|
 |
841ac7 |
From b08906169216fdec43008c38891145386017d12f Mon Sep 17 00:00:00 2001
|
|
|
841ac7 |
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
841ac7 |
Date: Fri, 22 Mar 2019 16:06:49 +0100
|
|
|
841ac7 |
Subject: [PATCH 12/15] responder/negcache: avoid calling nsswitch NSS API
|
|
|
841ac7 |
|
|
|
841ac7 |
Changed "negcache_files.c::is_*_local_by_*()" to use functions from
|
|
|
841ac7 |
"libnss_files" directly to check users (instead of calling glibc
|
|
|
841ac7 |
NSS API).
|
|
|
841ac7 |
Changed affected tests to avoid using NSS-wrapper and to use real
|
|
|
841ac7 |
local user&group (otherwise tests were broken).
|
|
|
841ac7 |
|
|
|
841ac7 |
Resolves: https://pagure.io/SSSD/sssd/issue/3964
|
|
|
841ac7 |
|
|
|
841ac7 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
841ac7 |
(cherry picked from commit 2b564f849a20289a857cf19bbfaa5c6eb8670bad)
|
|
|
841ac7 |
|
|
|
841ac7 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
841ac7 |
---
|
|
|
841ac7 |
Makefile.am | 20 +++
|
|
|
841ac7 |
src/responder/common/negcache.c | 52 +++++-
|
|
|
841ac7 |
src/responder/common/negcache_files.c | 74 ++++-----
|
|
|
841ac7 |
src/responder/common/negcache_files.h | 12 +-
|
|
|
841ac7 |
src/tests/cwrap/Makefile.am | 4 +
|
|
|
841ac7 |
src/tests/cwrap/test_negcache.c | 227 +++++++++++++++++++-------
|
|
|
841ac7 |
src/tests/intg/test_ldap.py | 114 ++++++-------
|
|
|
841ac7 |
7 files changed, 333 insertions(+), 170 deletions(-)
|
|
|
841ac7 |
|
|
|
841ac7 |
diff --git a/Makefile.am b/Makefile.am
|
|
|
841ac7 |
index 05f5f4e26..6a67dc7b1 100644
|
|
|
841ac7 |
--- a/Makefile.am
|
|
|
841ac7 |
+++ b/Makefile.am
|
|
|
841ac7 |
@@ -569,6 +569,7 @@ SSSD_RESPONDER_IFACE_OBJ = \
|
|
|
841ac7 |
SSSD_RESPONDER_OBJ = \
|
|
|
841ac7 |
src/responder/common/negcache_files.c \
|
|
|
841ac7 |
src/responder/common/negcache.c \
|
|
|
841ac7 |
+ src/util/nss_dl_load.c \
|
|
|
841ac7 |
src/responder/common/responder_cmd.c \
|
|
|
841ac7 |
src/responder/common/responder_common.c \
|
|
|
841ac7 |
src/responder/common/responder_dp.c \
|
|
|
841ac7 |
@@ -1380,6 +1381,7 @@ sssd_nss_SOURCES = \
|
|
|
841ac7 |
src/responder/nss/nsssrv_mmap_cache.c \
|
|
|
841ac7 |
$(SSSD_RESPONDER_OBJ)
|
|
|
841ac7 |
sssd_nss_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(TDB_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
libsss_idmap.la \
|
|
|
841ac7 |
@@ -1396,6 +1398,7 @@ sssd_pam_SOURCES = \
|
|
|
841ac7 |
src/responder/pam/pam_helpers.c \
|
|
|
841ac7 |
$(SSSD_RESPONDER_OBJ)
|
|
|
841ac7 |
sssd_pam_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(TDB_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SELINUX_LIBS) \
|
|
|
841ac7 |
@@ -1414,6 +1417,7 @@ sssd_sudo_SOURCES = \
|
|
|
841ac7 |
src/responder/sudo/sudosrv_dp.c \
|
|
|
841ac7 |
$(SSSD_RESPONDER_OBJ)
|
|
|
841ac7 |
sssd_sudo_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SYSTEMD_DAEMON_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS)
|
|
|
841ac7 |
@@ -1426,6 +1430,7 @@ sssd_autofs_SOURCES = \
|
|
|
841ac7 |
src/responder/autofs/autofssrv_dp.c \
|
|
|
841ac7 |
$(SSSD_RESPONDER_OBJ)
|
|
|
841ac7 |
sssd_autofs_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SYSTEMD_DAEMON_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS)
|
|
|
841ac7 |
@@ -1441,6 +1446,7 @@ sssd_ssh_SOURCES = \
|
|
|
841ac7 |
$(SSSD_RESPONDER_OBJ) \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
sssd_ssh_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
$(SYSTEMD_DAEMON_LIBS) \
|
|
|
841ac7 |
@@ -1457,6 +1463,7 @@ sssd_pac_CFLAGS = \
|
|
|
841ac7 |
$(AM_CFLAGS) \
|
|
|
841ac7 |
$(NDR_KRB5PAC_CFLAGS)
|
|
|
841ac7 |
sssd_pac_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(NDR_KRB5PAC_LIBS) \
|
|
|
841ac7 |
$(TDB_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
@@ -1481,6 +1488,7 @@ sssd_ifp_SOURCES = \
|
|
|
841ac7 |
sssd_ifp_CFLAGS = \
|
|
|
841ac7 |
$(AM_CFLAGS)
|
|
|
841ac7 |
sssd_ifp_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SYSTEMD_DAEMON_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
@@ -1525,6 +1533,7 @@ sssd_secrets_SOURCES = \
|
|
|
841ac7 |
$(SSSD_RESPONDER_OBJ) \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
sssd_secrets_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(HTTP_PARSER_LIBS) \
|
|
|
841ac7 |
$(JANSSON_LIBS) \
|
|
|
841ac7 |
$(TDB_LIBS) \
|
|
|
841ac7 |
@@ -1559,6 +1568,7 @@ sssd_kcm_CFLAGS = \
|
|
|
841ac7 |
$(JANSSON_CFLAGS) \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
sssd_kcm_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(KRB5_LIBS) \
|
|
|
841ac7 |
$(CURL_LIBS) \
|
|
|
841ac7 |
$(JANSSON_LIBS) \
|
|
|
841ac7 |
@@ -2254,6 +2264,7 @@ responder_socket_access_tests_SOURCES = \
|
|
|
841ac7 |
src/tests/responder_socket_access-tests.c \
|
|
|
841ac7 |
src/responder/common/negcache_files.c \
|
|
|
841ac7 |
src/responder/common/negcache.c \
|
|
|
841ac7 |
+ src/util/nss_dl_load.c \
|
|
|
841ac7 |
src/responder/common/responder_common.c \
|
|
|
841ac7 |
src/responder/common/responder_packet.c \
|
|
|
841ac7 |
src/responder/common/responder_cmd.c \
|
|
|
841ac7 |
@@ -2267,6 +2278,7 @@ responder_socket_access_tests_CFLAGS = \
|
|
|
841ac7 |
$(AM_CFLAGS) \
|
|
|
841ac7 |
$(CHECK_CFLAGS)
|
|
|
841ac7 |
responder_socket_access_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CHECK_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
@@ -2358,6 +2370,7 @@ TEST_MOCK_RESP_OBJ = \
|
|
|
841ac7 |
src/responder/common/responder_cmd.c \
|
|
|
841ac7 |
src/responder/common/negcache_files.c \
|
|
|
841ac7 |
src/responder/common/negcache.c \
|
|
|
841ac7 |
+ src/util/nss_dl_load.c \
|
|
|
841ac7 |
src/responder/common/responder_common.c \
|
|
|
841ac7 |
src/responder/common/data_provider/rdp_message.c \
|
|
|
841ac7 |
src/responder/common/data_provider/rdp_client.c \
|
|
|
841ac7 |
@@ -2409,6 +2422,7 @@ nss_srv_tests_LDFLAGS = \
|
|
|
841ac7 |
-Wl,-wrap,sss_cmd_send_empty \
|
|
|
841ac7 |
-Wl,-wrap,sss_cmd_done
|
|
|
841ac7 |
nss_srv_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
@@ -2444,6 +2458,7 @@ pam_srv_tests_LDFLAGS = \
|
|
|
841ac7 |
-Wl,-wrap,pam_dp_send_req \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
pam_srv_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(PAM_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
@@ -2480,6 +2495,7 @@ ssh_srv_tests_LDFLAGS = \
|
|
|
841ac7 |
-Wl,-wrap,ssh_dp_send_req \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
ssh_srv_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
@@ -2499,6 +2515,7 @@ responder_get_domains_tests_LDFLAGS = \
|
|
|
841ac7 |
-Wl,-wrap,sss_parse_name_for_domains \
|
|
|
841ac7 |
-Wl,-wrap,sss_ncache_reset_repopulate_permanent
|
|
|
841ac7 |
responder_get_domains_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
@@ -2578,6 +2595,7 @@ test_negcache_CFLAGS = \
|
|
|
841ac7 |
$(TALLOC_CFLAGS) \
|
|
|
841ac7 |
$(DHASH_CFLAGS)
|
|
|
841ac7 |
test_negcache_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SYSTEMD_DAEMON_LIBS) \
|
|
|
841ac7 |
@@ -2922,6 +2940,7 @@ ifp_tests_SOURCES = \
|
|
|
841ac7 |
ifp_tests_CFLAGS = \
|
|
|
841ac7 |
$(AM_CFLAGS)
|
|
|
841ac7 |
ifp_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
@@ -3178,6 +3197,7 @@ responder_cache_req_tests_LDFLAGS = \
|
|
|
841ac7 |
-Wl,-wrap,sss_dp_get_account_send \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
responder_cache_req_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
841ac7 |
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
|
|
|
841ac7 |
index f9034d164..d6f72d816 100644
|
|
|
841ac7 |
--- a/src/responder/common/negcache.c
|
|
|
841ac7 |
+++ b/src/responder/common/negcache.c
|
|
|
841ac7 |
@@ -19,14 +19,16 @@
|
|
|
841ac7 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
841ac7 |
*/
|
|
|
841ac7 |
|
|
|
841ac7 |
+#include <fcntl.h>
|
|
|
841ac7 |
+#include <time.h>
|
|
|
841ac7 |
+#include "tdb.h"
|
|
|
841ac7 |
#include "util/util.h"
|
|
|
841ac7 |
+#include "util/nss_dl_load.h"
|
|
|
841ac7 |
#include "confdb/confdb.h"
|
|
|
841ac7 |
#include "responder/common/negcache_files.h"
|
|
|
841ac7 |
#include "responder/common/responder.h"
|
|
|
841ac7 |
#include "responder/common/negcache.h"
|
|
|
841ac7 |
-#include <fcntl.h>
|
|
|
841ac7 |
-#include <time.h>
|
|
|
841ac7 |
-#include "tdb.h"
|
|
|
841ac7 |
+
|
|
|
841ac7 |
|
|
|
841ac7 |
#define NC_ENTRY_PREFIX "NCE/"
|
|
|
841ac7 |
#define NC_USER_PREFIX NC_ENTRY_PREFIX"USER"
|
|
|
841ac7 |
@@ -44,6 +46,7 @@ struct sss_nc_ctx {
|
|
|
841ac7 |
struct tdb_context *tdb;
|
|
|
841ac7 |
uint32_t timeout;
|
|
|
841ac7 |
uint32_t local_timeout;
|
|
|
841ac7 |
+ struct sss_nss_ops ops;
|
|
|
841ac7 |
};
|
|
|
841ac7 |
|
|
|
841ac7 |
typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool,
|
|
|
841ac7 |
@@ -63,14 +66,49 @@ static int string_to_tdb_data(char *str, TDB_DATA *ret)
|
|
|
841ac7 |
return EOK;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
+static errno_t ncache_load_nss_symbols(struct sss_nss_ops *ops)
|
|
|
841ac7 |
+{
|
|
|
841ac7 |
+ errno_t ret;
|
|
|
841ac7 |
+ size_t i;
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ ret = sss_load_nss_symbols(ops, "files");
|
|
|
841ac7 |
+ if (ret != EOK) {
|
|
|
841ac7 |
+ return ret;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ void *mandatory_syms[] = {
|
|
|
841ac7 |
+ (void*)ops->getpwnam_r,
|
|
|
841ac7 |
+ (void*)ops->getpwuid_r,
|
|
|
841ac7 |
+ (void*)ops->getgrnam_r,
|
|
|
841ac7 |
+ (void*)ops->getgrgid_r
|
|
|
841ac7 |
+ };
|
|
|
841ac7 |
+ for (i = 0; i < sizeof(mandatory_syms)/sizeof(mandatory_syms[0]); ++i) {
|
|
|
841ac7 |
+ if (!mandatory_syms[i]) {
|
|
|
841ac7 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "The 'files' library does not provide mandatory function");
|
|
|
841ac7 |
+ return ELIBBAD;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ return EOK;
|
|
|
841ac7 |
+}
|
|
|
841ac7 |
+
|
|
|
841ac7 |
int sss_ncache_init(TALLOC_CTX *memctx, uint32_t timeout,
|
|
|
841ac7 |
uint32_t local_timeout, struct sss_nc_ctx **_ctx)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
+ errno_t ret;
|
|
|
841ac7 |
struct sss_nc_ctx *ctx;
|
|
|
841ac7 |
|
|
|
841ac7 |
ctx = talloc_zero(memctx, struct sss_nc_ctx);
|
|
|
841ac7 |
if (!ctx) return ENOMEM;
|
|
|
841ac7 |
|
|
|
841ac7 |
+ ret = ncache_load_nss_symbols(&ctx->ops);
|
|
|
841ac7 |
+ if (ret != EOK) {
|
|
|
841ac7 |
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to load NSS symbols [%d]: %s\n",
|
|
|
841ac7 |
+ ret, sss_strerror(ret));
|
|
|
841ac7 |
+ talloc_free(ctx);
|
|
|
841ac7 |
+ return ret;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+
|
|
|
841ac7 |
errno = 0;
|
|
|
841ac7 |
/* open a memory only tdb with default hash size */
|
|
|
841ac7 |
ctx->tdb = tdb_open("memcache", 0, TDB_INTERNAL, O_RDWR|O_CREAT, 0);
|
|
|
841ac7 |
@@ -488,7 +526,7 @@ static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
841ac7 |
if (!str) return ENOMEM;
|
|
|
841ac7 |
|
|
|
841ac7 |
if ((!permanent) && (ctx->local_timeout > 0)) {
|
|
|
841ac7 |
- use_local_negative = is_user_local_by_name(name);
|
|
|
841ac7 |
+ use_local_negative = is_user_local_by_name(&ctx->ops, name);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -509,7 +547,7 @@ static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
841ac7 |
if (!str) return ENOMEM;
|
|
|
841ac7 |
|
|
|
841ac7 |
if ((!permanent) && (ctx->local_timeout > 0)) {
|
|
|
841ac7 |
- use_local_negative = is_group_local_by_name(name);
|
|
|
841ac7 |
+ use_local_negative = is_group_local_by_name(&ctx->ops, name);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -606,7 +644,7 @@ int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
841ac7 |
if (!str) return ENOMEM;
|
|
|
841ac7 |
|
|
|
841ac7 |
if ((!permanent) && (ctx->local_timeout > 0)) {
|
|
|
841ac7 |
- use_local_negative = is_user_local_by_uid(uid);
|
|
|
841ac7 |
+ use_local_negative = is_user_local_by_uid(&ctx->ops, uid);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -630,7 +668,7 @@ int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent,
|
|
|
841ac7 |
if (!str) return ENOMEM;
|
|
|
841ac7 |
|
|
|
841ac7 |
if ((!permanent) && (ctx->local_timeout > 0)) {
|
|
|
841ac7 |
- use_local_negative = is_group_local_by_gid(gid);
|
|
|
841ac7 |
+ use_local_negative = is_group_local_by_gid(&ctx->ops, gid);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
ret = sss_ncache_set_str(ctx, str, permanent, use_local_negative);
|
|
|
841ac7 |
|
|
|
841ac7 |
diff --git a/src/responder/common/negcache_files.c b/src/responder/common/negcache_files.c
|
|
|
841ac7 |
index 4256186d9..85a7065a4 100644
|
|
|
841ac7 |
--- a/src/responder/common/negcache_files.c
|
|
|
841ac7 |
+++ b/src/responder/common/negcache_files.c
|
|
|
841ac7 |
@@ -19,94 +19,90 @@
|
|
|
841ac7 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
841ac7 |
*/
|
|
|
841ac7 |
|
|
|
841ac7 |
-#include <sys/types.h>
|
|
|
841ac7 |
-#include <pwd.h>
|
|
|
841ac7 |
-#include <grp.h>
|
|
|
841ac7 |
#include "util/util.h"
|
|
|
841ac7 |
+#include "util/nss_dl_load.h"
|
|
|
841ac7 |
#include "responder/common/negcache_files.h"
|
|
|
841ac7 |
|
|
|
841ac7 |
#define BUFFER_SIZE 16384
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool is_user_local_by_name(const char *name)
|
|
|
841ac7 |
+bool is_user_local_by_name(const struct sss_nss_ops *ops, const char *name)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
struct passwd pwd = { 0 };
|
|
|
841ac7 |
- struct passwd *pwd_result;
|
|
|
841ac7 |
+ int errnop;
|
|
|
841ac7 |
char buffer[BUFFER_SIZE];
|
|
|
841ac7 |
- bool is_local = false;
|
|
|
841ac7 |
- int ret;
|
|
|
841ac7 |
+ enum nss_status ret;
|
|
|
841ac7 |
char *shortname = NULL;
|
|
|
841ac7 |
+ int parse_ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
- ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL);
|
|
|
841ac7 |
- if (ret != EOK) {
|
|
|
841ac7 |
+ parse_ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL);
|
|
|
841ac7 |
+ if (parse_ret != EOK) {
|
|
|
841ac7 |
return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
- ret = getpwnam_r(shortname, &pwd, buffer, BUFFER_SIZE, &pwd_result);
|
|
|
841ac7 |
+ ret = ops->getpwnam_r(shortname, &pwd, buffer, BUFFER_SIZE, &errnop);
|
|
|
841ac7 |
talloc_free(shortname);
|
|
|
841ac7 |
- if (ret == EOK && pwd_result != NULL) {
|
|
|
841ac7 |
+ if (ret == NSS_STATUS_SUCCESS) {
|
|
|
841ac7 |
DEBUG(SSSDBG_TRACE_FUNC, "User %s is a local user\n", name);
|
|
|
841ac7 |
- is_local = true;
|
|
|
841ac7 |
+ return true;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
- return is_local;
|
|
|
841ac7 |
+ return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool is_user_local_by_uid(uid_t uid)
|
|
|
841ac7 |
+bool is_user_local_by_uid(const struct sss_nss_ops *ops, uid_t uid)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
struct passwd pwd = { 0 };
|
|
|
841ac7 |
- struct passwd *pwd_result;
|
|
|
841ac7 |
+ int errnop;
|
|
|
841ac7 |
char buffer[BUFFER_SIZE];
|
|
|
841ac7 |
- bool is_local = false;
|
|
|
841ac7 |
- int ret;
|
|
|
841ac7 |
+ enum nss_status ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
- ret = getpwuid_r(uid, &pwd, buffer, BUFFER_SIZE, &pwd_result);
|
|
|
841ac7 |
- if (ret == EOK && pwd_result != NULL) {
|
|
|
841ac7 |
+ ret = ops->getpwuid_r(uid, &pwd, buffer, BUFFER_SIZE, &errnop);
|
|
|
841ac7 |
+ if (ret == NSS_STATUS_SUCCESS) {
|
|
|
841ac7 |
DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
841ac7 |
"User with UID %"SPRIuid" is a local user\n", uid);
|
|
|
841ac7 |
- is_local = true;
|
|
|
841ac7 |
+ return true;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
- return is_local;
|
|
|
841ac7 |
+ return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool is_group_local_by_name(const char *name)
|
|
|
841ac7 |
+bool is_group_local_by_name(const struct sss_nss_ops *ops, const char *name)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
struct group grp = { 0 };
|
|
|
841ac7 |
- struct group *grp_result;
|
|
|
841ac7 |
+ int errnop;
|
|
|
841ac7 |
char buffer[BUFFER_SIZE];
|
|
|
841ac7 |
- bool is_local = false;
|
|
|
841ac7 |
- int ret;
|
|
|
841ac7 |
+ enum nss_status ret;
|
|
|
841ac7 |
char *shortname = NULL;
|
|
|
841ac7 |
+ int parse_ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
- ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL);
|
|
|
841ac7 |
- if (ret != EOK) {
|
|
|
841ac7 |
+ parse_ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL);
|
|
|
841ac7 |
+ if (parse_ret != EOK) {
|
|
|
841ac7 |
return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
- ret = getgrnam_r(shortname, &grp, buffer, BUFFER_SIZE, &grp_result);
|
|
|
841ac7 |
+ ret = ops->getgrnam_r(shortname, &grp, buffer, BUFFER_SIZE, &errnop);
|
|
|
841ac7 |
talloc_free(shortname);
|
|
|
841ac7 |
- if (ret == EOK && grp_result != NULL) {
|
|
|
841ac7 |
+ if (ret == NSS_STATUS_SUCCESS) {
|
|
|
841ac7 |
DEBUG(SSSDBG_TRACE_FUNC, "Group %s is a local group\n", name);
|
|
|
841ac7 |
- is_local = true;
|
|
|
841ac7 |
+ return true;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
- return is_local;
|
|
|
841ac7 |
+ return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool is_group_local_by_gid(uid_t gid)
|
|
|
841ac7 |
+bool is_group_local_by_gid(const struct sss_nss_ops *ops, uid_t gid)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
struct group grp = { 0 };
|
|
|
841ac7 |
- struct group *grp_result;
|
|
|
841ac7 |
+ int errnop;
|
|
|
841ac7 |
char buffer[BUFFER_SIZE];
|
|
|
841ac7 |
- bool is_local = false;
|
|
|
841ac7 |
- int ret;
|
|
|
841ac7 |
+ enum nss_status ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
- ret = getgrgid_r(gid, &grp, buffer, BUFFER_SIZE, &grp_result);
|
|
|
841ac7 |
- if (ret == EOK && grp_result != NULL) {
|
|
|
841ac7 |
+ ret = ops->getgrgid_r(gid, &grp, buffer, BUFFER_SIZE, &errnop);
|
|
|
841ac7 |
+ if (ret == NSS_STATUS_SUCCESS) {
|
|
|
841ac7 |
DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
841ac7 |
"Group with GID %"SPRIgid" is a local group\n", gid);
|
|
|
841ac7 |
- is_local = true;
|
|
|
841ac7 |
+ return true;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
- return is_local;
|
|
|
841ac7 |
+ return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
diff --git a/src/responder/common/negcache_files.h b/src/responder/common/negcache_files.h
|
|
|
841ac7 |
index 01d9f0828..a3e18deb0 100644
|
|
|
841ac7 |
--- a/src/responder/common/negcache_files.h
|
|
|
841ac7 |
+++ b/src/responder/common/negcache_files.h
|
|
|
841ac7 |
@@ -22,10 +22,14 @@
|
|
|
841ac7 |
#ifndef _NEGCACHE_FILES_H_
|
|
|
841ac7 |
#define _NEGCACHE_FILES_H_
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool is_user_local_by_name(const char *name);
|
|
|
841ac7 |
-bool is_user_local_by_uid(uid_t uid);
|
|
|
841ac7 |
+#include <stdbool.h>
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool is_group_local_by_name(const char *name);
|
|
|
841ac7 |
-bool is_group_local_by_gid(uid_t gid);
|
|
|
841ac7 |
+struct sss_nss_ops;
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+bool is_user_local_by_name(const struct sss_nss_ops *ops, const char *name);
|
|
|
841ac7 |
+bool is_user_local_by_uid(const struct sss_nss_ops *ops, uid_t uid);
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+bool is_group_local_by_name(const struct sss_nss_ops *ops, const char *name);
|
|
|
841ac7 |
+bool is_group_local_by_gid(const struct sss_nss_ops *ops, uid_t gid);
|
|
|
841ac7 |
|
|
|
841ac7 |
#endif /* _NEGCACHE_FILES_H_ */
|
|
|
841ac7 |
diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
|
|
|
841ac7 |
index a559abe9e..bfc493395 100644
|
|
|
841ac7 |
--- a/src/tests/cwrap/Makefile.am
|
|
|
841ac7 |
+++ b/src/tests/cwrap/Makefile.am
|
|
|
841ac7 |
@@ -75,6 +75,7 @@ SSSD_RESPONDER_IFACE_OBJ = \
|
|
|
841ac7 |
|
|
|
841ac7 |
SSSD_RESPONDER_OBJ = \
|
|
|
841ac7 |
../../../src/responder/common/negcache_files.c \
|
|
|
841ac7 |
+ ../../../src/util/nss_dl_load.c \
|
|
|
841ac7 |
../../../src/responder/common/negcache.c \
|
|
|
841ac7 |
../../../src/responder/common/responder_cmd.c \
|
|
|
841ac7 |
../../../src/responder/common/responder_common.c \
|
|
|
841ac7 |
@@ -175,6 +176,7 @@ responder_common_tests_SOURCES =\
|
|
|
841ac7 |
../../../src/responder/common/iface/responder_ncache.c \
|
|
|
841ac7 |
../../../src/responder/common/iface/responder_iface_generated.c \
|
|
|
841ac7 |
../../../src/responder/common/negcache_files.c \
|
|
|
841ac7 |
+ ../../../src/util/nss_dl_load.c \
|
|
|
841ac7 |
../../../src/responder/common/negcache.c \
|
|
|
841ac7 |
../../../src/responder/common/data_provider/rdp_message.c \
|
|
|
841ac7 |
../../../src/responder/common/data_provider/rdp_client.c \
|
|
|
841ac7 |
@@ -189,6 +191,7 @@ responder_common_tests_CFLAGS = \
|
|
|
841ac7 |
$(AM_CFLAGS) \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
responder_common_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SELINUX_LIBS) \
|
|
|
841ac7 |
@@ -207,6 +210,7 @@ negcache_tests_CFLAGS = \
|
|
|
841ac7 |
-DBASE_FILE_STEM=\"$(*F)\" \
|
|
|
841ac7 |
$(NULL)
|
|
|
841ac7 |
negcache_tests_LDADD = \
|
|
|
841ac7 |
+ $(LIBADD_DL) \
|
|
|
841ac7 |
$(CMOCKA_LIBS) \
|
|
|
841ac7 |
$(SSSD_LIBS) \
|
|
|
841ac7 |
$(SELINUX_LIBS) \
|
|
|
841ac7 |
diff --git a/src/tests/cwrap/test_negcache.c b/src/tests/cwrap/test_negcache.c
|
|
|
841ac7 |
index c4f601b34..690e797e2 100644
|
|
|
841ac7 |
--- a/src/tests/cwrap/test_negcache.c
|
|
|
841ac7 |
+++ b/src/tests/cwrap/test_negcache.c
|
|
|
841ac7 |
@@ -18,6 +18,10 @@
|
|
|
841ac7 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
841ac7 |
*/
|
|
|
841ac7 |
|
|
|
841ac7 |
+#include <stdio.h>
|
|
|
841ac7 |
+#include <sys/types.h>
|
|
|
841ac7 |
+#include <pwd.h>
|
|
|
841ac7 |
+
|
|
|
841ac7 |
#include <stdarg.h>
|
|
|
841ac7 |
#include <stddef.h>
|
|
|
841ac7 |
#include <setjmp.h>
|
|
|
841ac7 |
@@ -35,38 +39,40 @@
|
|
|
841ac7 |
#define TEST_CONF_DB "test_negcache_confdb.ldb"
|
|
|
841ac7 |
#define TEST_DOM_NAME "test_domain.test"
|
|
|
841ac7 |
|
|
|
841ac7 |
-#define TEST_LOCAL_USER_NAME_1 "foobar"
|
|
|
841ac7 |
-#define TEST_LOCAL_USER_NAME_2 "sssd"
|
|
|
841ac7 |
-
|
|
|
841ac7 |
-#define TEST_LOCAL_USER_UID_1 10001
|
|
|
841ac7 |
-#define TEST_LOCAL_USER_UID_2 123
|
|
|
841ac7 |
-
|
|
|
841ac7 |
-#define TEST_LOCAL_GROUP_NAME_1 "foogroup"
|
|
|
841ac7 |
-#define TEST_LOCAL_GROUP_NAME_2 "sssd"
|
|
|
841ac7 |
-
|
|
|
841ac7 |
-#define TEST_LOCAL_GID_1 10001
|
|
|
841ac7 |
-#define TEST_LOCAL_GID_2 123
|
|
|
841ac7 |
-
|
|
|
841ac7 |
-struct test_user {
|
|
|
841ac7 |
+struct user_descriptor_t {
|
|
|
841ac7 |
const char *name;
|
|
|
841ac7 |
uid_t uid;
|
|
|
841ac7 |
+};
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+struct group_descriptor_t {
|
|
|
841ac7 |
+ const char *name;
|
|
|
841ac7 |
gid_t gid;
|
|
|
841ac7 |
-} users[] = { { "test_user1", 1001, 50001 },
|
|
|
841ac7 |
- { "test_user2", 1002, 50002 } };
|
|
|
841ac7 |
+};
|
|
|
841ac7 |
|
|
|
841ac7 |
-static void create_users(TALLOC_CTX *mem_ctx,
|
|
|
841ac7 |
- struct sss_domain_info *domain)
|
|
|
841ac7 |
+struct ncache_test_ctx {
|
|
|
841ac7 |
+ struct sss_test_ctx *tctx;
|
|
|
841ac7 |
+ struct sss_nc_ctx *ncache;
|
|
|
841ac7 |
+ struct user_descriptor_t local_users[2];
|
|
|
841ac7 |
+ struct user_descriptor_t non_local_users[2];
|
|
|
841ac7 |
+ struct group_descriptor_t local_groups[2];
|
|
|
841ac7 |
+ struct group_descriptor_t non_local_groups[2];
|
|
|
841ac7 |
+};
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+static void create_users(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
errno_t ret;
|
|
|
841ac7 |
char *fqname;
|
|
|
841ac7 |
+ struct sss_domain_info *domain = test_ctx->tctx->dom;
|
|
|
841ac7 |
+ const struct user_descriptor_t *users = test_ctx->non_local_users;
|
|
|
841ac7 |
+ const struct group_descriptor_t *groups = test_ctx->non_local_groups;
|
|
|
841ac7 |
|
|
|
841ac7 |
for (int i = 0; i < 2; i++) {
|
|
|
841ac7 |
- fqname = sss_create_internal_fqname(mem_ctx,
|
|
|
841ac7 |
+ fqname = sss_create_internal_fqname(test_ctx,
|
|
|
841ac7 |
users[i].name,
|
|
|
841ac7 |
domain->name);
|
|
|
841ac7 |
assert_non_null(fqname);
|
|
|
841ac7 |
|
|
|
841ac7 |
- ret = sysdb_add_user(domain, users[i].name, users[i].uid, users[i].gid,
|
|
|
841ac7 |
+ ret = sysdb_add_user(domain, users[i].name, users[i].uid, groups[i].gid,
|
|
|
841ac7 |
fqname, NULL, "/bin/bash", domain->name,
|
|
|
841ac7 |
NULL, 30, time(NULL));
|
|
|
841ac7 |
talloc_free(fqname);
|
|
|
841ac7 |
@@ -74,25 +80,15 @@ static void create_users(TALLOC_CTX *mem_ctx,
|
|
|
841ac7 |
}
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
-struct test_group {
|
|
|
841ac7 |
- const char *name;
|
|
|
841ac7 |
- gid_t gid;
|
|
|
841ac7 |
-} groups[] = { { "test_group1", 50001 },
|
|
|
841ac7 |
- { "test_group2", 50002 } };
|
|
|
841ac7 |
-
|
|
|
841ac7 |
-struct ncache_test_ctx {
|
|
|
841ac7 |
- struct sss_test_ctx *tctx;
|
|
|
841ac7 |
- struct sss_nc_ctx *ncache;
|
|
|
841ac7 |
-};
|
|
|
841ac7 |
-
|
|
|
841ac7 |
-static void create_groups(TALLOC_CTX *mem_ctx,
|
|
|
841ac7 |
- struct sss_domain_info *domain)
|
|
|
841ac7 |
+static void create_groups(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
errno_t ret;
|
|
|
841ac7 |
char *fqname;
|
|
|
841ac7 |
+ struct sss_domain_info *domain = test_ctx->tctx->dom;
|
|
|
841ac7 |
+ const struct group_descriptor_t *groups = test_ctx->non_local_groups;
|
|
|
841ac7 |
|
|
|
841ac7 |
for (int i = 0; i < 2; i++) {
|
|
|
841ac7 |
- fqname = sss_create_internal_fqname(mem_ctx,
|
|
|
841ac7 |
+ fqname = sss_create_internal_fqname(test_ctx,
|
|
|
841ac7 |
groups[i].name,
|
|
|
841ac7 |
domain->name);
|
|
|
841ac7 |
assert_non_null(fqname);
|
|
|
841ac7 |
@@ -116,6 +112,114 @@ struct cli_protocol_version *register_cli_protocol_version(void)
|
|
|
841ac7 |
return responder_test_cli_protocol_version;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
+static void find_local_users(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
+{
|
|
|
841ac7 |
+ int i;
|
|
|
841ac7 |
+ FILE *passwd_file;
|
|
|
841ac7 |
+ const struct passwd *pwd;
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ passwd_file = fopen("/etc/passwd", "r");
|
|
|
841ac7 |
+ assert_non_null(passwd_file);
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ for (i = 0; i < 2; /*no-op*/) {
|
|
|
841ac7 |
+ pwd = fgetpwent(passwd_file);
|
|
|
841ac7 |
+ assert_non_null(pwd);
|
|
|
841ac7 |
+ if (pwd->pw_uid == 0) {
|
|
|
841ac7 |
+ /* skip root */
|
|
|
841ac7 |
+ continue;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ test_ctx->local_users[i].uid = pwd->pw_uid;
|
|
|
841ac7 |
+ test_ctx->local_users[i].name = talloc_strdup(test_ctx, pwd->pw_name);
|
|
|
841ac7 |
+ assert_non_null(test_ctx->local_users[i].name);
|
|
|
841ac7 |
+ ++i;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ fclose(passwd_file);
|
|
|
841ac7 |
+}
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+static void find_local_groups(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
+{
|
|
|
841ac7 |
+ int i;
|
|
|
841ac7 |
+ FILE *group_file;
|
|
|
841ac7 |
+ const struct group *grp;
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ group_file = fopen("/etc/group", "r");
|
|
|
841ac7 |
+ assert_non_null(group_file);
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ for (i = 0; i < 2; /* no-op */) {
|
|
|
841ac7 |
+ grp = fgetgrent(group_file);
|
|
|
841ac7 |
+ assert_non_null(grp);
|
|
|
841ac7 |
+ if (grp->gr_gid == 0) {
|
|
|
841ac7 |
+ /* skip root */
|
|
|
841ac7 |
+ continue;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ test_ctx->local_groups[i].gid = grp->gr_gid;
|
|
|
841ac7 |
+ test_ctx->local_groups[i].name = talloc_strdup(test_ctx, grp->gr_name);
|
|
|
841ac7 |
+ assert_non_null(test_ctx->local_groups[i].name);
|
|
|
841ac7 |
+ ++i;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ fclose(group_file);
|
|
|
841ac7 |
+}
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+static void find_non_local_users(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
+{
|
|
|
841ac7 |
+ int i;
|
|
|
841ac7 |
+ int k;
|
|
|
841ac7 |
+ uid_t uid;
|
|
|
841ac7 |
+ char *name;
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ for (i = 0, k = 1; (k < 100) && (i < 2); ++k) {
|
|
|
841ac7 |
+ uid = 65534-k;
|
|
|
841ac7 |
+ if (getpwuid(uid)) {
|
|
|
841ac7 |
+ continue;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ test_ctx->non_local_users[i].uid = uid;
|
|
|
841ac7 |
+ ++i;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ assert_int_equal(i, 2);
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ for (i = 0, k = 0; (k < 100) && (i < 2); ++k) {
|
|
|
841ac7 |
+ name = talloc_asprintf(test_ctx, "nctestuser%d", k);
|
|
|
841ac7 |
+ if (getpwnam(name)) {
|
|
|
841ac7 |
+ talloc_free(name);
|
|
|
841ac7 |
+ continue;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ test_ctx->non_local_users[i].name = name;
|
|
|
841ac7 |
+ ++i;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ assert_int_equal(i, 2);
|
|
|
841ac7 |
+}
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+static void find_non_local_groups(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
+{
|
|
|
841ac7 |
+ int i = 0;
|
|
|
841ac7 |
+ int k;
|
|
|
841ac7 |
+ gid_t gid;
|
|
|
841ac7 |
+ char *name;
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ for (i = 0, k = 1; (k < 100) && (i < 2); ++k) {
|
|
|
841ac7 |
+ gid = 65534-k;
|
|
|
841ac7 |
+ if (getgrgid(gid)) {
|
|
|
841ac7 |
+ continue;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ test_ctx->non_local_groups[i].gid = gid;
|
|
|
841ac7 |
+ ++i;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ assert_int_equal(i, 2);
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ for (i = 0, k = 0; (k < 100) && (i < 2); ++k) {
|
|
|
841ac7 |
+ name = talloc_asprintf(test_ctx, "nctestgroup%d", k);
|
|
|
841ac7 |
+ if (getgrnam(name)) {
|
|
|
841ac7 |
+ talloc_free(name);
|
|
|
841ac7 |
+ continue;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ test_ctx->non_local_groups[i].name = name;
|
|
|
841ac7 |
+ ++i;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
+ assert_int_equal(i, 2);
|
|
|
841ac7 |
+}
|
|
|
841ac7 |
+
|
|
|
841ac7 |
static int test_ncache_setup(void **state)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
struct ncache_test_ctx *test_ctx;
|
|
|
841ac7 |
@@ -125,14 +229,19 @@ static int test_ncache_setup(void **state)
|
|
|
841ac7 |
test_ctx = talloc_zero(global_talloc_context, struct ncache_test_ctx);
|
|
|
841ac7 |
assert_non_null(test_ctx);
|
|
|
841ac7 |
|
|
|
841ac7 |
+ find_local_users(test_ctx);
|
|
|
841ac7 |
+ find_local_groups(test_ctx);
|
|
|
841ac7 |
+ find_non_local_users(test_ctx);
|
|
|
841ac7 |
+ find_non_local_groups(test_ctx);
|
|
|
841ac7 |
+
|
|
|
841ac7 |
test_dom_suite_setup(TESTS_PATH);
|
|
|
841ac7 |
|
|
|
841ac7 |
test_ctx->tctx = create_dom_test_ctx(test_ctx, TESTS_PATH, TEST_CONF_DB,
|
|
|
841ac7 |
TEST_DOM_NAME, "ipa", NULL);
|
|
|
841ac7 |
assert_non_null(test_ctx->tctx);
|
|
|
841ac7 |
|
|
|
841ac7 |
- create_groups(test_ctx, test_ctx->tctx->dom);
|
|
|
841ac7 |
- create_users(test_ctx, test_ctx->tctx->dom);
|
|
|
841ac7 |
+ create_groups(test_ctx);
|
|
|
841ac7 |
+ create_users(test_ctx);
|
|
|
841ac7 |
|
|
|
841ac7 |
check_leaks_push(test_ctx);
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -213,11 +322,11 @@ static void set_users(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = set_user_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[0].name);
|
|
|
841ac7 |
+ test_ctx->non_local_users[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = set_user_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_USER_NAME_1);
|
|
|
841ac7 |
+ test_ctx->local_users[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -227,19 +336,19 @@ static void check_users(struct ncache_test_ctx *test_ctx,
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[0].name);
|
|
|
841ac7 |
+ test_ctx->non_local_users[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_a);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[1].name);
|
|
|
841ac7 |
+ test_ctx->non_local_users[1].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_b);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_USER_NAME_1);
|
|
|
841ac7 |
+ test_ctx->local_users[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_c);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_USER_NAME_2);
|
|
|
841ac7 |
+ test_ctx->local_users[1].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_d);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -324,11 +433,11 @@ static void set_uids(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_set_uid(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[0].uid);
|
|
|
841ac7 |
+ test_ctx->non_local_users[0].uid);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_set_uid(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_USER_UID_1);
|
|
|
841ac7 |
+ test_ctx->local_users[0].uid);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -338,19 +447,19 @@ static void check_uids(struct ncache_test_ctx *test_ctx,
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_uid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[0].uid);
|
|
|
841ac7 |
+ test_ctx->non_local_users[0].uid);
|
|
|
841ac7 |
assert_int_equal(ret, case_a);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_uid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[1].uid);
|
|
|
841ac7 |
+ test_ctx->non_local_users[1].uid);
|
|
|
841ac7 |
assert_int_equal(ret, case_b);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_uid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_USER_UID_1);
|
|
|
841ac7 |
+ test_ctx->local_users[0].uid);
|
|
|
841ac7 |
assert_int_equal(ret, case_c);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_uid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_USER_UID_2);
|
|
|
841ac7 |
+ test_ctx->local_users[1].uid);
|
|
|
841ac7 |
assert_int_equal(ret, case_d);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -435,11 +544,11 @@ static void set_groups(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = set_group_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- groups[0].name);
|
|
|
841ac7 |
+ test_ctx->non_local_groups[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = set_group_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_GROUP_NAME_1);
|
|
|
841ac7 |
+ test_ctx->local_groups[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -449,19 +558,19 @@ static void check_groups(struct ncache_test_ctx *test_ctx,
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- groups[0].name);
|
|
|
841ac7 |
+ test_ctx->non_local_groups[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_a);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- groups[1].name);
|
|
|
841ac7 |
+ test_ctx->non_local_groups[1].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_b);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_GROUP_NAME_1);
|
|
|
841ac7 |
+ test_ctx->local_groups[0].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_c);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_GROUP_NAME_2);
|
|
|
841ac7 |
+ test_ctx->local_groups[1].name);
|
|
|
841ac7 |
assert_int_equal(ret, case_d);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -546,11 +655,11 @@ static void set_gids(struct ncache_test_ctx *test_ctx)
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_set_gid(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[0].gid);
|
|
|
841ac7 |
+ test_ctx->non_local_groups[0].gid);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_set_gid(test_ctx->ncache, false, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_GID_1);
|
|
|
841ac7 |
+ test_ctx->local_groups[0].gid);
|
|
|
841ac7 |
assert_int_equal(ret, EOK);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
@@ -560,19 +669,19 @@ static void check_gids(struct ncache_test_ctx *test_ctx,
|
|
|
841ac7 |
int ret;
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_gid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[0].gid);
|
|
|
841ac7 |
+ test_ctx->non_local_groups[0].gid);
|
|
|
841ac7 |
assert_int_equal(ret, case_a);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_gid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- users[1].gid);
|
|
|
841ac7 |
+ test_ctx->non_local_groups[1].gid);
|
|
|
841ac7 |
assert_int_equal(ret, case_b);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_gid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_GID_1);
|
|
|
841ac7 |
+ test_ctx->local_groups[0].gid);
|
|
|
841ac7 |
assert_int_equal(ret, case_c);
|
|
|
841ac7 |
|
|
|
841ac7 |
ret = sss_ncache_check_gid(test_ctx->ncache, test_ctx->tctx->dom,
|
|
|
841ac7 |
- TEST_LOCAL_GID_2);
|
|
|
841ac7 |
+ test_ctx->local_groups[1].gid);
|
|
|
841ac7 |
assert_int_equal(ret, case_d);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
|
|
|
841ac7 |
index 63f6ea4ed..787255f92 100644
|
|
|
841ac7 |
--- a/src/tests/intg/test_ldap.py
|
|
|
841ac7 |
+++ b/src/tests/intg/test_ldap.py
|
|
|
841ac7 |
@@ -43,15 +43,6 @@ from files_ops import passwd_ops_setup, group_ops_setup
|
|
|
841ac7 |
LDAP_BASE_DN = "dc=example,dc=com"
|
|
|
841ac7 |
INTERACTIVE_TIMEOUT = 4
|
|
|
841ac7 |
|
|
|
841ac7 |
-PASSWD_USER = dict(name='passwduser', passwd='x', uid=100000, gid=2000,
|
|
|
841ac7 |
- gecos='User for tests',
|
|
|
841ac7 |
- dir='/home/passwduser',
|
|
|
841ac7 |
- shell='/bin/bash')
|
|
|
841ac7 |
-
|
|
|
841ac7 |
-PASSWD_GROUP = dict(name='passwdgroup',
|
|
|
841ac7 |
- gid=200000,
|
|
|
841ac7 |
- mem=['passwduser'])
|
|
|
841ac7 |
-
|
|
|
841ac7 |
|
|
|
841ac7 |
@pytest.fixture(scope="module")
|
|
|
841ac7 |
def ds_inst(request):
|
|
|
841ac7 |
@@ -1860,14 +1851,32 @@ def test_rename_incomplete_group_rdn_changed(ldap_conn, rename_setup_cleanup):
|
|
|
841ac7 |
|
|
|
841ac7 |
|
|
|
841ac7 |
@pytest.fixture
|
|
|
841ac7 |
-def user_and_group_rfc2307_lcl(passwd_ops_setup, group_ops_setup,
|
|
|
841ac7 |
- user_and_group_rfc2307):
|
|
|
841ac7 |
- pwd_ops = passwd_ops_setup
|
|
|
841ac7 |
- pwd_ops.useradd(**PASSWD_USER)
|
|
|
841ac7 |
- grp_ops = group_ops_setup
|
|
|
841ac7 |
- grp_ops.groupadd(**PASSWD_GROUP)
|
|
|
841ac7 |
+def find_local_user_and_group():
|
|
|
841ac7 |
+ f = open("/etc/passwd")
|
|
|
841ac7 |
+ for line in f:
|
|
|
841ac7 |
+ passwd_user = line.split(':')
|
|
|
841ac7 |
+ passwd_user[2] = int(passwd_user[2])
|
|
|
841ac7 |
+ if passwd_user[2] != 0:
|
|
|
841ac7 |
+ break
|
|
|
841ac7 |
+ f.close()
|
|
|
841ac7 |
+ assert passwd_user[2] != 0
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ f = open("/etc/group")
|
|
|
841ac7 |
+ for line in f:
|
|
|
841ac7 |
+ passwd_group = line.split(':')
|
|
|
841ac7 |
+ passwd_group[2] = int(passwd_group[2])
|
|
|
841ac7 |
+ if passwd_group[2] != 0:
|
|
|
841ac7 |
+ break
|
|
|
841ac7 |
+ f.close()
|
|
|
841ac7 |
+ assert passwd_group[2] != 0
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+ return (passwd_user, passwd_group)
|
|
|
841ac7 |
|
|
|
841ac7 |
- return user_and_group_rfc2307
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+@pytest.fixture
|
|
|
841ac7 |
+def user_and_group_rfc2307_lcl(find_local_user_and_group,
|
|
|
841ac7 |
+ user_and_group_rfc2307):
|
|
|
841ac7 |
+ return find_local_user_and_group
|
|
|
841ac7 |
|
|
|
841ac7 |
|
|
|
841ac7 |
def test_local_negative_timeout_enabled_by_default(ldap_conn,
|
|
|
841ac7 |
@@ -1879,64 +1888,53 @@ def test_local_negative_timeout_enabled_by_default(ldap_conn,
|
|
|
841ac7 |
# sanity check - try resolving an LDAP user
|
|
|
841ac7 |
ent.assert_passwd_by_name("user", dict(name="user", uid=1001, gid=2000))
|
|
|
841ac7 |
|
|
|
841ac7 |
+ passwd_user, passwd_group = user_and_group_rfc2307_lcl
|
|
|
841ac7 |
+
|
|
|
841ac7 |
# resolve a user who is not in LDAP, but exists locally
|
|
|
841ac7 |
- res, _ = call_sssd_getpwnam("passwduser")
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwnam(passwd_user[0])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = pwd.getpwnam("passwduser")
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
# Do the same by UID
|
|
|
841ac7 |
- res, _ = call_sssd_getpwuid(100000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwuid(passwd_user[2])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = pwd.getpwuid(100000)
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
|
|
|
841ac7 |
# Do the same for a group both by name and by ID
|
|
|
841ac7 |
- res, _ = call_sssd_getgrnam("passwdgroup")
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrnam(passwd_group[0])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = grp.getgrnam("passwdgroup")
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
- res, _ = call_sssd_getgrgid(200000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrgid(passwd_group[2])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = grp.getgrgid(200000)
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
|
|
|
841ac7 |
# add the user and the group to LDAP
|
|
|
841ac7 |
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
|
|
|
841ac7 |
- ent_list.add_user("passwduser", 100000, 2000)
|
|
|
841ac7 |
- ent_list.add_group("passwdgroup", 200000)
|
|
|
841ac7 |
+ ent_list.add_user(passwd_user[0], passwd_user[2], 2000)
|
|
|
841ac7 |
+ ent_list.add_group(passwd_group[0], passwd_group[2])
|
|
|
841ac7 |
create_ldap_entries(ldap_conn, ent_list)
|
|
|
841ac7 |
|
|
|
841ac7 |
- # Make sure the negative cache expired
|
|
|
841ac7 |
+ # Make sure the negative cache would expire if global timeout was used
|
|
|
841ac7 |
time.sleep(2)
|
|
|
841ac7 |
|
|
|
841ac7 |
# The user is now negatively cached and can't be resolved by either
|
|
|
841ac7 |
# name or UID
|
|
|
841ac7 |
- res, _ = call_sssd_getpwnam("passwduser")
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwnam(passwd_group[0])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res, _ = call_sssd_getpwuid(100000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwuid(passwd_group[2])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
|
|
|
841ac7 |
- res, _ = call_sssd_getgrnam("passwdgroup")
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrnam(passwd_group[0])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res, _ = call_sssd_getgrgid(200000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrgid(passwd_group[2])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
|
|
|
841ac7 |
cleanup_ldap_entries(ldap_conn, ent_list)
|
|
|
841ac7 |
|
|
|
841ac7 |
|
|
|
841ac7 |
@pytest.fixture
|
|
|
841ac7 |
-def usr_and_grp_rfc2307_no_local_ncache(request, passwd_ops_setup,
|
|
|
841ac7 |
- group_ops_setup, ldap_conn):
|
|
|
841ac7 |
+def usr_and_grp_rfc2307_no_local_ncache(request, find_local_user_and_group,
|
|
|
841ac7 |
+ ldap_conn):
|
|
|
841ac7 |
"""
|
|
|
841ac7 |
Create an RFC2307 directory fixture with interactive SSSD conf,
|
|
|
841ac7 |
one user and one group but with the local negative timeout
|
|
|
841ac7 |
disabled
|
|
|
841ac7 |
"""
|
|
|
841ac7 |
- pwd_ops = passwd_ops_setup
|
|
|
841ac7 |
- pwd_ops.useradd(**PASSWD_USER)
|
|
|
841ac7 |
- grp_ops = group_ops_setup
|
|
|
841ac7 |
- grp_ops.groupadd(**PASSWD_GROUP)
|
|
|
841ac7 |
-
|
|
|
841ac7 |
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
|
|
|
841ac7 |
ent_list.add_user("user", 1001, 2000)
|
|
|
841ac7 |
ent_list.add_group("group", 2001)
|
|
|
841ac7 |
@@ -1948,7 +1946,7 @@ def usr_and_grp_rfc2307_no_local_ncache(request, passwd_ops_setup,
|
|
|
841ac7 |
""")
|
|
|
841ac7 |
create_conf_fixture(request, conf)
|
|
|
841ac7 |
create_sssd_fixture(request)
|
|
|
841ac7 |
- return None
|
|
|
841ac7 |
+ return find_local_user_and_group
|
|
|
841ac7 |
|
|
|
841ac7 |
|
|
|
841ac7 |
def test_local_negative_timeout_disabled(ldap_conn,
|
|
|
841ac7 |
@@ -1960,46 +1958,40 @@ def test_local_negative_timeout_disabled(ldap_conn,
|
|
|
841ac7 |
# sanity check - try resolving an LDAP user
|
|
|
841ac7 |
ent.assert_passwd_by_name("user", dict(name="user", uid=1001, gid=2000))
|
|
|
841ac7 |
|
|
|
841ac7 |
+ passwd_user, passwd_group = usr_and_grp_rfc2307_no_local_ncache
|
|
|
841ac7 |
+
|
|
|
841ac7 |
# resolve a user who is not in LDAP, but exists locally
|
|
|
841ac7 |
- res, _ = call_sssd_getpwnam("passwduser")
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwnam(passwd_user[0])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = pwd.getpwnam("passwduser")
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
# Do the same by UID
|
|
|
841ac7 |
- res, _ = call_sssd_getpwuid(100000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwuid(passwd_user[2])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = pwd.getpwuid(100000)
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
|
|
|
841ac7 |
# Do the same for a group both by name and by ID
|
|
|
841ac7 |
- res, _ = call_sssd_getgrnam("passwdgroup")
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrnam(passwd_group[0])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = grp.getgrnam("passwdgroup")
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
- res, _ = call_sssd_getgrgid(200000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrgid(passwd_group[2])
|
|
|
841ac7 |
assert res == NssReturnCode.NOTFOUND
|
|
|
841ac7 |
- res = grp.getgrgid(200000)
|
|
|
841ac7 |
- assert res is not None
|
|
|
841ac7 |
|
|
|
841ac7 |
# add the user and the group to LDAP
|
|
|
841ac7 |
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
|
|
|
841ac7 |
- ent_list.add_user("passwduser", 100000, 2000)
|
|
|
841ac7 |
- ent_list.add_group("passwdgroup", 200000)
|
|
|
841ac7 |
+ ent_list.add_user(passwd_user[0], passwd_user[2], 2000)
|
|
|
841ac7 |
+ ent_list.add_group(passwd_group[0], passwd_group[2])
|
|
|
841ac7 |
create_ldap_entries(ldap_conn, ent_list)
|
|
|
841ac7 |
|
|
|
841ac7 |
# Make sure the negative cache expired
|
|
|
841ac7 |
time.sleep(2)
|
|
|
841ac7 |
|
|
|
841ac7 |
# The user can now be resolved
|
|
|
841ac7 |
- res, _ = call_sssd_getpwnam("passwduser")
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwnam(passwd_user[0])
|
|
|
841ac7 |
assert res == NssReturnCode.SUCCESS
|
|
|
841ac7 |
# Do the same by UID
|
|
|
841ac7 |
- res, _ = call_sssd_getpwuid(100000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getpwuid(passwd_user[2])
|
|
|
841ac7 |
assert res == NssReturnCode.SUCCESS
|
|
|
841ac7 |
|
|
|
841ac7 |
- res, _ = call_sssd_getgrnam("passwdgroup")
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrnam(passwd_group[0])
|
|
|
841ac7 |
assert res == NssReturnCode.SUCCESS
|
|
|
841ac7 |
- res, _ = call_sssd_getgrgid(200000)
|
|
|
841ac7 |
+ res, _ = call_sssd_getgrgid(passwd_group[2])
|
|
|
841ac7 |
assert res == NssReturnCode.SUCCESS
|
|
|
841ac7 |
|
|
|
841ac7 |
cleanup_ldap_entries(ldap_conn, ent_list)
|
|
|
841ac7 |
--
|
|
|
841ac7 |
2.19.1
|
|
|
841ac7 |
|