_sssd_secrets_fixture(request, False)
def format_interactive_conf(ldap_conn, schema): """Format an SSSD configuration with all caches refreshing in 4 seconds""" return \ format_basic_conf(ldap_conn, schema) + \ unindent(""" [nss] memcache_timeout = 0 entry_negative_timeout = 0 [domain/LDAP] ldap_purge_cache_timeout = 1 entry_cache_timeout = {0} """).format(INTERACTIVE_TIMEOUT)
def common_setup_for_kcm_mem(request, kdc_instance, kcm_path, sssd_conf): kcm_socket_include = unindent(""" [libdefaults] default_ccache_name = KCM: kcm_socket = {kcm_path} """).format(**locals()) kdc_instance.add_config({'kcm_socket': kcm_socket_include}) create_conf_fixture(request, sssd_conf) create_sssd_kcm_fixture(kcm_path, request) k5util = krb5utils.Krb5Utils(kdc_instance.krb5_conf_path) return KcmTestEnv(kdc_instance, k5util)
def extra_attributes(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user", 2001, 2000) ent_list.add_group("group", 2000) create_ldap_fixture(request, ldap_conn, ent_list) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [domain/LDAP] ldap_user_extra_attrs = mail, name:uid, givenName """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def create_sssd_conf(kcm_path, ccache_storage, max_secrets=MAX_SECRETS): return unindent("""\ [sssd] domains = local services = nss [domain/local] id_provider = local [kcm] socket_path = {kcm_path} ccache_storage = {ccache_storage} [secrets] max_secrets = {max_secrets} """).format(**locals())
def fallback_homedir(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user_with_homedir_A", 1001, 2001, homeDirectory="/home/A") ent_list.add_user("user_with_homedir_B", 1002, 2002, homeDirectory="/home/B") ent_list.add_user("user_with_empty_homedir", 1003, 2003, homeDirectory="") create_ldap_fixture(request, ldap_conn, ent_list) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [nss] fallback_homedir = /home/B """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def setup_for_global_quota(request): conf = unindent("""\ [sssd] domains = local services = nss [domain/local] id_provider = local [secrets] max_secrets = 10 max_payload_size = 2 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_secrets_fixture(request) return None
def proxy_to_files_domain_only(request): conf = unindent("""\ [sssd] domains = proxy, local services = nss [domain/local] id_provider = local [domain/proxy] id_provider = proxy proxy_lib_name = files auth_provider = none """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def override_shell(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user_with_shell_A", 1001, 2001, loginShell="/bin/A") ent_list.add_user("user_with_shell_B", 1002, 2002, loginShell="/bin/B") ent_list.add_user("user_with_empty_shell", 1003, 2003, loginShell="") create_ldap_fixture(request, ldap_conn, ent_list) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [nss] override_shell = /bin/B """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def as_xml(self): tmpl = util.unindent(''' <parameter> <name>%s</name> <value>%e</value> <confidenceinterval> <interval>68</interval> <low>%e</low> <high>%e</high> <low_unclear>%i</low_unclear> <high_unclear>%i</high_unclear> </confidenceinterval> </parameter> ''') return tmpl % (self.paramname.title(), self.best, self.percentile16, self.percentile84, self.percentile16_warn, self.percentile84_warn)
def local_domain_only(request): conf = unindent("""\ [sssd] domains = LOCAL services = nss [nss] memcache_timeout = 0 [domain/LOCAL] id_provider = local min_id = 10000 max_id = 20000 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def override_homedir_and_shell(request): conf = unindent("""\ [sssd] domains = files services = nss [domain/files] id_provider = files override_homedir = /test/bar override_shell = /bin/bar [nss] override_homedir = /test/foo override_shell = /bin/foo """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def shell_fallback(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user_with_sh_shell", 1001, 2001, loginShell="/bin/sh") ent_list.add_user("user_with_not_installed_shell", 1002, 2002, loginShell="/bin/not_installed") ent_list.add_user("user_with_empty_shell", 1003, 2003, loginShell="") create_ldap_fixture(request, ldap_conn, ent_list) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [nss] shell_fallback = /bin/fallback allowed_shells = /bin/not_installed """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def format_basic_conf(ldap_conn, schema): """Format a basic SSSD configuration""" schema_conf = "ldap_schema = " + schema + "\n" schema_conf += "ldap_group_object_class = groupOfNames\n" return unindent("""\ [sssd] domains = LDAP services = nss disable_netlink = true [domain/LDAP] {schema_conf} id_provider = ldap auth_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} ldap_netgroup_search_base = ou=Netgroups,{ldap_conn.ds_inst.base_dn} """).format(**locals())
def setup_for_uid_limit(request): conf = unindent("""\ [sssd] domains = local services = nss [domain/local] id_provider = local [secrets] [secrets/secrets] max_secrets = 10 max_uid_secrets = 5 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_secrets_fixture(request) return None
def setup_for_secrets(request): """ Just set up the local provider for tests and enable the secrets responder """ conf = unindent("""\ [sssd] domains = local services = nss [domain/local] id_provider = local [secrets] max_secrets = 10 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_secrets_fixture(request) return None
def refresh_after_cleanup_task(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_group_bis("group1", 2001, ["user1"]) ent_list.add_group_bis("group2", 2002, [], ["group1"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ unindent(""" [domain/LDAP] entry_cache_user_timeout = 1 entry_cache_group_timeout = 5000 ldap_purge_cache_timeout = 3 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None