On (09/08/16 19:12), Lukas Slebodnik wrote:
>On (09/08/16 14:54), Jakub Hrozek wrote:
>>On Tue, Aug 09, 2016 at 12:36:11PM +0200, Jakub Hrozek wrote:
>>> On Wed, Aug 03, 2016 at 09:56:40AM +0200, Lukas Slebodnik wrote:
>>> > On (13/07/16 17:48), Lukas Slebodnik wrote:
>>> > >ehlo,
>>> > >
>>> > >attched patch is an integration test for regression #3093.
>>> > >I prepared a test and I let someone else to fix it :-)
>>> > >
>>> > >I will try to find more bugs in downstream tests.
>>> > >
>>> > >BTW we might move test from test_ts_cache somewhere else.
>>> > >But it was the fastest way how to write a test without enumeration.
>>> > >
>>> >
>>> > As I previously wrote test_ts_cache is not the best place for this
>>> > test. Attached are patches which some changes in intg tests.
>>> > There is also test for grups with special characters
>>> >
>>> > LS
>>>
>>> Thank you, the only comment I have is that we should remove
>>> ldap_auth_disable_tls_never_use_in_production option. We don't use it in
>>> tests (we don't test authentication there at all at the moment) and it's
>>> better to not advertise the option.
>>>
>I can remove it as part of "moving files" if you wish.
>
>>> I'll give a formal ACK once the CI run finishes.
>>
>>For some reason, I can't get a 'green' CI run on RHEL-6. I tried three
>>times, the last attempt is here:
>>
>> http://sssd-ci.duckdns.org/logs/job/51/19/rhel6/ci-build-debug/ci-make-intgcheck.log
>>but all had the same errors.
>>
>>Did the patches change something in the way the server is set up on
>>RHEL-6?
>
>E SERVER_DOWN: {'desc': "Can't contact LDAP server"}
>
>I have no idea why it should be stopped.
>We do not stop openldap server. It should be done
>only in cleanup (end of all tests in module)
>
It took me some time to find root of cause these failures.
The 1st patch fixes the issues. And i got a recomendation from
freeipa develoepers that it's better to avoid using destructors
for cleanup. With pytest we should use finalizers or
with keyword the same as for files.
LS
>From cc1f644d335a1c4f873b9cb4851f349e596673e4 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Thu, 11 Aug 2016 18:11:02 +0200
Subject: [PATCH 01/16] ds.py: Do not call teardown in destructor
We use finalizers in pytest for cleaning up of
openldap server. But sometimes destructor was called
in case of failure which causes many issues in tests.
Running teardown in destructor is not reliable due to pyhton nature.
---
src/tests/intg/ds.py | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/tests/intg/ds.py b/src/tests/intg/ds.py
index
df08facf408727a0dd5f4c0e75441b0086089557..66cb8875da519567e03679711af0aea2cdfda4df
100644
--- a/src/tests/intg/ds.py
+++ b/src/tests/intg/ds.py
@@ -56,7 +56,3 @@ class DS:
conn = ldap.initialize(self.ldap_url)
conn.simple_bind_s(self.admin_dn, self.admin_pw)
return conn
-
- def __del__(self):
- """Destroy the instance."""
- self.teardown()
--
2.9.2
>From f7dba33b365ef10a645a5225540a1c99877ce2a7 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Thu, 11 Aug 2016 18:22:19 +0200
Subject: [PATCH 02/16] test_local_domain: Restore correct env variable
Explanation
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
---
src/tests/intg/test_local_domain.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tests/intg/test_local_domain.py
b/src/tests/intg/test_local_domain.py
index
31834b5b9ab93329ac5eb76e3676d6f89f5b996e..b83e56d1b44619083506093ca8cfb9413437c821
100644
--- a/src/tests/intg/test_local_domain.py
+++ b/src/tests/intg/test_local_domain.py
@@ -106,4 +106,4 @@ def test_wrong_LC_ALL(local_domain_only):
# sss_userdel must remove the user despite wrong LC_ALL
subprocess.check_call(["sss_userdel", "foo", "-R"])
assert_nonexistent_user("foo")
- os.environ["LC_LOCAL"] = oldvalue
+ os.environ["LC_ALL"] = oldvalue
--
2.9.2
>From 8f17ff0b7fc216312632423e8de48ce67aa64321 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Thu, 14 Jul 2016 16:11:27 +0200
Subject: [PATCH 03/16] intg: rename test with enumeration
---
src/tests/intg/Makefile.am | 2 +-
src/tests/intg/{ldap_test.py => test_enumeration.py} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
rename src/tests/intg/{ldap_test.py => test_enumeration.py} (100%)
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index
b8cc5c006845f911d8518df815925455482e9f6d..55dfd020f80ca9308b6f8bc7954c74c885e601bd
100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -9,9 +9,9 @@ dist_noinst_DATA = \
ent_test.py \
ldap_ent.py \
ldap_local_override_test.py \
- ldap_test.py \
test_local_domain.py \
util.py \
+ test_enumeration.py \
test_memory_cache.py \
test_ts_cache.py \
$(NULL)
diff --git a/src/tests/intg/ldap_test.py b/src/tests/intg/test_enumeration.py
similarity index 100%
rename from src/tests/intg/ldap_test.py
rename to src/tests/intg/test_enumeration.py
--
2.9.2
>From e67fc7f5f8d88126dc1ce9bf70c2e65314eba9a6 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Sat, 30 Jul 2016 18:24:34 +0200
Subject: [PATCH 04/16] test_enumeration: Remove test without enumeration
---
src/tests/intg/test_enumeration.py | 126 ++++---------------------------------
1 file changed, 11 insertions(+), 115 deletions(-)
diff --git a/src/tests/intg/test_enumeration.py
b/src/tests/intg/test_enumeration.py
index
84f7f2d8a1b1830add7325fe16f97150a33263a7..ece09f76ca005e2490566490ac401df8ec521c0e
100644
--- a/src/tests/intg/test_enumeration.py
+++ b/src/tests/intg/test_enumeration.py
@@ -17,7 +17,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import os
-import sys
import stat
import pwd
import grp
@@ -98,7 +97,7 @@ SCHEMA_RFC2307 = "rfc2307"
SCHEMA_RFC2307_BIS = "rfc2307bis"
-def format_basic_conf(ldap_conn, schema, enum):
+def format_basic_conf(ldap_conn, schema):
"""Format a basic SSSD configuration"""
schema_conf = "ldap_schema = " + schema + "\n"
if schema == SCHEMA_RFC2307_BIS:
@@ -119,7 +118,7 @@ def format_basic_conf(ldap_conn, schema, enum):
[domain/LDAP]
ldap_auth_disable_tls_never_use_in_production = true
debug_level = 0xffff
- enumerate = {enum}
+ enumerate = true
{schema_conf}
id_provider = ldap
auth_provider = ldap
@@ -131,7 +130,7 @@ def format_basic_conf(ldap_conn, schema, enum):
def format_interactive_conf(ldap_conn, schema):
"""Format an SSSD configuration with all caches refreshing in 4 seconds"""
return \
- format_basic_conf(ldap_conn, schema, enum=True) + \
+ format_basic_conf(ldap_conn, schema) + \
unindent("""
[nss]
memcache_timeout = 0
@@ -144,21 +143,6 @@ def format_interactive_conf(ldap_conn, schema):
entry_cache_timeout = {0}
""").format(INTERACTIVE_TIMEOUT)
-def format_rfc2307bis_deref_conf(ldap_conn, schema):
- """Format an SSSD configuration with all caches refreshing in 4 seconds"""
- return \
- format_basic_conf(ldap_conn, schema, enum=False) + \
- unindent("""
- [nss]
- memcache_timeout = 0
- enum_cache_timeout = {0}
- entry_negative_timeout = 0
-
- [domain/LDAP]
- entry_cache_timeout = {0}
- ldap_deref_threshold = 1
- """).format(INTERACTIVE_TIMEOUT)
-
def create_conf_file(contents):
"""Create sssd.conf with specified contents"""
@@ -240,19 +224,7 @@ def sanity_rfc2307(request, ldap_conn):
ent_list.add_group("two_user_group", 2012, ["user1", "user2"])
create_ldap_fixture(request, ldap_conn, ent_list)
- conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=True)
- create_conf_fixture(request, conf)
- create_sssd_fixture(request)
- return None
-
-
-@pytest.fixture
-def simple_rfc2307(request, ldap_conn):
- ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
- ent_list.add_user('usr\\\\001', 181818, 181818)
- ent_list.add_group("group1", 181818)
- create_ldap_fixture(request, ldap_conn, ent_list)
- conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=False)
+ conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
@@ -286,19 +258,12 @@ def sanity_rfc2307_bis(request, ldap_conn):
[], ["one_user_group1", "one_user_group2"])
create_ldap_fixture(request, ldap_conn, ent_list)
- conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS, enum=True)
+ conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
-def test_regression_ticket2163(ldap_conn, simple_rfc2307):
- ent.assert_passwd_by_name(
- 'usr\\001',
- dict(name='usr\\001', passwd='*', uid=181818, gid=181818,
- gecos='181818', shell='/bin/bash'))
-
-
def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
passwd_pattern = ent.contains_only(
dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
@@ -380,50 +345,6 @@ def test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
@pytest.fixture
-def refresh_after_cleanup_task(request, ldap_conn):
- ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
- ent_list.add_user("user1", 1001, 2001)
-
- ent_list.add_group_bis("group1", 2001, ["user1"])
- ent_list.add_group_bis("group2", 2002, [], ["group1"])
-
- create_ldap_fixture(request, ldap_conn, ent_list)
-
- conf = \
- format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS, enum=False) + \
- unindent("""
- [domain/LDAP]
- entry_cache_user_timeout = 1
- entry_cache_group_timeout = 5000
- ldap_purge_cache_timeout = 3
- """).format(**locals())
- create_conf_fixture(request, conf)
- create_sssd_fixture(request)
- return None
-
-
-def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
- """
- Regression test for ticket:
- https://fedorahosted.org/sssd/ticket/2676
- """
- ent.assert_group_by_name(
- "group2",
- dict(mem=ent.contains_only("user1")))
-
- ent.assert_passwd_by_name(
- 'user1',
- dict(name='user1', passwd='*', uid=1001, gid=2001,
- gecos='1001', shell='/bin/bash'))
-
- time.sleep(15)
-
- ent.assert_group_by_name(
- "group2",
- dict(mem=ent.contains_only("user1")))
-
-
-@pytest.fixture
def blank_rfc2307(request, ldap_conn):
"""Create blank RFC2307 directory fixture with interactive SSSD conf"""
create_ldap_cleanup(request, ldap_conn)
@@ -474,26 +395,6 @@ def user_and_groups_rfc2307_bis(request, ldap_conn):
return None
-@pytest.fixture
-def rfc2307bis_deref_group_with_users(request, ldap_conn):
- """
- Create an RFC2307bis directory fixture with interactive SSSD conf,
- one user and two groups
- """
- ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
- ent_list.add_user("user1", 1001, 2000)
- ent_list.add_user("user2", 1001, 2000)
- ent_list.add_user("user3", 1001, 2000)
- ent_list.add_group_bis("group1", 20000, member_uids=("user1", "user2"))
- create_ldap_fixture(request, ldap_conn, ent_list)
- create_conf_fixture(request,
- format_rfc2307bis_deref_conf(
- ldap_conn,
- SCHEMA_RFC2307_BIS))
- create_sssd_fixture(request)
- return None
-
-
def test_add_remove_user(ldap_conn, blank_rfc2307):
"""Test user addition and removal are reflected by SSSD"""
e = ldap_ent.user(ldap_conn.ds_inst.base_dn, "user", 2001, 2000)
@@ -590,11 +491,6 @@ def test_add_remove_membership_rfc2307_bis(ldap_conn,
ent.assert_group_by_name("group1", dict(mem=ent.contains_only()))
-def test_ldap_group_dereference(ldap_conn, rfc2307bis_deref_group_with_users):
- ent.assert_group_by_name("group1",
- dict(mem=ent.contains_only(
- "user1", "user2")))
-
@pytest.fixture
def override_homedir(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
@@ -606,7 +502,7 @@ def override_homedir(request, ldap_conn):
homeDirectory="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
- format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=True) + \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
override_homedir = /home/B
@@ -637,7 +533,7 @@ def fallback_homedir(request, ldap_conn):
homeDirectory="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
- format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=True) + \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
fallback_homedir = /home/B
@@ -668,7 +564,7 @@ def override_shell(request, ldap_conn):
loginShell="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
- format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=True) + \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
override_shell = /bin/B
@@ -699,7 +595,7 @@ def shell_fallback(request, ldap_conn):
loginShell="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
- format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=True) + \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
shell_fallback = /bin/fallback
@@ -732,7 +628,7 @@ def default_shell(request, ldap_conn):
loginShell="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
- format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=True) + \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
default_shell = /bin/default
@@ -767,7 +663,7 @@ def vetoed_shells(request, ldap_conn):
loginShell="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
- format_basic_conf(ldap_conn, SCHEMA_RFC2307, enum=True) + \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
default_shell = /bin/default
--
2.9.2
>From 4661f8f65440a9b741a5c487b4a76c622e9d096c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Thu, 14 Jul 2016 16:14:05 +0200
Subject: [PATCH 05/16] intg: create ldap test without enumeration
---
src/tests/intg/Makefile.am | 1 +
src/tests/intg/test_ldap.py | 697 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 698 insertions(+)
create mode 100644 src/tests/intg/test_ldap.py
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am
index
55dfd020f80ca9308b6f8bc7954c74c885e601bd..d73e4216310ccd1c90e6b7eb0a0e60068fc45bd5
100644
--- a/src/tests/intg/Makefile.am
+++ b/src/tests/intg/Makefile.am
@@ -12,6 +12,7 @@ dist_noinst_DATA = \
test_local_domain.py \
util.py \
test_enumeration.py \
+ test_ldap.py \
test_memory_cache.py \
test_ts_cache.py \
$(NULL)
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
new file mode 100644
index
0000000000000000000000000000000000000000..8915fa0c069622c92646493dd26f2fd5d2b8c89c
--- /dev/null
+++ b/src/tests/intg/test_ldap.py
@@ -0,0 +1,697 @@
+#
+# LDAP integration test
+#
+# Copyright (c) 2015 Red Hat, Inc.
+# Author: Nikolai Kondrashov <nikolai.kondras...@redhat.com>
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+import os
+import stat
+import pwd
+import grp
+import signal
+import subprocess
+import time
+import ldap
+import pytest
+
+import config
+import ds_openldap
+import ent
+import ldap_ent
+from util import unindent
+
+LDAP_BASE_DN = "dc=example,dc=com"
+INTERACTIVE_TIMEOUT = 4
+
+
+@pytest.fixture(scope="module")
+def ds_inst(request):
+ """LDAP server instance fixture"""
+ ds_inst = ds_openldap.DSOpenLDAP(
+ config.PREFIX, 10389, LDAP_BASE_DN,
+ "cn=admin", "Secret123"
+ )
+
+ try:
+ ds_inst.setup()
+ except:
+ ds_inst.teardown()
+ raise
+ request.addfinalizer(ds_inst.teardown)
+ return ds_inst
+
+
+@pytest.fixture(scope="module")
+def ldap_conn(request, ds_inst):
+ """LDAP server connection fixture"""
+ ldap_conn = ds_inst.bind()
+ ldap_conn.ds_inst = ds_inst
+ request.addfinalizer(ldap_conn.unbind_s)
+ return ldap_conn
+
+
+def create_ldap_entries(ldap_conn, ent_list=None):
+ """Add LDAP entries from ent_list"""
+ if ent_list is not None:
+ for entry in ent_list:
+ ldap_conn.add_s(entry[0], entry[1])
+
+
+def cleanup_ldap_entries(ldap_conn, ent_list=None):
+ """Remove LDAP entries added by create_ldap_entries"""
+ if ent_list is None:
+ for ou in ("Users", "Groups", "Netgroups", "Services", "Policies"):
+ for entry in ldap_conn.search_s("ou=" + ou + "," +
+ ldap_conn.ds_inst.base_dn,
+ ldap.SCOPE_ONELEVEL,
+ attrlist=[]):
+ ldap_conn.delete_s(entry[0])
+ else:
+ for entry in ent_list:
+ ldap_conn.delete_s(entry[0])
+
+
+def create_ldap_cleanup(request, ldap_conn, ent_list=None):
+ """Add teardown for removing all user/group LDAP entries"""
+ request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn, ent_list))
+
+
+def create_ldap_fixture(request, ldap_conn, ent_list=None):
+ """Add LDAP entries and add teardown for removing them"""
+ create_ldap_entries(ldap_conn, ent_list)
+ create_ldap_cleanup(request, ldap_conn, ent_list)
+
+
+SCHEMA_RFC2307 = "rfc2307"
+SCHEMA_RFC2307_BIS = "rfc2307bis"
+
+
+def format_basic_conf(ldap_conn, schema):
+ """Format a basic SSSD configuration"""
+ schema_conf = "ldap_schema = " + schema + "\n"
+ if schema == SCHEMA_RFC2307_BIS:
+ schema_conf += "ldap_group_object_class = groupOfNames\n"
+ return unindent("""\
+ [sssd]
+ debug_level = 0xffff
+ domains = LDAP
+ services = nss, pam
+
+ [nss]
+ debug_level = 0xffff
+ memcache_timeout = 0
+ entry_negative_timeout = 1
+
+ [pam]
+ debug_level = 0xffff
+
+ [domain/LDAP]
+ ldap_auth_disable_tls_never_use_in_production = true
+ debug_level = 0xffff
+ {schema_conf}
+ id_provider = ldap
+ auth_provider = ldap
+ ldap_uri = {ldap_conn.ds_inst.ldap_url}
+ ldap_search_base = {ldap_conn.ds_inst.base_dn}
+ """).format(**locals())
+
+
+def format_interactive_conf(ldap_conn, schema):
+ """Format an SSSD configuration with all caches refreshing in 4 seconds"""
+ return \
+ format_basic_conf(ldap_conn, schema) + \
+ unindent("""
+ [nss]
+ memcache_timeout = 0
+ entry_negative_timeout = 0
+
+ [domain/LDAP]
+ ldap_purge_cache_timeout = 1
+ entry_cache_timeout = {0}
+ """).format(INTERACTIVE_TIMEOUT)
+
+
+def format_rfc2307bis_deref_conf(ldap_conn, schema):
+ """Format an SSSD configuration with all caches refreshing in 4 seconds"""
+ return \
+ format_basic_conf(ldap_conn, schema) + \
+ unindent("""
+ [nss]
+ memcache_timeout = 0
+ entry_negative_timeout = 0
+
+ [domain/LDAP]
+ entry_cache_timeout = {0}
+ ldap_deref_threshold = 1
+ """).format(INTERACTIVE_TIMEOUT)
+
+
+def create_conf_file(contents):
+ """Create sssd.conf with specified contents"""
+ conf = open(config.CONF_PATH, "w")
+ conf.write(contents)
+ conf.close()
+ os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
+
+
+def cleanup_conf_file():
+ """Remove sssd.conf, if it exists"""
+ if os.path.lexists(config.CONF_PATH):
+ os.unlink(config.CONF_PATH)
+
+
+def create_conf_cleanup(request):
+ """Add teardown for removing sssd.conf"""
+ request.addfinalizer(cleanup_conf_file)
+
+
+def create_conf_fixture(request, contents):
+ """
+ Create sssd.conf with specified contents and add teardown for removing it
+ """
+ create_conf_file(contents)
+ create_conf_cleanup(request)
+
+
+def create_sssd_process():
+ """Start the SSSD process"""
+ if subprocess.call(["sssd", "-D", "-f"]) != 0:
+ raise Exception("sssd start failed")
+
+
+def cleanup_sssd_process():
+ """Stop the SSSD process and remove its state"""
+ try:
+ pid_file = open(config.PIDFILE_PATH, "r")
+ pid = int(pid_file.read())
+ os.kill(pid, signal.SIGTERM)
+ while True:
+ try:
+ os.kill(pid, signal.SIGCONT)
+ except:
+ break
+ time.sleep(1)
+ except:
+ pass
+ for path in os.listdir(config.DB_PATH):
+ os.unlink(config.DB_PATH + "/" + path)
+ for path in os.listdir(config.MCACHE_PATH):
+ os.unlink(config.MCACHE_PATH + "/" + path)
+
+
+def create_sssd_cleanup(request):
+ """Add teardown for stopping SSSD and removing its state"""
+ request.addfinalizer(cleanup_sssd_process)
+
+
+def create_sssd_fixture(request):
+ """Start SSSD and add teardown for stopping it and removing its state"""
+ create_sssd_process()
+ create_sssd_cleanup(request)
+
+
+@pytest.fixture
+def sanity_rfc2307(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2001)
+ ent_list.add_user("user2", 1002, 2002)
+ ent_list.add_user("user3", 1003, 2003)
+
+ ent_list.add_group("group1", 2001)
+ ent_list.add_group("group2", 2002)
+ ent_list.add_group("group3", 2003)
+
+ ent_list.add_group("empty_group", 2010)
+
+ ent_list.add_group("two_user_group", 2012, ["user1", "user2"])
+ create_ldap_fixture(request, ldap_conn, ent_list)
+
+ conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+ return None
+
+
+@pytest.fixture
+def simple_rfc2307(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user('usr\\\\001', 181818, 181818)
+ ent_list.add_group("group1", 181818)
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+ return None
+
+
+@pytest.fixture
+def sanity_rfc2307_bis(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2001)
+ ent_list.add_user("user2", 1002, 2002)
+ ent_list.add_user("user3", 1003, 2003)
+
+ ent_list.add_group_bis("group1", 2001)
+ ent_list.add_group_bis("group2", 2002)
+ ent_list.add_group_bis("group3", 2003)
+
+ ent_list.add_group_bis("empty_group1", 2010)
+ ent_list.add_group_bis("empty_group2", 2011)
+
+ ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
+ ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
+ ent_list.add_group_bis("group_two_empty_groups", 2014,
+ [], ["empty_group1", "empty_group2"])
+ ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
+ ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
+ ent_list.add_group_bis("group_one_user_group", 2017,
+ [], ["one_user_group1"])
+ ent_list.add_group_bis("group_two_user_group", 2018,
+ [], ["two_user_group"])
+ ent_list.add_group_bis("group_two_one_user_groups", 2019,
+ [], ["one_user_group1", "one_user_group2"])
+
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+ return None
+
+
+def expected_list_to_name_dict(entries):
+ return dict((u["name"], u) for u in entries)
+
+
+def test_regression_ticket2163(ldap_conn, simple_rfc2307):
+ ent.assert_passwd_by_name(
+ 'usr\\001',
+ dict(name='usr\\001', passwd='*', uid=181818, gid=181818,
+ gecos='181818', shell='/bin/bash'))
+
+
+def test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
+ dir='/home/user1', shell='/bin/bash'),
+ dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
+ dir='/home/user2', shell='/bin/bash'),
+ dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
+ dir='/home/user3', shell='/bin/bash')
+ ])
+ ent.assert_each_passwd_by_name(passwd_pattern)
+
+ group_pattern = expected_list_to_name_dict([
+ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
+ dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
+ dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
+ dict(name='empty_group', passwd='*', gid=2010,
+ mem=ent.contains_only()),
+ dict(name='two_user_group', passwd='*', gid=2012,
+ mem=ent.contains_only("user1", "user2"))
+ ])
+ ent.assert_each_group_by_name(group_pattern)
+
+ with pytest.raises(KeyError):
+ pwd.getpwnam("non_existent_user")
+ with pytest.raises(KeyError):
+ pwd.getpwuid(1)
+ with pytest.raises(KeyError):
+ grp.getgrnam("non_existent_group")
+ with pytest.raises(KeyError):
+ grp.getgrgid(1)
+
+
+def test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
+ dir='/home/user1', shell='/bin/bash'),
+ dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
+ dir='/home/user2', shell='/bin/bash'),
+ dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
+ dir='/home/user3', shell='/bin/bash')
+ ])
+ ent.assert_each_passwd_by_name(passwd_pattern)
+
+ group_pattern = expected_list_to_name_dict([
+ dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
+ dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
+ dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
+ dict(name='empty_group1', passwd='*', gid=2010,
+ mem=ent.contains_only()),
+ dict(name='empty_group2', passwd='*', gid=2011,
+ mem=ent.contains_only()),
+ dict(name='two_user_group', passwd='*', gid=2012,
+ mem=ent.contains_only("user1", "user2")),
+ dict(name='group_empty_group', passwd='*', gid=2013,
+ mem=ent.contains_only()),
+ dict(name='group_two_empty_groups', passwd='*', gid=2014,
+ mem=ent.contains_only()),
+ dict(name='one_user_group1', passwd='*', gid=2015,
+ mem=ent.contains_only("user1")),
+ dict(name='one_user_group2', passwd='*', gid=2016,
+ mem=ent.contains_only("user2")),
+ dict(name='group_one_user_group', passwd='*', gid=2017,
+ mem=ent.contains_only("user1")),
+ dict(name='group_two_user_group', passwd='*', gid=2018,
+ mem=ent.contains_only("user1", "user2")),
+ dict(name='group_two_one_user_groups', passwd='*', gid=2019,
+ mem=ent.contains_only("user1", "user2"))
+ ])
+ ent.assert_each_group_by_name(group_pattern)
+
+ with pytest.raises(KeyError):
+ pwd.getpwnam("non_existent_user")
+ with pytest.raises(KeyError):
+ pwd.getpwuid(1)
+ with pytest.raises(KeyError):
+ grp.getgrnam("non_existent_group")
+ with pytest.raises(KeyError):
+ grp.getgrgid(1)
+
+
+@pytest.fixture
+def refresh_after_cleanup_task(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2001)
+
+ ent_list.add_group_bis("group1", 2001, ["user1"])
+ ent_list.add_group_bis("group2", 2002, [], ["group1"])
+
+ create_ldap_fixture(request, ldap_conn, ent_list)
+
+ conf = \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
+ unindent("""
+ [domain/LDAP]
+ entry_cache_user_timeout = 1
+ entry_cache_group_timeout = 5000
+ ldap_purge_cache_timeout = 3
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+ return None
+
+
+def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
+ """
+ Regression test for ticket:
+ https://fedorahosted.org/sssd/ticket/2676
+ """
+ ent.assert_group_by_name(
+ "group2",
+ dict(mem=ent.contains_only("user1")))
+
+ ent.assert_passwd_by_name(
+ 'user1',
+ dict(name='user1', passwd='*', uid=1001, gid=2001,
+ gecos='1001', shell='/bin/bash'))
+
+ time.sleep(15)
+
+ ent.assert_group_by_name(
+ "group2",
+ dict(mem=ent.contains_only("user1")))
+
+
+@pytest.fixture
+def blank_rfc2307(request, ldap_conn):
+ """Create blank RFC2307 directory fixture with interactive SSSD conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request,
+ format_interactive_conf(ldap_conn, SCHEMA_RFC2307))
+ create_sssd_fixture(request)
+
+
+@pytest.fixture
+def blank_rfc2307_bis(request, ldap_conn):
+ """Create blank RFC2307bis directory fixture with interactive SSSD conf"""
+ create_ldap_cleanup(request, ldap_conn)
+ create_conf_fixture(request,
+ format_interactive_conf(ldap_conn, SCHEMA_RFC2307_BIS))
+ create_sssd_fixture(request)
+
+
+@pytest.fixture
+def user_and_group_rfc2307(request, ldap_conn):
+ """
+ Create an RFC2307 directory fixture with interactive SSSD conf,
+ one user and one group
+ """
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user", 1001, 2000)
+ ent_list.add_group("group", 2001)
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ create_conf_fixture(request,
+ format_interactive_conf(ldap_conn, SCHEMA_RFC2307))
+ create_sssd_fixture(request)
+ return None
+
+
+@pytest.fixture
+def user_and_groups_rfc2307_bis(request, ldap_conn):
+ """
+ Create an RFC2307bis directory fixture with interactive SSSD conf,
+ one user and two groups
+ """
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user", 1001, 2000)
+ ent_list.add_group_bis("group1", 2001)
+ ent_list.add_group_bis("group2", 2002)
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ create_conf_fixture(request,
+ format_interactive_conf(ldap_conn, SCHEMA_RFC2307_BIS))
+ create_sssd_fixture(request)
+ return None
+
+
+@pytest.fixture
+def rfc2307bis_deref_group_with_users(request, ldap_conn):
+ """
+ Create an RFC2307bis directory fixture with interactive SSSD conf,
+ one user and two groups
+ """
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user1", 1001, 2000)
+ ent_list.add_user("user2", 1001, 2000)
+ ent_list.add_user("user3", 1001, 2000)
+ ent_list.add_group_bis("group1", 20000, member_uids=("user1", "user2"))
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ create_conf_fixture(request,
+ format_rfc2307bis_deref_conf(
+ ldap_conn,
+ SCHEMA_RFC2307_BIS))
+ create_sssd_fixture(request)
+ return None
+
+
+def test_ldap_group_dereference(ldap_conn, rfc2307bis_deref_group_with_users):
+ ent.assert_group_by_name("group1",
+ dict(mem=ent.contains_only("user1", "user2")))
+
+
+@pytest.fixture
+def override_homedir(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_homedir_A", 1001, 2001,
+ homeDirectory="/home/A")
+ ent_list.add_user("user_with_homedir_B", 1002, 2002,
+ homeDirectory="/home/B")
+ ent_list.add_user("user_with_empty_homedir", 1003, 2003,
+ homeDirectory="")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
+ unindent("""\
+ [nss]
+ override_homedir = /home/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_override_homedir(override_homedir):
+ """Test the effect of the "override_homedir" option"""
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name="user_with_homedir_A", uid=1001, dir="/home/B"),
+ dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
+ dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
+ ])
+
+ ent.assert_each_passwd_by_name(passwd_pattern)
+
+
+@pytest.fixture
+def fallback_homedir(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_homedir_A", 1001, 2001,
+ homeDirectory="/home/A")
+ ent_list.add_user("user_with_homedir_B", 1002, 2002,
+ homeDirectory="/home/B")
+ ent_list.add_user("user_with_empty_homedir", 1003, 2003,
+ homeDirectory="")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
+ unindent("""\
+ [nss]
+ fallback_homedir = /home/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_fallback_homedir(fallback_homedir):
+ """Test the effect of the "fallback_homedir" option"""
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name="user_with_homedir_A", uid=1001, dir="/home/A"),
+ dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
+ dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
+ ])
+
+ ent.assert_each_passwd_by_name(passwd_pattern)
+
+
+@pytest.fixture
+def override_shell(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_shell_A", 1001, 2001,
+ loginShell="/bin/A")
+ ent_list.add_user("user_with_shell_B", 1002, 2002,
+ loginShell="/bin/B")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell="")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
+ unindent("""\
+ [nss]
+ override_shell = /bin/B
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_override_shell(override_shell):
+ """Test the effect of the "override_shell" option"""
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name="user_with_shell_A", uid=1001, shell="/bin/B"),
+ dict(name="user_with_shell_B", uid=1002, shell="/bin/B"),
+ dict(name="user_with_empty_shell", uid=1003, shell="/bin/B")
+ ])
+
+ ent.assert_each_passwd_by_name(passwd_pattern)
+
+
+@pytest.fixture
+def shell_fallback(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell="/bin/sh")
+ ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
+ loginShell="/bin/not_installed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell="")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
+ unindent("""\
+ [nss]
+ shell_fallback = /bin/fallback
+ allowed_shells = /bin/not_installed
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_shell_fallback(shell_fallback):
+ """Test the effect of the "shell_fallback" option"""
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
+ dict(name="user_with_not_installed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003, shell="")
+ ])
+
+ ent.assert_each_passwd_by_name(passwd_pattern)
+
+
+@pytest.fixture
+def default_shell(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell="/bin/sh")
+ ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
+ loginShell="/bin/not_installed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell="")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
+ unindent("""\
+ [nss]
+ default_shell = /bin/default
+ allowed_shells = /bin/default, /bin/not_installed
+ shell_fallback = /bin/fallback
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_default_shell(default_shell):
+ """Test the effect of the "default_shell" option"""
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
+ dict(name="user_with_not_installed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003,
+ shell="/bin/default")
+ ])
+
+ ent.assert_each_passwd_by_name(passwd_pattern)
+
+
+@pytest.fixture
+def vetoed_shells(request, ldap_conn):
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ ent_list.add_user("user_with_sh_shell", 1001, 2001,
+ loginShell="/bin/sh")
+ ent_list.add_user("user_with_vetoed_shell", 1002, 2002,
+ loginShell="/bin/vetoed")
+ ent_list.add_user("user_with_empty_shell", 1003, 2003,
+ loginShell="")
+ create_ldap_fixture(request, ldap_conn, ent_list)
+ conf = \
+ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
+ unindent("""\
+ [nss]
+ default_shell = /bin/default
+ vetoed_shells = /bin/vetoed
+ shell_fallback = /bin/fallback
+ """).format(**locals())
+ create_conf_fixture(request, conf)
+ create_sssd_fixture(request)
+
+
+def test_vetoed_shells(vetoed_shells):
+ """Test the effect of the "vetoed_shells" option"""
+ passwd_pattern = expected_list_to_name_dict([
+ dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
+ dict(name="user_with_vetoed_shell", uid=1002,
+ shell="/bin/fallback"),
+ dict(name="user_with_empty_shell", uid=1003,
+ shell="/bin/default")
+ ])
+
+ ent.assert_each_passwd_by_name(passwd_pattern)
--
2.9.2
>From c7b8588c739bae8abcec5f8b91ad8489ab39a13f Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Sat, 30 Jul 2016 22:42:45 +0200
Subject: [PATCH 06/16] sssd_id.py: Primary group should be returned for
initgroups
Side effect of this change was that some primary groups
could not be resolved and therefore get_user_groups
failed in override tests. We should do the same as "id user".
return decimal representation GID if it cannot be mapped to name.
---
src/tests/intg/ldap_local_override_test.py | 4 ++--
src/tests/intg/sssd_id.py | 22 +++++++++++++++++++++-
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/tests/intg/ldap_local_override_test.py
b/src/tests/intg/ldap_local_override_test.py
index
046535c7727d0f2271f4b974f68ba0722222982b..a27b819b6bca7f5f1411826a496fc6aee924bfc0
100644
--- a/src/tests/intg/ldap_local_override_test.py
+++ b/src/tests/intg/ldap_local_override_test.py
@@ -947,12 +947,12 @@ def test_regr_2790_override(ldap_conn,
env_regr_2790_override):
(res, errno, grp_list) = sssd_id.get_user_groups("alias1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
"Could not find groups for user1 %d" % errno
- assert grp_list == ["group1"]
+ assert sorted(grp_list) == sorted(["20001", "group1"])
(res, errno, grp_list) = sssd_id.get_user_groups("alias2")
assert res == sssd_id.NssReturnCode.SUCCESS, \
"Could not find groups for user2 %d" % errno
- assert sorted(grp_list) == sorted(["group1", "group2"])
+ assert sorted(grp_list) == sorted(["20002", "group1", "group2"])
# Test fully qualified and case-insensitive names
diff --git a/src/tests/intg/sssd_id.py b/src/tests/intg/sssd_id.py
index
4ae41af98bad804026083b193eddfa6c2d3c924c..95c9ab75a381ca58dde230796c1c4c9fa7aa61d5
100644
--- a/src/tests/intg/sssd_id.py
+++ b/src/tests/intg/sssd_id.py
@@ -73,6 +73,10 @@ def call_sssd_initgroups(user, gid):
for i in range(0, gids_count):
gids.append(int(p_groups.contents[i]))
+ # add primary group if missing
+ if gid not in gids:
+ gids.append(gid)
+
return (int(res), errno[0], gids)
@@ -97,6 +101,22 @@ def get_user_gids(user):
return call_sssd_initgroups(user, gid)
+def gid_to_str(gid):
+ """
+ Function will map numeric GID into names.
+ If there isn't a group for GID (getgrgid failed)
+ then the function will return decimal representation of ID.
+
+ @param int gid ID of groups which should be converted to string.
+ @return string name of group with requested ID or decimal
+ representation of ID
+ """
+ try:
+ return grp.getgrgid(gid).gr_name
+ except KeyError:
+ return str(gid)
+
+
def get_user_groups(user):
"""
Function will initialize the supplementary group access list
@@ -114,6 +134,6 @@ def get_user_groups(user):
groups = []
if res == NssReturnCode.SUCCESS:
- groups = [grp.getgrgid(gid).gr_name for gid in gids]
+ groups = [gid_to_str(gid) for gid in gids]
return (res, errno, groups)
--
2.9.2
>From 7eed10ad3ffb1cf17f77b8821077ae8eb93a0698 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Wed, 3 Aug 2016 09:45:33 +0200
Subject: [PATCH 07/16] intg: Fix pep8 warnings
E302 expected 2 blank lines, found 1
E303 too many blank lines (2)
E501 line too long (84 > 79 characters)
---
src/tests/intg/ldap_local_override_test.py | 4 ++--
src/tests/intg/sssd_ldb.py | 3 ++-
src/tests/intg/test_ts_cache.py | 33 ++++++++++++++++++++----------
3 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/src/tests/intg/ldap_local_override_test.py
b/src/tests/intg/ldap_local_override_test.py
index
a27b819b6bca7f5f1411826a496fc6aee924bfc0..63de836d4d645b2e2be968bb23ce84f0cb90189a
100644
--- a/src/tests/intg/ldap_local_override_test.py
+++ b/src/tests/intg/ldap_local_override_test.py
@@ -954,8 +954,8 @@ def test_regr_2790_override(ldap_conn,
env_regr_2790_override):
"Could not find groups for user2 %d" % errno
assert sorted(grp_list) == sorted(["20002", "group1", "group2"])
+
# Test fully qualified and case-insensitive names
-
@pytest.fixture
def env_mix_cased_name_override(request, ldap_conn):
"""Setup test for mixed case names"""
@@ -969,7 +969,6 @@ def env_mix_cased_name_override(request, ldap_conn):
create_ldap_fixture(request, ldap_conn, ent_list)
-
pwd.getpwnam('user1@LDAP')
pwd.getpwnam('user2@LDAP')
with pytest.raises(KeyError):
@@ -996,6 +995,7 @@ def env_mix_cased_name_override(request, ldap_conn):
restart_sssd()
+
def test_mix_cased_name_override(ldap_conn, env_mix_cased_name_override):
"""Test if names with upper and lower case letter are overridden"""
diff --git a/src/tests/intg/sssd_ldb.py b/src/tests/intg/sssd_ldb.py
index
b77d0eb088c1d3ea99935a6c6a9d964fec441c43..35b389da490ff8e76ae58dc303b809eb75d2aaf8
100644
--- a/src/tests/intg/sssd_ldb.py
+++ b/src/tests/intg/sssd_ldb.py
@@ -71,7 +71,8 @@ class SssdLdb(object):
return "cn=%s,cn=%s,cn=sysdb" % (rdn, self._domain_name)
def _basedn(self, name, domain, entry_type):
- return "name=%s@%s,%s" % (name, domain.lower(),
self._entry_basedn(entry_type))
+ return "name=%s@%s,%s" % (name, domain.lower(),
+ self._entry_basedn(entry_type))
def get_entry_attr(self, cache_type, entry_type, name, domain, attr):
dbconn = self._get_dbconn(cache_type)
diff --git a/src/tests/intg/test_ts_cache.py b/src/tests/intg/test_ts_cache.py
index
0ba84b45f57ca246d28bfa0478a2c0db7e7a99e0..c49a5c9c4e746ea935b924863b4b6308862f1404
100644
--- a/src/tests/intg/test_ts_cache.py
+++ b/src/tests/intg/test_ts_cache.py
@@ -259,8 +259,9 @@ def prime_cache_group(ldb_conn, name, members):
def prime_cache_user(ldb_conn, name, primary_gid):
- # calling initgroups would add the initgExpire timestamp attribute and
make sure
- # that sss_cache doesn't add it with a value of 1, triggering a sysdb
update
+ # calling initgroups would add the initgExpire timestamp attribute and
+ # make sure that sss_cache doesn't add it with a value of 1,
+ # triggering a sysdb update
(res, errno, gids) = sssd_id.call_sssd_initgroups(name, primary_gid)
assert res == sssd_id.NssReturnCode.SUCCESS
@@ -295,7 +296,8 @@ def test_group_2307bis_update_same_modstamp(ldap_conn,
SSSD_DOMAIN, TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_same_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -328,7 +330,8 @@ def test_group_2307bis_update_same_attrs(ldap_conn,
SSSD_DOMAIN, TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -358,7 +361,8 @@ def test_group_2307bis_update_diff_attrs(ldap_conn,
SSSD_DOMAIN, TS_ATTRLIST)
assert_diff_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_diff_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_diff_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -410,7 +414,8 @@ def test_group_2307_update_same_modstamp(ldap_conn,
SSSD_DOMAIN, TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_same_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -443,7 +448,8 @@ def test_group_2307_update_same_attrs(ldap_conn,
SSSD_DOMAIN, TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -472,7 +478,8 @@ def test_group_2307_update_diff_attrs(ldap_conn,
SSSD_DOMAIN, TS_ATTRLIST)
assert_diff_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_diff_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_diff_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -520,7 +527,8 @@ def test_user_update_same_modstamp(ldap_conn,
sysdb_attrs, ts_attrs = get_user_attrs(ldb_conn, "user1",
SSSD_DOMAIN, TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_same_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -549,7 +557,8 @@ def test_user_update_same_attrs(ldap_conn,
sysdb_attrs, ts_attrs = get_user_attrs(ldb_conn, "user1",
SSSD_DOMAIN, TS_ATTRLIST)
assert_same_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_same_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
@@ -577,11 +586,13 @@ def test_user_update_diff_attrs(ldap_conn,
sysdb_attrs, ts_attrs = get_user_attrs(ldb_conn, "user1",
SSSD_DOMAIN, TS_ATTRLIST)
assert_diff_attrval(sysdb_attrs, old_sysdb_attrs, "dataExpireTimestamp")
- assert_diff_attrval(sysdb_attrs, old_sysdb_attrs,
"originalModifyTimestamp")
+ assert_diff_attrval(sysdb_attrs, old_sysdb_attrs,
+ "originalModifyTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "dataExpireTimestamp")
assert_diff_attrval(ts_attrs, old_ts_attrs, "originalModifyTimestamp")
+
def test_user_2307bis_delete_user(ldap_conn,
ldb_examine,
setup_rfc2307bis):
--
2.9.2
>From 584e80b532cae2b06b39120d54b7ca78fc5e591c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Sat, 30 Jul 2016 20:20:22 +0200
Subject: [PATCH 08/16] test_ldap: test nested membership with rfc2307bis
Integration test for #3093
---
src/tests/intg/test_ldap.py | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index
8915fa0c069622c92646493dd26f2fd5d2b8c89c..a51e69c06723c3a64c01d5ac42b8b5c34c91f87f
100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -30,6 +30,7 @@ import config
import ds_openldap
import ent
import ldap_ent
+import sssd_id
from util import unindent
LDAP_BASE_DN = "dc=example,dc=com"
@@ -695,3 +696,26 @@ def test_vetoed_shells(vetoed_shells):
])
ent.assert_each_passwd_by_name(passwd_pattern)
+
+
+def test_user_2307bis_nested_groups(ldap_conn,
+ sanity_rfc2307_bis):
+ """
+ Test nested groups
+ """
+ primary_gid = 2001
+ # group1, two_user_group, one_user_group1, group_one_user_group,
+ # group_two_user_group, group_two_one_user_groups
+ expected_gids = [2001, 2012, 2015, 2017, 2018, 2019]
+
+ ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001,
+ gid=primary_gid))
+
+ (res, errno, gids) = sssd_id.call_sssd_initgroups("user1", primary_gid)
+ assert res == sssd_id.NssReturnCode.SUCCESS
+
+ assert sorted(gids) == sorted(expected_gids), \
+ "result: %s\n expected %s" % (
+ ", ".join(["%s" % s for s in sorted(gids)]),
+ ", ".join(["%s" % s for s in sorted(expected_gids)])
+ )
--
2.9.2
>From f07eb6d9db9a25de0cd44a179404044891c44b88 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Aug 2016 14:35:23 +0200
Subject: [PATCH 09/16] test_ldap: test resolving of names with special
characters
---
src/tests/intg/test_ldap.py | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index
a51e69c06723c3a64c01d5ac42b8b5c34c91f87f..c40ce09579755d8e952e990283e93284811f1020
100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -237,6 +237,9 @@ def sanity_rfc2307(request, ldap_conn):
ent_list.add_group("empty_group", 2010)
ent_list.add_group("two_user_group", 2012, ["user1", "user2"])
+
+ ent_list.add_user("t(u)ser", 5000, 5001)
+ ent_list.add_group("group(_u)ser1", 5001, ["t(u)ser"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
@@ -719,3 +722,15 @@ def test_user_2307bis_nested_groups(ldap_conn,
", ".join(["%s" % s for s in sorted(gids)]),
", ".join(["%s" % s for s in sorted(expected_gids)])
)
+
+
+def test_special_characters_in_names(ldap_conn, sanity_rfc2307):
+ ent.assert_passwd_by_name(
+ "t(u)ser",
+ dict(name="t(u)ser", passwd="*", uid=5000, gid=5001,
+ gecos="5000", shell="/bin/bash"))
+
+ ent.assert_group_by_name(
+ "group(_u)ser1",
+ dict(name="group(_u)ser1", passwd="*", gid=5001,
+ mem=ent.contains_only("t(u)ser")))
--
2.9.2
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
