summaryrefslogtreecommitdiffstats
path: root/server/config
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2009-10-29 14:17:22 -0400
committerStephen Gallagher <sgallagh@redhat.com>2009-11-03 10:16:14 -0500
commitc4644ab0dc97ed47fcb72e56a41b4524544582e9 (patch)
tree17c27b2300b3b389d08491a4ca26a467ffa32944 /server/config
parentc2a29bea5248554a9112d051a7b5be492aa729b6 (diff)
downloadsssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.tar.gz
sssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.tar.xz
sssd-c4644ab0dc97ed47fcb72e56a41b4524544582e9.zip
Make config_file_version a hidden setting in SSSDConfig API
The config_file_version should never be changed by the API, so we will hide the option inside the SSSDConfig API and remove it from the schema. Guarantee that the config file is of the correct version
Diffstat (limited to 'server/config')
-rw-r--r--server/config/SSSDConfig.py21
-rw-r--r--server/config/SSSDConfigTest.py46
-rw-r--r--server/config/etc/sssd.api.conf1
-rw-r--r--server/config/testconfigs/sssd-badversion.conf42
-rw-r--r--server/config/testconfigs/sssd-noversion.conf41
5 files changed, 134 insertions, 17 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index 07e967b..6d3a8c6 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -199,12 +199,20 @@ class SSSDService:
# Set up the service object with any known defaults
self.options = {}
+ # Include a list of hidden options
+ self.hidden_options = []
+
# Set up default options for all services
self.options.update(self.schema.get_defaults('service'))
# Set up default options for this service
self.options.update(self.schema.get_defaults(self.name))
+ # For the [sssd] service, force the config file version
+ if servicename == 'sssd':
+ self.options['config_file_version'] = 2
+ self.hidden_options.append('config_file_version')
+
def get_name(self):
return self.name
@@ -228,6 +236,10 @@ class SSSDService:
option_schema = self.schema.get_option(self.name, optionname)
elif self.schema.has_option('service', optionname):
option_schema = self.schema.get_option('service', optionname)
+ elif optionname in self.hidden_options:
+ # Set this option and do not add it to the list of changeable values
+ self.options[optionname] = value
+ return
else:
raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname))
@@ -442,6 +454,7 @@ class SSSDConfig(RawConfigParser):
self.schema = SSSDConfigSchema(schemafile, schemaplugindir)
self.configfile = None
self.initialized = False
+ self.API_VERSION = 2
def import_config(self,configfile=None):
if self.initialized:
@@ -462,6 +475,14 @@ class SSSDConfig(RawConfigParser):
self.configfile = configfile
self.initialized = True
+ try:
+ if int(self.get('sssd', 'config_file_version')) != self.API_VERSION:
+ raise ParsingError("Wrong config_file_version")
+ except:
+ # Either the 'sssd' section or the 'config_file_version' was not
+ # present in the config file
+ raise ParsingError("File contains no config_file_version")
+
def new_config(self):
if self.initialized:
raise AlreadyInitializedError
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index 0baa912..a9377bf 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -30,8 +30,6 @@ class SSSDConfigTestValid(unittest.TestCase):
sssd_service = sssdconfig.get_service('sssd')
service_opts = sssd_service.list_options()
- self.assertTrue('config_file_version' in service_opts.keys())
- self.assertEquals(sssd_service.get_option('config_file_version'), 2)
self.assertTrue('services' in service_opts.keys())
service_list = sssd_service.get_option('services')
@@ -59,9 +57,6 @@ class SSSDConfigTestValid(unittest.TestCase):
self.assertTrue('reconnection_retries' in new_options)
self.assertEquals(new_options['reconnection_retries'][0], int)
- self.assertTrue('config_file_version' in new_options)
- self.assertEquals(new_options['config_file_version'][0], int)
-
self.assertTrue('services' in new_options)
self.assertEquals(new_options['debug_level'][0], int)
@@ -201,7 +196,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
options = service.list_options()
control_list = [
- 'config_file_version',
'services',
'domains',
'timeout',
@@ -229,23 +223,23 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
'Option [%s] unexpectedly found' %
option)
- self.assertTrue(type(options['config_file_version']) == tuple,
+ self.assertTrue(type(options['reconnection_retries']) == tuple,
"Option values should be a tuple")
- self.assertTrue(options['config_file_version'][0] == int,
- "config_file_version should require an int. " +
+ self.assertTrue(options['reconnection_retries'][0] == int,
+ "reconnection_retries should require an int. " +
"list_options is requiring a %s" %
- options['config_file_version'][0])
+ options['reconnection_retries'][0])
- self.assertTrue(options['config_file_version'][1] == None,
- "config_file_version should not require a subtype. " +
+ self.assertTrue(options['reconnection_retries'][1] == None,
+ "reconnection_retries should not require a subtype. " +
"list_options is requiring a %s" %
- options['config_file_version'][1])
+ options['reconnection_retries'][1])
- self.assertTrue(options['config_file_version'][0] == int,
- "config_file_version should default to 2. " +
+ self.assertTrue(options['reconnection_retries'][0] == int,
+ "reconnection_retries should default to 2. " +
"list_options specifies %d" %
- options['config_file_version'][2])
+ options['reconnection_retries'][2])
self.assertTrue(type(options['services']) == tuple,
"Option values should be a tuple")
@@ -927,6 +921,26 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
else:
self.fail("Expected ParsingError")
+ # Negative Test - Invalid config file version
+ try:
+ sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+ "etc/sssd.api.d")
+ sssdconfig.import_config("testconfigs/sssd-badversion.conf")
+ except SSSDConfig.ParsingError:
+ pass
+ else:
+ self.fail("Expected ParsingError")
+
+ # Negative Test - No config file version
+ try:
+ sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+ "etc/sssd.api.d")
+ sssdconfig.import_config("testconfigs/sssd-noversion.conf")
+ except SSSDConfig.ParsingError:
+ pass
+ else:
+ self.fail("Expected ParsingError")
+
# Negative Test - Already initialized
sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
"etc/sssd.api.d")
diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 0c41fa7..de2af83 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -11,7 +11,6 @@ reconnection_retries = int, None, 3
[sssd]
# Monitor service
-config_file_version = int, None, 2
services = list, str, nss, pam
domains = list, str
timeout = int, None
diff --git a/server/config/testconfigs/sssd-badversion.conf b/server/config/testconfigs/sssd-badversion.conf
new file mode 100644
index 0000000..75d8c48
--- /dev/null
+++ b/server/config/testconfigs/sssd-badversion.conf
@@ -0,0 +1,42 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+config_file_version = 1
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
diff --git a/server/config/testconfigs/sssd-noversion.conf b/server/config/testconfigs/sssd-noversion.conf
new file mode 100644
index 0000000..71af85c
--- /dev/null
+++ b/server/config/testconfigs/sssd-noversion.conf
@@ -0,0 +1,41 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+