From 6540891d3b991ea8eba1fe26143573114374a6ec Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 29 Oct 2009 14:17:22 -0400
Subject: [PATCH 1/5] Make config_file_version a hidden setting in SSSDConfig API

The config_file_version should never be changed by the API, so we
will hide the option inside the SSSDConfig API and remove it from
the schema.

Guarantee that the config file is of the correct version
---
 server/config/SSSDConfig.py                    |   21 +++++++++++
 server/config/SSSDConfigTest.py                |   46 +++++++++++++++--------
 server/config/etc/sssd.api.conf                |    1 -
 server/config/testconfigs/sssd-badversion.conf |   42 +++++++++++++++++++++
 server/config/testconfigs/sssd-noversion.conf  |   41 +++++++++++++++++++++
 5 files changed, 134 insertions(+), 17 deletions(-)
 create mode 100644 server/config/testconfigs/sssd-badversion.conf
 create mode 100644 server/config/testconfigs/sssd-noversion.conf

diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index 07e967b..6d3a8c6 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -199,12 +199,20 @@ class SSSDService:
         # Set up the service object with any known defaults
         self.options = {}
 
+        # Include a list of hidden options
+        self.hidden_options = []
+
         # Set up default options for all services
         self.options.update(self.schema.get_defaults('service'))
 
         # Set up default options for this service
         self.options.update(self.schema.get_defaults(self.name))
 
+        # For the [sssd] service, force the config file version
+        if servicename == 'sssd':
+            self.options['config_file_version'] = 2
+            self.hidden_options.append('config_file_version')
+
     def get_name(self):
         return self.name
 
@@ -228,6 +236,10 @@ class SSSDService:
             option_schema = self.schema.get_option(self.name, optionname)
         elif self.schema.has_option('service', optionname):
             option_schema = self.schema.get_option('service', optionname)
+        elif optionname in self.hidden_options:
+            # Set this option and do not add it to the list of changeable values
+            self.options[optionname] = value
+            return
         else:
             raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname))
 
@@ -442,6 +454,7 @@ class SSSDConfig(RawConfigParser):
         self.schema = SSSDConfigSchema(schemafile, schemaplugindir)
         self.configfile = None
         self.initialized = False
+        self.API_VERSION = 2
 
     def import_config(self,configfile=None):
         if self.initialized:
@@ -462,6 +475,14 @@ class SSSDConfig(RawConfigParser):
         self.configfile = configfile
         self.initialized = True
 
+        try:
+            if int(self.get('sssd', 'config_file_version')) != self.API_VERSION:
+                raise ParsingError("Wrong config_file_version")
+        except:
+            # Either the 'sssd' section or the 'config_file_version' was not
+            # present in the config file
+            raise ParsingError("File contains no config_file_version")
+
     def new_config(self):
         if self.initialized:
             raise AlreadyInitializedError
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index 0baa912..a9377bf 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -30,8 +30,6 @@ class SSSDConfigTestValid(unittest.TestCase):
         sssd_service = sssdconfig.get_service('sssd')
         service_opts = sssd_service.list_options()
 
-        self.assertTrue('config_file_version' in service_opts.keys())
-        self.assertEquals(sssd_service.get_option('config_file_version'), 2)
 
         self.assertTrue('services' in service_opts.keys())
         service_list = sssd_service.get_option('services')
@@ -59,9 +57,6 @@ class SSSDConfigTestValid(unittest.TestCase):
         self.assertTrue('reconnection_retries' in new_options)
         self.assertEquals(new_options['reconnection_retries'][0], int)
 
-        self.assertTrue('config_file_version' in new_options)
-        self.assertEquals(new_options['config_file_version'][0], int)
-
         self.assertTrue('services' in new_options)
         self.assertEquals(new_options['debug_level'][0], int)
 
@@ -201,7 +196,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
 
         options = service.list_options()
         control_list = [
-            'config_file_version',
             'services',
             'domains',
             'timeout',
@@ -229,23 +223,23 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
                             'Option [%s] unexpectedly found' %
                             option)
 
-        self.assertTrue(type(options['config_file_version']) == tuple,
+        self.assertTrue(type(options['reconnection_retries']) == tuple,
                         "Option values should be a tuple")
 
-        self.assertTrue(options['config_file_version'][0] == int,
-                        "config_file_version should require an int. " +
+        self.assertTrue(options['reconnection_retries'][0] == int,
+                        "reconnection_retries should require an int. " +
                         "list_options is requiring a %s" %
-                        options['config_file_version'][0])
+                        options['reconnection_retries'][0])
 
-        self.assertTrue(options['config_file_version'][1] == None,
-                        "config_file_version should not require a subtype. " +
+        self.assertTrue(options['reconnection_retries'][1] == None,
+                        "reconnection_retries should not require a subtype. " +
                         "list_options is requiring a %s" %
-                        options['config_file_version'][1])
+                        options['reconnection_retries'][1])
 
-        self.assertTrue(options['config_file_version'][0] == int,
-                        "config_file_version should default to 2. " +
+        self.assertTrue(options['reconnection_retries'][0] == int,
+                        "reconnection_retries should default to 2. " +
                         "list_options specifies %d" %
-                        options['config_file_version'][2])
+                        options['reconnection_retries'][2])
 
         self.assertTrue(type(options['services']) == tuple,
                         "Option values should be a tuple")
@@ -927,6 +921,26 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
         else:
             self.fail("Expected ParsingError")
 
+        # Negative Test - Invalid config file version
+        try:
+            sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+                                               "etc/sssd.api.d")
+            sssdconfig.import_config("testconfigs/sssd-badversion.conf")
+        except SSSDConfig.ParsingError:
+            pass
+        else:
+            self.fail("Expected ParsingError")
+
+        # Negative Test - No config file version
+        try:
+            sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
+                                               "etc/sssd.api.d")
+            sssdconfig.import_config("testconfigs/sssd-noversion.conf")
+        except SSSDConfig.ParsingError:
+            pass
+        else:
+            self.fail("Expected ParsingError")
+
         # Negative Test - Already initialized
         sssdconfig = SSSDConfig.SSSDConfig("etc/sssd.api.conf",
                                            "etc/sssd.api.d")
diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 0c41fa7..de2af83 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -11,7 +11,6 @@ reconnection_retries = int, None, 3
 
 [sssd]
 # Monitor service
-config_file_version = int, None, 2
 services = list, str, nss, pam
 domains = list, str
 timeout = int, None
diff --git a/server/config/testconfigs/sssd-badversion.conf b/server/config/testconfigs/sssd-badversion.conf
new file mode 100644
index 0000000..75d8c48
--- /dev/null
+++ b/server/config/testconfigs/sssd-badversion.conf
@@ -0,0 +1,42 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+config_file_version = 1
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
diff --git a/server/config/testconfigs/sssd-noversion.conf b/server/config/testconfigs/sssd-noversion.conf
new file mode 100644
index 0000000..71af85c
--- /dev/null
+++ b/server/config/testconfigs/sssd-noversion.conf
@@ -0,0 +1,41 @@
+[nss]
+nss_filter_groups = root
+nss_entry_negative_timeout = 15
+debug_level = 0
+nss_filter_users_in_groups = true
+nss_filter_users = root
+nss_entry_cache_no_wait_timeout = 60
+nss_entry_cache_timeout = 600
+nss_enum_cache_timeout = 120
+
+[sssd]
+services = nss, pam
+reconnection_retries = 3
+domains = LOCAL, IPA
+
+[domain/PROXY]
+id_provider = proxy
+auth_provider = proxy
+debug_level = 0
+
+[domain/IPA]
+id_provider = ldap
+auth_provider = krb5
+debug_level = 0
+
+[domain/LOCAL]
+id_provider = local
+auth_provider = local
+debug_level = 0
+
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+debug_level = 0
+
+[pam]
+debug_level = 0
+
+[dp]
+debug_level = 0
+
-- 
1.6.2.5