summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-06-16 14:01:05 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-06-16 16:22:50 -0400
commit7d0c90f7aa0fa1e03610f754ab73c6d41d7e2087 (patch)
tree5b16b730cb4cd5e3ad8fd98ce589f6c2e4236bc3
parentf519b2ed74ca000b80c77dfccfe9a5caffb0010a (diff)
downloadsssd-7d0c90f7aa0fa1e03610f754ab73c6d41d7e2087.tar.gz
sssd-7d0c90f7aa0fa1e03610f754ab73c6d41d7e2087.tar.bz2
sssd-7d0c90f7aa0fa1e03610f754ab73c6d41d7e2087.zip
Handle (ignore) unknown options in get_domain() and get_service()
We will now eliminate any unknown options and providers to guarantee that the domain is safe for use.
-rw-r--r--src/config/SSSDConfig.py36
-rwxr-xr-xsrc/config/SSSDConfigTest.py29
-rw-r--r--src/config/testconfigs/sssd-valid.conf17
3 files changed, 72 insertions, 10 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index a05b5334..f1ff02aa 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -944,7 +944,10 @@ class SSSDDomain(SSSDConfigObject):
is_provider = option.rfind('_provider')
if (is_provider > 0):
provider = option[:is_provider]
- self.add_provider(value, provider)
+ try:
+ self.add_provider(value, provider)
+ except NoSuchProviderError:
+ raise NoOptionError
else:
self.options[option] = value
@@ -1251,8 +1254,13 @@ class SSSDConfig(SSSDChangeConf):
raise NoServiceError
service = SSSDService(name, self.schema)
- [service.set_option(opt['name'], opt['value'])
- for opt in self.strip_comments_empty(self.options(name)) ]
+ for opt in self.strip_comments_empty(self.options(name)):
+ try:
+ service.set_option(opt['name'], opt['value'])
+ except NoOptionError:
+ # If we come across an option that we don't recognize,
+ # we should just ignore it and continue
+ pass
return service
@@ -1448,12 +1456,24 @@ class SSSDConfig(SSSDChangeConf):
# errors trying to read in their options
providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name))
if x['name'].rfind('_provider') > 0]
- [domain.set_option(option, value)
- for (option, value) in providers]
- [domain.set_option(opt['name'], opt['value'])
- for opt in self.strip_comments_empty(self.options('domain/%s' % name))
- if (opt['name'], opt['value']) not in providers]
+ for (option, value) in providers:
+ try:
+ domain.set_option(option, value)
+ except NoOptionError:
+ # If we come across an option that we don't recognize,
+ # we should just ignore it and continue
+ pass
+
+ # Read in all the options from the configuration
+ for opt in self.strip_comments_empty(self.options('domain/%s' % name)):
+ if (opt['name'], opt['value']) not in providers:
+ try:
+ domain.set_option(opt['name'], opt['value'])
+ except NoOptionError:
+ # If we come across an option that we don't recognize,
+ # we should just ignore it and continue
+ pass
# Determine if this domain is currently active
domain.active = self.is_domain_active(name)
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 8cbb0f91..056e0f2a 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -1054,6 +1054,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
'domain/IPA',
'domain/LOCAL',
'domain/LDAP',
+ 'domain/INVALIDPROVIDER',
+ 'domain/INVALIDOPTION',
]
for section in control_list:
@@ -1192,6 +1194,11 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
# Negative Test - No such service
self.assertRaises(SSSDConfig.NoServiceError, sssdconfig.get_service, 'nosuchservice')
+ # Positive test - Service with invalid option loads
+ # but ignores the invalid option
+ service = sssdconfig.get_service('pam')
+ self.assertFalse(service.options.has_key('nosuchoption'))
+
def testNewService(self):
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
srcdir + "/etc/sssd.api.d")
@@ -1276,7 +1283,10 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
control_list = [
'PROXY',
- 'LDAP']
+ 'LDAP',
+ 'INVALIDPROVIDER',
+ 'INVALIDOPTION',
+ ]
inactive_domains = sssdconfig.list_inactive_domains()
for domain in control_list:
@@ -1302,7 +1312,10 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
'IPA',
'LOCAL',
'PROXY',
- 'LDAP']
+ 'LDAP',
+ 'INVALIDPROVIDER',
+ 'INVALIDOPTION',
+ ]
domains = sssdconfig.list_domains()
for domain in control_list:
@@ -1337,6 +1350,18 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
# Negative Test - No such domain
self.assertRaises(SSSDConfig.NoDomainError, sssdconfig.get_domain, 'nosuchdomain')
+ # Positive Test - Domain with unknown provider
+ # Expected result: Domain is imported, but does not contain the
+ # unknown provider entry
+ domain = sssdconfig.get_domain('INVALIDPROVIDER')
+ self.assertFalse(domain.options.has_key('chpass_provider'))
+
+ # Positive Test - Domain with unknown option
+ # Expected result: Domain is imported, but does not contain the
+ # unknown option entry
+ domain = sssdconfig.get_domain('INVALIDOPTION')
+ self.assertFalse(domain.options.has_key('nosuchoption'))
+
def testNewDomain(self):
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
srcdir + "/etc/sssd.api.d")
diff --git a/src/config/testconfigs/sssd-valid.conf b/src/config/testconfigs/sssd-valid.conf
index 3c2dda80..42eeb61c 100644
--- a/src/config/testconfigs/sssd-valid.conf
+++ b/src/config/testconfigs/sssd-valid.conf
@@ -36,8 +36,25 @@ id_provider = ldap
auth_provider=ldap
debug_level = 0
+# Domain containing an invalid provider
+[domain/INVALIDPROVIDER]
+ldap_id_use_start_tls = true
+id_provider = ldap
+auth_provider=ldap
+debug_level = 0
+chpass_provider = chpass
+
+# Domain containing an invalid option
+[domain/INVALIDOPTION]
+ldap_id_use_start_tls = true
+id_provider = ldap
+auth_provider=ldap
+debug_level = 0
+nosuchoption = True
+
[pam]
debug_level = 0
+nosuchoption = True
[dp]
debug_level = 0