URL: https://github.com/SSSD/sssd/pull/5835 Author: jakub-vavra-cz Title: #5835: Tests: Add test for bz1636002. Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5835/head:pr5835 git checkout pr5835
From a225e8a4ca8c9524252c1629710cacbb5807bf2a Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jva...@redhat.com> Date: Tue, 19 Oct 2021 11:00:41 +0200 Subject: [PATCH] Tests: Add test for bz1636002. Verifies: #5782 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1636002 --- src/tests/multihost/alltests/test_misc.py | 83 +++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index f241800272..c181bdd239 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -398,3 +398,86 @@ def test_0007_getent_admproxy(self, multihost, backupsssdconf): cache_first_false = multihost.client[0].run_command(getent_admproxy, raiseonerr=False) assert cache_first_false.returncode == 0 + + @staticmethod + @pytest.mark.tier1_2 + def test_0008_1636002(multihost, backupsssdconf): + """ + :title: IDM-SSSD-TC: ldap_provider: socket-activated services start as + the sssd user and then are unable to read the confdb + :id: 7a33729a-ab74-4d9e-9d75-e952deaa7bd2 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1636002 + :customerscenario: true + :steps: + 1. Switch to socket activated services, restart sssd + 2. Check 'getent passwd <user> output. + 3. Run ssh for the user to trigger PAM. + 4. Check log for error messages related to opening + /var/lib/sss/db/config.ldb + :expectedresults: + 1. No issue switching and sssd has started. + 2. It should succeed. + 3. /var/log/sssd/sssd_pam.log is present + 4. The error messages are not present. + :teardown: + 1. Undo socket activation. + 2. Restore sssd.conf + """ + # pylint: disable=unused-argument + client = sssdTools(multihost.client[0]) + client.clear_sssd_cache() + + domain_name = client.get_domain_section_name() + user = f'foo1@{domain_name}' + + # Configure socket activation + sssd_params = {'services': ''} + client.sssd_conf('sssd', sssd_params) + client.clear_sssd_cache() + enable_cmd = "systemctl enable sssd-nss.socket sssd-pam.socket" \ + " sssd-pam-priv.socket" + multihost.client[0].run_command(enable_cmd) + multihost.client[0].service_sssd('restart') + + # Show the sssd config + multihost.client[0].run_command( + 'cat /etc/sssd/sssd.conf', raiseonerr=False) + + # Run getent passwd + usr_cmd = multihost.client[0].run_command( + f'getent passwd {user}', raiseonerr=False) + + # Try ssh after socket activation is configured + # Result does not matter we just need to trigger the PAM stack + ssh_client = pexpect_ssh( + multihost.client[0].sys_hostname, user, 'Secret123', debug=False) + try: + ssh_client.login( + login_timeout=30, sync_multiplier=5, auto_prompt_reset=False) + except SSHLoginException: + pass + else: + ssh_client.logout() + + # Print pam log for debug purposes + multihost.client[0].run_command( + 'cat /var/log/sssd/sssd_pam.log', raiseonerr=False) + + # Download sssd pam log + log_str = multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_pam.log"). \ + decode('utf-8') + + # Disable socket activation + multihost.client[0].run_command( + "systemctl disable sssd-nss.socket sssd-pam.socket" + " sssd-pam-priv.socket", raiseonerr=False) + + # Evaluate test results + assert usr_cmd.returncode == 0, f"User {user} was not found." + assert "CONFDB: /var/lib/sss/db/config.ldb" in log_str + assert "Unable to open tdb '/var/lib/sss/db/config.ldb': " \ + "Permission denied" not in log_str + assert "Failed to connect to '/var/lib/sss/db/config.ldb'" \ + not in log_str + assert "The confdb initialization failed" not in log_str
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
