tests/intg/test_ldap.py

49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik#
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# LDAP integration test
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik#
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# Copyright (c) 2015 Red Hat, Inc.
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# Author: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik#
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# This is free software; you can redistribute it and/or modify it
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# under the terms of the GNU General Public License as published by
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# the Free Software Foundation; version 2 only
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik#
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# This program is distributed in the hope that it will be useful, but
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# WITHOUT ANY WARRANTY; without even the implied warranty of
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# General Public License for more details.
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik#
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# You should have received a copy of the GNU General Public License
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# along with this program.  If not, see <http://www.gnu.org/licenses/>.
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik#
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport os
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport stat
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport pwd
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport grp
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport signal
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport subprocess
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport time
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport ldap
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnikimport ldap.modlist
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport pytest
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport config
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport ds_openldap
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport ent
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikimport ldap_ent
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnikimport sssd_id
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnikimport sssd_ldb
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikfrom util import unindent
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozekfrom sssd_nss import NssReturnCode
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozekfrom sssd_passwd import call_sssd_getpwnam, call_sssd_getpwuid
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozekfrom sssd_group import call_sssd_getgrnam, call_sssd_getgrgid
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas SlebodnikLDAP_BASE_DN = "dc=example,dc=com"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas SlebodnikINTERACTIVE_TIMEOUT = 4
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture(scope="module")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef ds_inst(request):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """LDAP server instance fixture"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ds_inst = ds_openldap.DSOpenLDAP(
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        config.PREFIX, 10389, LDAP_BASE_DN,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        "cn=admin", "Secret123"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    )
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    try:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        ds_inst.setup()
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    except:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        ds_inst.teardown()
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        raise
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    request.addfinalizer(ds_inst.teardown)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return ds_inst
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture(scope="module")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef ldap_conn(request, ds_inst):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """LDAP server connection fixture"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ldap_conn = ds_inst.bind()
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ldap_conn.ds_inst = ds_inst
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    request.addfinalizer(ldap_conn.unbind_s)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return ldap_conn
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_ldap_entries(ldap_conn, ent_list=None):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Add LDAP entries from ent_list"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    if ent_list is not None:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        for entry in ent_list:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            ldap_conn.add_s(entry[0], entry[1])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef cleanup_ldap_entries(ldap_conn, ent_list=None):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Remove LDAP entries added by create_ldap_entries"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    if ent_list is None:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        for ou in ("Users", "Groups", "Netgroups", "Services", "Policies"):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            for entry in ldap_conn.search_s("ou=" + ou + "," +
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                                            ldap_conn.ds_inst.base_dn,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                                            ldap.SCOPE_ONELEVEL,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                                            attrlist=[]):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                ldap_conn.delete_s(entry[0])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    else:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        for entry in ent_list:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            ldap_conn.delete_s(entry[0])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_ldap_cleanup(request, ldap_conn, ent_list=None):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Add teardown for removing all user/group LDAP entries"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn, ent_list))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozekdef create_ldap_fixture(request, ldap_conn, ent_list=None, cleanup=True):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Add LDAP entries and add teardown for removing them"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_entries(ldap_conn, ent_list)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    if cleanup:
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        create_ldap_cleanup(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas SlebodnikSCHEMA_RFC2307 = "rfc2307"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas SlebodnikSCHEMA_RFC2307_BIS = "rfc2307bis"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef format_basic_conf(ldap_conn, schema):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Format a basic SSSD configuration"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    schema_conf = "ldap_schema         = " + schema + "\n"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    if schema == SCHEMA_RFC2307_BIS:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        schema_conf += "ldap_group_object_class = groupOfNames\n"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return unindent("""\
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        [sssd]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        debug_level         = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        domains             = LDAP
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        services            = nss, pam
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        debug_level         = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        memcache_timeout    = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        entry_negative_timeout = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        [pam]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        debug_level         = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        [domain/LDAP]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        ldap_auth_disable_tls_never_use_in_production = true
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        debug_level         = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        {schema_conf}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        id_provider         = ldap
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        auth_provider       = ldap
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        ldap_uri            = {ldap_conn.ds_inst.ldap_url}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        ldap_search_base    = {ldap_conn.ds_inst.base_dn}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef format_interactive_conf(ldap_conn, schema):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Format an SSSD configuration with all caches refreshing in 4 seconds"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, schema) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            memcache_timeout                    = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            entry_negative_timeout              = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [domain/LDAP]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            ldap_purge_cache_timeout            = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            entry_cache_timeout                 = {0}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(INTERACTIVE_TIMEOUT)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef format_rfc2307bis_deref_conf(ldap_conn, schema):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Format an SSSD configuration with all caches refreshing in 4 seconds"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, schema) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            memcache_timeout                    = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            entry_negative_timeout              = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [domain/LDAP]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            entry_cache_timeout                 = {0}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            ldap_deref_threshold                = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(INTERACTIVE_TIMEOUT)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_conf_file(contents):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Create sssd.conf with specified contents"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = open(config.CONF_PATH, "w")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf.write(contents)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf.close()
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef cleanup_conf_file():
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Remove sssd.conf, if it exists"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    if os.path.lexists(config.CONF_PATH):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        os.unlink(config.CONF_PATH)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_conf_cleanup(request):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Add teardown for removing sssd.conf"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    request.addfinalizer(cleanup_conf_file)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_conf_fixture(request, contents):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    Create sssd.conf with specified contents and add teardown for removing it
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_file(contents)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_cleanup(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_sssd_process():
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Start the SSSD process"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    if subprocess.call(["sssd", "-D", "-f"]) != 0:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        raise Exception("sssd start failed")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef cleanup_sssd_process():
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Stop the SSSD process and remove its state"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    try:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        pid_file = open(config.PIDFILE_PATH, "r")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        pid = int(pid_file.read())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        os.kill(pid, signal.SIGTERM)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        while True:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            try:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                os.kill(pid, signal.SIGCONT)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            except:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                break
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            time.sleep(1)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    except:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        pass
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    for path in os.listdir(config.DB_PATH):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        os.unlink(config.DB_PATH + "/" + path)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    for path in os.listdir(config.MCACHE_PATH):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        os.unlink(config.MCACHE_PATH + "/" + path)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_sssd_cleanup(request):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Add teardown for stopping SSSD and removing its state"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    request.addfinalizer(cleanup_sssd_process)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_sssd_fixture(request):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Start SSSD and add teardown for stopping it and removing its state"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_process()
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_cleanup(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef sanity_rfc2307(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user1", 1001, 2001)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user2", 1002, 2002)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user3", 1003, 2003)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group("group1", 2001)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group("group2", 2002)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group("group3", 2003)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group("empty_group", 2010)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group("two_user_group", 2012, ["user1", "user2"])
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    ent_list.add_user("t(u)ser", 5000, 5001)
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    ent_list.add_group("group(_u)ser1", 5001, ["t(u)ser"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return None
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef simple_rfc2307(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user('usr\\\\001', 181818, 181818)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group("group1", 181818)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return None
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef sanity_rfc2307_bis(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user1", 1001, 2001)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user2", 1002, 2002)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user3", 1003, 2003)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group1", 2001)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group2", 2002)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group3", 2003)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("empty_group1", 2010)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("empty_group2", 2011)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group_two_empty_groups", 2014,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                           [], ["empty_group1", "empty_group2"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group_one_user_group", 2017,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                           [], ["one_user_group1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group_two_user_group", 2018,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                           [], ["two_user_group"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group_two_one_user_groups", 2019,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                           [], ["one_user_group1", "one_user_group2"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return None
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef expected_list_to_name_dict(entries):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return dict((u["name"], u) for u in entries)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_regression_ticket2163(ldap_conn, simple_rfc2307):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_passwd_by_name(
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        'usr\\001',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='usr\\001', passwd='*', uid=181818, gid=181818,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             gecos='181818', shell='/bin/bash'))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             dir='/home/user1', shell='/bin/bash'),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             dir='/home/user2', shell='/bin/bash'),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             dir='/home/user3', shell='/bin/bash')
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    group_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='empty_group', passwd='*', gid=2010,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='two_user_group', passwd='*', gid=2012,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only("user1", "user2"))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_group_by_name(group_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        pwd.getpwnam("non_existent_user")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        pwd.getpwuid(1)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        grp.getgrnam("non_existent_group")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        grp.getgrgid(1)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             dir='/home/user1', shell='/bin/bash'),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             dir='/home/user2', shell='/bin/bash'),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             dir='/home/user3', shell='/bin/bash')
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    group_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='empty_group1', passwd='*', gid=2010,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='empty_group2', passwd='*', gid=2011,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='two_user_group', passwd='*', gid=2012,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only("user1", "user2")),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group_empty_group', passwd='*', gid=2013,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group_two_empty_groups', passwd='*', gid=2014,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='one_user_group1', passwd='*', gid=2015,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only("user1")),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='one_user_group2', passwd='*', gid=2016,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only("user2")),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group_one_user_group', passwd='*', gid=2017,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only("user1")),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group_two_user_group', passwd='*', gid=2018,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only("user1", "user2")),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='group_two_one_user_groups', passwd='*', gid=2019,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             mem=ent.contains_only("user1", "user2"))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_group_by_name(group_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        pwd.getpwnam("non_existent_user")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        pwd.getpwuid(1)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        grp.getgrnam("non_existent_group")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    with pytest.raises(KeyError):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        grp.getgrgid(1)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef refresh_after_cleanup_task(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user1", 1001, 2001)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group1", 2001, ["user1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group2", 2002, [], ["group1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [domain/LDAP]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            entry_cache_user_timeout = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            entry_cache_group_timeout = 5000
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            ldap_purge_cache_timeout = 3
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return None
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    Regression test for ticket:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    https://fedorahosted.org/sssd/ticket/2676
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_group_by_name(
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        "group2",
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(mem=ent.contains_only("user1")))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_passwd_by_name(
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        'user1',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name='user1', passwd='*', uid=1001, gid=2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             gecos='1001', shell='/bin/bash'))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    time.sleep(15)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_group_by_name(
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        "group2",
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(mem=ent.contains_only("user1")))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek@pytest.fixture
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozekdef update_ts_after_cleanup_task(request, ldap_conn):
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent_list.add_user("user1", 1001, 2001)
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent_list.add_user("user2", 1002, 2001)
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent_list.add_group_bis("group1", 2001, ["user1", "user2"])
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    create_ldap_fixture(request, ldap_conn, ent_list)
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    conf = \
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        unindent("""
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek            [domain/LDAP]
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek            ldap_purge_cache_timeout = 3
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        """).format(**locals())
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    create_conf_fixture(request, conf)
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    create_sssd_fixture(request)
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    return None
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozekdef test_update_ts_cache_after_cleanup_task(ldap_conn,
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek                                            update_ts_after_cleanup_task):
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    """
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    Regression test for ticket:
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    https://fedorahosted.org/sssd/ticket/2676
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    """
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent.assert_group_by_name(
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        "group1",
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        dict(mem=ent.contains_only("user1", "user2")))
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent.assert_passwd_by_name(
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        'user1',
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        dict(name='user1', passwd='*', uid=1001, gid=2001,
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek             gecos='1001', shell='/bin/bash'))
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent.assert_passwd_by_name(
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        'user2',
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        dict(name='user2', passwd='*', uid=1002, gid=2001,
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek             gecos='1002', shell='/bin/bash'))
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    if subprocess.call(["sss_cache", "-u", "user1"]) != 0:
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        raise Exception("sssd_cache failed")
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    # The cleanup task runs every 3 seconds, so sleep for 6
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    # so that we know the cleanup task ran at least once
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    # even if we start sleeping during the first one
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    time.sleep(6)
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek    ent.assert_group_by_name(
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        "group1",
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek        dict(mem=ent.contains_only("user1", "user2")))
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
250751bf8b0532d6175e762b7f2f008cc1c39a78Jakub Hrozek
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef blank_rfc2307(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Create blank RFC2307 directory fixture with interactive SSSD conf"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_cleanup(request, ldap_conn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                        format_interactive_conf(ldap_conn, SCHEMA_RFC2307))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef blank_rfc2307_bis(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Create blank RFC2307bis directory fixture with interactive SSSD conf"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_cleanup(request, ldap_conn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                        format_interactive_conf(ldap_conn, SCHEMA_RFC2307_BIS))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef user_and_group_rfc2307(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    Create an RFC2307 directory fixture with interactive SSSD conf,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    one user and one group
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user", 1001, 2000)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group("group", 2001)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                        format_interactive_conf(ldap_conn, SCHEMA_RFC2307))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return None
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef user_and_groups_rfc2307_bis(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    Create an RFC2307bis directory fixture with interactive SSSD conf,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    one user and two groups
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user", 1001, 2000)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group1", 2001)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group2", 2002)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                        format_interactive_conf(ldap_conn, SCHEMA_RFC2307_BIS))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return None
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef rfc2307bis_deref_group_with_users(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    Create an RFC2307bis directory fixture with interactive SSSD conf,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    one user and two groups
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user1", 1001, 2000)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user2", 1001, 2000)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user3", 1001, 2000)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_group_bis("group1", 20000, member_uids=("user1", "user2"))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                        format_rfc2307bis_deref_conf(
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                            ldap_conn,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                            SCHEMA_RFC2307_BIS))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    return None
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_ldap_group_dereference(ldap_conn, rfc2307bis_deref_group_with_users):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_group_by_name("group1",
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                             dict(mem=ent.contains_only("user1", "user2")))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef override_homedir(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_homedir_A", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      homeDirectory="/home/A")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_homedir_B", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      homeDirectory="/home/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_empty_homedir", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      homeDirectory="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""\
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            override_homedir    = /home/B
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_override_homedir(override_homedir):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Test the effect of the "override_homedir" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_homedir_A", uid=1001, dir="/home/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef fallback_homedir(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_homedir_A", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      homeDirectory="/home/A")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_homedir_B", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      homeDirectory="/home/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_empty_homedir", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      homeDirectory="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""\
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            fallback_homedir    = /home/B
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_fallback_homedir(fallback_homedir):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Test the effect of the "fallback_homedir" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_homedir_A", uid=1001, dir="/home/A"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef override_shell(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_shell_A", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/A")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_shell_B", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""\
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            override_shell      = /bin/B
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_override_shell(override_shell):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Test the effect of the "override_shell" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_shell_A", uid=1001, shell="/bin/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_shell_B", uid=1002, shell="/bin/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_empty_shell", uid=1003, shell="/bin/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef shell_fallback(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_sh_shell", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/sh")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/not_installed")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""\
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            shell_fallback      = /bin/fallback
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            allowed_shells      = /bin/not_installed
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_shell_fallback(shell_fallback):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Test the effect of the "shell_fallback" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_not_installed_shell", uid=1002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             shell="/bin/fallback"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_empty_shell", uid=1003, shell="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef default_shell(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_sh_shell", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/sh")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/not_installed")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""\
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            default_shell       = /bin/default
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            allowed_shells      = /bin/default, /bin/not_installed
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            shell_fallback      = /bin/fallback
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_default_shell(default_shell):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Test the effect of the "default_shell" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_not_installed_shell", uid=1002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             shell="/bin/fallback"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_empty_shell", uid=1003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             shell="/bin/default")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik@pytest.fixture
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef vetoed_shells(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_sh_shell", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/sh")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_vetoed_shell", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="/bin/vetoed")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik                      loginShell="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    conf = \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        unindent("""\
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            [nss]
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            default_shell       = /bin/default
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            vetoed_shells       = /bin/vetoed
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik            shell_fallback      = /bin/fallback
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        """).format(**locals())
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_conf_fixture(request, conf)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    create_sssd_fixture(request)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_vetoed_shells(vetoed_shells):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    """Test the effect of the "vetoed_shells" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_vetoed_shell", uid=1002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             shell="/bin/fallback"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik        dict(name="user_with_empty_shell", uid=1003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik             shell="/bin/default")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnikdef test_user_2307bis_nested_groups(ldap_conn,
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik                                    sanity_rfc2307_bis):
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    """
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    Test nested groups.
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    Regression test for ticket:
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    https://fedorahosted.org/sssd/ticket/3093
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    """
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    primary_gid = 2001
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    # group1, two_user_group, one_user_group1, group_one_user_group,
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    # group_two_user_group, group_two_one_user_groups
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    expected_gids = [2001, 2012, 2015, 2017, 2018, 2019]
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001,
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik                                            gid=primary_gid))
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    (res, errno, gids) = sssd_id.call_sssd_initgroups("user1", primary_gid)
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    assert res == sssd_id.NssReturnCode.SUCCESS
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik    assert sorted(gids) == sorted(expected_gids), \
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik        "result: %s\n expected %s" % (
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik            ", ".join(["%s" % s for s in sorted(gids)]),
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik            ", ".join(["%s" % s for s in sorted(expected_gids)])
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik        )
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnikdef test_special_characters_in_names(ldap_conn, sanity_rfc2307):
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    """
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    Test special characters which could cause malformed filter
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    in ldb_seach.
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    Regression test for ticket:
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    https://fedorahosted.org/sssd/ticket/3121
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    """
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    ent.assert_passwd_by_name(
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik        "t(u)ser",
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik        dict(name="t(u)ser", passwd="*", uid=5000, gid=5001,
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik             gecos="5000", shell="/bin/bash"))
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik    ent.assert_group_by_name(
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik        "group(_u)ser1",
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik        dict(name="group(_u)ser1", passwd="*", gid=5001,
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik             mem=ent.contains_only("t(u)ser")))
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik@pytest.fixture
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnikdef extra_attributes(request, ldap_conn):
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ent_list.add_user("user", 2001, 2000)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ent_list.add_group("group", 2000)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    conf = \
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik        format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik        unindent("""\
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik            [domain/LDAP]
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik            ldap_user_extra_attrs = mail, name:uid, givenName
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik        """).format(**locals())
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    create_conf_fixture(request, conf)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    create_sssd_fixture(request)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnikdef test_extra_attribute_already_exists(ldap_conn, extra_attributes):
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    """Test the effect of the "vetoed_shells" option"""
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    user = 'user'
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    extra_attribute = 'givenName'
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    given_name = b'unix_user'
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    user_dn = "uid=" + user + ",ou=Users," + ldap_conn.ds_inst.base_dn
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    old = {'objectClass': [b'top', b'inetOrgPerson', b'posixAccount']}
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    new = {'objectClass': [b'top', b'inetOrgPerson', b'posixAccount',
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik                           b'extensibleObject']}
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ldif = ldap.modlist.modifyModlist(old, new)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ldap_conn.modify_s(user_dn, ldif)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ldap_conn.modify_s(user_dn, [(ldap.MOD_ADD, extra_attribute, given_name)])
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ent.assert_passwd_by_name(
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik        user,
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik        dict(name="user", uid=2001, gid=2000, shell="/bin/bash"),
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    )
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    domain = 'LDAP'
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    ldb_conn = sssd_ldb.SssdLdb('LDAP')
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    val = ldb_conn.get_entry_attr(sssd_ldb.CacheType.sysdb,
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik                                  sssd_ldb.TsCacheEntry.user,
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik                                  user, domain, extra_attribute)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik    assert val == given_name
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech@pytest.fixture
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef add_user_to_group(request, ldap_conn):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    """
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    Adding user to group
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    """
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_user("user1", 1001, 2001)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_ldap_fixture(request, ldap_conn, ent_list)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_conf_fixture(request,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                        format_rfc2307bis_deref_conf(
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                            ldap_conn,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                            SCHEMA_RFC2307_BIS))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_sssd_fixture(request)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    return None
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef test_add_user_to_group(ldap_conn, add_user_to_group):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech@pytest.fixture
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef remove_user_from_group(request, ldap_conn):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    """
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    Adding user to group
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    """
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_user("user1", 1001, 2001)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_user("user2", 1002, 2002)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_group_bis("group1", 20001, member_uids=["user1", "user2"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_ldap_fixture(request, ldap_conn, ent_list)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_conf_fixture(request,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                        format_rfc2307bis_deref_conf(
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                            ldap_conn,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                            SCHEMA_RFC2307_BIS))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_sssd_fixture(request)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    return None
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef test_remove_user_from_group(ldap_conn, remove_user_from_group):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    """
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    Removing two users from group, step by step
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    """
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    group1_dn = 'cn=group1,ou=Groups,' + ldap_conn.ds_inst.base_dn
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group1",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user1", "user2")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    # removing of user2 from group1
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    old = {'member': [b"uid=user1,ou=Users,dc=example,dc=com",
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik                      b"uid=user2,ou=Users,dc=example,dc=com"]}
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    new = {'member': [b"uid=user1,ou=Users,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldif = ldap.modlist.modifyModlist(old, new)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldap_conn.modify_s(group1_dn, ldif)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    if subprocess.call(["sss_cache", "-GU"]) != 0:
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech        raise Exception("sssd_cache failed")
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    # removing of user1 from group1
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    old = {'member': [b"uid=user1,ou=Users,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    new = {'member': []}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldif = ldap.modlist.modifyModlist(old, new)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldap_conn.modify_s(group1_dn, ldif)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    if subprocess.call(["sss_cache", "-GU"]) != 0:
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech        raise Exception("sssd_cache failed")
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group1", dict(mem=ent.contains_only()))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech@pytest.fixture
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef remove_user_from_nested_group(request, ldap_conn):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_user("user1", 1001, 2001)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_user("user2", 1002, 2002)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_group_bis("group2", 20002, member_uids=["user2"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent_list.add_group_bis("group3", 20003, member_gids=["group1", "group2"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_ldap_fixture(request, ldap_conn, ent_list)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_conf_fixture(request,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                        format_rfc2307bis_deref_conf(
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                            ldap_conn,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                            SCHEMA_RFC2307_BIS))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    create_sssd_fixture(request)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    return None
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef test_remove_user_from_nested_group(ldap_conn,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                                       remove_user_from_nested_group):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    group3_dn = 'cn=group3,ou=Groups,' + ldap_conn.ds_inst.base_dn
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group1",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group2",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user2")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group3",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user1",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                                                        "user2")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    # removing of group2 from group3
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    old = {'member': [b"cn=group1,ou=Groups,dc=example,dc=com",
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik                      b"cn=group2,ou=Groups,dc=example,dc=com"]}
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    new = {'member': [b"cn=group1,ou=Groups,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldif = ldap.modlist.modifyModlist(old, new)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldap_conn.modify_s(group3_dn, ldif)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    if subprocess.call(["sss_cache", "-GU"]) != 0:
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech        raise Exception("sssd_cache failed")
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group1",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group2",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user2")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group3",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    # removing of group1 from group3
1097a61a8d4a892e126d14631c1b80fc1a5ce976Lukas Slebodnik    old = {'member': [b"cn=group1,ou=Groups,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    new = {'member': []}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldif = ldap.modlist.modifyModlist(old, new)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ldap_conn.modify_s(group3_dn, ldif)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    if subprocess.call(["sss_cache", "-GU"]) != 0:
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech        raise Exception("sssd_cache failed")
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group1",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group2",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only("user2")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech    ent.assert_group_by_name("group3",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech                             dict(mem=ent.contains_only()))
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozekdef zero_nesting_sssd_conf(ldap_conn, schema):
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    """Format an SSSD configuration with group nesting disabled"""
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    return \
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek        format_basic_conf(ldap_conn, schema) + \
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek        unindent("""
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek            [domain/LDAP]
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek            ldap_group_nesting_level                = 0
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek        """).format(INTERACTIVE_TIMEOUT)
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek@pytest.fixture
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozekdef rfc2307bis_no_nesting(request, ldap_conn):
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    ent_list.add_user("user1", 1001, 2001)
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    ent_list.add_group_bis("primarygroup", 2001)
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    ent_list.add_group_bis("parentgroup", 2010, member_uids=["user1"])
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    ent_list.add_group_bis("nestedgroup", 2011, member_gids=["parentgroup"])
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    create_ldap_fixture(request, ldap_conn, ent_list)
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    create_conf_fixture(request,
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek                        zero_nesting_sssd_conf(
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek                            ldap_conn,
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek                            SCHEMA_RFC2307_BIS))
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    create_sssd_fixture(request)
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek    return None
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozekdef test_zero_nesting_level(ldap_conn, rfc2307bis_no_nesting):
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    """
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    Test initgroups operation with rfc2307bis schema asserting
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    only primary group and parent groups are included in group
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    list. No parent groups of groups should be returned with zero
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    group nesting level.
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    """
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    ent.assert_group_by_name("parentgroup",
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek                             dict(mem=ent.contains_only("user1")))
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    ent.assert_group_by_name("nestedgroup",
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson                             dict(mem=ent.contains_only()))
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    (res, errno, grp_list) = sssd_id.get_user_groups("user1")
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    assert res == sssd_id.NssReturnCode.SUCCESS, \
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson        "Could not find groups for user1, %d" % errno
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson
da694601229b5c8c5303a91317f067a912599e89Jakub Hrozek    # test nestedgroup is not returned in group list
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson    assert sorted(grp_list) == sorted(["primarygroup", "parentgroup"])
6d57cd501c28aa52731c56cd751bbc404f991ae0Justin Stephenson
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik@pytest.fixture
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnikdef sanity_nss_filter(request, ldap_conn):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_user("user1", 1001, 2001)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_user("user2", 1002, 2002)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_user("user3", 1003, 2003)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group1", 2001)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group2", 2002)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group3", 2003)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("empty_group1", 2010)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("empty_group2", 2011)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group_two_empty_groups", 2014,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik                           [], ["empty_group1", "empty_group2"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group_one_user_group", 2017,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik                           [], ["one_user_group1"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group_two_user_group", 2018,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik                           [], ["two_user_group"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent_list.add_group_bis("group_two_one_user_groups", 2019,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik                           [], ["one_user_group1", "one_user_group2"])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    create_ldap_fixture(request, ldap_conn, ent_list)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        unindent("""
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik            [nss]
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik            filter_users = user2
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik            filter_groups = group_two_one_user_groups
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        """).format(**locals())
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    create_conf_fixture(request, conf)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    create_sssd_fixture(request)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    return None
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnikdef test_nss_filters(ldap_conn, sanity_nss_filter):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    passwd_pattern = expected_list_to_name_dict([
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             dir='/home/user1', shell='/bin/bash'),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             dir='/home/user3', shell='/bin/bash')
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    # test filtered user
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent.assert_each_passwd_by_name(passwd_pattern)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        pwd.getpwnam("user2")
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        pwd.getpwuid(1002)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    group_pattern = expected_list_to_name_dict([
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='empty_group1', passwd='*', gid=2010,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='empty_group2', passwd='*', gid=2011,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='two_user_group', passwd='*', gid=2012,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only("user1")),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='group_empty_group', passwd='*', gid=2013,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='group_two_empty_groups', passwd='*', gid=2014,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='one_user_group1', passwd='*', gid=2015,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only("user1")),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='one_user_group2', passwd='*', gid=2016,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only()),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='group_one_user_group', passwd='*', gid=2017,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only("user1")),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        dict(name='group_two_user_group', passwd='*', gid=2018,
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik             mem=ent.contains_only("user1")),
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ])
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    # test filtered group
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    ent.assert_each_group_by_name(group_pattern)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        grp.getgrnam("group_two_one_user_groups")
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        grp.getgrgid(2019)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    # test non-existing user/group
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        pwd.getpwnam("non_existent_user")
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        pwd.getpwuid(9)
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        grp.getgrnam("non_existent_group")
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik    with pytest.raises(KeyError):
e1052a50b9cf42963e0a805a43e2957426096938Lukas Slebodnik        grp.getgrgid(14)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio@pytest.fixture
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidênciodef sanity_nss_filter_cached(request, ldap_conn):
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent_list.add_user("user1", 1001, 2001)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent_list.add_user("user2", 1002, 2002)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent_list.add_user("user3", 1003, 2003)
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    ent_list.add_user("root", 1004, 2004)
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    ent_list.add_user("zerouid", 0, 0)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent_list.add_group_bis("group1", 2001)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent_list.add_group_bis("group2", 2002)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent_list.add_group_bis("group3", 2003)
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    ent_list.add_group_bis("root", 2004)
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    ent_list.add_group_bis("zerogid", 0)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    create_ldap_fixture(request, ldap_conn, ent_list)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        unindent("""
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio            [nss]
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio            filter_users = user2
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio            filter_groups = group2
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio            entry_negative_timeout = 1
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        """).format(**locals())
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    create_conf_fixture(request, conf)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    create_sssd_fixture(request)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    return None
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidênciodef test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached):
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    passwd_pattern = expected_list_to_name_dict([
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio             dir='/home/user1', shell='/bin/bash'),
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio             dir='/home/user3', shell='/bin/bash')
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ])
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent.assert_each_passwd_by_name(passwd_pattern)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    # test filtered user
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    with pytest.raises(KeyError):
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        pwd.getpwuid(1002)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    time.sleep(2)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    with pytest.raises(KeyError):
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        pwd.getpwuid(1002)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    group_pattern = expected_list_to_name_dict([
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ])
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    ent.assert_each_group_by_name(group_pattern)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    # test filtered group
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    with pytest.raises(KeyError):
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        grp.getgrgid(2002)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    time.sleep(2)
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio    with pytest.raises(KeyError):
13205258cc17d3833558244251f5adbc98cf34e5Fabiano Fidêncio        grp.getgrgid(2002)
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    # test that root is always filtered even if filter_users contains other
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    # entries. This is a regression test for upstream ticket #3460
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    res, _ = call_sssd_getpwnam("root")
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    assert res == NssReturnCode.NOTFOUND
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    res, _ = call_sssd_getgrnam("root")
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    assert res == NssReturnCode.NOTFOUND
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    res, _ = call_sssd_getpwuid(0)
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    assert res == NssReturnCode.NOTFOUND
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    res, _ = call_sssd_getgrgid(0)
6c3841099addb84bf3e9a2f85e96dffae1b94623Jakub Hrozek    assert res == NssReturnCode.NOTFOUND
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek@pytest.fixture
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozekdef mpg_setup(request, ldap_conn):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_user("user1", 1001, 2001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_user("user2", 1002, 2002)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_user("user3", 1003, 2003)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("group1", 2001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("group2", 2002)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("group3", 2003)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_ldap_entries(ldap_conn, ent_list)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_ldap_cleanup(request, ldap_conn, None)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    conf = \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        unindent("""
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            [domain/LDAP]
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            auto_private_groups = True
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        """).format(**locals())
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_conf_fixture(request, conf)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_sssd_fixture(request)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    return None
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozekdef test_ldap_auto_private_groups_direct(ldap_conn, mpg_setup):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    """
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    Integration test for auto_private_groups
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    See also ticket https://pagure.io/SSSD/sssd/issue/1872
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    """
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Make sure the user's GID is taken from their uidNumber
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=1001))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Make sure the private group is resolvable by name and by GID
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_name("user1", dict(gid=1001, mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(1001, dict(name="user1", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # The group referenced in user's gidNumber attribute should be still
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # visible, but it's fine that it doesn't contain the user as a member
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # as the group is currently added during the initgroups operation only
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_name("group1", dict(gid=2001, mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(2001, dict(name="group1", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # The user's secondary groups list must be correct as well
16fe3a34960ff3a5c79c6412b755220545501968Fabiano Fidêncio    # Note that the original GID is listed as well -- this is correct and
16fe3a34960ff3a5c79c6412b755220545501968Fabiano Fidêncio    # expected because we save the original GID in the
16fe3a34960ff3a5c79c6412b755220545501968Fabiano Fidêncio    # SYSDB_PRIMARY_GROUP_GIDNUM attribute
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    user1_expected_gids = [1001, 2001, 2012, 2015]
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    (res, errno, gids) = sssd_id.call_sssd_initgroups("user1", 1001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert sorted(gids) == sorted(user1_expected_gids), \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        "result: %s\n expected %s" % (
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(gids)]),
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(user1_expected_gids)])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        )
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Request user2's private group by GID without resolving the user first.
16fe3a34960ff3a5c79c6412b755220545501968Fabiano Fidêncio    # This must trigger user resolution through by-GID resolution, since the
16fe3a34960ff3a5c79c6412b755220545501968Fabiano Fidêncio    # GID doesn't exist on its own in LDAP
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(1002, dict(name="user2", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Test supplementary groups for user2 as well
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    user1_expected_gids = [1002, 2002, 2012, 2016]
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    (res, errno, gids) = sssd_id.call_sssd_initgroups("user2", 1002)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert sorted(gids) == sorted(user1_expected_gids), \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        "result: %s\n expected %s" % (
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(gids)]),
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(user1_expected_gids)])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        )
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Request user3's private group by name without resolving the user first
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # This must trigger user resolution through by-name resolution, since the
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # name doesn't exist on its own in LDAP
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_name("user3", dict(gid=1003, mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Remove entries and request them again to make sure they are not
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # resolvable anymore
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    cleanup_ldap_entries(ldap_conn, None)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    if subprocess.call(["sss_cache", "-GU"]) != 0:
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        raise Exception("sssd_cache failed")
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    with pytest.raises(KeyError):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        pwd.getpwnam("user1")
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    with pytest.raises(KeyError):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        grp.getgrnam("user1")
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    with pytest.raises(KeyError):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        grp.getgrgid(1002)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    with pytest.raises(KeyError):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        grp.getgrnam("user3")
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek@pytest.fixture
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozekdef mpg_setup_conflict(request, ldap_conn):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_user("user1", 1001, 2001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_user("user2", 1002, 2002)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_user("user3", 1003, 1003)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("group1", 1001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("group2", 1002)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("group3", 1003)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("supp_group", 2015, ["user3"])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_ldap_fixture(request, ldap_conn, ent_list)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    conf = \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        unindent("""
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            [domain/LDAP]
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            auto_private_groups = True
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        """).format(**locals())
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_conf_fixture(request, conf)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_sssd_fixture(request)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    return None
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozekdef test_ldap_auto_private_groups_conflict(ldap_conn, mpg_setup_conflict):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    """
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    Make sure that conflicts between groups that are auto-created with the
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    help of the auto_private_groups option and between 'real' LDAP groups
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    are handled in a predictable manner.
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    """
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Make sure the user's GID is taken from their uidNumber
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=1001))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Make sure the private group is resolvable by name and by GID
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_name("user1", dict(gid=1001, mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(1001, dict(name="user1", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Let's request the group with the same ID as user2's private group
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # The request should match the 'real' group
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(1002, dict(name="group2", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # But because of the GID conflict, the user cannot be resolved
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    with pytest.raises(KeyError):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        pwd.getpwnam("user2")
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # This user's GID is the same as the UID in this entry. The most important
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # thing here is that the supplementary groups are correct and the GID
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # resolves to the private group (as long as the user was requested first)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    user3_expected_gids = [1003, 2015]
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_passwd_by_name("user3", dict(name="user3", uid=1003, gid=1003))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    (res, errno, gids) = sssd_id.call_sssd_initgroups("user3", 1003)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert sorted(gids) == sorted(user3_expected_gids), \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        "result: %s\n expected %s" % (
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(gids)]),
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(user3_expected_gids)])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        )
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Make sure the private group is resolvable by name and by GID
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(1003, dict(name="user3", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_name("user3", dict(gid=1003, mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek@pytest.fixture
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozekdef mpg_setup_no_gid(request, ldap_conn):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_user("user1", 1001, 2001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("group1", 2001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_ldap_entries(ldap_conn, ent_list)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_ldap_cleanup(request, ldap_conn, None)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    conf = \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        unindent("""
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            [domain/LDAP]
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            auto_private_groups = True
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ldap_user_gid_number = no_such_attribute
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        """).format(**locals())
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_conf_fixture(request, conf)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    create_sssd_fixture(request)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    return None
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozekdef test_ldap_auto_private_groups_direct_no_gid(ldap_conn, mpg_setup_no_gid):
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    """
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    Integration test for auto_private_groups - test that even a user with
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    no GID assigned at all can be resolved including their autogenerated
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    primary group.
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    See also ticket https://pagure.io/SSSD/sssd/issue/1872
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    """
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Make sure the user's GID is taken from their uidNumber
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=1001))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # Make sure the private group is resolvable by name and by GID
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_name("user1", dict(gid=1001, mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(1001, dict(name="user1", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # The group referenced in user's gidNumber attribute should be still
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # visible, but shouldn't have any relation to the user
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_name("group1", dict(gid=2001, mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    ent.assert_group_by_gid(2001, dict(name="group1", mem=ent.contains_only()))
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # The user's secondary groups list must be correct as well. This time only
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # the generated group and the explicit secondary group are added, since
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    # there is no original GID
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    user1_expected_gids = [1001, 2015]
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    (res, errno, gids) = sssd_id.call_sssd_initgroups("user1", 1001)
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek    assert sorted(gids) == sorted(user1_expected_gids), \
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        "result: %s\n expected %s" % (
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(gids)]),
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek            ", ".join(["%s" % s for s in sorted(user1_expected_gids)])
6c802b2009c1b6dd0c3306ba97056e64acc0ec9eJakub Hrozek        )
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozekdef rename_setup_no_cleanup(request, ldap_conn, cleanup_ent=None):
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ent_list.add_user("user1", 1001, 2001)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ent_list.add_group_bis("user1_private", 2001)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ent_list.add_user("user2", 1002, 2002)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ent_list.add_group_bis("user2_private", 2002)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ent_list.add_group_bis("group1", 2015, ["user1", "user2"])
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    if cleanup_ent is None:
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        create_ldap_fixture(request, ldap_conn, ent_list)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    else:
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        # Since the entries were renamed, we need to clean up
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        # the renamed entries..
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        create_ldap_fixture(request, ldap_conn, ent_list, cleanup=False)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        create_ldap_cleanup(request, ldap_conn, None)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek@pytest.fixture
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozekdef rename_setup_cleanup(request, ldap_conn):
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    cleanup_ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    cleanup_ent_list.add_user("user1", 1001, 2001)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    cleanup_ent_list.add_group_bis("new_user1_private", 2001)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    cleanup_ent_list.add_user("user2", 1002, 2002)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    cleanup_ent_list.add_group_bis("new_user2_private", 2002)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    cleanup_ent_list.add_group_bis("new_group1", 2015, ["user1", "user2"])
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    rename_setup_no_cleanup(request, ldap_conn, cleanup_ent_list)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    create_conf_fixture(request, conf)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    create_sssd_fixture(request)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    return None
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek@pytest.fixture
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozekdef rename_setup_with_name(request, ldap_conn):
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    rename_setup_no_cleanup(request, ldap_conn)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        unindent("""
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek            [nss]
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek            [domain/LDAP]
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek            ldap_group_name                = name
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek            timeout = 3000
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        """).format(**locals())
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    create_conf_fixture(request, conf)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    create_sssd_fixture(request)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    return None
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozekdef test_rename_incomplete_group_same_dn(ldap_conn, rename_setup_with_name):
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    """
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    Test that if a group's name attribute changes, but the DN stays the same,
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    the incomplete group object will be renamed.
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    Because the RDN attribute must be present in the entry, we add another
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    attribute "name" that is purposefully different from the CN and make
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    sure the group names are reflected in name
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    Regression test for https://pagure.io/SSSD/sssd/issue/3282
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    """
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    pvt_dn1 = 'cn=user1_private,ou=Groups,' + ldap_conn.ds_inst.base_dn
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    pvt_dn2 = 'cn=user2_private,ou=Groups,' + ldap_conn.ds_inst.base_dn
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    group1_dn = 'cn=group1,ou=Groups,' + ldap_conn.ds_inst.base_dn
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    # Add the name we want for both private and secondary group
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    old = {'name': []}
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    new = {'name': [b"user1_group1"]}
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldif = ldap.modlist.modifyModlist(old, new)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldap_conn.modify_s(group1_dn, ldif)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    new = {'name': [b"pvt_user1"]}
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldif = ldap.modlist.modifyModlist(old, new)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldap_conn.modify_s(pvt_dn1, ldif)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    new = {'name': [b"pvt_user2"]}
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldif = ldap.modlist.modifyModlist(old, new)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldap_conn.modify_s(pvt_dn2, ldif)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    # Make sure the old name shows up in the id output
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    (res, errno, grp_list) = sssd_id.get_user_groups("user1")
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS, \
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        "Could not find groups for user1, %d" % errno
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert sorted(grp_list) == sorted(["pvt_user1", "user1_group1"])
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    # Rename the group by changing the cn attribute, but keep the DN the same
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    old = {'name': [b"user1_group1"]}
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    new = {'name': [b"new_user1_group1"]}
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldif = ldap.modlist.modifyModlist(old, new)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldap_conn.modify_s(group1_dn, ldif)
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    (res, errno, grp_list) = sssd_id.get_user_groups("user2")
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS, \
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        "Could not find groups for user2, %d" % errno
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert sorted(grp_list) == sorted(["pvt_user2", "new_user1_group1"])
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    (res, errno, grp_list) = sssd_id.get_user_groups("user1")
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS, \
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        "Could not find groups for user1, %d" % errno
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert sorted(grp_list) == sorted(["pvt_user1", "new_user1_group1"])
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozekdef test_rename_incomplete_group_rdn_changed(ldap_conn, rename_setup_cleanup):
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    """
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    Test that if a group's name attribute changes, and the DN changes with
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    the RDN. Then adding the second group will fail because we can't tell if
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    there are two duplicate groups in LDAP when saving the group or if the
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    group was renamed.
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    Please note that with many directories (AD, IPA), the code can rely on
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    other heuristics (SID, UUID) to find out the group is in fact the same.
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    Regression test for https://pagure.io/SSSD/sssd/issue/3282
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    """
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    pvt_dn = 'cn=user1_private,ou=Groups,' + ldap_conn.ds_inst.base_dn
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    group1_dn = 'cn=group1,ou=Groups,' + ldap_conn.ds_inst.base_dn
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    # Make sure the old name shows up in the id output
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    (res, errno, grp_list) = sssd_id.get_user_groups("user1")
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS, \
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        "Could not find groups for user1, %d" % errno
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert sorted(grp_list) == sorted(["user1_private", "group1"])
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    # Rename the groups, changing the RDN
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldap_conn.rename_s(group1_dn, "cn=new_group1")
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    ldap_conn.rename_s(pvt_dn, "cn=new_user1_private")
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    (res, errno, grp_list) = sssd_id.get_user_groups("user2")
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert res == sssd_id.NssReturnCode.SUCCESS, \
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek        "Could not find groups for user2, %d" % errno
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    # The initgroups succeeds, but because saving the new group fails,
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    # SSSD will revert to the cache contents and return what's in the cache
35d6fb7cabd6183252fd29b29aaf66264dca9135Jakub Hrozek    assert sorted(grp_list) == sorted(["user2_private", "group1"])