From 13205258cc17d3833558244251f5adbc98cf34e5 Mon Sep 17 00:00:00 2001 From: Fabiano Fidêncio Date: Mon, 5 Jun 2017 15:06:12 +0200 Subject: INTG_TESTS: Add one more test for filtered out users/groups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The added test is quite simple and basically ensures that when some shortcut is taken in the cache_req_send() SSSD still filters out the already cached users/groups. The real situation the test tries to test is: - getent passwd 1002 - sleep(2) - getent passwd 1002 - getent group 2002 - sleep(2) - getent group 2002 (Considering entry_negative_timeout = 1 in [nss] section of sssd.conf). Related: https://pagure.io/SSSD/sssd/issue/3362 Signed-off-by: Fabiano Fidêncio Reviewed-by: Lukáš Slebodník --- src/tests/intg/test_ldap.py | 54 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index ea7393f5a..7ae87a366 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -1076,3 +1076,57 @@ def test_nss_filters(ldap_conn, sanity_nss_filter): grp.getgrnam("non_existent_group") with pytest.raises(KeyError): grp.getgrgid(14) + + +@pytest.fixture +def sanity_nss_filter_cached(request, ldap_conn): + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) + ent_list.add_user("user1", 1001, 2001) + ent_list.add_user("user2", 1002, 2002) + ent_list.add_user("user3", 1003, 2003) + + ent_list.add_group_bis("group1", 2001) + ent_list.add_group_bis("group2", 2002) + ent_list.add_group_bis("group3", 2003) + + create_ldap_fixture(request, ldap_conn, ent_list) + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ + unindent(""" + [nss] + filter_users = user2 + filter_groups = group2 + entry_negative_timeout = 1 + """).format(**locals()) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + return None + + +def test_nss_filters_cached(ldap_conn, sanity_nss_filter_cached): + passwd_pattern = expected_list_to_name_dict([ + dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001', + dir='/home/user1', shell='/bin/bash'), + dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003', + dir='/home/user3', shell='/bin/bash') + ]) + ent.assert_each_passwd_by_name(passwd_pattern) + + # test filtered user + with pytest.raises(KeyError): + pwd.getpwuid(1002) + time.sleep(2) + with pytest.raises(KeyError): + pwd.getpwuid(1002) + + group_pattern = expected_list_to_name_dict([ + dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()), + dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()), + ]) + ent.assert_each_group_by_name(group_pattern) + + # test filtered group + with pytest.raises(KeyError): + grp.getgrgid(2002) + time.sleep(2) + with pytest.raises(KeyError): + grp.getgrgid(2002) -- cgit