dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0029-NSS-make-memcache-size-configurable.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   1bb59547f916a26aeb39c414aab131c9f260e8e2
  2.   SOURCES
  3.   0029-NSS-make-memcache-size-configurable.patch
Blob History Raw
1bb595 
From 80e7163b7bf512a45e2fa31494f3bdff9e9e2dce Mon Sep 17 00:00:00 2001
1bb595 
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
1bb595 
Date: Wed, 4 Mar 2020 16:26:18 +0100
1bb595 
Subject: [PATCH 29/35] NSS: make memcache size configurable
1bb595
1bb595 
Added options to configure memcache size:
1bb595 
memcache_size_passwd
1bb595 
memcache_size_group
1bb595 
memcache_size_initgroups
1bb595
1bb595 
Related:
1bb595 
https://github.com/SSSD/sssd/issues/4578
1bb595
1bb595 
Reviewed-by: Sumit Bose <sbose@redhat.com>
1bb595 
---
1bb595 
 src/confdb/confdb.h                  |   3 +
1bb595 
 src/config/SSSDConfig/sssdoptions.py |   3 +
1bb595 
 src/config/cfg_rules.ini             |   3 +
1bb595 
 src/man/sssd.conf.5.xml              |  78 +++++++++
1bb595 
 src/responder/nss/nsssrv.c           | 104 ++++++++----
1bb595 
 src/tests/intg/test_memory_cache.py  | 236 +++++++++++++++++++++++++++
1bb595 
 6 files changed, 398 insertions(+), 29 deletions(-)
1bb595
1bb595 
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
1bb595 
index a5d35fd70..c96896da5 100644
1bb595 
--- a/src/confdb/confdb.h
1bb595 
+++ b/src/confdb/confdb.h
1bb595 
@@ -115,6 +115,9 @@
1bb595 
 #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
1bb595 
 #define CONFDB_NSS_DEFAULT_SHELL "default_shell"
1bb595 
 #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout"
1bb595 
+#define CONFDB_NSS_MEMCACHE_SIZE_PASSWD "memcache_size_passwd"
1bb595 
+#define CONFDB_NSS_MEMCACHE_SIZE_GROUP "memcache_size_group"
1bb595 
+#define CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS "memcache_size_initgroups"
1bb595 
 #define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring"
1bb595 
 #define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home"
1bb595
1bb595 
diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
1bb595 
index 9c071f70a..16d85cfa3 100644
1bb595 
--- a/src/config/SSSDConfig/sssdoptions.py
1bb595 
+++ b/src/config/SSSDConfig/sssdoptions.py
1bb595 
@@ -72,6 +72,9 @@ class SSSDOptions(object):
1bb595 
         'shell_fallback': _('If a shell stored in central directory is allowed but not available, use this fallback'),
1bb595 
         'default_shell': _('Shell to use if the provider does not list one'),
1bb595 
         'memcache_timeout': _('How long will be in-memory cache records valid'),
1bb595 
+        'memcache_size_passwd': _('Number of slots in fast in-memory cache for passwd requests'),
1bb595 
+        'memcache_size_group': _('Number of slots in fast in-memory cache for group requests'),
1bb595 
+        'memcache_size_initgroups': _('Number of slots in fast in-memory cache for initgroups requests'),
1bb595 
         'homedir_substring': _('The value of this option will be used in the expansion of the override_homedir option '
1bb595 
                                'if the template contains the format string %H.'),
1bb595 
         'get_domains_timeout': _('Specifies time in seconds for which the list of subdomains will be considered '
1bb595 
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
1bb595 
index 1a7e2c5cd..2874ea048 100644
1bb595 
--- a/src/config/cfg_rules.ini
1bb595 
+++ b/src/config/cfg_rules.ini
1bb595 
@@ -92,6 +92,9 @@ option = shell_fallback
1bb595 
 option = default_shell
1bb595 
 option = get_domains_timeout
1bb595 
 option = memcache_timeout
1bb595 
+option = memcache_size_passwd
1bb595 
+option = memcache_size_group
1bb595 
+option = memcache_size_initgroups
1bb595
1bb595 
 [rule/allowed_pam_options]
1bb595 
 validator = ini_allowed_options
1bb595 
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
1bb595 
index 9a9679a4b..9bc2e26e5 100644
1bb595 
--- a/src/man/sssd.conf.5.xml
1bb595 
+++ b/src/man/sssd.conf.5.xml
1bb595 
@@ -1100,6 +1100,84 @@ fallback_homedir = /home/%u
1bb595 
                         </para>
1bb595 
                     </listitem>
1bb595 
                 </varlistentry>
1bb595 
+                <varlistentry>
1bb595 
+                    <term>memcache_size_passwd (integer)</term>
1bb595 
+                    <listitem>
1bb595 
+                        <para>
1bb595 
+                            Number of slots allocated inside fast in-memory
1bb595 
+                            cache for passwd requests. Note that one entry
1bb595 
+                            in fast in-memory cache can occupy more than one slot.
1bb595 
+                            Setting the size to 0 will disable the passwd in-memory
1bb595 
+                            cache.
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            Default: 200000
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            WARNING: Disabled or too small in-memory cache can
1bb595 
+                            have significant negative impact on SSSD's
1bb595 
+                            performance.
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            NOTE: If the environment variable
1bb595 
+                            SSS_NSS_USE_MEMCACHE is set to "NO", client
1bb595 
+                            applications will not use the fast in-memory
1bb595 
+                            cache.
1bb595 
+                        </para>
1bb595 
+                    </listitem>
1bb595 
+                </varlistentry>
1bb595 
+                <varlistentry>
1bb595 
+                    <term>memcache_size_group (integer)</term>
1bb595 
+                    <listitem>
1bb595 
+                        <para>
1bb595 
+                            Number of slots allocated inside fast in-memory
1bb595 
+                            cache for group requests. Note that one entry
1bb595 
+                            in fast in-memory cache can occupy more than one
1bb595 
+                            slot. Setting the size to 0 will disable the group
1bb595 
+                            in-memory cache.
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            Default: 150000
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            WARNING: Disabled or too small in-memory cache can
1bb595 
+                            have significant negative impact on SSSD's
1bb595 
+                            performance.
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            NOTE: If the environment variable
1bb595 
+                            SSS_NSS_USE_MEMCACHE is set to "NO", client
1bb595 
+                            applications will not use the fast in-memory
1bb595 
+                            cache.
1bb595 
+                        </para>
1bb595 
+                    </listitem>
1bb595 
+                </varlistentry>
1bb595 
+                <varlistentry>
1bb595 
+                    <term>memcache_size_initgroups (integer)</term>
1bb595 
+                    <listitem>
1bb595 
+                        <para>
1bb595 
+                            Number of slots allocated inside fast in-memory
1bb595 
+                            cache for initgroups requests. Note that one entry
1bb595 
+                            in fast in-memory cache can occupy more than one
1bb595 
+                            slot. Setting the size to 0 will disable the
1bb595 
+                            initgroups in-memory cache.
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            Default: 250000
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            WARNING: Disabled or too small in-memory cache can
1bb595 
+                            have significant negative impact on SSSD's
1bb595 
+                            performance.
1bb595 
+                        </para>
1bb595 
+                        <para>
1bb595 
+                            NOTE: If the environment variable
1bb595 
+                            SSS_NSS_USE_MEMCACHE is set to "NO", client
1bb595 
+                            applications will not use the fast in-memory
1bb595 
+                            cache.
1bb595 
+                        </para>
1bb595 
+                    </listitem>
1bb595 
+                </varlistentry>
1bb595 
                 <varlistentry>
1bb595 
                     <term>user_attributes (string)</term>
1bb595 
                     <listitem>
1bb595 
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
1bb595 
index 21d93ae77..0a201d3ae 100644
1bb595 
--- a/src/responder/nss/nsssrv.c
1bb595 
+++ b/src/responder/nss/nsssrv.c
1bb595 
@@ -209,13 +209,16 @@ done:
1bb595
1bb595 
 static int setup_memcaches(struct nss_ctx *nctx)
1bb595 
 {
1bb595 
-    /* TODO: read cache sizes from configuration */
1bb595 
+    /* Default memcache sizes */
1bb595 
     static const size_t SSS_MC_CACHE_PASSWD_SLOTS    = 200000;  /*  8mb */
1bb595 
     static const size_t SSS_MC_CACHE_GROUP_SLOTS     = 150000;  /*  6mb */
1bb595 
     static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000;  /* 10mb */
1bb595
1bb595 
     int ret;
1bb595 
     int memcache_timeout;
1bb595 
+    int mc_size_passwd;
1bb595 
+    int mc_size_group;
1bb595 
+    int mc_size_initgroups;
1bb595
1bb595 
     /* Remove the CLEAR_MC_FLAG file if exists. */
1bb595 
     ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
1bb595 
@@ -243,34 +246,77 @@ static int setup_memcaches(struct nss_ctx *nctx)
1bb595 
         return EOK;
1bb595 
     }
1bb595
1bb595 
-    ret = sss_mmap_cache_init(nctx, "passwd",
1bb595 
-                              nctx->mc_uid, nctx->mc_gid,
1bb595 
-                              SSS_MC_PASSWD,
1bb595 
-                              SSS_MC_CACHE_PASSWD_SLOTS,
1bb595 
-                              (time_t)memcache_timeout,
1bb595 
-                              &nctx->pwd_mc_ctx);
1bb595 
-    if (ret) {
1bb595 
-        DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
1bb595 
-    }
1bb595 
-
1bb595 
-    ret = sss_mmap_cache_init(nctx, "group",
1bb595 
-                              nctx->mc_uid, nctx->mc_gid,
1bb595 
-                              SSS_MC_GROUP,
1bb595 
-                              SSS_MC_CACHE_GROUP_SLOTS,
1bb595 
-                              (time_t)memcache_timeout,
1bb595 
-                              &nctx->grp_mc_ctx);
1bb595 
-    if (ret) {
1bb595 
-        DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
1bb595 
-    }
1bb595 
-
1bb595 
-    ret = sss_mmap_cache_init(nctx, "initgroups",
1bb595 
-                              nctx->mc_uid, nctx->mc_gid,
1bb595 
-                              SSS_MC_INITGROUPS,
1bb595 
-                              SSS_MC_CACHE_INITGROUP_SLOTS,
1bb595 
-                              (time_t)memcache_timeout,
1bb595 
-                              &nctx->initgr_mc_ctx);
1bb595 
-    if (ret) {
1bb595 
-        DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
1bb595 
+    /* Get all memcache sizes from confdb (pwd, grp, initgr) */
1bb595 
+
1bb595 
+    ret = confdb_get_int(nctx->rctx->cdb,
1bb595 
+                         CONFDB_NSS_CONF_ENTRY,
1bb595 
+                         CONFDB_NSS_MEMCACHE_SIZE_PASSWD,
1bb595 
+                         SSS_MC_CACHE_PASSWD_SLOTS,
1bb595 
+                         &mc_size_passwd);
1bb595 
+    if (ret != EOK) {
1bb595 
+        DEBUG(SSSDBG_FATAL_FAILURE,
1bb595 
+              "Failed to get 'memcache_size_passwd' option from confdb.\n");
1bb595 
+        return ret;
1bb595 
+    }
1bb595 
+
1bb595 
+    ret = confdb_get_int(nctx->rctx->cdb,
1bb595 
+                         CONFDB_NSS_CONF_ENTRY,
1bb595 
+                         CONFDB_NSS_MEMCACHE_SIZE_GROUP,
1bb595 
+                         SSS_MC_CACHE_GROUP_SLOTS,
1bb595 
+                         &mc_size_group);
1bb595 
+    if (ret != EOK) {
1bb595 
+        DEBUG(SSSDBG_FATAL_FAILURE,
1bb595 
+              "Failed to get 'memcache_size_group' option from confdb.\n");
1bb595 
+        return ret;
1bb595 
+    }
1bb595 
+
1bb595 
+    ret = confdb_get_int(nctx->rctx->cdb,
1bb595 
+                         CONFDB_NSS_CONF_ENTRY,
1bb595 
+                         CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS,
1bb595 
+                         SSS_MC_CACHE_INITGROUP_SLOTS,
1bb595 
+                         &mc_size_initgroups);
1bb595 
+    if (ret != EOK) {
1bb595 
+        DEBUG(SSSDBG_FATAL_FAILURE,
1bb595 
+              "Failed to get 'memcache_size_nitgroups' option from confdb.\n");
1bb595 
+        return ret;
1bb595 
+    }
1bb595 
+
1bb595 
+    /* Initialize the fast in-memory caches if they were not disabled */
1bb595 
+
1bb595 
+    if (mc_size_passwd != 0) {
1bb595 
+        ret = sss_mmap_cache_init(nctx, "passwd",
1bb595 
+                                  nctx->mc_uid, nctx->mc_gid,
1bb595 
+                                  SSS_MC_PASSWD,
1bb595 
+                                  mc_size_passwd,
1bb595 
+                                  (time_t)memcache_timeout,
1bb595 
+                                  &nctx->pwd_mc_ctx);
1bb595 
+        if (ret) {
1bb595 
+            DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
1bb595 
+        }
1bb595 
+    }
1bb595 
+
1bb595 
+    if (mc_size_group != 0) {
1bb595 
+        ret = sss_mmap_cache_init(nctx, "group",
1bb595 
+                                  nctx->mc_uid, nctx->mc_gid,
1bb595 
+                                  SSS_MC_GROUP,
1bb595 
+                                  mc_size_group,
1bb595 
+                                  (time_t)memcache_timeout,
1bb595 
+                                  &nctx->grp_mc_ctx);
1bb595 
+        if (ret) {
1bb595 
+            DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
1bb595 
+        }
1bb595 
+    }
1bb595 
+
1bb595 
+    if (mc_size_initgroups != 0) {
1bb595 
+        ret = sss_mmap_cache_init(nctx, "initgroups",
1bb595 
+                                  nctx->mc_uid, nctx->mc_gid,
1bb595 
+                                  SSS_MC_INITGROUPS,
1bb595 
+                                  mc_size_initgroups,
1bb595 
+                                  (time_t)memcache_timeout,
1bb595 
+                                  &nctx->initgr_mc_ctx);
1bb595 
+        if (ret) {
1bb595 
+            DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
1bb595 
+        }
1bb595 
     }
1bb595
1bb595 
     return EOK;
1bb595 
diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py
1bb595 
index 322f76fe0..6ed696e00 100644
1bb595 
--- a/src/tests/intg/test_memory_cache.py
1bb595 
+++ b/src/tests/intg/test_memory_cache.py
1bb595 
@@ -135,6 +135,112 @@ def load_data_to_ldap(request, ldap_conn):
1bb595 
     create_ldap_fixture(request, ldap_conn, ent_list)
1bb595
1bb595
1bb595 
+@pytest.fixture
1bb595 
+def disable_memcache_rfc2307(request, ldap_conn):
1bb595 
+    load_data_to_ldap(request, ldap_conn)
1bb595 
+
1bb595 
+    conf = unindent("""\
1bb595 
+        [sssd]
1bb595 
+        domains             = LDAP
1bb595 
+        services            = nss
1bb595 
+
1bb595 
+        [nss]
1bb595 
+        memcache_size_group = 0
1bb595 
+        memcache_size_passwd = 0
1bb595 
+        memcache_size_initgroups = 0
1bb595 
+
1bb595 
+        [domain/LDAP]
1bb595 
+        ldap_auth_disable_tls_never_use_in_production = true
1bb595 
+        ldap_schema         = rfc2307
1bb595 
+        id_provider         = ldap
1bb595 
+        auth_provider       = ldap
1bb595 
+        sudo_provider       = ldap
1bb595 
+        ldap_uri            = {ldap_conn.ds_inst.ldap_url}
1bb595 
+        ldap_search_base    = {ldap_conn.ds_inst.base_dn}
1bb595 
+    """).format(**locals())
1bb595 
+    create_conf_fixture(request, conf)
1bb595 
+    create_sssd_fixture(request)
1bb595 
+    return None
1bb595 
+
1bb595 
+
1bb595 
+@pytest.fixture
1bb595 
+def disable_pwd_mc_rfc2307(request, ldap_conn):
1bb595 
+    load_data_to_ldap(request, ldap_conn)
1bb595 
+
1bb595 
+    conf = unindent("""\
1bb595 
+        [sssd]
1bb595 
+        domains             = LDAP
1bb595 
+        services            = nss
1bb595 
+
1bb595 
+        [nss]
1bb595 
+        memcache_size_passwd = 0
1bb595 
+
1bb595 
+        [domain/LDAP]
1bb595 
+        ldap_auth_disable_tls_never_use_in_production = true
1bb595 
+        ldap_schema         = rfc2307
1bb595 
+        id_provider         = ldap
1bb595 
+        auth_provider       = ldap
1bb595 
+        sudo_provider       = ldap
1bb595 
+        ldap_uri            = {ldap_conn.ds_inst.ldap_url}
1bb595 
+        ldap_search_base    = {ldap_conn.ds_inst.base_dn}
1bb595 
+    """).format(**locals())
1bb595 
+    create_conf_fixture(request, conf)
1bb595 
+    create_sssd_fixture(request)
1bb595 
+    return None
1bb595 
+
1bb595 
+
1bb595 
+@pytest.fixture
1bb595 
+def disable_grp_mc_rfc2307(request, ldap_conn):
1bb595 
+    load_data_to_ldap(request, ldap_conn)
1bb595 
+
1bb595 
+    conf = unindent("""\
1bb595 
+        [sssd]
1bb595 
+        domains             = LDAP
1bb595 
+        services            = nss
1bb595 
+
1bb595 
+        [nss]
1bb595 
+        memcache_size_group = 0
1bb595 
+
1bb595 
+        [domain/LDAP]
1bb595 
+        ldap_auth_disable_tls_never_use_in_production = true
1bb595 
+        ldap_schema         = rfc2307
1bb595 
+        id_provider         = ldap
1bb595 
+        auth_provider       = ldap
1bb595 
+        sudo_provider       = ldap
1bb595 
+        ldap_uri            = {ldap_conn.ds_inst.ldap_url}
1bb595 
+        ldap_search_base    = {ldap_conn.ds_inst.base_dn}
1bb595 
+    """).format(**locals())
1bb595 
+    create_conf_fixture(request, conf)
1bb595 
+    create_sssd_fixture(request)
1bb595 
+    return None
1bb595 
+
1bb595 
+
1bb595 
+@pytest.fixture
1bb595 
+def disable_initgr_mc_rfc2307(request, ldap_conn):
1bb595 
+    load_data_to_ldap(request, ldap_conn)
1bb595 
+
1bb595 
+    conf = unindent("""\
1bb595 
+        [sssd]
1bb595 
+        domains             = LDAP
1bb595 
+        services            = nss
1bb595 
+
1bb595 
+        [nss]
1bb595 
+        memcache_size_initgroups = 0
1bb595 
+
1bb595 
+        [domain/LDAP]
1bb595 
+        ldap_auth_disable_tls_never_use_in_production = true
1bb595 
+        ldap_schema         = rfc2307
1bb595 
+        id_provider         = ldap
1bb595 
+        auth_provider       = ldap
1bb595 
+        sudo_provider       = ldap
1bb595 
+        ldap_uri            = {ldap_conn.ds_inst.ldap_url}
1bb595 
+        ldap_search_base    = {ldap_conn.ds_inst.base_dn}
1bb595 
+    """).format(**locals())
1bb595 
+    create_conf_fixture(request, conf)
1bb595 
+    create_sssd_fixture(request)
1bb595 
+    return None
1bb595 
+
1bb595 
+
1bb595 
 @pytest.fixture
1bb595 
 def sanity_rfc2307(request, ldap_conn):
1bb595 
     load_data_to_ldap(request, ldap_conn)
1bb595 
@@ -354,6 +460,19 @@ def test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307):
1bb595 
     test_getgrnam_simple(ldap_conn, sanity_rfc2307)
1bb595
1bb595
1bb595 
+def test_getgrnam_simple_disabled_pwd_mc(ldap_conn, disable_pwd_mc_rfc2307):
1bb595 
+    test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307)
1bb595 
+    stop_sssd()
1bb595 
+    test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307)
1bb595 
+
1bb595 
+
1bb595 
+def test_getgrnam_simple_disabled_intitgr_mc(ldap_conn,
1bb595 
+                                             disable_initgr_mc_rfc2307):
1bb595 
+    test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307)
1bb595 
+    stop_sssd()
1bb595 
+    test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307)
1bb595 
+
1bb595 
+
1bb595 
 def test_getgrnam_membership(ldap_conn, sanity_rfc2307):
1bb595 
     ent.assert_group_by_name(
1bb595 
         "group1",
1bb595 
@@ -919,3 +1038,120 @@ def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307):
1bb595 
         grp.getgrnam('group1')
1bb595 
     with pytest.raises(KeyError):
1bb595 
         grp.getgrgid(2001)
1bb595 
+
1bb595 
+
1bb595 
+def test_disabled_mc(ldap_conn, disable_memcache_rfc2307):
1bb595 
+    ent.assert_passwd_by_name(
1bb595 
+        'user1',
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+    ent.assert_passwd_by_uid(
1bb595 
+        1001,
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+
1bb595 
+    ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
1bb595 
+    ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
1bb595 
+
1bb595 
+    assert_user_gids_equal('user1', [2000, 2001])
1bb595 
+
1bb595 
+    stop_sssd()
1bb595 
+
1bb595 
+    # sssd is stopped and the memory cache is disabled;
1bb595 
+    # so pytest should not be able to find anything
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        pwd.getpwnam('user1')
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        pwd.getpwuid(1001)
1bb595 
+
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        grp.getgrnam('group1')
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        grp.getgrgid(2001)
1bb595 
+
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        (res, errno, gids) = sssd_id.get_user_gids('user1')
1bb595 
+
1bb595 
+
1bb595 
+def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307):
1bb595 
+    ent.assert_passwd_by_name(
1bb595 
+        'user1',
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+    ent.assert_passwd_by_uid(
1bb595 
+        1001,
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+
1bb595 
+    assert_user_gids_equal('user1', [2000, 2001])
1bb595 
+
1bb595 
+    stop_sssd()
1bb595 
+
1bb595 
+    # passwd cache is disabled
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        pwd.getpwnam('user1')
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        pwd.getpwuid(1001)
1bb595 
+
1bb595 
+    # Initgroups looks up the user first, hence KeyError from the
1bb595 
+    # passwd database even if the initgroups cache is active.
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        (res, errno, gids) = sssd_id.get_user_gids('user1')
1bb595 
+
1bb595 
+
1bb595 
+def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307):
1bb595 
+    ent.assert_passwd_by_name(
1bb595 
+        'user1',
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+    ent.assert_passwd_by_uid(
1bb595 
+        1001,
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+
1bb595 
+    ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
1bb595 
+    ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
1bb595 
+
1bb595 
+    assert_user_gids_equal('user1', [2000, 2001])
1bb595 
+
1bb595 
+    stop_sssd()
1bb595 
+
1bb595 
+    # group cache is disabled, other caches should work
1bb595 
+    ent.assert_passwd_by_name(
1bb595 
+        'user1',
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+    ent.assert_passwd_by_uid(
1bb595 
+        1001,
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        grp.getgrnam('group1')
1bb595 
+    with pytest.raises(KeyError):
1bb595 
+        grp.getgrgid(2001)
1bb595 
+
1bb595 
+    assert_user_gids_equal('user1', [2000, 2001])
1bb595 
+
1bb595 
+
1bb595 
+def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307):
1bb595 
+    # Even if initgroups is disabled, passwd should work
1bb595 
+    ent.assert_passwd_by_name(
1bb595 
+        'user1',
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+    ent.assert_passwd_by_uid(
1bb595 
+        1001,
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+
1bb595 
+    stop_sssd()
1bb595 
+
1bb595 
+    ent.assert_passwd_by_name(
1bb595 
+        'user1',
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
+    ent.assert_passwd_by_uid(
1bb595 
+        1001,
1bb595 
+        dict(name='user1', passwd='*', uid=1001, gid=2001,
1bb595 
+             gecos='1001', shell='/bin/bash'))
1bb595 
--
1bb595 
2.21.3
1bb595

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation