a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# LDAP integration test
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# Copyright (c) 2015 Red Hat, Inc.
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# Author: Lukas Slebodnik <lslebodn@redhat.com>
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# This is free software; you can redistribute it and/or modify it
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# under the terms of the GNU General Public License as published by
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# the Free Software Foundation; version 2 only
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# This program is distributed in the hope that it will be useful, but
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# WITHOUT ANY WARRANTY; without even the implied warranty of
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# General Public License for more details.
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# You should have received a copy of the GNU General Public License
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik# along with this program. If not, see <http://www.gnu.org/licenses/>.
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik """LDAP server instance fixture"""
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik request.addfinalizer(lambda: ds_inst.teardown())
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik """LDAP server connection fixture"""
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik request.addfinalizer(lambda: ldap_conn.unbind_s())
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef create_ldap_fixture(request, ldap_conn, ent_list):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik """Add LDAP entries and add teardown for removing them"""
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik """Generate sssd.conf and add teardown for removing it"""
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik request.addfinalizer(lambda: os.unlink(config.CONF_PATH))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik """Start sssd and add teardown for stopping it and removing state"""
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik if subprocess.call(["sssd", "-D", "-f"]) != 0:
a190e39ea4f2c084091be1cd37a3c6e3b603540eNikolai Kondrashov ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent_list.add_group("group1", 2001, ["user1", "user11", "user21"])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent_list.add_group("group2", 2002, ["user2", "user12", "user22"])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent_list.add_group("group3", 2003, ["user3", "user13", "user23"])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent_list.add_group("group0x", 2000, ["user1", "user2", "user3"])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent_list.add_group("group1x", 2010, ["user11", "user12", "user13"])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent_list.add_group("group2x", 2020, ["user21", "user22", "user23"])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik domains = LDAP
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik services = nss
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_auth_disable_tls_never_use_in_production = true
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_schema = rfc2307
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik id_provider = ldap
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik auth_provider = ldap
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik sudo_provider = ldap
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_uri = {ldap_conn.ds_inst.ldap_url}
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_search_base = {ldap_conn.ds_inst.base_dn}
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik domains = LDAP
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik services = nss
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ldap_auth_disable_tls_never_use_in_production = true
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ldap_schema = rfc2307
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik id_provider = ldap
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik auth_provider = ldap
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik sudo_provider = ldap
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ldap_uri = {ldap_conn.ds_inst.ldap_url}
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ldap_search_base = {ldap_conn.ds_inst.base_dn}
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik use_fully_qualified_names = true
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnikdef fqname_case_insensitive_rfc2307(request, ldap_conn):
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik domains = LDAP
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik services = nss
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_auth_disable_tls_never_use_in_production = true
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_schema = rfc2307
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik id_provider = ldap
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik auth_provider = ldap
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik sudo_provider = ldap
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_uri = {ldap_conn.ds_inst.ldap_url}
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ldap_search_base = {ldap_conn.ds_inst.base_dn}
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik use_fully_qualified_names = true
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik case_sensitive = false
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek domains = LDAP
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek services = nss
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek memcache_timeout = 0
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek ldap_auth_disable_tls_never_use_in_production = true
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek ldap_schema = rfc2307
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek id_provider = ldap
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek auth_provider = ldap
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek sudo_provider = ldap
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek ldap_uri = {ldap_conn.ds_inst.ldap_url}
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek ldap_search_base = {ldap_conn.ds_inst.base_dn}
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_getpwnam(ldap_conn, sanity_rfc2307):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user2', passwd='*', uid=1002, gid=2002,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user2', passwd='*', uid=1002, gid=2002,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user3', passwd='*', uid=1003, gid=2003,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user3', passwd='*', uid=1003, gid=2003,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user11', passwd='*', uid=1011, gid=2001,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user11', passwd='*', uid=1011, gid=2001,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user12', passwd='*', uid=1012, gid=2002,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user12', passwd='*', uid=1012, gid=2002,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user13', passwd='*', uid=1013, gid=2003,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user13', passwd='*', uid=1013, gid=2003,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user21', passwd='*', uid=1021, gid=2001,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user21', passwd='*', uid=1021, gid=2001,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user22', passwd='*', uid=1022, gid=2002,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user22', passwd='*', uid=1022, gid=2002,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user23', passwd='*', uid=1023, gid=2003,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(name='user23', passwd='*', uid=1023, gid=2003,
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_getpwnam_with_mc(ldap_conn, sanity_rfc2307):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_getgrnam_simple(ldap_conn, sanity_rfc2307):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_name("group2", dict(name="group2", gid=2002))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_gid(2002, dict(name="group2", gid=2002))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_name("group3", dict(name="group3", gid=2003))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_gid(2003, dict(name="group3", gid=2003))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_name("group0x", dict(name="group0x", gid=2000))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_gid(2000, dict(name="group0x", gid=2000))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_name("group1x", dict(name="group1x", gid=2010))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_gid(2010, dict(name="group1x", gid=2010))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_name("group2x", dict(name="group2x", gid=2020))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ent.assert_group_by_gid(2020, dict(name="group2x", gid=2020))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik test_getgrnam_simple(ldap_conn, sanity_rfc2307)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik test_getgrnam_simple(ldap_conn, sanity_rfc2307)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_getgrnam_membership(ldap_conn, sanity_rfc2307):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user1", "user11", "user21")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user1", "user11", "user21")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user2", "user12", "user22")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user2", "user12", "user22")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user3", "user13", "user23")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user3", "user13", "user23")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user1", "user2", "user3")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user1", "user2", "user3")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user11", "user12", "user13")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user11", "user12", "user13")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user21", "user22", "user23")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik dict(mem=ent.contains_only("user21", "user22", "user23")))
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_getgrnam_membership_with_mc(ldap_conn, sanity_rfc2307):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik test_getgrnam_membership(ldap_conn, sanity_rfc2307)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik test_getgrnam_membership(ldap_conn, sanity_rfc2307)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef assert_user_gids_equal(user, expected_gids):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik (res, errno, gids) = sssd_id.get_user_gids(user)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik "Could not find groups for user %s, %d" % (user, errno)
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert sorted(gids) == sorted(expected_gids), \
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik "result: %s\n expected %s" % (
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ", ".join(["%s" % s for s in sorted(gids)]),
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik ", ".join(["%s" % s for s in sorted(expected_gids)])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_initgroups(ldap_conn, sanity_rfc2307):
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user1', [2000, 2001])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user2', [2000, 2002])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user3', [2000, 2003])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user11', [2010, 2001])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user12', [2010, 2002])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user13', [2010, 2003])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user21', [2020, 2001])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user22', [2020, 2002])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnik assert_user_gids_equal('user23', [2020, 2003])
a2c10cf31d14bac598f5cd008973375c3f9575a6Lukas Slebodnikdef test_initgroups_with_mc(ldap_conn, sanity_rfc2307):
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnikdef test_initgroups_fqname_with_mc(ldap_conn, fqname_rfc2307):
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_user_gids_equal('user1@LDAP', [2000, 2001])
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_user_gids_equal('user1@LDAP', [2000, 2001])
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnikdef assert_initgroups_equal(user, primary_gid, expected_gids):
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik (res, errno, gids) = sssd_id.call_sssd_initgroups(user, primary_gid)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik "Could not find groups for user %s, %d" % (user, errno)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert sorted(gids) == sorted(expected_gids), \
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik "result: %s\n expected %s" % (
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ", ".join(["%s" % s for s in sorted(gids)]),
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik ", ".join(["%s" % s for s in sorted(expected_gids)])
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnikdef assert_stored_last_initgroups(user1_case1, user1_case2, user1_case_last,
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_initgroups_equal(user1_case1, primary_gid, expected_gids)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_initgroups_equal(user1_case2, primary_gid, expected_gids)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_initgroups_equal(user1_case_last, primary_gid, expected_gids)
137d5dd0dba48f647e5f8b3976ddb78d65dc77a5Lukas Slebodnik (res, errno, _) = sssd_id.call_sssd_initgroups(user, primary_gid)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert res == sssd_id.NssReturnCode.UNAVAIL, \
137d5dd0dba48f647e5f8b3976ddb78d65dc77a5Lukas Slebodnik "Initgroups for user shoudl fail user %s, %d, %d" % (user, res, errno)
137d5dd0dba48f647e5f8b3976ddb78d65dc77a5Lukas Slebodnik (res, errno, _) = sssd_id.call_sssd_initgroups(user, primary_gid)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert res == sssd_id.NssReturnCode.UNAVAIL, \
137d5dd0dba48f647e5f8b3976ddb78d65dc77a5Lukas Slebodnik "Initgroups for user shoudl fail user %s, %d, %d" % (user, res, errno)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik # Just last invocation of initgroups shoudl PASS
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik # Otherwise, we would not be able to invalidate it
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_initgroups_equal(user1_case_last, primary_gid, expected_gids)
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnikdef test_initgroups_case_insensitive_with_mc1(ldap_conn,
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_stored_last_initgroups(user1_case1, user1_case2, user1_case_last,
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnikdef test_initgroups_case_insensitive_with_mc2(ldap_conn,
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_stored_last_initgroups(user1_case1, user1_case2, user1_case_last,
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnikdef test_initgroups_case_insensitive_with_mc3(ldap_conn,
cb8c24707275c5bda7310d67e7f46c75d3ac36eaLukas Slebodnik assert_stored_last_initgroups(user1_case1, user1_case2, user1_case_last,
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(mem=ent.contains_only("user1", "user11", "user21")))
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(mem=ent.contains_only("user1", "user11", "user21")))
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # unrelated group to user1
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(mem=ent.contains_only("user2", "user12", "user22")))
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(mem=ent.contains_only("user2", "user12", "user22")))
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik assert_initgroups_equal("user1", 2001, [2000, 2001])
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnikdef test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307):
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # the sssd cache was empty and not all user's group were
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # resolved with getgr{nm,gid}. Therefore there is a change in
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # group membership => user groups should be invalidated
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik assert_initgroups_equal("user1", 2001, [2000, 2001])
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # unrelated group to user1 must be returned
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(mem=ent.contains_only("user2", "user12", "user22")))
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik dict(mem=ent.contains_only("user2", "user12", "user22")))
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik assert_initgroups_equal("user1", 2001, [2000, 2001])
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # user groups must be invalidated
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnikdef test_initgroups_without_change_in_membership(ldap_conn, sanity_rfc2307):
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # the sssd cache was empty and not all user's group were
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # resolved with getgr{nm,gid}. Therefore there is a change in
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # group membership => user groups should be invalidated
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # invalidate cache
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # all users and groups will be just refreshed from LDAP
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # but there will not be a change in group membership
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # user groups should not be invlaidated
c3baf4d7c0cbd139d96fd04f6b3c175d2f99de6cLukas Slebodnik # everything should be in memory cache
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik dict(mem=ent.contains_only("user1", "user11", "user21")))
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik dict(mem=ent.contains_only("user1", "user11", "user21")))
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik dict(mem=ent.contains_only("user1", "user2", "user3")))
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik dict(mem=ent.contains_only("user1", "user2", "user3")))
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert_initgroups_equal("user1", 2001, [2000, 2001])
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, err, _) = sssd_id.call_sssd_initgroups("user1", 2001)
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.UNAVAIL, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik "Initgroups should not find anything after invalidation of mc.\n" \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik subprocess.call(["sss_cache", "-u", "user1"])
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik subprocess.call(["sss_cache", "-u", "user1"])
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik subprocess.call(["sss_cache", "-g", "group1"])
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik subprocess.call(["sss_cache", "-g", "group1"])
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnikdef test_invalidate_everything_after_stop(ldap_conn, sanity_rfc2307):
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik # initialize cache with full ID
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik (res, errno, _) = sssd_id.get_user_groups("user1")
089db891b8a7a94b5666e8cffb1d7b359d6aeb6eLukas Slebodnik assert res == sssd_id.NssReturnCode.SUCCESS, \
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik return ''.join([random.choice(string.ascii_letters + string.digits)
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik self.seed = struct.unpack('i', fin.read(4))[0]
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik self.data_size = struct.unpack('i', fin.read(4))[0]
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik self.ft_size = struct.unpack('i', fin.read(4))[0]
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik hash_len = struct.unpack('i', fin.read(4))[0]
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik self.hash_size = hash_len / self.SIZEOF_UINT32_T
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik murmur_hash = pysss_murmur.murmurhash3(input_key, input_len, self.seed)
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnikdef test_colliding_hashes(ldap_conn, sanity_rfc2307):
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik Regression test for ticket:
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik # initialize data in memcache
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik mem_cache = MemoryCache(config.MCACHE_PATH + '/passwd')
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik colliding_hash = mem_cache.sss_nss_mc_hash(first_user)
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik # string for colliding hash need to be longer then data for user1
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik # stored in memory cache (almost equivalent to:
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik # `getent passwd user1 | wc -c` ==> 45
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik val = mem_cache.sss_nss_mc_hash(second_user)
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik # add new user to LDAP
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik ldap_conn.add_s(ent_list[0][0], ent_list[0][1])
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik dict(name=second_user, passwd='*', uid=5001, gid=5001,
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik # check that both users are stored in cache
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
6dc1de9781ab211a43d24cbaed7969d98abc1cc1Lukas Slebodnik dict(name=second_user, passwd='*', uid=5001, gid=5001,
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnikdef test_removed_mc(ldap_conn, sanity_rfc2307):
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik Regression test for ticket:
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik # remove cache without invalidation
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik # sssd is stopped; so the memory cache should not be used
b28f5fb097e06a97a45e0ae348e506d9d1432cc8Lukas Slebodnik # in long living clients (py.test in this case)
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židekdef test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307):
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek Test that the memory cache is not created at all with memcache_timeout=0
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek # No memory cache files must be created
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek assert len(os.listdir(config.MCACHE_PATH)) == 0
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek dict(name='user1', passwd='*', uid=1001, gid=2001,
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek dict(name='user1', passwd='*', uid=1001, gid=2001,
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek # sssd is stopped; so the memory cache should not be used
ffe29e570a9e885c2f0061c34bb6be2bbd6ab9e4Michal Židek # in long living clients (py.test in this case)