def test_disabled_mc(ldap_conn, disable_memcache_rfc2307): ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) assert_user_gids_equal('user1', [2000, 2001]) stop_sssd() # sssd is stopped and the memory cache is disabled; # so pytest should not be able to find anything with pytest.raises(KeyError): pwd.getpwnam('user1') with pytest.raises(KeyError): pwd.getpwuid(1001) with pytest.raises(KeyError): grp.getgrnam('group1') with pytest.raises(KeyError): grp.getgrgid(2001) with pytest.raises(KeyError): (res, errno, gids) = sssd_id.get_user_gids('user1')
def run_simple_test_with_initgroups(): ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name( "group1", dict(mem=ent.contains_only("user1", "user11", "user21"))) ent.assert_group_by_gid( 2001, dict(mem=ent.contains_only("user1", "user11", "user21"))) # unrelated group to user1 ent.assert_group_by_name( "group2", dict(mem=ent.contains_only("user2", "user12", "user22"))) ent.assert_group_by_gid( 2002, dict(mem=ent.contains_only("user2", "user12", "user22"))) assert_initgroups_equal("user1", 2001, [2000, 2001])
def env_root_user_override(request, ldap_conn, env_two_users_and_group): # Assert entries are not overriden ent.assert_passwd_by_name( 'root', dict(name='root', uid=0, gid=0)) ent.assert_passwd_by_uid(0, dict(name="root")) # Override subprocess.check_call(["sss_override", "user-add", "user1", "-u", "0", "-g", "0", "-n", "ov_user1", "-c", "Overriden User 1", "-h", "/home/ov/user1", "-s", "/bin/ov_user1_shell"]) subprocess.check_call(["sss_override", "user-add", "user2", "-u", "10020", "-g", "20020", "-n", "root", "-c", "Overriden User 2", "-h", "/home/ov/user2", "-s", "/bin/ov_user2_shell"]) # Restart SSSD so the override might take effect restart_sssd()
def test_root_user_override(ldap_conn, env_root_user_override): """Test entries are not overriden to root""" # Override does not have to happen completly, trying to set uid or gid # to 0 is simply ignored. ent.assert_passwd_by_name( 'ov_user1', dict(name='ov_user1', passwd='*', uid=10001, gid=20001, gecos='Overriden User 1', dir='/home/ov/user1', shell='/bin/ov_user1_shell')) # We can create override with name root. This test is just for tracking # that this particular behavior won't change. ent.assert_passwd_by_name( 'user2', dict(name='root', passwd='*', uid=10020, gid=20020, gecos='Overriden User 2', dir='/home/ov/user2', shell='/bin/ov_user2_shell')) ent.assert_passwd_by_uid(0, dict(name="root"))
def test_removed_mc(ldap_conn, sanity_rfc2307): """ Regression test for ticket: https://fedorahosted.org/sssd/ticket/2726 """ ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) stop_sssd() # remove cache without invalidation for path in os.listdir(config.MCACHE_PATH): os.unlink(config.MCACHE_PATH + "/" + path) # sssd is stopped; so the memory cache should not be used # in long living clients (py.test in this case) with pytest.raises(KeyError): pwd.getpwnam('user1') with pytest.raises(KeyError): pwd.getpwuid(1001) with pytest.raises(KeyError): grp.getgrnam('group1') with pytest.raises(KeyError): grp.getgrgid(2001)
def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307): """ Test that the memory cache is not created at all with memcache_timeout=0 """ # No memory cache files must be created assert len(os.listdir(config.MCACHE_PATH)) == 0 ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) stop_sssd() # sssd is stopped; so the memory cache should not be used # in long living clients (py.test in this case) with pytest.raises(KeyError): pwd.getpwnam('user1') with pytest.raises(KeyError): pwd.getpwuid(1001) with pytest.raises(KeyError): grp.getgrnam('group1') with pytest.raises(KeyError): grp.getgrgid(2001)
def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307): ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) assert_user_gids_equal('user1', [2000, 2001]) stop_sssd() # passwd cache is disabled with pytest.raises(KeyError): pwd.getpwnam('user1') with pytest.raises(KeyError): pwd.getpwuid(1001) # Initgroups looks up the user first, hence KeyError from the # passwd database even if the initgroups cache is active. with pytest.raises(KeyError): (res, errno, gids) = sssd_id.get_user_gids('user1')
def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307): ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) assert_user_gids_equal('user1', [2000, 2001]) stop_sssd() # passwd cache is disabled, other caches should work with pytest.raises(KeyError): pwd.getpwnam('user1') with pytest.raises(KeyError): pwd.getpwuid(1001) ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) assert_user_gids_equal('user1', [2000, 2001])
def test_root_user_override(ldap_conn, env_root_user_override): """Test entries are not overriden to root""" # Override does not have to happen completly, trying to set uid or gid # to 0 is simply ignored. ent.assert_passwd_by_name( "ov_user1", dict( name="ov_user1", passwd="*", uid=10001, gid=20001, gecos="Overriden User 1", dir="/home/ov/user1", shell="/bin/ov_user1_shell", ), ) # We can create override with name root. This test is just for tracking # that this particular behavior won't change. ent.assert_passwd_by_name( "user2", dict( name="root", passwd="*", uid=10020, gid=20020, gecos="Overriden User 2", dir="/home/ov/user2", shell="/bin/ov_user2_shell", ), ) ent.assert_passwd_by_uid(0, dict(name="root"))
def assert_mc_records_for_user1(): ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name( "group1", dict(mem=ent.contains_only("user1", "user11", "user21"))) ent.assert_group_by_gid( 2001, dict(mem=ent.contains_only("user1", "user11", "user21"))) ent.assert_group_by_name( "group0x", dict(mem=ent.contains_only("user1", "user2", "user3"))) ent.assert_group_by_gid( 2000, dict(mem=ent.contains_only("user1", "user2", "user3"))) assert_initgroups_equal("user1", 2001, [2000, 2001])
def test_assert_passwd_by_uid(users_and_groups): ent.assert_passwd_by_uid(1001, {}) ent.assert_passwd_by_uid(1001, dict(name="user1", uid=1001)) ent.assert_passwd_by_uid(1001, USER1) try: ent.assert_passwd_by_uid(1003, {}) assert False except AssertionError as e: assert str(e) == "'getpwuid(): uid not found: 1003'" try: ent.assert_passwd_by_uid(1002, dict(name="user1")) assert False except AssertionError as e: assert str(e) == "'name' mismatch: 'user1' != 'user2'"
def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307): ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) assert_user_gids_equal('user1', [2000, 2001]) stop_sssd() # initgroups is disabled, other caches should work ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) assert_unsuccessful_initgr('user1')
def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307): # the sssd cache was empty and not all user's group were # resolved with getgr{nm,gid}. Therefore there is a change in # group membership => user groups should be invalidated run_simple_test_with_initgroups() assert_initgroups_equal("user1", 2001, [2000, 2001]) stop_sssd() ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) # unrelated group to user1 must be returned ent.assert_group_by_name( "group2", dict(mem=ent.contains_only("user2", "user12", "user22"))) ent.assert_group_by_gid( 2002, dict(mem=ent.contains_only("user2", "user12", "user22"))) assert_initgroups_equal("user1", 2001, [2000, 2001]) # user groups must be invalidated for group in ["group1", "group0x"]: with pytest.raises(KeyError): grp.getgrnam(group) for gid in [2000, 2001]: with pytest.raises(KeyError): grp.getgrgid(gid)
def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307): # Even if initgroups is disabled, passwd should work ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) stop_sssd() ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash'))
assert str(e) == "'name' mismatch: 'user1' != 'user2'" def test_assert_passwd_by_uid(users_and_groups): ent.assert_passwd_by_uid(1001, {}) ent.assert_passwd_by_uid(1001, dict(name="user1", uid=1001)) ent.assert_passwd_by_uid(1001, USER1) try: ent.assert_passwd_by_uid(1003, {}) assert False except AssertionError, e: assert str(e) == "'getpwuid(): uid not found: 1003'" try: ent.assert_passwd_by_uid(1002, dict(name="user1")) assert False except AssertionError, e: assert str(e) == "'name' mismatch: 'user1' != 'user2'" def test_assert_passwd_list(users_and_groups): ent.assert_passwd_list(ent.contains()) ent.assert_passwd_list(ent.contains(USER1)) ent.assert_passwd_list(ent.contains_only(*USER_LIST)) try: ent.assert_passwd_list(ent.contains_only()) assert False except AssertionError, e: assert not re.search("expected users not found:", str(e)) assert re.search("unexpected users found:", str(e))
except AssertionError, e: assert str(e) == "'name' mismatch: 'user1' != 'user2'" def test_assert_passwd_by_uid(users_and_groups): ent.assert_passwd_by_uid(1001, {}) ent.assert_passwd_by_uid(1001, dict(name="user1", uid=1001)) ent.assert_passwd_by_uid(1001, USER1) try: ent.assert_passwd_by_uid(1003, {}) assert False except AssertionError, e: assert str(e) == "'getpwuid(): uid not found: 1003'" try: ent.assert_passwd_by_uid(1002, dict(name="user1")) assert False except AssertionError, e: assert str(e) == "'name' mismatch: 'user1' != 'user2'" def test_assert_passwd_list(users_and_groups): ent.assert_passwd_list(ent.contains()) ent.assert_passwd_list(ent.contains(USER1)) ent.assert_passwd_list(ent.contains_only(*USER_LIST)) try: ent.assert_passwd_list(ent.contains_only()) assert False except AssertionError, e: assert not re.search("expected users not found:", str(e)) assert re.search("unexpected users found:", str(e))
def test_getpwnam(ldap_conn, sanity_rfc2307): ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_uid( 1001, dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', shell='/bin/bash')) ent.assert_passwd_by_name( 'user2', dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002', shell='/bin/bash')) ent.assert_passwd_by_uid( 1002, dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002', shell='/bin/bash')) ent.assert_passwd_by_name( 'user3', dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', shell='/bin/bash')) ent.assert_passwd_by_uid( 1003, dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', shell='/bin/bash')) ent.assert_passwd_by_name( 'user11', dict(name='user11', passwd='*', uid=1011, gid=2001, gecos='1011', shell='/bin/bash')) ent.assert_passwd_by_uid( 1011, dict(name='user11', passwd='*', uid=1011, gid=2001, gecos='1011', shell='/bin/bash')) ent.assert_passwd_by_name( 'user12', dict(name='user12', passwd='*', uid=1012, gid=2002, gecos='1012', shell='/bin/bash')) ent.assert_passwd_by_uid( 1012, dict(name='user12', passwd='*', uid=1012, gid=2002, gecos='1012', shell='/bin/bash')) ent.assert_passwd_by_name( 'user13', dict(name='user13', passwd='*', uid=1013, gid=2003, gecos='1013', shell='/bin/bash')) ent.assert_passwd_by_uid( 1013, dict(name='user13', passwd='*', uid=1013, gid=2003, gecos='1013', shell='/bin/bash')) ent.assert_passwd_by_name( 'user21', dict(name='user21', passwd='*', uid=1021, gid=2001, gecos='1021', shell='/bin/bash')) ent.assert_passwd_by_uid( 1021, dict(name='user21', passwd='*', uid=1021, gid=2001, gecos='1021', shell='/bin/bash')) ent.assert_passwd_by_name( 'user22', dict(name='user22', passwd='*', uid=1022, gid=2002, gecos='1022', shell='/bin/bash')) ent.assert_passwd_by_uid( 1022, dict(name='user22', passwd='*', uid=1022, gid=2002, gecos='1022', shell='/bin/bash')) ent.assert_passwd_by_name( 'user23', dict(name='user23', passwd='*', uid=1023, gid=2003, gecos='1023', shell='/bin/bash')) ent.assert_passwd_by_uid( 1023, dict(name='user23', passwd='*', uid=1023, gid=2003, gecos='1023', shell='/bin/bash'))