ldap_local_override_test.py revision 3569ade3eaf9bf13c522d228019da228de55398a
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson#
641f68d427629200c29aa62c95e18d46fce434abMark Andrews# integration test for sss_override tool
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews#
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence# Copyright (c) 2015 Red Hat, Inc.
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater# Author: Pavel Reichl <preichl@redhat.com>
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson#
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson# This is free software; you can redistribute it and/or modify it
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence# under the terms of the GNU General Public License as published by
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# the Free Software Foundation; version 2 only
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews#
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# This program is distributed in the hope that it will be useful, but
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# WITHOUT ANY WARRANTY; without even the implied warranty of
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# General Public License for more details.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews#
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson# You should have received a copy of the GNU General Public License
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson# along with this program. If not, see <http://www.gnu.org/licenses/>.
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater#
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austeinimport os
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austeinimport stat
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrenceimport ent
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonimport grp
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonimport pwd
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonimport config
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrenceimport signal
364a82f7c25b62967678027043425201a5e5171aBob Halleyimport subprocess
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonimport time
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonimport pytest
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonimport ds_openldap
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssonimport ldap_ent
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrenceimport sssd_id
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssonfrom util import unindent
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssontry:
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence from subprocess import check_output
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrenceexcept ImportError:
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence # In python 2.6 , the module subprocess does not have the function
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson # check_output. This is a falback implementation
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson def check_output(*popenargs, **kwargs):
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence if 'stdout' in kwargs:
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson raise ValueError('stdout argument not allowed, it will be '
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson 'overridden.')
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson process = subprocess.Popen(stdout=subprocess.PIPE, *popenargs,
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson **kwargs)
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson output, _ = process.communicate()
18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews retcode = process.poll()
18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews if retcode:
18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews cmd = kwargs.get("args")
18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews if cmd is None:
18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews cmd = popenargs[0]
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson raise subprocess.CalledProcessError(retcode, cmd, output=output)
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson return output
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson@pytest.fixture(scope="module")
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencedef ds_inst(request):
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence """LDAP server instance fixture"""
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence ds_inst = ds_openldap.DSOpenLDAP(
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence config.PREFIX, 10389, 'dc=example,dc=com',
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson "cn=admin", "Secret123")
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson try:
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson ds_inst.setup()
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson except:
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson ds_inst.teardown()
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson raise
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson request.addfinalizer(lambda: ds_inst.teardown())
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson return ds_inst
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson@pytest.fixture(scope="module")
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssondef ldap_conn(request, ds_inst):
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson """LDAP server connection fixture"""
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson ldap_conn = ds_inst.bind()
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson ldap_conn.ds_inst = ds_inst
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson request.addfinalizer(lambda: ldap_conn.unbind_s())
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson return ldap_conn
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssondef create_ldap_fixture(request, ldap_conn, ent_list):
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson """Add LDAP entries and add teardown for removing them"""
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson for entry in ent_list:
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson ldap_conn.add_s(entry[0], entry[1])
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson def teardown():
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson for entry in ent_list:
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson ldap_conn.delete_s(entry[0])
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson request.addfinalizer(teardown)
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssondef create_conf_fixture(request, contents):
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson """Generate sssd.conf and add teardown for removing it"""
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson conf = open(config.CONF_PATH, "w")
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson conf.write(contents)
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson conf.close()
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson request.addfinalizer(lambda: os.unlink(config.CONF_PATH))
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssondef stop_sssd():
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson pid_file = open(config.PIDFILE_PATH, "r")
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson pid = int(pid_file.read())
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson os.kill(pid, signal.SIGTERM)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence while True:
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson try:
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson os.kill(pid, signal.SIGCONT)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence except:
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson break
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence time.sleep(1)
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssondef start_sssd():
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson """Start sssd"""
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson if subprocess.call(["sssd", "-D", "-f"]) != 0:
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson raise Exception("sssd start failed")
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssondef restart_sssd():
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson stop_sssd()
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson start_sssd()
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssondef create_sssd_fixture(request):
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson """Start sssd and add teardown for stopping it and removing state"""
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson if subprocess.call(["sssd", "-D", "-f"]) != 0:
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson raise Exception("sssd start failed")
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson def teardown():
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson try:
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson stop_sssd()
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson except:
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson pass
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews for path in os.listdir(config.DB_PATH):
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews os.unlink(config.DB_PATH + "/" + path)
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews for path in os.listdir(config.MCACHE_PATH):
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews os.unlink(config.MCACHE_PATH + "/" + path)
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson request.addfinalizer(teardown)
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
8bb77cd31b7518fb5d2a6a9d75e16e4abd59df61Andreas GustafssonOVERRIDE_FILENAME = "export_file"
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
d8d0c5b1bc97ac0f07e35a31b58ced80ce613c55David Lawrence
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssondef prepare_sssd(request, ldap_conn, use_fully_qualified_names=False):
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson """Prepare SSSD with defaults"""
8bb77cd31b7518fb5d2a6a9d75e16e4abd59df61Andreas Gustafsson conf = unindent("""\
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson [sssd]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence domains = LDAP
ba7ea2326d98edb4296098749fc9cf44b5157643David Lawrence services = nss
ba7ea2326d98edb4296098749fc9cf44b5157643David Lawrence
8bb77cd31b7518fb5d2a6a9d75e16e4abd59df61Andreas Gustafsson [nss]
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson memcache_timeout = 1
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson [domain/LDAP]
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson ldap_auth_disable_tls_never_use_in_production = true
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson ldap_schema = rfc2307
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson id_provider = ldap
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson auth_provider = ldap
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson sudo_provider = ldap
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews ldap_uri = {ldap_conn.ds_inst.ldap_url}
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews ldap_search_base = {ldap_conn.ds_inst.base_dn}
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews use_fully_qualified_names = {use_fully_qualified_names}
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews """).format(**locals())
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews create_conf_fixture(request, conf)
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews create_sssd_fixture(request)
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews def teardown():
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews # remove user export file
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews try:
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews os.unlink(OVERRIDE_FILENAME)
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews except:
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews pass
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews request.addfinalizer(teardown)
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews#
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews# Common asserts for users
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews#
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrewsdef assert_user_default():
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews # Assert entries are not overriden
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson with pytest.raises(KeyError):
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews pwd.getpwnam('ov_user1')
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews with pytest.raises(KeyError):
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews pwd.getpwnam('ov_user1@LDAP')
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews with pytest.raises(KeyError):
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews pwd.getpwnam('ov_user2')
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson with pytest.raises(KeyError):
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson pwd.getpwnam('ov_user2@LDAP')
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington user1 = dict(name='user1', passwd='*', uid=10001, gid=20001,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson gecos='User Number 1',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson dir='/home/user1',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson shell='/bin/user1_shell')
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson user2 = dict(name='user2', passwd='*', uid=10002, gid=20001,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson gecos='User Number 2',
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington dir='/home/user2',
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington shell='/bin/user2_shell')
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington ent.assert_passwd_by_name('user1', user1)
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington ent.assert_passwd_by_name('user1@LDAP', user1)
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington ent.assert_passwd_by_name('user2', user2)
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington ent.assert_passwd_by_name('user2@LDAP', user2)
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellingtondef assert_user_overriden():
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson user1 = dict(name='ov_user1', passwd='*', uid=10010, gid=20010,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson gecos='Overriden User 1',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson dir='/home/ov/user1',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson shell='/bin/ov_user1_shell')
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson user2 = dict(name='ov_user2', passwd='*', uid=10020, gid=20020,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson gecos='Overriden User 2',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson dir='/home/ov/user2',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson shell='/bin/ov_user2_shell')
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent.assert_passwd_by_name('user1', user1)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent.assert_passwd_by_name('user1@LDAP', user1)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent.assert_passwd_by_name('ov_user1', user1)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent.assert_passwd_by_name('ov_user1@LDAP', user1)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent.assert_passwd_by_name('user2', user2)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent.assert_passwd_by_name('user2@LDAP', user2)
ba7ea2326d98edb4296098749fc9cf44b5157643David Lawrence ent.assert_passwd_by_name('ov_user2', user2)
ba7ea2326d98edb4296098749fc9cf44b5157643David Lawrence ent.assert_passwd_by_name('ov_user2@LDAP', user2)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson#
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson# Common fixtures for users
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson#
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson@pytest.fixture
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafssondef env_two_users_and_group(request, ldap_conn):
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson prepare_sssd(request, ldap_conn)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson # Add entries
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent_list.add_user("user1", 10001, 20001,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson gecos='User Number 1',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson loginShell='/bin/user1_shell',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson homeDirectory='/home/user1')
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent_list.add_user("user2", 10002, 20001,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson gecos='User Number 2',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson loginShell='/bin/user2_shell',
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson homeDirectory='/home/user2')
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ent_list.add_group("group", 2001,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ["user2", "user1"])
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson create_ldap_fixture(request, ldap_conn, ent_list)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson # Assert entries are not overriden
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson assert_user_default()
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson@pytest.fixture
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafssondef env_two_users_and_group_overriden(request, ldap_conn,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson env_two_users_and_group):
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson # Override
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson subprocess.check_call(["sss_override", "user-add", "user1",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-u", "10010",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-g", "20010",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-n", "ov_user1",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-c", "Overriden User 1",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-h", "/home/ov/user1",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-s", "/bin/ov_user1_shell"])
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson subprocess.check_call(["sss_override", "user-add", "user2@LDAP",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-u", "10020",
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson "-g", "20020",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-n", "ov_user2",
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence "-c", "Overriden User 2",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-h", "/home/ov/user2",
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson "-s", "/bin/ov_user2_shell"])
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson # Restart SSSD so the override might take effect
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson restart_sssd()
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence # Assert entries are overriden
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson assert_user_overriden()
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson#
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson# Simple user override
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson#
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson@pytest.fixture
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssondef env_simple_user_override(request, ldap_conn, env_two_users_and_group):
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson # Override
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson subprocess.check_call(["sss_override", "user-add", "user1",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-u", "10010",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-g", "20010",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-n", "ov_user1",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-c", "Overriden User 1",
ea419adc4eca4c3e44f2c282035b5dce6b795fe2Andreas Gustafsson "-h", "/home/ov/user1",
ea419adc4eca4c3e44f2c282035b5dce6b795fe2Andreas Gustafsson "-s", "/bin/ov_user1_shell"])
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson subprocess.check_call(["sss_override", "user-add", "user2@LDAP",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-u", "10020",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-g", "20020",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-n", "ov_user2",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-c", "Overriden User 2",
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence "-h", "/home/ov/user2",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-s", "/bin/ov_user2_shell"])
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson # Restart SSSD so the override might take effect
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson restart_sssd()
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssondef test_simple_user_override(ldap_conn, env_simple_user_override):
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson """Test entries are overriden"""
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson assert_user_overriden()
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson#
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson# Root user override
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson#
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson@pytest.fixture
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrewsdef env_root_user_override(request, ldap_conn, env_two_users_and_group):
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews
aa39170da817cae7b4c6c735cc832e05ec3d2351Mark Andrews # Assert entries are not overriden
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson ent.assert_passwd_by_name(
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson 'root',
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson dict(name='root', uid=0, gid=0))
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson ent.assert_passwd_by_uid(0, dict(name="root"))
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson # Override
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson subprocess.check_call(["sss_override", "user-add", "user1",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-u", "0",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-g", "0",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-n", "ov_user1",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-c", "Overriden User 1",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-h", "/home/ov/user1",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-s", "/bin/ov_user1_shell"])
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews subprocess.check_call(["sss_override", "user-add", "user2",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-u", "10020",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-g", "20020",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-n", "root",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-c", "Overriden User 2",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-h", "/home/ov/user2",
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson "-s", "/bin/ov_user2_shell"])
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson # Restart SSSD so the override might take effect
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson restart_sssd()
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson
6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssondef test_root_user_override(ldap_conn, env_root_user_override):
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson """Test entries are not overriden to root"""
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews # Override does not have to happen completly, trying to set uid or gid
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson # to 0 is simply ignored.
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson ent.assert_passwd_by_name(
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson 'ov_user1',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson dict(name='ov_user1', passwd='*', uid=10001, gid=20001,
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson gecos='Overriden User 1',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson dir='/home/ov/user1',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson shell='/bin/ov_user1_shell'))
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson # We can create override with name root. This test is just for tracking
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson # that this particular behavior won't change.
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson ent.assert_passwd_by_name(
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson 'user2',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson dict(name='root', passwd='*', uid=10020, gid=20020,
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson gecos='Overriden User 2',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson dir='/home/ov/user2',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson shell='/bin/ov_user2_shell'))
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson ent.assert_passwd_by_uid(0, dict(name="root"))
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson#
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson# Override replaces previous override
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson#
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson@pytest.fixture
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafssondef env_replace_user_override(request, ldap_conn):
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson prepare_sssd(request, ldap_conn)
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson # Add entries
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson ent_list.add_user("user1", 10001, 20001,
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson gecos='User Number 1',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson loginShell='/bin/user1_shell',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson homeDirectory='/home/user1')
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson create_ldap_fixture(request, ldap_conn, ent_list)
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson # Assert entries are not overriden
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson ent.assert_passwd_by_name(
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson 'user1',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson dict(name='user1', passwd='*', uid=10001, gid=20001,
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson gecos='User Number 1',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson dir='/home/user1',
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson shell='/bin/user1_shell'))
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson # Override
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson subprocess.check_call(["sss_override", "user-add", "user1",
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson "-u", "10010",
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson "-g", "20010",
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson "-n", "ov_user1",
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson "-c", "Overriden User 1",
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson "-h", "/home/ov/user1",
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson "-s", "/bin/ov_user1_shell"])
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson # Restart SSSD so the override might take effect
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence restart_sssd()
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson # Assert entries are overriden
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson ent.assert_passwd_by_name(
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson 'user1',
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson dict(name='ov_user1', passwd='*', uid=10010, gid=20010,
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson gecos='Overriden User 1',
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson dir='/home/ov/user1',
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson shell='/bin/ov_user1_shell'))
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington # Override of override
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson subprocess.check_call(["sss_override", "user-add", "user1",
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson "-u", "10100",
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson "-g", "20100",
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson "-n", "ov2_user1",
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson "-c", "Overriden2 User 1",
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson "-h", "/home/ov2/user1",
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson "-s", "/bin/ov2_user1_shell"])
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence # Restart SSSD so the override might take effect
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence restart_sssd()
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssondef test_replace_user_override(ldap_conn, env_replace_user_override):
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington user = dict(name='ov2_user1', passwd='*', uid=10100, gid=20100,
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson gecos='Overriden2 User 1',
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson dir='/home/ov2/user1',
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence shell='/bin/ov2_user1_shell')
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson ent.assert_passwd_by_name('ov2_user1', user)
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson ent.assert_passwd_by_name('ov2_user1@LDAP', user)
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1@LDAP')
#
# Override removal
#
@pytest.fixture
def env_remove_user_override(request, ldap_conn,
env_two_users_and_group_overriden):
# Drop all overrides
subprocess.check_call(["sss_override", "user-del", "user1"])
subprocess.check_call(["sss_override", "user-del", "user2@LDAP"])
# Avoid hitting memory cache
time.sleep(2)
def test_remove_user_override(ldap_conn, env_remove_user_override):
# Test entries are not overriden
assert_user_default()
#
# Override import/export
#
@pytest.fixture
def env_imp_exp_user_override(request, ldap_conn,
env_two_users_and_group_overriden):
# Export overrides
subprocess.check_call(["sss_override", "user-export", OVERRIDE_FILENAME])
# Drop all overrides
subprocess.check_call(["sss_override", "user-del", "user1"])
subprocess.check_call(["sss_override", "user-del", "user2@LDAP"])
# Avoid hitting memory cache
time.sleep(2)
# Assert entries are not overridden
assert_user_default()
# Import overrides
subprocess.check_call(["sss_override", "user-import",
OVERRIDE_FILENAME])
restart_sssd()
def test_imp_exp_user_override(ldap_conn, env_imp_exp_user_override):
assert_user_overriden()
#
# Override user-show
#
@pytest.fixture
def env_show_user_override(request, ldap_conn,
env_two_users_and_group_overriden):
pass
def test_show_user_override(ldap_conn, env_show_user_override):
out = check_output(['sss_override', 'user-show', 'user1'])
assert out == "user1@LDAP:ov_user1:10010:20010:Overriden User 1:"\
"/home/ov/user1:/bin/ov_user1_shell\n"
out = check_output(['sss_override', 'user-show', 'user2@LDAP'])
assert out == "user2@LDAP:ov_user2:10020:20020:Overriden User 2:"\
"/home/ov/user2:/bin/ov_user2_shell\n"
# Return error on non-existing user
ret = subprocess.call(['sss_override', 'user-show', 'nonexisting_user'])
assert ret == 1
#
# Override user-find
#
@pytest.fixture
def env_find_user_override(request, ldap_conn,
env_two_users_and_group_overriden):
pass
def test_find_user_override(ldap_conn, env_find_user_override):
out = check_output(['sss_override', 'user-find'])
# Expected override of users
exp_usr_ovrd = ['user1@LDAP:ov_user1:10010:20010:Overriden User 1:'
'/home/ov/user1:/bin/ov_user1_shell',
'user2@LDAP:ov_user2:10020:20020:Overriden User 2:'
'/home/ov/user2:/bin/ov_user2_shell']
assert set(out.splitlines()) == set(exp_usr_ovrd)
out = check_output(['sss_override', 'user-find', '--domain=LDAP'])
assert set(out.splitlines()) == set(exp_usr_ovrd)
# Unexpected parameter is reported
ret = subprocess.call(['sss_override', 'user-find', 'PARAM'])
assert ret == 1
#
# Group tests
#
#
# Common group asserts
#
def assert_group_overriden():
# Assert entries are overridden
empty_group = dict(gid=3002, mem=ent.contains_only())
group = dict(gid=3001, mem=ent.contains_only("user1", "user2"))
ent.assert_group_by_name("group", group)
ent.assert_group_by_name("group@LDAP", group)
ent.assert_group_by_name("ov_group", group)
ent.assert_group_by_name("ov_group@LDAP", group)
ent.assert_group_by_name("empty_group", empty_group)
ent.assert_group_by_name("empty_group@LDAP", empty_group)
ent.assert_group_by_name("ov_empty_group", empty_group)
ent.assert_group_by_name("ov_empty_group@LDAP", empty_group)
def assert_group_default():
# Assert entries are not overridden
with pytest.raises(KeyError):
pwd.getpwnam('ov_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_group@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group@LDAP')
empty_group = dict(gid=2002, mem=ent.contains_only())
group = dict(gid=2001, mem=ent.contains_only("user1", "user2"))
ent.assert_group_by_name("group", group)
ent.assert_group_by_name("group@LDAP", group)
ent.assert_group_by_name("empty_group", empty_group)
ent.assert_group_by_name("empty_group@LDAP", empty_group)
#
# Common fixtures for groups
#
@pytest.fixture
def env_group_basic(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001,
gecos='User Number 1',
loginShell='/bin/user1_shell',
homeDirectory='/home/user1')
ent_list.add_user("user2", 10002, 20001,
gecos='User Number 2',
loginShell='/bin/user2_shell',
homeDirectory='/home/user2')
ent_list.add_group("group", 2001,
["user2", "user1"])
ent_list.add_group("empty_group", 2002, [])
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overriden
with pytest.raises(KeyError):
pwd.getpwnam('ov_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_group@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group@LDAP')
@pytest.fixture
def env_group_override(request, ldap_conn, env_group_basic):
# Override
subprocess.check_call(["sss_override", "group-add", "group",
"-n", "ov_group",
"-g", "3001"])
subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
"--name", "ov_empty_group",
"--gid", "3002"])
# Restart SSSD so the override might take effect
restart_sssd()
# Assert entries are overridden
assert_group_overriden()
#
# Simple group override
#
@pytest.fixture
def env_simple_group_override(request, ldap_conn, env_group_basic):
# Override
subprocess.check_call(["sss_override", "group-add", "group",
"-n", "ov_group",
"-g", "3001"])
subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
"--name", "ov_empty_group",
"--gid", "3002"])
# Restart SSSD so the override might take effect
restart_sssd()
def test_simple_group_override(ldap_conn, env_simple_group_override):
"""Test entries are overriden"""
assert_group_overriden()
#
# Root group override
#
@pytest.fixture
def env_root_group_override(request, ldap_conn, env_group_basic):
# Override
subprocess.check_call(["sss_override", "group-add", "group",
"-n", "ov_group",
"-g", "0"])
subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
"--name", "ov_empty_group",
"--gid", "0"])
# Restart SSSD so the override might take effect
restart_sssd()
def test_root_group_override(ldap_conn, env_root_group_override):
"""Test entries are overriden"""
group = dict(gid=2001, mem=ent.contains_only("user1", "user2"))
empty_group = dict(gid=2002, mem=ent.contains_only())
ent.assert_group_by_name("group", group)
ent.assert_group_by_name("ov_group", group)
ent.assert_group_by_name("group@LDAP", group)
ent.assert_group_by_name("ov_group@LDAP", group)
ent.assert_group_by_name("empty_group", empty_group)
ent.assert_group_by_name("ov_empty_group", empty_group)
ent.assert_group_by_name("empty_group@LDAP", empty_group)
ent.assert_group_by_name("ov_empty_group@LDAP", empty_group)
#
# Replace group override
#
@pytest.fixture
def env_replace_group_override(request, ldap_conn, env_group_override):
# Override of override
subprocess.check_call(["sss_override", "group-add", "group",
"-n", "ov2_group",
"-g", "4001"])
subprocess.check_call(["sss_override", "group-add", "empty_group@LDAP",
"--name", "ov2_empty_group",
"--gid", "4002"])
# Restart SSSD so the override might take effect
restart_sssd()
def test_replace_group_override(ldap_conn, env_replace_group_override):
# Test overrides are overridden
with pytest.raises(KeyError):
pwd.getpwnam('ov_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_group@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group@LDAP')
group = dict(gid=4001, mem=ent.contains_only("user1", "user2"))
empty_group = dict(gid=4002, mem=ent.contains_only())
ent.assert_group_by_name("group", group)
ent.assert_group_by_name("ov2_group", group)
ent.assert_group_by_name("group@LDAP", group)
ent.assert_group_by_name("ov2_group@LDAP", group)
ent.assert_group_by_name("empty_group", empty_group)
ent.assert_group_by_name("empty_group@LDAP", empty_group)
ent.assert_group_by_name("ov2_empty_group", empty_group)
ent.assert_group_by_name("ov2_empty_group@LDAP", empty_group)
#
# Remove group override
#
@pytest.fixture
def env_remove_group_override(request, ldap_conn, env_group_override):
# Drop all overrides
subprocess.check_call(["sss_override", "group-del", "group"])
subprocess.check_call(["sss_override", "group-del", "empty_group@LDAP"])
# Avoid hitting memory cache
time.sleep(2)
def test_remove_group_override(ldap_conn, env_remove_group_override):
# Test overrides were dropped
assert_group_default()
#
# Overridde group import/export
#
@pytest.fixture
def env_imp_exp_group_override(request, ldap_conn, env_group_override):
# Export overrides
subprocess.check_call(["sss_override", "group-export",
OVERRIDE_FILENAME])
# Drop all overrides
subprocess.check_call(["sss_override", "group-del", "group"])
subprocess.check_call(["sss_override", "group-del", "empty_group@LDAP"])
# Avoid hitting memory cache
time.sleep(2)
assert_group_default()
# Import overrides
subprocess.check_call(["sss_override", "group-import",
OVERRIDE_FILENAME])
restart_sssd()
def test_imp_exp_group_override(ldap_conn, env_imp_exp_group_override):
assert_group_overriden()
# Regression test for bug #2802
# sss_override segfaults when accidentally adding --help flag to some commands
@pytest.fixture
def env_regr_2802_override(request, ldap_conn):
prepare_sssd(request, ldap_conn)
def test_regr_2802_override(ldap_conn, env_regr_2802_override):
subprocess.check_call(["sss_override", "user-del", "--help"])
# Regression test for bug #2757
# sss_override does not work correctly when 'use_fully_qualified_names = True'
@pytest.fixture
def env_regr_2757_override(request, ldap_conn):
prepare_sssd(request, ldap_conn, use_fully_qualified_names=True)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001)
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overridden
ent.assert_passwd_by_name(
'user1@LDAP',
dict(name='user1@LDAP', passwd='*', uid=10001, gid=20001))
with pytest.raises(KeyError):
pwd.getpwnam('alias1')
with pytest.raises(KeyError):
pwd.getpwnam('alias1@LDAP')
# Override
subprocess.check_call(["sss_override", "user-add", "user1@LDAP",
"-n", "alias1"])
restart_sssd()
def test_regr_2757_override(ldap_conn, env_regr_2757_override):
# Assert entries are overridden
ent.assert_passwd_by_name(
'user1@LDAP',
dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
ent.assert_passwd_by_name(
'alias1@LDAP',
dict(name='alias1@LDAP', passwd='*', uid=10001, gid=20001))
with pytest.raises(KeyError):
pwd.getpwnam('user1')
with pytest.raises(KeyError):
pwd.getpwnam('alias1')
# Regression test for bug #2790
# sss_override --name doesn't work with RFC2307 and ghost users
@pytest.fixture
def env_regr_2790_override(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001)
ent_list.add_user("user2", 10002, 20002)
ent_list.add_group("group1", 2001,
["user1", "user2"])
ent_list.add_group("group2", 2002,
["user2"])
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overridden
with pytest.raises(KeyError):
pwd.getpwnam('alias1')
with pytest.raises(KeyError):
pwd.getpwnam('alias1@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('alias2')
with pytest.raises(KeyError):
pwd.getpwnam('alias2@LDAP')
# Override
subprocess.check_call(["sss_override", "user-add", "user1",
"-n", "alias1"])
subprocess.check_call(["sss_override", "user-add", "user2",
"-n", "alias2"])
restart_sssd()
def test_regr_2790_override(ldap_conn, env_regr_2790_override):
# Assert entries are overridden
(res, errno, grp_list) = sssd_id.get_user_groups("alias1")
assert res == sssd_id.NssReturnCode.SUCCESS, \
"Could not find groups for user1 %d" % errno
assert grp_list == ["group1"]
(res, errno, grp_list) = sssd_id.get_user_groups("alias2")
assert res == sssd_id.NssReturnCode.SUCCESS, \
"Could not find groups for user2 %d" % errno
assert sorted(grp_list) == sorted(["group1", "group2"])