URL: https://github.com/SSSD/sssd/pull/670 Author: jhrozek Title: #670: FILES: The files provider should not enumerate Action: opened
PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3849 For reason I cannot explain now, the files provider always enumerates. There is commit a60e6ec which implements this, but it's clearly wrong, because then the plain getent passwd output contains duplicates from nss_files and nss_sss: $ getent passwd | sort adm:x:3:4:adm:/var/adm:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin certuser:x:10329:10330::/home/certuser:/bin/bash certuser:x:10329:10330::/home/certuser:/bin/bash chrony:x:997:994::/var/lib/chrony:/sbin/nologin chrony:x:997:994::/var/lib/chrony:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/670/head:pr670 git checkout pr670
From 657ef29211d24f08ec6eb7c1da340e09938e7611 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Tue, 9 Oct 2018 12:03:09 +0200 Subject: [PATCH 1/2] TESTS: Add two basic multihost tests for the files provider --- src/tests/multihost/basic/conftest.py | 33 +++++++++++++++++++++++++ src/tests/multihost/basic/test_files.py | 33 +++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 src/tests/multihost/basic/test_files.py diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py index 076dd3944..0d3b831be 100644 --- a/src/tests/multihost/basic/conftest.py +++ b/src/tests/multihost/basic/conftest.py @@ -209,6 +209,39 @@ def set_case_sensitive_false(session_multihost): session_multihost.master[0].service_sssd('restart') +@pytest.fixture +def enable_files_domain(session_multihost): + """ + Enable the implicit files domain + """ + session_multihost.master[0].transport.get_file('/etc/sssd/sssd.conf', + '/tmp/sssd.conf') + sssdconfig = ConfigParser.SafeConfigParser() + sssdconfig.read('/tmp/sssd.conf') + sssd_section = 'sssd' + if sssd_section in sssdconfig.sections(): + sssdconfig.set(sssd_section, 'enable_files_domain', 'true') + with open('/tmp/sssd.conf', "w") as sssconf: + sssdconfig.write(sssconf) + session_multihost.master[0].transport.put_file('/tmp/sssd.conf', + '/etc/sssd/sssd.conf') + session_multihost.master[0].service_sssd('restart') + + +@pytest.fixture(scope="class") +def files_domain_users_class(request, session_multihost): + users = ('lcl1', 'lcl2', 'lcl3') + for user in users: + useradd_cmd = "useradd %s" % (user) + session_multihost.master[0].run_command(useradd_cmd) + + def teardown_files_domain_users(): + for user in users: + userdel_cmd = "userdel %s" % (user) + session_multihost.master[0].run_command(userdel_cmd) + request.addfinalizer(teardown_files_domain_users) + + @pytest.fixture def create_sudorule(session_multihost, create_casesensitive_posix_user): """ Create posix user and groups """ diff --git a/src/tests/multihost/basic/test_files.py b/src/tests/multihost/basic/test_files.py new file mode 100644 index 000000000..dcfd58929 --- /dev/null +++ b/src/tests/multihost/basic/test_files.py @@ -0,0 +1,33 @@ +""" +Files test provider cases +""" +import pytest +from sssd.testlib.common.utils import SSHClient + + +def get_sss_entry(multihost, db, ent_name): + cmd = multihost.master[0].run_command('getent %s -s sss %s' % (db, ent_name), + raiseonerr=False) + return cmd.returncode, cmd.stdout_text + + +def get_sss_user(multihost, username): + return get_sss_entry(multihost, 'passwd', username) + + +@pytest.mark.usefixtures('enable_files_domain', 'files_domain_users_class') +class TestImplicitFilesProvider(object): + """ + Test the files provider. This test runs the implicit files provider + together with another domain to stick close to what users use in Fedora + """ + def test_files_does_not_handle_root(self, multihost): + """ The files provider does not handle root """ + exit_status, _ = get_sss_user(multihost, 'root') + assert exit_status == 2 + + + def test_files_sanity(self, multihost): + """ Test that the files provider can resolve a user """ + exit_status, _ = get_sss_user(multihost, 'lcl1') + assert exit_status == 0 From f3f26977108d7369765bab26f6737a8405048d5d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Tue, 9 Oct 2018 12:12:44 +0200 Subject: [PATCH 2/2] FILES: The files provider should not enumerate Resolves: https://pagure.io/SSSD/sssd/issue/3849 For reason I cannot explain now, the files provider always enumerates. There is commit a60e6ec which implements this, but it's clearly wrong, because then the plain getent passwd output contains duplicates from nss_files and nss_sss: $ getent passwd | sort adm:x:3:4:adm:/var/adm:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin certuser:x:10329:10330::/home/certuser:/bin/bash certuser:x:10329:10330::/home/certuser:/bin/bash chrony:x:997:994::/var/lib/chrony:/sbin/nologin chrony:x:997:994::/var/lib/chrony:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin --- src/confdb/confdb.c | 5 +---- src/tests/multihost/basic/test_files.py | 8 ++++++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 2f3d90087..fdc61226f 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -875,7 +875,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, char *default_domain; bool fqnames_default = false; int memcache_timeout; - bool enum_default; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; @@ -1009,10 +1008,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, "Interpreting as true\n", domain->name); domain->enumerate = true; } else { /* assume the new format */ - enum_default = is_files_provider(domain); - ret = get_entry_as_bool(res->msgs[0], &domain->enumerate, - CONFDB_DOMAIN_ENUMERATE, enum_default); + CONFDB_DOMAIN_ENUMERATE, 0); if(ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE); diff --git a/src/tests/multihost/basic/test_files.py b/src/tests/multihost/basic/test_files.py index dcfd58929..5c8d03d02 100644 --- a/src/tests/multihost/basic/test_files.py +++ b/src/tests/multihost/basic/test_files.py @@ -31,3 +31,11 @@ def test_files_sanity(self, multihost): """ Test that the files provider can resolve a user """ exit_status, _ = get_sss_user(multihost, 'lcl1') assert exit_status == 0 + + def test_files_enumeration(self, multihost): + """ + Since nss_files enumerates and libc would concatenate the results, + the files provider of SSSD should not enumerate + """ + cmd = multihost.master[0].run_command('getent passwd -s sss') + assert len(cmd.stdout_text) == 0
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org