summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--server/config/SSSDConfig.py21
-rw-r--r--server/config/SSSDConfigTest.py46
-rw-r--r--server/config/etc/sssd.api.conf1
-rw-r--r--server/config/testconfigs/sssd-badversion.conf42
-rw-r--r--server/config/testconfigs/sssd-noversion.conf41
5 files changed, 134 insertions, 17 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index 07e967bac..6d3a8c6b7 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -199,12 +199,20 @@ class SSSDService:
# Set up the service object with any known defaults
self.options = {}
+ # Include a list of hidden options
+ self.hidden_options = []
+
# Set up default options for all services
self.options.update(self.schema.get_defaults('service'))
# Set up default options for this service
self.options.update(self.schema.get_defaults(self.name))
+ # For the [sssd] service, force the config file version
+ if servicename == 'sssd':
+ self.options['config_file_version'] = 2
+ self.hidden_options.append('config_file_version')
+
def get_name(self):
return self.name
@@ -228,6 +236,10 @@ class SSSDService:
option_schema = self.schema.get_option(self.name, optionname)
elif self.schema.has_option('service', optionname):
option_schema = self.schema.get_option('service', optionname)
+ elif optionname in self.hidden_options:
+ # Set this option and do not add it to the list of changeable values
+ self.options[optionname] = value
+ return
else:
raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname))
@@ -442,6 +454,7 @@ class SSSDConfig(RawConfigParser):
self.schema = SSSDConfigSchema(schemafile, schemaplugindir)
self.configfile = None
self.initialized = False
+ self.API_VERSION = 2
def import_config(self,configfile=None):
if self.initialized:
@@ -462,6 +475,14 @@ class SSSDConfig(RawConfigParser):
self.configfile = configfile
self.initialized = True
+ try:
+ if int(self.get('sssd', 'config_file_version')) != self.API_VERSION:
+ raise ParsingError("Wrong config_file_version")
+ except:
+ # Either the 'sssd' section or the 'config_file_version' was not
+ # present in the config file
+ raise ParsingError("File contains no config_file_version")
+
def new_config(self):
if self.initialized:
raise AlreadyInitializedError
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index 0baa9122c..a9377bffb 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -30,8 +30,6 @@ class SSSDConfigTestValid(unittest.TestCase):
sssd_service = sssdconfig.get_service('sssd')
service_opts = sssd_service.list_options()
- self.assertTrue('config_file_version' in service_opts.keys())
- self.assertEquals(sssd_service.get_option('config_file_version'), 2)
self.assertTrue('services' in service_opts.keys())
service_list = sssd_service.get_option('services')
@@ -59,9 +57,6 @@ class SSSDConfigTestValid(unittest.TestCase):
self.assertTrue('reconnection_retries' in new_options)
self.assertEquals(new_options['reconnection_retries'][0], int)
- self.assertTrue('config_file_version' in new_options)
- self.assertEquals(new_options['config_file_version'][0], int)
-
self.assertTrue('services' in new_options)
self.assertEquals(new_options['debug_level'][0], int)
@@ -201,7 +196,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
options = service.list_options()
control_list = [
- 'config_file_version',
'services',
'domains',
'timeout',
@@ -229,23 +223,23 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
'Option [%s] unexpectedly found' %
option)
- self.assertTrue(type(options['config_file_version']) == tuple,
+ self.assertTrue(type(options['reconnection_retries']) == tuple,
"Option values should be a tuple")
- self.assertTrue(options['config_file_version'][0] == int,
- "config_file_version should require an int. " +
+ self.assertTrue(options['reconnection_retries'][0] == int,
+ "reconnection_retries should require an int. " +
"list_options is requiring a %s" %
- options['config_file_version'][0])
+ options['reconnection_retries'][0])
- self.assertTrue(options['config_file_version'][1] == None,
- "config_file_version should not require a subtype. " +
+ self.assertTrue(options['reconnection_retries'][1] == None,
+ "reconnection_retries should not require a subtype. " +
"list_options is requiring a %s" %
- options['config_file_version'][1])
+ options['reconnection_retries'][1])
- self.assertTrue(options['config_file_version'][0] == int,
- "config_file_version should default to 2. " +
+ self.assertTrue(options['reconnection_retries'][0] == int,
+ "reconnection_retries should default to 2. " +
"list_options specifies %d" %
- options['config_file_version'][2])
+ options['reconnection_retries'][2])
self.assertTrue(type(options['services']) == tuple,
"Option values should be a tuple")
@@ -927,6 +921,26 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
else:
self.fail("Expected ParsingError")
+ # Negative Test - Invalid config file version
+ try:
+ sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+ "etc/sssd.api.d")
+ sssdconfig.import_config("testconfigs/sssd-badversion.conf")
+ except SSSDConfig.ParsingError:
+ pass
+ else:
+ self.fail("Expected ParsingError")
+
+ # Negative Test - No config file version
+ try:
+ sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+ "etc/sssd.api.d")
+ sssdconfig.import_config("testconfigs/sssd-noversion.conf")
+ except SSSDConfig.ParsingError:
+ pass
+ else:
+ self.fail("Expected ParsingError")
+
# Negative Test - Already initialized
sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
"etc/sssd.api.d")
diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 0c41fa711..de2af8375 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -11,7 +11,6 @@ reconnection_retries = int, None, 3
[sssd]
# Monitor service
-config_file_version = int, None, 2
services = list, str, nss, pam
domains = list, str
timeout = int, None
diff --git a/server/config/testconfigs/sssd-badversion.conf b/server/config/testconfigs/sssd-badversion.conf
new file mode 100644
index 000000000..75d8c4844
--- /dev/null
+++ b/server/config/testconfigs/sssd-badversion.conf
@@ -0,0 +1,42 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+config_file_version = 1
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
diff --git a/server/config/testconfigs/sssd-noversion.conf b/server/config/testconfigs/sssd-noversion.conf
new file mode 100644
index 000000000..71af85cc0
--- /dev/null
+++ b/server/config/testconfigs/sssd-noversion.conf
@@ -0,0 +1,41 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
generated by cgit (git 2.34.1) at 2024-04-28 06:37:46 +0000