Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • mika/sssd
  • guillem/debian-pkg-sssd
  • john.veitch/sssd
  • jgullberg/sssd
  • gioele/sssd
  • oktay454/sssd
  • sergiodj/sssd
  • 3v1n0/sssd
  • jfalk-guest/sssd
  • sathieu/sssd
  • dpward/sssd
  • sssd-team/sssd
  • ahasenack/sssd
  • jbicha/sssd
  • yrro-guest/sssd
15 results
Show changes
Commits on Source (8)
Showing
with 577 additions and 67 deletions
......@@ -81,21 +81,3 @@ jobs:
name: covscan
path: |
./logs/*.err
flake8:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Run flake8
uses: grantmcconnaughey/lintly-flake8-github-action@d9db4fd0be9fb1cd19206a48ec0773bd93b82cbd
with:
token: ${{ secrets.GITHUB_TOKEN }}
failIf: new
......@@ -40,3 +40,16 @@ jobs:
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
flake8:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Run flake8
uses: grantmcconnaughey/lintly-flake8-github-action@d9db4fd0be9fb1cd19206a48ec0773bd93b82cbd
if: github.event_name == 'pull_request'
with:
token: ${{ secrets.GITHUB_TOKEN }}
failIf: new
......@@ -181,7 +181,7 @@
#define CONFDB_PAC_LIFETIME "pac_lifetime"
#define CONFDB_PAC_CHECK "pac_check"
#define CONFDB_PAC_CHECK_DEFAULT "no_check"
#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "pac_present, check_upn, check_upn_dns_info_ex"
#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "check_upn, check_upn_dns_info_ex"
/* InfoPipe */
#define CONFDB_IFP_CONF_ENTRY "config/ifp"
......
......@@ -2298,7 +2298,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit
</para>
<para>
Default: no_check (AD and IPA provider
'pac_present, check_upn, check_upn_dns_info_ex')
'check_upn, check_upn_dns_info_ex')
</para>
</listitem>
</varlistentry>
......
......@@ -318,6 +318,41 @@ static int parse_name_test_setup(void **state)
return 0;
}
static int parse_name_test_two_names_ctx_setup(void **state)
{
struct parse_name_test_ctx *test_ctx;
struct sss_names_ctx *nctx1 = NULL;
struct sss_names_ctx *nctx2 = NULL;
struct sss_domain_info *dom;
int ret;
assert_true(leak_check_setup());
test_ctx = talloc_zero(global_talloc_context, struct parse_name_test_ctx);
assert_non_null(test_ctx);
ret = sss_names_init_from_args(test_ctx, SSS_DEFAULT_RE,
"%1$s@%2$s", &nctx1);
assert_int_equal(ret, EOK);
ret = sss_names_init_from_args(test_ctx, SSS_IPA_AD_DEFAULT_RE,
"%1$s@%2$s", &nctx2);
assert_int_equal(ret, EOK);
test_ctx->dom = create_test_domain(test_ctx, DOMNAME, FLATNAME,
NULL, nctx1);
assert_non_null(test_ctx->dom);
dom = create_test_domain(test_ctx, DOMNAME2, FLATNAME2,
NULL, nctx2);
assert_non_null(dom);
DLIST_ADD_END(test_ctx->dom, dom, struct sss_domain_info *);
check_leaks_push(test_ctx);
*state = test_ctx;
return 0;
}
static int parse_name_test_teardown(void **state)
{
struct parse_name_test_ctx *test_ctx = talloc_get_type(*state,
......@@ -448,6 +483,18 @@ void test_init_nouser(void **state)
assert_int_not_equal(ret, EOK);
}
void test_different_regexps(void **state)
{
struct parse_name_test_ctx *test_ctx = talloc_get_type(*state,
struct parse_name_test_ctx);
parse_name_check(test_ctx, NAME"@"DOMNAME, NULL, EOK, NAME, DOMNAME);
parse_name_check(test_ctx, NAME"@"DOMNAME2, NULL, EOK, NAME, DOMNAME2);
parse_name_check(test_ctx, NAME"@WITH_AT@"DOMNAME2, NULL, EOK, NAME"@WITH_AT", DOMNAME2);
parse_name_check(test_ctx, FLATNAME"\\"NAME, NULL, EOK, FLATNAME"\\"NAME, NULL);
parse_name_check(test_ctx, FLATNAME2"\\"NAME, NULL, EOK, NAME, DOMNAME2);
parse_name_check(test_ctx, FLATNAME2"\\"NAME"@WITH_AT", NULL, EOK, NAME"@WITH_AT", DOMNAME2);
}
void sss_parse_name_fail(void **state)
{
struct parse_name_test_ctx *test_ctx = talloc_get_type(*state,
......@@ -502,6 +549,9 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(sss_parse_name_fail,
parse_name_test_setup,
parse_name_test_teardown),
cmocka_unit_test_setup_teardown(test_different_regexps,
parse_name_test_two_names_ctx_setup,
parse_name_test_teardown),
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */
......
......@@ -720,6 +720,24 @@ def samba_share_permissions(session_multihost, request):
# ################### Session scoped fixtures #########################
@pytest.fixture(scope='session', autouse=True)
def fips_ad_support_policy(session_multihost, request):
""" Enable FIPS:AD-SUPPORT crypto policy added in bz2056676"""
old_policy = session_multihost.client[0].run_command(
'update-crypto-policies --show', raiseonerr=False).stdout_text
old_policy = old_policy.strip()
if "FIPS" == old_policy:
session_multihost.client[0].run_command(
'update-crypto-policies --set FIPS:AD-SUPPORT', raiseonerr=False)
def restore_policy():
""" Restore crypto policy """
if "FIPS" == old_policy:
session_multihost.client[0].run_command(
f'update-crypto-policies --set {old_policy}', raiseonerr=False)
request.addfinalizer(restore_policy)
@pytest.fixture(scope="session", autouse=True)
def setup_session(request, session_multihost):
""" Setup Session """
......
......@@ -174,7 +174,7 @@ class TestBugzillaAutomation(object):
:steps:
1. Create AD group with scope as "Global" and type "Security"
2. Update the properties newly created group and update under
"Member of" tab and add Users BUILTIN group.
"Member of" tab and add Users BUILTIN group.
3. Check the group lookup for BUILTIN group.
4. Check the cache entry, for built in group.
:expectedresults:
......@@ -443,7 +443,7 @@ class TestBugzillaAutomation(object):
:id: b8382774-e568-4e5b-b787-bdd4db380c28
:steps:
1. Add user and set its UPN different from the username,
Ex: TestUserUPN@ad.vm
Ex: TestUserUPN@ad.vm
2. Run command "dbus-send --print-reply --system
--dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/
infopipe org.freedesktop.sssd.infopipe.GetUserAttr string:
......
......@@ -109,7 +109,7 @@ class Testautofsresponder(object):
:id: e8dbd94d-c557-4533-8ab7-bc891e1609a3
:steps:
1. Edit sssd.conf and specify below parameters: autofs_provider = ad
ldap_autofs_search_base = ou=automount,dc=<ad-domain>
ldap_autofs_search_base = ou=automount,dc=<ad-domain>
2. Restart sssd
3. Execute automount -m
4. Access /export shared
......@@ -205,7 +205,7 @@ class Testautofsresponder(object):
:expectedresults:
1. autofs_provider is not set
2. Verify automount maps are loaded from AD and client is able to
mount nfs share
mount nfs share
"""
# pylint: disable=unused-argument
client = sssdTools(multihost.client[0])
......
......@@ -52,9 +52,8 @@ class TestSudo(object):
1. Should succeed
2. Verify the the user when logged in with upper
and lower case can fetch the sudo rules from AD
Note: This test case also cover BZ-1622109 and BZ-bz1519287
Sudo rules used in the fixture contains multiple
sudoUser attributes added.
:description: Note: This test case also cover BZ-1622109 and BZ-bz1519287
Sudo rules used in the fixture contains multiple sudoUser attributes added.
"""
multihost.client[0].service_sssd('restart')
realm = multihost.ad[0].realm
......@@ -174,10 +173,10 @@ class TestSudo(object):
3. Set debug level to 2
:steps:
1.Run sudo command as AD-user for whom rule is created
1. Run sudo command as AD-user for whom rule is created
:expectedResuls:
1. There should be no error in the sudo or domain log related
to 'short-username or non-fqdn username'
1. There should be no error in the sudo or domain log related
to 'short-username or non-fqdn username'
"""
client = sssdTools(multihost.client[0], multihost.ad[0])
domain_name = client.get_domain_section_name()
......
......@@ -132,6 +132,36 @@ def localusers(session_multihost, request):
return users
@pytest.fixture(scope='function')
def create_350_posix_users(session_multihost, request):
""" Create posix user and groups """
ldap_uri = 'ldap://%s' % (session_multihost.master[0].sys_hostname)
ds_rootdn = 'cn=Directory Manager'
ds_rootpw = 'Secret123'
ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
krb = krb5srv(session_multihost.master[0], 'EXAMPLE.TEST')
for i in range(1, 351):
user_info = {'cn': 'doo%d' % i,
'uid': 'doo%d' % i,
'uidNumber': '145831%d' % i,
'gidNumber': f'145641{i}'}
if ldap_inst.posix_user("ou=People",
"dc=example,dc=test",
user_info):
krb.add_principal('doo%d' % i, 'user', 'Secret123')
else:
print("Unable to add ldap User %s" % (user_info))
assert False
def remove_users():
""" Remove default sssd.conf """
for i in range(1, 351):
ldap_inst.del_dn(f'uid=doo{i},ou=People,dc=example,dc=test')
krb.delete_principal(f'doo{i}')
request.addfinalizer(remove_users)
@pytest.fixture(scope='function')
def enable_sss_sudo_nsswitch(session_multihost, request):
"""Enable sss backend for sudoers in nsswitch.conf """
......@@ -669,32 +699,43 @@ def sssdproxyldap(session_multihost, request):
request.addfinalizer(removeproxyldap)
@pytest.fixture(scope='class')
def install_nslcd(session_multihost, request):
""" Install nss-pam-ldapd Configure nslcd.conf """
client = session_multihost.client[0]
client.run_command("yum install -y nss-pam-ldapd")
execute_cmd(session_multihost, "echo 'uid nslcd' > /etc/nslcd.conf")
execute_cmd(session_multihost, "echo 'gid ldap' >> /etc/nslcd.conf")
execute_cmd(session_multihost, f"echo 'uri ldap://"
f"{session_multihost.master[0].ip}'"
f" >> /etc/nslcd.conf")
execute_cmd(session_multihost, f"echo 'base {ds_suffix}' >> "
f"/etc/nslcd.conf")
execute_cmd(session_multihost, "systemctl restart nslcd")
def restore_install_nslcd():
""" Restore"""
client.run_command("rm -vf /etc/nslcd.conf")
execute_cmd(session_multihost, "systemctl stop nslcd")
request.addfinalizer(restore_install_nslcd)
@pytest.fixture(scope='class')
def sssdproxyldap_test(session_multihost, request):
""" Configure sssdproxyldap
Configure sssd.conf
Configure nslcd.conf
Transport sssdproxyldap.sh to client machine
configure password for ldap user
"""
master = session_multihost.master[0]
client = session_multihost.client[0]
client.run_command("yum install -y nss-pam-ldapd",
raiseonerr=False)
tools = sssdTools(session_multihost.client[0])
domain_name = tools.get_domain_section_name()
domain_params = {'proxy_pam_target': 'sssdproxyldap',
'id_provider': 'proxy',
'proxy_lib_name': 'ldap'}
tools.sssd_conf('domain/' + domain_name, domain_params)
execute_cmd(session_multihost, "> /etc/nslcd.conf")
execute_cmd(session_multihost, "echo 'uid nslcd' > /etc/nslcd.conf")
execute_cmd(session_multihost, "echo 'gid ldap' >> /etc/nslcd.conf")
execute_cmd(session_multihost, f"echo 'uri ldap://{master.ip}' "
f">> /etc/nslcd.conf")
execute_cmd(session_multihost, f"echo 'base {ds_suffix}' "
f">> /etc/nslcd.conf")
execute_cmd(session_multihost, "systemctl restart nslcd")
file_location = '/script/sssdproxyldap.sh'
client.transport.put_file(os.path.dirname(os.path.abspath(__file__))
+ file_location,
......@@ -708,7 +749,6 @@ def sssdproxyldap_test(session_multihost, request):
def restore_sssdproxyldap_test():
""" Restore"""
client.run_command("rm -vf /tmp/sssdproxyldap.sh")
client.run_command("rm -vf /etc/nslcd.conf")
request.addfinalizer(restore_sssdproxyldap_test)
......
expect -f - <<<'
spawn ssh -o StrictHostKeyChecking=no -l foo12 localhost
expect "*assword:"
send -- "Secret123\r"
expect "*$ "
send -- "passwd\r"
expect "*Current Password: "
send -- "Secret123\r"
expect "New password: "
send -- "LsaASion#@123\r"
expect "Retype new password: "
send -- "LsaASion#@123\r"
expect "*"
send -- "logout\r"
expect eof
'
......@@ -206,9 +206,9 @@ class Testautofsresponder(object):
:customerscenario: true
:steps:
1. Configure SSSD with autofs, automountMap,
automount, automountInformation
automount, automountInformation
2. Add 2 automount entries in LDAP with
same key ( cn: MIT and cn: mit)
same key ( cn: MIT and cn: mit)
3. We should have the 2 automounts working
:expectedresults:
1. Should succeed
......@@ -314,7 +314,7 @@ class Testautofsresponder(object):
1. Access nfs share /export/nfs-test with autofs provider not set
:expectedresults:
1. Verify automount maps are loaded from AD and client is able to
mount nfs share
mount nfs share
"""
# pylint: disable=unused-argument
client = sssdTools(multihost.client[0])
......@@ -410,7 +410,7 @@ class Testautofsresponder(object):
:id: 92640015-52b9-4e76-9e63-ea7357eec9cd
:steps:
1. Add Indirect map auto.idmtest which has mount point keys
from foo1 to foo20 pointing to /projects/foo1 to /projects/foo20
from foo1 to foo20 pointing to /projects/foo1 to /projects/foo20
:expectedresults:
1. Verify sssd doesn't use (cn=*)(objectclass=nisObject)
"""
......
......@@ -33,9 +33,9 @@ class TestDefaultDebugLevel(object):
1. sssd should use default debug level with no level defined
2. sssd services start successfully
3. Log files has
a. default level set to 0x0070
b. 0x1f7c0 logs for "SSSDBG_IMPORTANT_INFO"
c. Other logs could be <= 0x0040
a. default level set to 0x0070
b. 0x1f7c0 logs for "SSSDBG_IMPORTANT_INFO"
c. Other logs could be <= 0x0040
"""
section = f"domain/{ds_instance_name}"
domain_params = {'debug_level': ''}
......
......@@ -68,7 +68,7 @@ class TestKcm(object):
1. Configure SSSD with sudo
2. Leave ou=sudoers empty - do not define any rules
3. See that smart refresh does not contain
modifyTimestamp in the filter
modifyTimestamp in the filter
:expectedresults:
1. Should succeed
2. Should succeed
......
......@@ -244,14 +244,14 @@ class TestMisc(object):
:customerscenario: true
:steps:
1. Configure SSSD with id_provider = ldap and
set ldap_schema = rfc2307bis
set ldap_schema = rfc2307bis
2. Add necessary users and groups with uniqueMember.
3. Check 'getent group ldapgroupname' output.
:expectedresults:
1. Should succeed
2. Should succeed
3. 'getent group ldapgroupname' should show
all it's member ldapusers.
all it's member ldapusers.
"""
tools = sssdTools(multihost.client[0])
domain_name = tools.get_domain_section_name()
......
""" Automation of proxy provider suite
:requirement: IDM-SSSD-REQ : Proxy Provider
:casecomponent: sssd
:subsystemteam: sst_idm_sssd
:upstream: yes
"""
from __future__ import print_function
import pytest
import subprocess
import time
import os
import ldap
from sssd.testlib.common.utils import sssdTools, SSHClient, LdapOperations
from sssd.testlib.common.libkrb5 import krb5srv
def execute_cmd(multihost, command):
""" Execute command on client """
cmd = multihost.client[0].run_command(command)
return cmd
@pytest.fixture(scope='class')
def create_user_with_cn(multihost, request):
"""
Configure sssd.conf
Create a dedicated user with
a DN starting e.g. with cn=...
Create a local user foo12
"""
ldap_uri = 'ldap://%s' % multihost.master[0].sys_hostname
ds_rootdn = 'cn=Directory Manager'
ds_rootpw = 'Secret123'
ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
krb = krb5srv(multihost.master[0], 'EXAMPLE.TEST')
user_info = {'cn': 'foo12'.encode('utf-8'),
'sn': 'foo12'.encode('utf-8'),
'uid': 'foo12'.encode('utf-8'),
'homeDirectory': '/home/foo12'.encode('utf-8'),
'objectClass': [b'top',
b'inetOrgPerson',
b'organizationalPerson',
b'person',
b'posixAccount'],
'uidNumber': '1458310'.encode('utf-8'),
'gidNumber': '1456410'.encode('utf-8')}
user_dn = 'cn=foo12,ou=People,dc=example,dc=test'
(_, _) = ldap_inst.add_entry(user_info, user_dn)
krb.add_principal('foo12', 'user', 'Secret123')
execute_cmd(multihost, "useradd foo12")
execute_cmd(multihost, f"echo Secret123 | passwd --stdin foo12")
client = multihost.client[0]
file_location = '/script/sssdproxymisc.sh'
client.transport.put_file(os.path.dirname(os.path.abspath(__file__))
+ file_location,
'/tmp/sssdproxymisc.sh')
execute_cmd(multihost, f"chmod 755 /tmp/sssdproxymisc.sh")
def restoresssdconf():
""" Restore sssd.conf """
execute_cmd(multihost, "userdel -rf foo12")
ldap_inst.del_dn(f'cn=foo12,ou=People,dc=example,dc=test')
krb.delete_principal(f'foo12')
execute_cmd(multihost, "rm -vf /tmp/sssdproxymisc.sh")
request.addfinalizer(restoresssdconf)
@pytest.mark.usefixtures('setup_sssd_krb',
'create_posix_usersgroups',
'sssdproxyldap',
'install_nslcd',
'create_user_with_cn',
'netgroups')
@pytest.mark.tier1_3
class TestProxyMisc(object):
"""
This is test case class for proxy provider suite
"""
def test_bz1036758(self, multihost, backupsssdconf):
"""
:title: Allow for custom attributes in RDN bz1036758
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1036758
:id: 10eb49a4-b252-11ec-87ea-845cf3eff344
:steps:
1. sssd to fetch id information from local user
2. Auth should work using ldap provider
:expectedresults:
1. Should succeed
2. Should succeed
"""
tools = sssdTools(multihost.client[0])
domain_name = tools.get_domain_section_name()
domain_params = {'id_provider': 'proxy',
'proxy_lib_name': 'files',
'auth_provider': 'ldap'}
tools.sssd_conf('domain/' + domain_name, domain_params)
tools.clear_sssd_cache()
# Auth should work using ldap provider
execute_cmd(multihost, "chown -R foo12 ~foo12")
execute_cmd(multihost, "chown -R foo12 /var/spool/mail/foo12")
# error logged in log
execute_cmd(multihost, "systemctl stop sssd.service")
execute_cmd(multihost, "rm -rf /var/lib/sss/{db,mc}/*")
execute_cmd(multihost, "systemctl start sssd.service")
def test_bz785902(self, multihost):
"""
:title: Errors with empty loginShell and proxy provider bz785902
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=785902
:id: 17831b7a-b252-11ec-9942-845cf3eff344
:steps:
1. Adding the user in ldap server with empty login shell
2. Search for Internal Error
3. Non existing netgroup returned with proxy
provider when proxy lib name is ldap
:expectedresults:
1. Should succeed
2. Should not succeed
3. Should not succeed
"""
# Errors with empty loginShell and proxy provider bz785902
tools = sssdTools(multihost.client[0])
master_e = multihost.master[0].ip
ldap_uri = f'ldap://{master_e}'
ds_rootdn = 'cn=Directory Manager'
ds_rootpw = 'Secret123'
ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw)
user_dn = 'uid=foo1,ou=People,dc=example,dc=test'
del_member = [(ldap.MOD_REPLACE, 'loginShell', "".encode('utf-8'))]
(ret, _) = ldap_inst.modify_ldap(user_dn, del_member)
assert ret == 'Success'
domain_name = tools.get_domain_section_name()
domain_params = {'use_fully_qualified_names': 'False',
'id_provider': 'proxy',
'auth_provider': 'proxy',
'cache_credentials': 'true',
'proxy_lib_name': 'ldap',
'proxy_pam_target': 'sssdproxyldap'}
tools.sssd_conf('domain/' + domain_name, domain_params)
tools.clear_sssd_cache()
execute_cmd(multihost, "id foo1")
del_member = [(ldap.MOD_REPLACE, 'loginShell',
"/bin/bash".encode('utf-8'))]
(ret, _) = ldap_inst.modify_ldap(user_dn, del_member)
assert ret == 'Success'
for error_error in ['[sysdb_set_entry_attr] (6): '
'Error: 14 (Bad address)',
'[sysdb_store_user] (6): '
'Error: 14 (Bad address)',
'Internal Error (Cannot make/remove '
'an entry for the specified session)']:
with pytest.raises(subprocess.CalledProcessError):
execute_cmd(multihost, f"grep {error_error} /var/log/sssd/*")
def test_bz804103(self, multihost):
"""
:title: Nss-pam-ldapd returns empty netgroup when a
nonexistent netgroup is requested
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=804103
:id: 9b2b7be0-ca01-11ec-9be1-845cf3eff344
:steps:
1. Check non existing netgroup
2. Clear cache
3. Check existing netgroup
4. Again check non existing netgroup
:expectedresults:
1. Should not Succeed
2. Should Succeed
3. Should Succeed
4. Should not Succeed
"""
# non existing netgroup returned with proxy provider
# when proxy lib name is ldap bz804103
tools = sssdTools(multihost.client[0])
with pytest.raises(subprocess.CalledProcessError):
execute_cmd(multihost, "getent netgroup testsumgroup")
tools.clear_sssd_cache()
execute_cmd(multihost, "getent netgroup netgroup_1")
with pytest.raises(subprocess.CalledProcessError):
execute_cmd(multihost, "getent netgroup testsumgroup")
def test_bz801377(self, multihost, backupsssdconf):
"""
:title: Non existing netgroup returned with proxy provider
when proxy lib name is file bz801377
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=801377
:id: 6ec16a9a-ca03-11ec-9675-845cf3eff344
:steps:
1. Configure proxy lib name is file
2. Check for non existing group
3. Configure /etc/negoup file
4. Check netgoup name from /etc/netgroup
:expectedresults:
1. Should succeed
2. Should not Succeed
3. Should Succeed
4. Should Succeed
"""
tools = sssdTools(multihost.client[0])
domain_name = tools.get_domain_section_name()
domain_params = {'use_fully_qualified_names': 'False',
'id_provider': 'proxy',
'auth_provider': 'proxy',
'cache_credentials': 'true',
'proxy_lib_name': 'files',
'proxy_pam_target': 'sssdproxyldap'}
tools.sssd_conf('domain/' + domain_name, domain_params)
tools.clear_sssd_cache()
with pytest.raises(subprocess.CalledProcessError):
execute_cmd(multihost, "getent netgroup testsumgroup")
execute_cmd(multihost, "echo 'QAeng "
"(host1.example.com, ami1, example.com)'"
" > /etc/netgroup")
tools.clear_sssd_cache()
execute_cmd(multihost, "getent netgroup QAeng")
execute_cmd(multihost, 'echo "" > /etc/netgroup')
def test_bz647816(self, multihost, backupsssdconf):
"""
:title: More than 10 auth attempt times out bz647816
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=647816
:id: 201a44c0-b252-11ec-94b7-845cf3eff344
:steps:
1. Auth a user more than 12 times
2. Search for Error
:expectedresults:
1. Should succeed
2. Should not succeed
"""
# more than 10 auth attempt times out bz647816
tools = sssdTools(multihost.client[0])
domain_name = tools.get_domain_section_name()
domain_params = {'proxy_lib_name': 'ldap',
'debug_level': '0xFFF0'}
tools.sssd_conf('domain/' + domain_name, domain_params)
tools.clear_sssd_cache()
client_e = multihost.client[0].ip
for _ in range(12):
ssh1 = SSHClient(client_e, username="foo1@example1",
password="Secret123")
ssh1.close()
with pytest.raises(subprocess.CalledProcessError):
execute_cmd(multihost, "grep 'All available child slots are full, "
"queuing request' /var/log/sssd/*")
def test_bz871424(self, multihost, backupsssdconf):
"""
:title: authconfig chokes on sssd.conf with chpass_provider directive
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=871424
:id: ce5fe4d2-e6e0-11ec-af7d-845cf3eff344
:steps:
1. Configure SSSD chpass_provider = proxy
2. Run authconfig --test
:expectedresults:
1. Should succeed
2. Should succeed
"""
# more than 10 auth attempt times out bz647816
tools = sssdTools(multihost.client[0])
domain_name = tools.get_domain_section_name()
domain_params = {'id_provider': 'ldap',
'auth_provider': 'ldap',
'chpass_provider': 'proxy',
'proxy_pam_target': 'sssdproxyldap',
'ldap_schema': 'rfc2307',
'enumerate': 'false',
'cache_credentials': 'true' }
tools.sssd_conf('domain/' + domain_name, domain_params)
tools.clear_sssd_cache()
execute_cmd(multihost, "authselect test sssd")
def test_bz1221992(self, multihost, backupsssdconf):
"""
:title: sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1221992
:id: a97bf86a-e6e3-11ec-a1ee-845cf3eff344
:steps:
1. Configure user=sssd in sssd.conf
2. user should be able to change the
password without segfault
:expectedresults:
1. Should succeed
2. Should succeed
"""
tools = sssdTools(multihost.client[0])
domain_name = 'sssd'
domain_params = {'user': 'sssd'}
tools.sssd_conf(domain_name, domain_params)
domain_name = tools.get_domain_section_name()
domain_params = {'id_provider': 'ldap',
'auth_provider': 'ldap',
'chpass_provider': 'proxy',
'proxy_pam_target': 'sssdproxyldap',
'proxy_lib_name': 'ldap' }
tools.sssd_conf('domain/' + domain_name, domain_params)
execute_cmd(multihost, "> /var/log/messages")
tools.clear_sssd_cache()
execute_cmd(multihost, "sh /tmp/sssdproxymisc.sh")
time.sleep(3)
with pytest.raises(subprocess.CalledProcessError):
execute_cmd(multihost, "grep 'segfault at 0 ip' /var/log/messages")
assert 'sssd' in execute_cmd(multihost,
"stat -c %G /var/lib/sss/pipes"
"/private/sbus-dp_example1.*").stdout_text
def test_0002_bz1209483(self, multihost, backupsssdconf):
"""
:title: sssd does not work as expected when id provider
equal to proxy and auth provider equal to ldap bz1209483
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1209483
:id: 2fa4834c-b252-11ec-919d-845cf3eff344
:steps:
1. Add a local user with the same name as an existing ldap user
2. set id provider equal to proxy and auth provider equal to ldap
3. lookup local user
:expectedresults:
1. Should succeed
2. Should succeed
3. Should succeed
"""
client_e = multihost.client[0].ip
tools = sssdTools(multihost.client[0])
# sssd does not work as expected when id provider equal to proxy
# and auth provider equal to ldap bz1209483
execute_cmd(multihost, "systemctl stop nslcd.service")
execute_cmd(multihost, "systemctl stop sssd")
assert "uid=foo2,ou=People,dc=example,dc=test" in \
multihost.master[0].run_command("ldapsearch -x -LLL uid=foo2").stdout_text
execute_cmd(multihost, "useradd -u 2001 foo2")
execute_cmd(multihost, "echo 'pam.d/ pam_ldap.conf' > /etc/pam")
services = {'filter_groups': 'root', 'filter_users': 'root'}
tools.sssd_conf('nss', services)
domain_name = tools.get_domain_section_name()
domain_params = {'debug_level': '0xFFF0',
'id_provider': 'proxy',
'proxy_lib_name': 'files',
'auth_provider': 'ldap',
'chpass_provider': 'ldap',
'cache_credentials': 'true',
'use_fully_qualified_names': 'False'}
tools.sssd_conf('domain/' + domain_name, domain_params)
tools.clear_sssd_cache()
assert "foo2:*:2001:2001::/home/foo2:/bin/bash" \
in execute_cmd(multihost, "getent passwd -s "
"sss foo2").stdout_text
ssh1 = SSHClient(client_e, username="foo2", password="Secret123")
ssh1.close()
execute_cmd(multihost, "userdel -rf foo2")
def test_bz1368467(self, multihost, backupsssdconf,
create_350_posix_users):
"""
:title: sssd runs out of available child slots and
starts queuing requests in proxy mode bz1368467
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1368467
:id: 452376f2-e2f3-11ec-96b9-845cf3eff344
:steps:
1. Configure sssd with proxy
2. Create 350 users
3. Try to ssh with 350 users
4. Logs should not have error 'All available
child slots are full'
:expectedresults:
1. Should succeed
2. Should succeed
3. Should succeed
4. Should succeed
"""
tools = sssdTools(multihost.client[0])
client_e = multihost.client[0].ip
domain_name = tools.get_domain_section_name()
domain_params = {'debug_level': '0xFFF0',
'id_provider': 'ldap',
'proxy_lib_name': 'ldap',
'proxy_pam_target': 'sssdproxyldap',
'auth_provider': 'proxy',
'chpass_provider': 'ldap',
'proxy_max_children': '10',
'use_fully_qualified_names': 'False'}
tools.sssd_conf('domain/' + domain_name, domain_params)
tools.clear_sssd_cache()
# sssd runs out of available child slots and starts
# queuing requests in proxy mode
execute_cmd(multihost, "systemctl start nslcd.service")
for i in range(1, 351):
ssh1 = SSHClient(client_e, username=f"doo{i}", password="Secret123")
ssh1.close()
with pytest.raises(subprocess.CalledProcessError):
execute_cmd(multihost, "grep 'All available child slots are full, "
"queuing request' /var/log/sssd/*")
......@@ -68,14 +68,14 @@ class TestOffline(object):
2. Configure SSSD with only 1 id_provider.
3. Block "id_provider" using "iptables" command.
4. Step 6 should fail and similar messages
should be observed in log file
(/var/log/sssd/sssd_<domainname>.log).
should be observed in log file
(/var/log/sssd/sssd_<domainname>.log).
5. The log snip should contain following
timeout parameters.
- ldap_opt_timeout
- ldap_search_timeout
- ldap_network_timeout
- dns_resolver_timeout
timeout parameters.
- ldap_opt_timeout
- ldap_search_timeout
- ldap_network_timeout
- dns_resolver_timeout
:expectedresults:
1. Should succeed
2. Should succeed
......
......@@ -19,6 +19,7 @@ def execute_cmd(multihost, command):
@pytest.mark.usefixtures('setup_sssd_krb',
'create_posix_usersgroups',
'install_nslcd',
'sssdproxyldap',
'sssdproxyldap_test')
@pytest.mark.tier1_3
......
......@@ -177,9 +177,9 @@ class TestServices(object):
1. Find main sssd process id
2. Send SIGHUP
3. There should not be any logs for
Unable to signal service .* No such
file or directory
modifyTimestamp in the filter
'Unable to signal service .* No such
file or directory
modifyTimestamp' in the filter
:expectedresults:
1. Should succeed
2. Should succeed
......
......@@ -94,13 +94,12 @@ class Testsssctl(object):
:bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1661182
:steps:
1. Configure sssd without any domain
2. Restart sssd (sssd should not be
running after this)
2. Restart sssd (sssd should not be running after this)
3. Modify existing local user usermod -a -G wheel user1
4. This message
[sss_cache] [confdb_get_domains] (0x0010):
No domains configured, fatal error!
must not appear in console
'[sss_cache] [confdb_get_domains] (0x0010):
No domains configured, fatal error!'
must not appear in console
:expectedresults:
1. Should succeed
2. Should succeed
......