rpms/sssd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

python-sssdconfig: Fix parssing sssd.conf without config_file_version

Browse Source 
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
This commit is contained in:
Lukas Slebodnik 2015-10-19 15:04:51 +02:00
parent 4bdb4e48cd
commit c08e64289b
4 changed files with 277 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
0004-SSSDConfig-Do-not-raise-exception-if-config_file_ver.patch Normal file
View File

@ -0,0 +1,58 @@
From c540338b798a15b736770a51f87eb13606faa544 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Thu, 15 Oct 2015 18:53:37 +0200
Subject: [PATCH 4/6] SSSDConfig: Do not raise exception if config_file_version
is missing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ticket:
https://fedorahosted.org/sssd/ticket/2837
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 6a044fa43d53638c1d0b874d43f58c0428820362)
(cherry picked from commit a2363aa5984a707b8834816ea8538fe7de250a63)
---
src/config/SSSDConfig/__init__.py.in | 8 ++++----
src/config/SSSDConfigTest.py | 5 -----
2 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 038de16d55423a73c0bed6a0e27d99e1ab46a90f..bf61c402796122050fa43cf41128faec4771c5d2 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -1405,10 +1405,10 @@ class SSSDConfig(SSSDChangeConf):
try:
if int(self.get('sssd', 'config_file_version')) != self.API_VERSION:
raise ParsingError("Wrong config_file_version")
- except:
- # Either the 'sssd' section or the 'config_file_version' was not
- # present in the config file
- raise ParsingError("File contains no config_file_version")
+ except TypeError:
+ # This happens when config_file_version is missing. We
+ # can assume it is the default version and continue.
+ pass
def new_config(self):
"""
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 5047bd7237188be4df83f76054afe6b43ceeec1d..a850b8d2c5933c4c08b5b0e8f4db79f3c88fc5ee 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -1226,11 +1226,6 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
srcdir + "/etc/sssd.api.d")
self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-badversion.conf")
- # Negative Test - No config file version
- sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
- srcdir + "/etc/sssd.api.d")
- self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-noversion.conf")
-
# Negative Test - Already initialized
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
srcdir + "/etc/sssd.api.d")
--
2.5.0

60
0005-SSSDConfigTest-Try-load-saved-config.patch Normal file
View File

@ -0,0 +1,60 @@
From dab0d1655f5e2451fc8ded804763ac4549ffd978 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 15 Oct 2015 10:32:09 +0200
Subject: [PATCH 5/6] SSSDConfigTest: Try load saved config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Python module SSSDConfig should be able to save configuration file
and later load the same configuration file without problem.
Unit test for:
https://fedorahosted.org/sssd/ticket/2837
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 87ef67286b64af98d32a3a5abcd28a9c2886f751)
(cherry picked from commit 69612bc5d0a9219ecccf3e8c6410059322aeecc6)
---
src/config/SSSDConfigTest.py | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index a850b8d2c5933c4c08b5b0e8f4db79f3c88fc5ee..8a4a2b30a8a5b2422075fd614626d14e6f803a18 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -157,10 +157,14 @@ class SSSDConfigTestValid(unittest.TestCase):
#non-owners, and should not be executable by anyone
self.assertFalse(S_IMODE(mode) & 0o177)
+ # try to import saved configuration file
+ config = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+ srcdir + "/etc/sssd.api.d")
+ config.import_config(configfile=of)
+
#Remove the output file
os.unlink(of)
-
def testCreateNewLDAPConfig(self):
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
srcdir + "/etc/sssd.api.d")
@@ -191,9 +195,15 @@ class SSSDConfigTestValid(unittest.TestCase):
#non-owners, and should not be executable by anyone
self.assertFalse(S_IMODE(mode) & 0o177)
+ # try to import saved configuration file
+ config = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+ srcdir + "/etc/sssd.api.d")
+ config.import_config(configfile=of)
+
#Remove the output file
os.unlink(of)
+
def testModifyExistingConfig(self):
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
srcdir + "/etc/sssd.api.d")
--
2.5.0

151
0006-SSSDConfigTest-Test-real-config-without-config_file_.patch Normal file
View File

@ -0,0 +1,151 @@
From abbb16532a5336cf5c75228c2adc56601c828f9a Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 15 Oct 2015 11:04:06 +0200
Subject: [PATCH 6/6] SSSDConfigTest: Test real config without
config_file_version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
src/config/testconfigs/sssd-valid.conf explicitly contains
config_file_version. Recently we changed the default value to 2
and therefore it needn't be listed in configuration file.
This patch test real sssd.conf without config_file_version.
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 7388fc91bd6c22705e60632346ec815f4a4963f1)
(cherry picked from commit b1c6767617c082de2521976175bc2f499ec295e9)
---
src/config/SSSDConfigTest.py | 85 ++++++++++++++++++++++++++++++
src/config/testconfigs/sssd-noversion.conf | 22 ++++++++
2 files changed, 107 insertions(+)
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 8a4a2b30a8a5b2422075fd614626d14e6f803a18..45562214da5d227b45914abbcb298e043048adf5 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -1243,6 +1243,91 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
self.assertRaises(SSSDConfig.AlreadyInitializedError,
sssdconfig.import_config, srcdir + "/testconfigs/sssd-valid.conf")
+ def testImportConfigNoVersion(self):
+ # Positive Test
+ sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+ srcdir + "/etc/sssd.api.d")
+ sssdconfig.import_config(
+ srcdir + "/testconfigs/sssd-noversion.conf"
+ )
+
+ # Validate services
+ services = sssdconfig.list_services()
+ self.assertTrue('sssd' in services)
+ self.assertTrue('nss' in services)
+ self.assertTrue('pam' in services)
+ self.assertTrue('dp' in services)
+
+ #Verify service attributes
+ sssd_service = sssdconfig.get_service('sssd')
+ service_opts = sssd_service.list_options()
+
+ self.assertTrue('services' in service_opts.keys())
+ service_list = sssd_service.get_option('services')
+ self.assertTrue('nss' in service_list)
+ self.assertTrue('pam' in service_list)
+ self.assertTrue('reconnection_retries' in service_opts)
+
+ #Validate domain list
+ domains = sssdconfig.list_domains()
+ self.assertTrue('LOCAL' in domains)
+ self.assertTrue('LDAP' in domains)
+ self.assertTrue('PROXY' in domains)
+ self.assertTrue('IPA' in domains)
+
+ # Verify domain attributes
+ ipa_domain = sssdconfig.get_domain('IPA')
+ domain_opts = ipa_domain.list_options()
+ self.assertTrue('debug_level' in domain_opts.keys())
+ self.assertTrue('id_provider' in domain_opts.keys())
+ self.assertTrue('auth_provider' in domain_opts.keys())
+
+ # Verify domain attributes
+ proxy_domain = sssdconfig.get_domain('PROXY')
+ domain_opts = proxy_domain.list_options()
+ self.assertTrue('debug_level' in domain_opts.keys())
+ self.assertTrue('id_provider' in domain_opts.keys())
+ self.assertTrue('auth_provider' in domain_opts.keys())
+
+ # Verify domain attributes
+ local_domain = sssdconfig.get_domain('LOCAL')
+ domain_opts = local_domain.list_options()
+ self.assertTrue('debug_level' in domain_opts.keys())
+ self.assertTrue('id_provider' in domain_opts.keys())
+ self.assertTrue('auth_provider' in domain_opts.keys())
+
+ # Verify domain attributes
+ ldap_domain = sssdconfig.get_domain('LDAP')
+ domain_opts = ldap_domain.list_options()
+ self.assertTrue('debug_level' in domain_opts.keys())
+ self.assertTrue('id_provider' in domain_opts.keys())
+ self.assertTrue('auth_provider' in domain_opts.keys())
+
+ domain_control_list = [
+ 'cache_credentials',
+ 'id_provider',
+ 'auth_provider',
+ 'access_provider',
+ 'default_shell',
+ 'fallback_homedir',
+ 'cache_credentials',
+ 'use_fully_qualified_names',
+ ]
+
+ ad_domain = sssdconfig.get_domain("ad.example.com")
+
+ for option in ad_domain.get_all_options():
+ self.assertTrue(option in domain_control_list)
+
+ negative_domain_control_list = [
+ 'ad_server',
+ 'ldap_id_mapping',
+ 'ldap_sasl_authid',
+ ]
+
+ for option in ad_domain.get_all_options():
+ self.assertFalse(option in negative_domain_control_list)
+
def testNewConfig(self):
# Positive Test
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
diff --git a/src/config/testconfigs/sssd-noversion.conf b/src/config/testconfigs/sssd-noversion.conf
index 71af85cc07e87ab96372fb91ea52ce36faf21a1e..d5f524d268dd43825364a4b464909cf1b9441646 100644
--- a/src/config/testconfigs/sssd-noversion.conf
+++ b/src/config/testconfigs/sssd-noversion.conf
@@ -39,3 +39,25 @@ debug_level = 0
[dp]
debug_level = 0
+[domain/ad.example.com]
+cache_credentials = true
+
+id_provider = ad
+auth_provider = ad
+access_provider = ad
+
+# Uncomment if service discovery is not working
+# ad_server = server.ad.example.com
+
+# Uncomment if you want to use POSIX UIDs and GIDs set on the AD side
+# ldap_id_mapping = False
+
+# Comment out if the users have the shell and home dir set on the AD side
+default_shell = /bin/bash
+fallback_homedir = /home/%d/%u
+
+# Uncomment and adjust if the default principal SHORTNAME$@REALM is not available
+# ldap_sasl_authid = host/client.ad.example.com@AD.EXAMPLE.COM
+
+# Comment out if you prefer to user shortnames.
+use_fully_qualified_names = True
--
2.5.0

9
sssd.spec
View File

@ -29,7 +29,7 @@
Name: sssd Name: sssd
Version: 1.13.1 Version: 1.13.1
Release: 2%{?dist} Release: 3%{?dist}
Group: Applications/System Group: Applications/System
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
@ -41,6 +41,9 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch0001: 0001-PAM-only-allow-missing-user-name-for-certificate-aut.patch Patch0001: 0001-PAM-only-allow-missing-user-name-for-certificate-aut.patch
Patch0002: 0002-AD-Provide-common-connection-list-construction-funct.patch Patch0002: 0002-AD-Provide-common-connection-list-construction-funct.patch
Patch0003: 0003-AD-Consolidate-connection-list-construction-on-ad_co.patch Patch0003: 0003-AD-Consolidate-connection-list-construction-on-ad_co.patch
Patch0004: 0004-SSSDConfig-Do-not-raise-exception-if-config_file_ver.patch
Patch0005: 0005-SSSDConfigTest-Try-load-saved-config.patch
Patch0006: 0006-SSSDConfigTest-Test-real-config-without-config_file_.patch
### Dependencies ### ### Dependencies ###
Requires: sssd-common = %{version}-%{release} Requires: sssd-common = %{version}-%{release}
@ -1012,6 +1015,10 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so %{_libdir}/%{name}/modules/libwbclient.so
%changelog %changelog
* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3
- python-sssdconfig: Fix parssing sssd.conf without config_file_version
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
* Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2 * Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2
- Fix few segfaults - Fix few segfaults
- Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2811 - PAM responder crashed if user was not set