sssd.git/src/tests/intg, branch sudo Unnamed repository; edit this file 'description' to name the repository. intg: Add sanity tests for pysss_nss_idmap 2017-10-16T13:11:52+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T13:14:31+00:00 da7a3c347dd630085839afa7ec245ee9d36f6ce2 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
intg: Create FakeAD class based on openldap 2017-10-16T13:11:47+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T13:09:50+00:00 36df33cd44774a5b5eab52ab222bcd3240b3ca5a FakeAD is openldap with ldif schema which allows to load static data from real AD. Instance of class will also contain some predefined users/groups which can be used for basic sanity testing in sssd of AD features. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
FakeAD is openldap with ldif schema which allows to load static data
from real AD. Instance of class will also contain some predefined
users/groups which can be used for basic sanity testing in sssd of AD features.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ds_openldap: Extract functionality to protected methods 2017-10-16T13:11:43+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T12:54:44+00:00 ebbd9a2b551feffd2040f35d938f6800fba1b278 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
intg: Prefer locally built python modules 2017-10-16T13:11:39+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T12:27:06+00:00 d82741b1a8ada493ca74efa5d5c8b731412d035c Patch prepends path to sssd python modules; so we will be able to import them without any issue and they will be preferred over system modules. sh$[/tmp/sssd-intg.3gb4hzpn/var/log/sssd] python2 Python 2.7.13 (default, Aug 16 2017, 12:56:26) [GCC 7.1.1 20170802 (Red Hat 7.1.1-7)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import SSSDConfig >>> print(SSSDConfig.__file__) /tmp/sssd-intg.3gb4hzpn/lib/python2.7/site-packages/SSSDConfig/__init__.pyc >>> import pyhbac >>> print(pyhbac.__file__) /tmp/sssd-intg.3gb4hzpn/lib64/python2.7/site-packages/pyhbac.so Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Patch prepends path to sssd python modules; so we will be
able to import them without any issue and they will be preferred over
system modules.

sh$[/tmp/sssd-intg.3gb4hzpn/var/log/sssd] python2
Python 2.7.13 (default, Aug 16 2017, 12:56:26)
[GCC 7.1.1 20170802 (Red Hat 7.1.1-7)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import SSSDConfig
>>> print(SSSDConfig.__file__)
/tmp/sssd-intg.3gb4hzpn/lib/python2.7/site-packages/SSSDConfig/__init__.pyc
>>> import pyhbac
>>> print(pyhbac.__file__)
/tmp/sssd-intg.3gb4hzpn/lib64/python2.7/site-packages/pyhbac.so

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
intg: prevent "TypeError: must be type, not classobj" 2017-10-16T13:11:29+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-05-18T19:00:27+00:00 948c1a4d423dba289342844fb177bd5fa9828fc0 http://stackoverflow.com/questions/9698614/super-raises-typeerror-must-be-type-not-classobj-for-new-style-class ========================== ERRORS =========================== _______ ERROR at setup of test_regression_ticket2163 ________ Traceback (most recent call last): File "src/tests/intg/test_pysss_nss_idmap.py", line 48, in ad_inst instance.teardown() File "src/tests/intg/ds_openldap.py", line 371, in teardown super(FakeAD, self).teardown() TypeError: super() argument 1 must be type, not classobj Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
http://stackoverflow.com/questions/9698614/super-raises-typeerror-must-be-type-not-classobj-for-new-style-class

========================== ERRORS ===========================
_______ ERROR at setup of test_regression_ticket2163 ________
Traceback (most recent call last):
  File "src/tests/intg/test_pysss_nss_idmap.py", line 48, in ad_inst
    instance.teardown()
  File "src/tests/intg/ds_openldap.py", line 371, in teardown
    super(FakeAD, self).teardown()
TypeError: super() argument 1 must be type, not classobj

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
intg: Let python paths be configurable 2017-10-16T13:11:25+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-05-21T20:44:08+00:00 a3bed9df5a47bfc84b82341f0f7e693e2b14a67a It will allow to prefer locally built python modules in integration tests. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
It will allow to prefer locally built python modules
in integration tests.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
intg: Fix pep8 warnings in config.py template 2017-10-16T13:11:13+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-09-06T12:13:00+00:00 035bed97b8da9a7f3a2d15bcf0e184bd973977a7 intg/bld/src/tests/intg/config.py:5:7: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:6:11: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:7:15: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:8:12: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:9:10: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:10:8: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:11:9: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:12:13: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:13:9: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:14:12: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:15:11: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:16:13: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:17:12: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:18:13: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:20:11: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:21:7: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:22:11: E221 multiple spaces before operator intg/bld/src/tests/intg/config.py:23:7: E221 multiple spaces before operator pep8 will prevent reformatting in case of added new options e.g. 53a4219e2f51cd0443931aa931505bf0b4bf5a45 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
intg/bld/src/tests/intg/config.py:5:7: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:6:11: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:7:15: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:8:12: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:9:10: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:10:8: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:11:9: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:12:13: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:13:9: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:14:12: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:15:11: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:16:13: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:17:12: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:18:13: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:20:11: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:21:7: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:22:11: E221 multiple spaces before operator
intg/bld/src/tests/intg/config.py:23:7: E221 multiple spaces before operator

pep8 will prevent reformatting in case of added new options
e.g. 53a4219e2f51cd0443931aa931505bf0b4bf5a45

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
intg: Fix execution with dbus-1.11.18 2017-10-04T04:36:07+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-10-03T13:34:33+00:00 82c36227e36de155b13e6eb7cfa3e80a25774157 Since dbus-1.11.18 DBUS_COOKIE_SHA1 respect $HOME variable and fallback to value returned from getpwnam only if env HOME does not exist. It caused problem for dbus communication between sssd processes because local user usually do not have directory $HOME/.dbus-keyrings/. And directory created in cwrap environment is problmatic [build@host ~]$ ls -ld ~/.dbus-keyrings/ drw-------. 2 build build 6 Oct 3 10:44 /home/build/.dbus-keyrings/ [buildhost ~]$ ls -lna ~/.dbus-keyrings/ ls: cannot access '/home/build/.dbus-keyrings/.': Permission denied ls: cannot access '/home/build/.dbus-keyrings/..': Permission denied total 0 d????????? ? ? ? ? ? . d????????? ? ? ? ? ? .. [build@host ~]$ touch ~/.dbus-keyrings/test touch: cannot touch '/home/build/.dbus-keyrings/test': Permission denied Other alternative would be to set env variable HOME to the same value as in fake passwd file: HOME=$(abs_builddir)/root Related dbus bug: https://bugs.freedesktop.org/show_bug.cgi?id=101960 Resolves: https://pagure.io/SSSD/sssd/issue/3531 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Since dbus-1.11.18 DBUS_COOKIE_SHA1 respect $HOME variable
and fallback to value returned from getpwnam only if env HOME
does not exist. It caused problem for dbus communication
between sssd processes because local user usually do not have
directory $HOME/.dbus-keyrings/. And directory created in cwrap
environment is problmatic

[build@host ~]$ ls -ld ~/.dbus-keyrings/
drw-------. 2 build build 6 Oct  3 10:44 /home/build/.dbus-keyrings/

[buildhost ~]$ ls -lna ~/.dbus-keyrings/
ls: cannot access '/home/build/.dbus-keyrings/.': Permission denied
ls: cannot access '/home/build/.dbus-keyrings/..': Permission denied
total 0
d????????? ? ? ? ?            ? .
d????????? ? ? ? ?            ? ..

[build@host ~]$ touch ~/.dbus-keyrings/test
touch: cannot touch '/home/build/.dbus-keyrings/test': Permission denied

Other alternative would be to set env variable HOME to the
same value as in fake passwd file:
  HOME=$(abs_builddir)/root

Related dbus bug:
https://bugs.freedesktop.org/show_bug.cgi?id=101960

Resolves:
https://pagure.io/SSSD/sssd/issue/3531

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
sssd_client: add mutex protected call to the PAC responder 2017-09-22T12:46:21+00:00 Sumit Bose sbose@redhat.com 2017-09-18T13:00:53+00:00 1f331476e7d33bb03cc35a2a9064ee1cc5bed6cf SSSD's plugin for MIT Kerberos to send the PAC to the PAC responder currently uses sss_pac_make_request() which does not protect the communication with the PAC responder with a mutex as e.g. the NSS and PAM clients. If an application using threads loads this plugin via libkrb5 in different threads and is heavily processing Kerberos tickets with PACs chances are that two threads try to communicate with SSSD at once. In this case one of the threads will miss a reply and will wait for it until the default client timeout of 300s is passed. This patch adds a call which uses a mutex to protect the communication which will avoid the 300s delay mentioned above. Resolves: https://pagure.io/SSSD/sssd/issue/3518 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
SSSD's plugin for MIT Kerberos to send the PAC to the PAC responder
currently uses sss_pac_make_request() which does not protect the
communication with the PAC responder with a mutex as e.g. the NSS and
PAM clients.

If an application using threads loads this plugin via libkrb5 in
different threads and is heavily processing Kerberos tickets with PACs
chances are that two threads try to communicate with SSSD at once. In
this case one of the threads will miss a reply and will wait for it
until the default client timeout of 300s is passed.

This patch adds a call which uses a mutex to protect the communication
which will avoid the 300s delay mentioned above.

Resolves:
https://pagure.io/SSSD/sssd/issue/3518

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
TESTS: Relax the assert in test_idle_timeout 2017-09-04T14:34:32+00:00 Jakub Hrozek jhrozek@redhat.com 2017-08-29T09:07:18+00:00 4d1e380fea70e917cdfba560b899cca2f3e2ffd1 Resolves: https://pagure.io/SSSD/sssd/issue/3473 We're being quite strict in test_idle_timeout when checking for the number of open fds which leads to spurious failures like: =================================== FAILURES =================================== ______________________________ test_idle_timeout _______________________________ Traceback (most recent call last): File "/var/lib/jenkins/workspace/ci/label/fedora23/src/tests/intg/test_secrets.py", line 427, in test_idle_timeout assert nfds_pre + 1 == nfds_conn AssertionError: assert (27 + 1) == 27 ==================== 1 failed, 221 passed in 473.37 seconds ==================== This is just a check that "a" connection was opened, so we don't have to check for exact match, but just for larger-or-equal. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Resolves:
    https://pagure.io/SSSD/sssd/issue/3473

We're being quite strict in test_idle_timeout when checking for the
number of open fds which leads to spurious failures like:
=================================== FAILURES ===================================
______________________________ test_idle_timeout _______________________________
Traceback (most recent call last):
  File "/var/lib/jenkins/workspace/ci/label/fedora23/src/tests/intg/test_secrets.py", line 427, in test_idle_timeout
    assert nfds_pre + 1 == nfds_conn
AssertionError: assert (27 + 1) == 27
==================== 1 failed, 221 passed in 473.37 seconds ====================

This is just a check that "a" connection was opened, so we don't have to
check for exact match, but just for larger-or-equal.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>