From 7d0c90f7aa0fa1e03610f754ab73c6d41d7e2087 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 16 Jun 2010 14:01:05 -0400
Subject: Handle (ignore) unknown options in get_domain() and get_service()

We will now eliminate any unknown options and providers to
guarantee that the domain is safe for use.
---
 src/config/SSSDConfigTest.py | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

(limited to 'src/config/SSSDConfigTest.py')

diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 8cbb0f91..056e0f2a 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -1054,6 +1054,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
             'domain/IPA',
             'domain/LOCAL',
             'domain/LDAP',
+            'domain/INVALIDPROVIDER',
+            'domain/INVALIDOPTION',
             ]
 
         for section in control_list:
@@ -1192,6 +1194,11 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
         # Negative Test - No such service
         self.assertRaises(SSSDConfig.NoServiceError, sssdconfig.get_service, 'nosuchservice')
 
+        # Positive test - Service with invalid option loads
+        # but ignores the invalid option
+        service = sssdconfig.get_service('pam')
+        self.assertFalse(service.options.has_key('nosuchoption'))
+
     def testNewService(self):
         sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
                                            srcdir + "/etc/sssd.api.d")
@@ -1276,7 +1283,10 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
 
         control_list = [
             'PROXY',
-            'LDAP']
+            'LDAP',
+            'INVALIDPROVIDER',
+            'INVALIDOPTION',
+            ]
         inactive_domains = sssdconfig.list_inactive_domains()
 
         for domain in control_list:
@@ -1302,7 +1312,10 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
             'IPA',
             'LOCAL',
             'PROXY',
-            'LDAP']
+            'LDAP',
+            'INVALIDPROVIDER',
+            'INVALIDOPTION',
+            ]
         domains = sssdconfig.list_domains()
 
         for domain in control_list:
@@ -1337,6 +1350,18 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
         # Negative Test - No such domain
         self.assertRaises(SSSDConfig.NoDomainError, sssdconfig.get_domain, 'nosuchdomain')
 
+        # Positive Test - Domain with unknown provider
+        # Expected result: Domain is imported, but does not contain the
+        # unknown provider entry
+        domain = sssdconfig.get_domain('INVALIDPROVIDER')
+        self.assertFalse(domain.options.has_key('chpass_provider'))
+
+        # Positive Test - Domain with unknown option
+        # Expected result: Domain is imported, but does not contain the
+        # unknown option entry
+        domain = sssdconfig.get_domain('INVALIDOPTION')
+        self.assertFalse(domain.options.has_key('nosuchoption'))
+
     def testNewDomain(self):
         sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
                                            srcdir + "/etc/sssd.api.d")
-- 
cgit