def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
dir='/home/user2', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
dict(name='empty_group', passwd='*', gid=2010,
mem=ent.contains_only()),
dict(name='two_user_group', passwd='*', gid=2012,
mem=ent.contains_only("user1", "user2"))
])
ent.assert_each_group_by_name(group_pattern)
with pytest.raises(KeyError):
pwd.getpwnam("non_existent_user")
with pytest.raises(KeyError):
pwd.getpwuid(1)
with pytest.raises(KeyError):
grp.getgrnam("non_existent_group")
with pytest.raises(KeyError):
grp.getgrgid(1)
def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
# test filtered user
with pytest.raises(KeyError):
pwd.getpwuid(1002)
time.sleep(2)
with pytest.raises(KeyError):
pwd.getpwuid(1002)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
])
ent.assert_each_group_by_name(group_pattern)
# test filtered group
with pytest.raises(KeyError):
grp.getgrgid(2002)
time.sleep(2)
with pytest.raises(KeyError):
grp.getgrgid(2002)
def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
dir='/home/user2', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
dict(name='empty_group', passwd='*', gid=2010,
mem=ent.contains_only()),
dict(name='two_user_group', passwd='*', gid=2012,
mem=ent.contains_only("user1", "user2"))
])
ent.assert_each_group_by_name(group_pattern)
with pytest.raises(KeyError):
pwd.getpwnam("non_existent_user")
with pytest.raises(KeyError):
pwd.getpwuid(1)
with pytest.raises(KeyError):
grp.getgrnam("non_existent_group")
with pytest.raises(KeyError):
grp.getgrgid(1)
def test_nss_filters(ldap_conn, sanity_nss_filter):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
dir='/home/user1', shell='/bin/bash'),
dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
dir='/home/user3', shell='/bin/bash')
])
# test filtered user
ent.assert_each_passwd_by_name(passwd_pattern)
with pytest.raises(KeyError):
pwd.getpwnam("user2")
with pytest.raises(KeyError):
pwd.getpwuid(1002)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
dict(name='empty_group1', passwd='*', gid=2010,
mem=ent.contains_only()),
dict(name='empty_group2', passwd='*', gid=2011,
mem=ent.contains_only()),
dict(name='two_user_group', passwd='*', gid=2012,
mem=ent.contains_only("user1")),
dict(name='group_empty_group', passwd='*', gid=2013,
mem=ent.contains_only()),
dict(name='group_two_empty_groups', passwd='*', gid=2014,
mem=ent.contains_only()),
dict(name='one_user_group1', passwd='*', gid=2015,
mem=ent.contains_only("user1")),
dict(name='one_user_group2', passwd='*', gid=2016,
mem=ent.contains_only()),
dict(name='group_one_user_group', passwd='*', gid=2017,
mem=ent.contains_only("user1")),
dict(name='group_two_user_group', passwd='*', gid=2018,
mem=ent.contains_only("user1")),
])
# test filtered group
ent.assert_each_group_by_name(group_pattern)
with pytest.raises(KeyError):
grp.getgrnam("group_two_one_user_groups")
with pytest.raises(KeyError):
grp.getgrgid(2019)
# test non-existing user/group
with pytest.raises(KeyError):
pwd.getpwnam("non_existent_user")
with pytest.raises(KeyError):
pwd.getpwuid(9)
with pytest.raises(KeyError):
grp.getgrnam("non_existent_group")
with pytest.raises(KeyError):
grp.getgrgid(14)
def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached):
passwd_pattern = expected_list_to_name_dict([
dict(name='user1',
passwd='*',
uid=1001,
gid=2001,
gecos='1001',
dir='/home/user1',
shell='/bin/bash'),
dict(name='user3',
passwd='*',
uid=1003,
gid=2003,
gecos='1003',
dir='/home/user3',
shell='/bin/bash')
])
ent.assert_each_passwd_by_name(passwd_pattern)
# test filtered user
with pytest.raises(KeyError):
pwd.getpwuid(1002)
time.sleep(2)
with pytest.raises(KeyError):
pwd.getpwuid(1002)
group_pattern = expected_list_to_name_dict([
dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
])
ent.assert_each_group_by_name(group_pattern)
# test filtered group
with pytest.raises(KeyError):
grp.getgrgid(2002)
time.sleep(2)
with pytest.raises(KeyError):
grp.getgrgid(2002)
# test that root is always filtered even if filter_users contains other
# entries. This is a regression test for upstream ticket #3460
res, _ = call_sssd_getpwnam("root")
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getgrnam("root")
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getpwuid(0)
assert res == NssReturnCode.NOTFOUND
res, _ = call_sssd_getgrgid(0)
assert res == NssReturnCode.NOTFOUND
def test_assert_each_group_by_name(users_and_groups):
ent.assert_each_group_by_name({})
ent.assert_each_group_by_name(dict(group1=GROUP1))
ent.assert_each_group_by_name(GROUP_NAME_DICT)
try:
ent.assert_each_group_by_name(dict(group3={}))
assert False
except AssertionError as e:
assert str(e) == "'getgrnam(): name not found: group3'"
try:
ent.assert_each_group_by_name(dict(group1=dict(name="group2")))
assert False
except AssertionError as e:
assert str(e) == "group 'group1' mismatch: " + \
"'name' mismatch: 'group2' != 'group1'"
def test_assert_each_group_by_name(users_and_groups):
ent.assert_each_group_by_name({})
ent.assert_each_group_by_name(dict(group1=GROUP1))
ent.assert_each_group_by_name(GROUP_NAME_DICT)
try:
ent.assert_each_group_by_name(dict(group3={}))
assert False
except AssertionError as e:
assert str(e) == "'getgrnam(): name not found: group3'"
try:
ent.assert_each_group_by_name(dict(group1=dict(name="group2")))
assert False
except AssertionError as e:
assert str(e) == "group 'group1' mismatch: " + \
"'name' mismatch: 'group2' != 'group1'"
def test_assert_each_group_by_name(users_and_groups):
ent.assert_each_group_by_name({})
ent.assert_each_group_by_name(dict(group1=GROUP1))
ent.assert_each_group_by_name(GROUP_NAME_DICT)
try:
ent.assert_each_group_by_name(dict(group3={}))
assert False
except AssertionError, e:
assert str(e) == "'getgrnam(): name not found: group3'"
def test_assert_each_group_by_name(users_and_groups):
ent.assert_each_group_by_name({})
ent.assert_each_group_by_name(dict(group1=GROUP1))
ent.assert_each_group_by_name(GROUP_NAME_DICT)
try:
ent.assert_each_group_by_name(dict(group3={}))
assert False
except AssertionError, e:
assert str(e) == "'getgrnam(): name not found: group3'"
assert False
except AssertionError, e:
assert re.search("expected groups not found:", str(e))
assert not re.search("unexpected groups found:", str(e))
def test_assert_each_group_by_name(users_and_groups):
ent.assert_each_group_by_name({})
ent.assert_each_group_by_name(dict(group1=GROUP1))
ent.assert_each_group_by_name(GROUP_NAME_DICT)
try:
ent.assert_each_group_by_name(dict(group3={}))
assert False
except AssertionError, e:
assert str(e) == "'getgrnam(): name not found: group3'"
try:
ent.assert_each_group_by_name(dict(group1=dict(name="group2")))
assert False
except AssertionError, e:
assert str(e) == "group 'group1' mismatch: " + \
"'name' mismatch: 'group2' != 'group1'"
def test_assert_each_group_by_gid(users_and_groups):
ent.assert_each_group_by_gid({})
ent.assert_each_group_by_gid({2001:GROUP1})
ent.assert_each_group_by_gid(GROUP_GID_DICT)
try:
ent.assert_each_group_by_gid({2003:{}})
assert False
except AssertionError, e:
assert str(e) == "'getgrgid(): gid not found: 2003'"
try:
except AssertionError, e:
assert re.search("expected groups not found:", str(e))
assert not re.search("unexpected groups found:", str(e))
def test_assert_each_group_by_name(users_and_groups):
ent.assert_each_group_by_name({})
ent.assert_each_group_by_name(dict(group1=GROUP1))
ent.assert_each_group_by_name(GROUP_NAME_DICT)
try:
ent.assert_each_group_by_name(dict(group3={}))
assert False
except AssertionError, e:
assert str(e) == "'getgrnam(): name not found: group3'"
try:
ent.assert_each_group_by_name(dict(group1=dict(name="group2")))
assert False
except AssertionError, e:
assert str(e) == "group 'group1' mismatch: " + \
"'name' mismatch: 'group2' != 'group1'"
def test_assert_each_group_by_gid(users_and_groups):
ent.assert_each_group_by_gid({})
ent.assert_each_group_by_gid({2001: GROUP1})
ent.assert_each_group_by_gid(GROUP_GID_DICT)
try:
ent.assert_each_group_by_gid({2003: {}})
assert False
except AssertionError, e:
assert str(e) == "'getgrgid(): gid not found: 2003'"
