From c4644ab0dc97ed47fcb72e56a41b4524544582e9 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 29 Oct 2009 14:17:22 -0400
Subject: Make config_file_version a hidden setting in SSSDConfig API

The config_file_version should never be changed by the API, so we
will hide the option inside the SSSDConfig API and remove it from
the schema.

Guarantee that the config file is of the correct version
---
 server/config/SSSDConfig.py                    | 21 ++++++++++++
 server/config/SSSDConfigTest.py                | 46 +++++++++++++++++---------
 server/config/etc/sssd.api.conf                |  1 -
 server/config/testconfigs/sssd-badversion.conf | 42 +++++++++++++++++++++++
 server/config/testconfigs/sssd-noversion.conf  | 41 +++++++++++++++++++++++
 5 files changed, 134 insertions(+), 17 deletions(-)
 create mode 100644 server/config/testconfigs/sssd-badversion.conf
 create mode 100644 server/config/testconfigs/sssd-noversion.conf

(limited to 'server/config')

diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index 07e967bac..6d3a8c6b7 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -199,12 +199,20 @@ class SSSDService:
         # Set up the service object with any known defaults
         self.options = {}
 
+        # Include a list of hidden options
+        self.hidden_options = []
+
         # Set up default options for all services
         self.options.update(self.schema.get_defaults('service'))
 
         # Set up default options for this service
         self.options.update(self.schema.get_defaults(self.name))
 
+        # For the [sssd] service, force the config file version
+        if servicename == 'sssd':
+            self.options['config_file_version'] = 2
+            self.hidden_options.append('config_file_version')
+
     def get_name(self):
         return self.name
 
@@ -228,6 +236,10 @@ class SSSDService:
             option_schema = self.schema.get_option(self.name, optionname)
         elif self.schema.has_option('service', optionname):
             option_schema = self.schema.get_option('service', optionname)
+        elif optionname in self.hidden_options:
+            # Set this option and do not add it to the list of changeable values
+            self.options[optionname] = value
+            return
         else:
             raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname))
 
@@ -442,6 +454,7 @@ class SSSDConfig(RawConfigParser):
         self.schema = SSSDConfigSchema(schemafile, schemaplugindir)
         self.configfile = None
         self.initialized = False
+        self.API_VERSION = 2
 
     def import_config(self,configfile=None):
         if self.initialized:
@@ -462,6 +475,14 @@ class SSSDConfig(RawConfigParser):
         self.configfile = configfile
         self.initialized = True
 
+        try:
+            if int(self.get('sssd', 'config_file_version')) != self.API_VERSION:
+                raise ParsingError("Wrong config_file_version")
+        except:
+            # Either the 'sssd' section or the 'config_file_version' was not
+            # present in the config file
+            raise ParsingError("File contains no config_file_version")
+
     def new_config(self):
         if self.initialized:
             raise AlreadyInitializedError
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index 0baa9122c..a9377bffb 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -30,8 +30,6 @@ class SSSDConfigTestValid(unittest.TestCase):
         sssd_service = sssdconfig.get_service('sssd')
         service_opts = sssd_service.list_options()
 
-        self.assertTrue('config_file_version' in service_opts.keys())
-        self.assertEquals(sssd_service.get_option('config_file_version'), 2)
 
         self.assertTrue('services' in service_opts.keys())
         service_list = sssd_service.get_option('services')
@@ -59,9 +57,6 @@ class SSSDConfigTestValid(unittest.TestCase):
         self.assertTrue('reconnection_retries' in new_options)
         self.assertEquals(new_options['reconnection_retries'][0], int)
 
-        self.assertTrue('config_file_version' in new_options)
-        self.assertEquals(new_options['config_file_version'][0], int)
-
         self.assertTrue('services' in new_options)
         self.assertEquals(new_options['debug_level'][0], int)
 
@@ -201,7 +196,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
 
         options = service.list_options()
         control_list = [
-            'config_file_version',
             'services',
             'domains',
             'timeout',
@@ -229,23 +223,23 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
                             'Option [%s] unexpectedly found' %
                             option)
 
-        self.assertTrue(type(options['config_file_version']) == tuple,
+        self.assertTrue(type(options['reconnection_retries']) == tuple,
                         "Option values should be a tuple")
 
-        self.assertTrue(options['config_file_version'][0] == int,
-                        "config_file_version should require an int. " +
+        self.assertTrue(options['reconnection_retries'][0] == int,
+                        "reconnection_retries should require an int. " +
                         "list_options is requiring a %s" %
-                        options['config_file_version'][0])
+                        options['reconnection_retries'][0])
 
-        self.assertTrue(options['config_file_version'][1] == None,
-                        "config_file_version should not require a subtype. " +
+        self.assertTrue(options['reconnection_retries'][1] == None,
+                        "reconnection_retries should not require a subtype. " +
                         "list_options is requiring a %s" %
-                        options['config_file_version'][1])
+                        options['reconnection_retries'][1])
 
-        self.assertTrue(options['config_file_version'][0] == int,
-                        "config_file_version should default to 2. " +
+        self.assertTrue(options['reconnection_retries'][0] == int,
+                        "reconnection_retries should default to 2. " +
                         "list_options specifies %d" %
-                        options['config_file_version'][2])
+                        options['reconnection_retries'][2])
 
         self.assertTrue(type(options['services']) == tuple,
                         "Option values should be a tuple")
@@ -927,6 +921,26 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
         else:
             self.fail("Expected ParsingError")
 
+        # Negative Test - Invalid config file version
+        try:
+            sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+                                               "etc/sssd.api.d")
+            sssdconfig.import_config("testconfigs/sssd-badversion.conf")
+        except SSSDConfig.ParsingError:
+            pass
+        else:
+            self.fail("Expected ParsingError")
+
+        # Negative Test - No config file version
+        try:
+            sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+                                               "etc/sssd.api.d")
+            sssdconfig.import_config("testconfigs/sssd-noversion.conf")
+        except SSSDConfig.ParsingError:
+            pass
+        else:
+            self.fail("Expected ParsingError")
+
         # Negative Test - Already initialized
         sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
                                            "etc/sssd.api.d")
diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 0c41fa711..de2af8375 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -11,7 +11,6 @@ reconnection_retries = int, None, 3
 
 [sssd]
 # Monitor service
-config_file_version = int, None, 2
 services = list, str, nss, pam
 domains = list, str
 timeout = int, None
diff --git a/server/config/testconfigs/sssd-badversion.conf b/server/config/testconfigs/sssd-badversion.conf
new file mode 100644
index 000000000..75d8c4844
--- /dev/null
+++ b/server/config/testconfigs/sssd-badversion.conf
@@ -0,0 +1,42 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+config_file_version = 1
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
diff --git a/server/config/testconfigs/sssd-noversion.conf b/server/config/testconfigs/sssd-noversion.conf
new file mode 100644
index 000000000..71af85cc0
--- /dev/null
+++ b/server/config/testconfigs/sssd-noversion.conf
@@ -0,0 +1,41 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
-- 
cgit