Line data Source code
1 : /*
2 : SSSD
3 :
4 : NSS Responder
5 :
6 : Authors:
7 : Pallavi Jha <pallavikumarijha@gmail.com>
8 :
9 : Copyright (C) 2013 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include <stdarg.h>
25 : #include <stdlib.h>
26 : #include <stddef.h>
27 : #include <setjmp.h>
28 : #include <errno.h>
29 : #include <unistd.h>
30 : #include <sys/types.h>
31 : #include <inttypes.h>
32 : #include <cmocka.h>
33 :
34 : #include "tests/cmocka/common_mock.h"
35 : #include "tests/cmocka/common_mock_resp.h"
36 : #include "responder/nss/nsssrv.h"
37 : #include "responder/nss/nsssrv_private.h"
38 : #include "sss_client/idmap/sss_nss_idmap.h"
39 : #include "util/util_sss_idmap.h"
40 : #include "lib/idmap/sss_idmap.h"
41 : #include "util/util.h"
42 : #include "util/util_sss_idmap.h"
43 : #include "responder/common/responder.h"
44 : #include "responder/common/negcache.h"
45 :
46 : #define PORT 21
47 : #define SID "S-1-2-3-4-5"
48 : #define CERT "MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEuREVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA0MjgxMDIxMTFaFw0xNzA0MjgxMDIxMTFaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoGA1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIykqtHuAwTVEofHikG/9BQy/dfeZFlsTkBg2qtnnc78w3XufbcnkpJp9Bmcsy/d9beqf5nlsxJ8TcjLsRQ9Ou6YtQjTfM3OILuOz8s0ICbF6qb66bd9hX/BrLO/9+KnpWFSR+E/YEmzgYyDTbKfBWBaGuPPrOi/K6vwkRYFZVA/FYZkYDtQhFmBO884HYzS4P6frRH3PvtRqWNCmaHpe97dGKsvnM2ybT+IMSB8/54GajQr3+BciRh2XaT4wvSTxkXM1fUgrDxqAP2AZmpuIyDyboZh+rWOwbrTPfx5SipELZG3uHhP8HMcr4qQ8b20LWgxCRuT73sIooHET350xUCAwEAAaOCASYwggEiMB8GA1UdIwQYMBaAFPKdQk4PxEglWC8czg+hPyLIVciRMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGswaaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQULSs/y/Wy/zIsqMIc3b2MgB7dMYIwDQYJKoZIhvcNAQELBQADggEBAJpHLlCnTR1TD8lxQgzl2n1JZOeryN/fAsGH0Vve2m8r5PC+ugnfAoULiuabBn1pOGxy/0x7Kg0/Iy8WRv8Fk7DqJCjXEqFXuFkZJfNDCtP9DzeNuMoV50iKoMfHS38BPFjXN+X/fSsBrA2fUWrlQCTmXlUN97gvQqxt5Slrxgukvxm9OSfu/sWz22LUvtJHupYwWv1iALgnXS86lAuVNYVALLxn34r58XsZlj5CSBMjBJWpaxEzgUdag3L2IPqOQXuPd0d8x11G9E/9gQquOSe2aiZjsdO/VYOCmzZsM2QPUMBVlBPDhfTVcWXQwN385uycW/ARtSzzSME2jKKWSIQ="
49 : #define PROTO "TCP"
50 : #define LIFETIME 200
51 : #define SHORTSPAN 1
52 : #define NAME "foo_name"
53 : #define TESTS_PATH "tp_" BASE_FILE_STEM
54 : #define TEST_CONF_DB "test_nss_conf.ldb"
55 : #define TEST_DOM_NAME "nss_test"
56 : #define TEST_ID_PROVIDER "ldap"
57 :
58 : /* register_cli_protocol_version is required in test since it links with
59 : * responder_common.c module
60 : */
61 0 : struct cli_protocol_version *register_cli_protocol_version(void)
62 : {
63 : static struct cli_protocol_version responder_test_cli_protocol_version[] = {
64 : {0, NULL, NULL}
65 : };
66 :
67 0 : return responder_test_cli_protocol_version;
68 : }
69 :
70 : /* Mock NSS structure */
71 : static struct nss_ctx *
72 3 : mock_nctx(TALLOC_CTX *mem_ctx)
73 : {
74 : struct nss_ctx *nctx;
75 : errno_t ret;
76 : enum idmap_error_code err;
77 :
78 3 : nctx = talloc_zero(mem_ctx, struct nss_ctx);
79 3 : if (!nctx) {
80 0 : return NULL;
81 : }
82 :
83 3 : ret = sss_ncache_init(nctx, &nctx->ncache);
84 3 : if (ret != EOK) {
85 0 : talloc_free(nctx);
86 0 : return NULL;
87 : }
88 3 : nctx->neg_timeout = 10;
89 3 : nctx->pwfield = discard_const("*");
90 :
91 3 : err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
92 : &nctx->idmap_ctx);
93 3 : if (err != IDMAP_SUCCESS) {
94 0 : DEBUG(SSSDBG_FATAL_FAILURE, ("sss_idmap_init failed.\n"));
95 0 : talloc_free(nctx);
96 0 : return NULL;
97 : }
98 3 : return nctx;
99 : }
100 :
101 : /* responder context is duplicated here because linking
102 : * with common_mock_resp.c would get us duplicates
103 : */
104 :
105 : struct resp_ctx *
106 3 : mock_rctx(TALLOC_CTX *mem_ctx,
107 : struct tevent_context *ev,
108 : struct sss_domain_info *domains,
109 : void *pvt_ctx)
110 : {
111 : struct resp_ctx *rctx;
112 : errno_t ret;
113 :
114 3 : rctx = talloc_zero(mem_ctx, struct resp_ctx);
115 3 : if (!rctx) return NULL;
116 :
117 3 : ret = sss_hash_create(rctx, 30, &rctx->dp_request_table);
118 3 : if (ret != EOK) {
119 0 : talloc_free(rctx);
120 0 : return NULL;
121 : }
122 :
123 3 : rctx->ev = ev;
124 3 : rctx->domains = domains;
125 3 : rctx->pvt_ctx = pvt_ctx;
126 3 : return rctx;
127 : }
128 :
129 : struct test_state {
130 : struct sss_nc_ctx *ctx;
131 : struct nss_ctx *nctx;
132 : struct resp_ctx *rctx;
133 : };
134 :
135 13 : static int setup(void **state)
136 : {
137 : int ret;
138 : struct test_state *ts;
139 :
140 13 : ts = talloc(NULL, struct test_state);
141 13 : assert_non_null(ts);
142 :
143 13 : ret = sss_ncache_init(ts, &ts->ctx);
144 13 : assert_int_equal(ret, EOK);
145 13 : assert_non_null(ts->ctx);
146 :
147 13 : *state = (void *)ts;
148 13 : return 0;
149 : }
150 :
151 13 : static int teardown(void **state)
152 : {
153 13 : struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
154 13 : talloc_free(ts);
155 13 : return 0;
156 : }
157 :
158 1 : static void test_sss_ncache_init(void **state)
159 : {
160 : int ret;
161 : TALLOC_CTX *memctx;
162 : struct sss_nc_ctx *ctx;
163 :
164 1 : memctx = talloc_new(NULL);
165 1 : assert_non_null(memctx);
166 :
167 1 : ret = sss_ncache_init(memctx, &ctx );
168 1 : assert_int_equal(ret, EOK);
169 1 : assert_non_null(ctx);
170 :
171 1 : talloc_free(memctx);
172 1 : }
173 :
174 : /* @test_sss_ncache_uid : test following functions
175 : * sss_ncache_set_uid
176 : * sss_ncache_check_uid
177 : */
178 1 : static void test_sss_ncache_uid(void **state)
179 : {
180 : uid_t uid;
181 : int ret, ttl;
182 : bool permanent;
183 : struct test_state *ts;
184 :
185 1 : ttl = LIFETIME;
186 1 : uid = getuid();
187 :
188 1 : ts = talloc_get_type_abort(*state, struct test_state);
189 :
190 : /* test when uid not present in database */
191 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
192 1 : assert_int_equal(ret, ENOENT);
193 :
194 : /* test when uid is present in database */
195 1 : permanent = true;
196 :
197 1 : ret = sss_ncache_reset_permanent(ts->ctx);
198 1 : assert_int_equal(ret, EOK);
199 :
200 1 : ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
201 1 : assert_int_equal(ret, EOK);
202 :
203 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
204 1 : assert_int_equal(ret, EEXIST);
205 :
206 1 : ttl = SHORTSPAN;
207 1 : ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
208 1 : assert_int_equal(ret, EOK);
209 :
210 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
211 1 : assert_int_equal(ret, EEXIST);
212 :
213 1 : sleep(SHORTSPAN + 1);
214 :
215 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
216 1 : assert_int_equal(ret, EEXIST);
217 :
218 1 : permanent = false;
219 :
220 1 : ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
221 1 : assert_int_equal(ret, EOK);
222 :
223 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
224 1 : assert_int_equal(ret, EEXIST);
225 :
226 1 : sleep(SHORTSPAN + 1);
227 :
228 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
229 1 : assert_int_equal(ret, ENOENT);
230 :
231 1 : ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
232 1 : assert_int_equal(ret, EOK);
233 :
234 : /* test when ttl is -1 with uid present in database*/
235 1 : ttl = -1;
236 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
237 1 : assert_int_equal(ret, EEXIST);
238 1 : }
239 :
240 : /* @test_sss_ncache_gid : test following functions
241 : * sss_ncache_set_gid
242 : * sss_ncache_check_gid
243 : */
244 1 : static void test_sss_ncache_gid(void **state)
245 : {
246 : gid_t gid;
247 : int ret, ttl;
248 : bool permanent;
249 : struct test_state *ts;
250 :
251 1 : ttl = LIFETIME;
252 1 : gid = getgid();
253 1 : ts = talloc_get_type_abort(*state, struct test_state);
254 :
255 : /* test when gid is not present in database */
256 1 : ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
257 1 : assert_int_equal(ret, ENOENT);
258 :
259 : /* test when gid is present in database */
260 1 : permanent = true;
261 1 : ret = sss_ncache_set_gid(ts->ctx, permanent, NULL, gid);
262 1 : assert_int_equal(ret, EOK);
263 :
264 1 : ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
265 1 : assert_int_equal(ret, EEXIST);
266 :
267 1 : permanent = false;
268 1 : ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, gid);
269 1 : assert_int_equal(ret, EOK);
270 :
271 1 : ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, gid);
272 1 : assert_int_equal(ret, EEXIST);
273 :
274 : /* test when ttl is -1 with gid present in database*/
275 1 : ttl = -1;
276 1 : ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
277 1 : assert_int_equal(ret, EEXIST);
278 1 : }
279 :
280 :
281 : /* @test_sss_ncache_sid : test following functions
282 : * sss_ncache_set_sid
283 : * sss_ncache_check_sid
284 : */
285 1 : static void test_sss_ncache_sid(void **state)
286 : {
287 : int ret, ttl;
288 : bool permanent;
289 1 : const char *sid = NULL;
290 : struct test_state *ts;
291 :
292 1 : ttl = LIFETIME;
293 1 : sid = SID;
294 1 : ts = talloc_get_type_abort(*state, struct test_state);
295 :
296 : /*test when sid in not present in database */
297 1 : ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
298 1 : assert_int_equal(ret, ENOENT);
299 :
300 : /* test when sid is present in database */
301 1 : permanent = true;
302 1 : ret = sss_ncache_set_sid(ts->ctx, permanent, sid);
303 1 : assert_int_equal(ret, EOK);
304 :
305 1 : ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
306 1 : assert_int_equal(ret, EEXIST);
307 :
308 1 : permanent = false;
309 1 : ret = sss_ncache_set_sid(ts->ctx, permanent, sid);
310 1 : assert_int_equal(ret, EOK);
311 :
312 1 : ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
313 1 : assert_int_equal(ret, EEXIST);
314 :
315 : /* test when ttl is -1 with sid present in database*/
316 1 : ttl = -1;
317 1 : ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
318 1 : assert_int_equal(ret, EEXIST);
319 1 : }
320 :
321 : /* @test_sss_ncache_cert : test following functions
322 : * sss_ncache_set_cert
323 : * sss_ncache_check_cert_
324 : */
325 1 : static void test_sss_ncache_cert(void **state)
326 : {
327 : int ret, ttl;
328 : bool permanent;
329 1 : const char *cert = NULL;
330 : struct test_state *ts;
331 :
332 1 : ttl = LIFETIME;
333 1 : cert = CERT;
334 1 : ts = talloc_get_type_abort(*state, struct test_state);
335 :
336 : /*test when cert in not present in database */
337 1 : ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
338 1 : assert_int_equal(ret, ENOENT);
339 :
340 : /* test when cert is present in database */
341 1 : permanent = true;
342 1 : ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
343 1 : assert_int_equal(ret, EOK);
344 :
345 1 : ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
346 1 : assert_int_equal(ret, EEXIST);
347 :
348 1 : permanent = false;
349 1 : ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
350 1 : assert_int_equal(ret, EOK);
351 :
352 1 : ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
353 1 : assert_int_equal(ret, EEXIST);
354 :
355 : /* test when ttl is -1 with cert present in database*/
356 1 : ttl = -1;
357 1 : ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
358 1 : assert_int_equal(ret, EEXIST);
359 1 : }
360 :
361 : /* @test_sss_ncache_user : test following functions
362 : * sss_ncache_check_user
363 : * sss_ncache_set_user
364 : */
365 1 : static void test_sss_ncache_user(void **state)
366 : {
367 : int ret, ttl;
368 : bool permanent;
369 1 : const char *name = NAME;
370 : struct test_state *ts;
371 : struct sss_domain_info *dom;
372 :
373 1 : ttl = LIFETIME;
374 1 : ts = talloc_get_type_abort(*state, struct test_state);
375 1 : dom = talloc(ts, struct sss_domain_info);
376 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
377 :
378 : /* test when domain name is not present in database */
379 1 : dom->case_sensitive = false;
380 1 : ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
381 1 : assert_int_equal(ret, ENOENT);
382 :
383 1 : dom->case_sensitive = true;
384 1 : ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
385 1 : assert_int_equal(ret, ENOENT);
386 :
387 : /* test when domain name is present in database */
388 1 : permanent = true;
389 1 : ret = sss_ncache_set_user(ts->ctx, permanent, dom, name);
390 1 : assert_int_equal(ret, EOK);
391 :
392 1 : ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
393 1 : assert_int_equal(ret, EEXIST);
394 :
395 1 : permanent = false;
396 1 : ret = sss_ncache_set_user(ts->ctx, permanent, dom, name);
397 1 : assert_int_equal(ret, EOK);
398 :
399 1 : ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
400 1 : assert_int_equal(ret, EEXIST);
401 :
402 : /* test when ttl is -1 with domain name present in database */
403 1 : ttl = -1;
404 1 : ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
405 1 : assert_int_equal(ret, EEXIST);
406 1 : }
407 :
408 : /* @test_sss_ncache_group : test following functions
409 : * sss_ncache_check_group
410 : * sss_ncache_set_group
411 : */
412 1 : static void test_sss_ncache_group(void **state)
413 : {
414 : int ret, ttl;
415 : bool permanent;
416 1 : const char *name = NAME;
417 : struct test_state *ts;
418 : struct sss_domain_info *dom;
419 :
420 1 : ttl = LIFETIME;
421 1 : ts = talloc_get_type_abort(*state, struct test_state);
422 1 : dom = talloc(ts, struct sss_domain_info);
423 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
424 :
425 : /* test when domain name is not present in database */
426 1 : dom->case_sensitive = false;
427 1 : ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
428 1 : assert_int_equal(ret, ENOENT);
429 :
430 1 : dom->case_sensitive = true;
431 1 : ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
432 1 : assert_int_equal(ret, ENOENT);
433 :
434 : /* test when domain name is present in database */
435 1 : permanent = true;
436 1 : ret = sss_ncache_set_group(ts->ctx, permanent, dom, name);
437 1 : assert_int_equal(ret, EOK);
438 :
439 1 : ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
440 1 : assert_int_equal(ret, EEXIST);
441 :
442 1 : permanent = false;
443 1 : ret = sss_ncache_set_group(ts->ctx, permanent, dom, name);
444 1 : assert_int_equal(ret, EOK);
445 :
446 1 : ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
447 1 : assert_int_equal(ret, EEXIST);
448 :
449 : /* test when ttl is -1 with domain name present in database */
450 1 : ttl = -1;
451 1 : ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
452 1 : assert_int_equal(ret, EEXIST);
453 1 : }
454 :
455 : /* @test_sss_ncache_netgr : test following functions
456 : * sss_ncache_check_netgr
457 : * sss_ncache_set_netgr
458 : */
459 1 : static void test_sss_ncache_netgr(void **state)
460 : {
461 : int ret, ttl;
462 : bool permanent;
463 1 : const char *name = NAME;
464 : struct test_state *ts;
465 : struct sss_domain_info *dom;
466 :
467 1 : ttl = LIFETIME;
468 1 : ts = talloc_get_type_abort(*state, struct test_state);
469 1 : dom = talloc(ts, struct sss_domain_info);
470 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
471 :
472 : /* test when domain name is not present in database */
473 1 : dom->case_sensitive = false;
474 1 : ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
475 1 : assert_int_equal(ret, ENOENT);
476 :
477 1 : dom->case_sensitive = true;
478 1 : ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
479 1 : assert_int_equal(ret, ENOENT);
480 :
481 : /* test when domain name is present in database */
482 1 : permanent = true;
483 1 : ret = sss_ncache_set_netgr(ts->ctx, permanent, dom, name);
484 1 : assert_int_equal(ret, EOK);
485 :
486 1 : ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
487 1 : assert_int_equal(ret, EEXIST);
488 :
489 1 : permanent = false;
490 1 : ret = sss_ncache_set_netgr(ts->ctx, permanent, dom, name);
491 1 : assert_int_equal(ret, EOK);
492 :
493 1 : ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
494 1 : assert_int_equal(ret, EEXIST);
495 :
496 : /* test when ttl is -1 with domain name present in database */
497 1 : ttl = -1;
498 1 : ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
499 1 : assert_int_equal(ret, EEXIST);
500 1 : }
501 :
502 : /* @test_sss_ncache_service_name : test following functions
503 : * sss_ncache_check_service
504 : * sss_ncache_set_service_name
505 : */
506 1 : static void test_sss_ncache_service_name(void **state)
507 : {
508 : int ret, ttl;
509 : bool permanent;
510 1 : const char *name = NAME;
511 : struct test_state *ts;
512 : struct sss_domain_info *dom;
513 :
514 1 : ttl = LIFETIME;
515 1 : ts = talloc_get_type_abort(*state, struct test_state);
516 1 : dom = talloc(ts, struct sss_domain_info);
517 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
518 :
519 : /* test when domain name and protocol are not present in database */
520 1 : dom->case_sensitive = false;
521 1 : ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
522 1 : assert_int_equal(ret, ENOENT);
523 :
524 1 : dom->case_sensitive = true;
525 1 : ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
526 1 : assert_int_equal(ret, ENOENT);
527 :
528 : /* test when domain name and protocol are present in database */
529 1 : permanent = true;
530 1 : ret = sss_ncache_set_service_name(ts->ctx, permanent, dom, name, PROTO);
531 1 : assert_int_equal(ret, EOK);
532 :
533 1 : ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
534 1 : assert_int_equal(ret, EEXIST);
535 :
536 1 : permanent = false;
537 1 : ret = sss_ncache_set_service_name(ts->ctx, permanent, dom, name, PROTO);
538 1 : assert_int_equal(ret, EOK);
539 :
540 1 : ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
541 1 : assert_int_equal(ret, EEXIST);
542 :
543 : /* test when ttl is -1 with domain name present in database */
544 1 : ttl = -1;
545 1 : ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
546 1 : assert_int_equal(ret, EEXIST);
547 1 : }
548 :
549 : /* @test_sss_ncache_service_port : test following functions
550 : * sss_ncache_check_service_port
551 : * sss_ncache_set_service_port
552 : */
553 1 : static void test_sss_ncache_service_port(void **state)
554 : {
555 : int ret, ttl;
556 : bool permanent;
557 : struct test_state *ts;
558 : struct sss_domain_info *dom;
559 :
560 1 : ttl = LIFETIME;
561 1 : ts = talloc_get_type_abort(*state, struct test_state);
562 1 : dom = talloc(ts, struct sss_domain_info);
563 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
564 :
565 : /* test when domain name, port and protocol are not present in database */
566 1 : dom->case_sensitive = false;
567 1 : ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
568 : PROTO);
569 1 : assert_int_equal(ret, ENOENT);
570 :
571 1 : dom->case_sensitive = true;
572 1 : ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
573 : PROTO);
574 1 : assert_int_equal(ret, ENOENT);
575 :
576 : /* test when domain name, port and protocol are present in database */
577 1 : permanent = true;
578 1 : ret = sss_ncache_set_service_port(ts->ctx, permanent, dom, (uint16_t)PORT,
579 : PROTO);
580 1 : assert_int_equal(ret, EOK);
581 :
582 1 : ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
583 : PROTO);
584 1 : assert_int_equal(ret, EEXIST);
585 :
586 1 : permanent = false;
587 1 : ret = sss_ncache_set_service_port(ts->ctx, permanent, dom, (uint16_t)PORT,
588 : PROTO);
589 1 : assert_int_equal(ret, EOK);
590 :
591 1 : ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
592 : PROTO);
593 1 : assert_int_equal(ret, EEXIST);
594 :
595 : /* test when ttl is -1 with domain name present in database */
596 1 : ttl = -1;
597 1 : ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
598 : PROTO);
599 1 : assert_int_equal(ret, EEXIST);
600 1 : }
601 :
602 :
603 1 : static void test_sss_ncache_reset_permanent(void **state)
604 : {
605 : int ret;
606 : struct test_state *ts;
607 1 : const bool permanent = true;
608 :
609 1 : ts = talloc_get_type_abort(*state, struct test_state);
610 :
611 1 : ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, 0);
612 1 : assert_int_equal(ret, EOK);
613 :
614 1 : ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0);
615 1 : assert_int_equal(ret, EEXIST);
616 :
617 1 : ret = sss_ncache_reset_permanent(ts->ctx);
618 1 : assert_int_equal(ret, EOK);
619 :
620 1 : ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0);
621 1 : assert_int_equal(ret, ENOENT);
622 1 : }
623 :
624 1 : static void test_sss_ncache_prepopulate(void **state)
625 : {
626 : int ret;
627 : struct test_state *ts;
628 : struct tevent_context *ev;
629 : struct sss_nc_ctx *ncache;
630 : struct sss_test_ctx *tc;
631 : struct sss_domain_info *dom;
632 :
633 1 : struct sss_test_conf_param params[] = {
634 : { "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" },
635 : { "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" },
636 : { NULL, NULL },
637 : };
638 :
639 1 : ts = talloc_get_type_abort(*state, struct test_state);
640 :
641 1 : ev = tevent_context_init(ts);
642 1 : assert_non_null(ev);
643 :
644 1 : dom = talloc_zero(ts, struct sss_domain_info);
645 1 : assert_non_null(dom);
646 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
647 :
648 1 : ts->nctx = mock_nctx(ts);
649 1 : assert_non_null(ts->nctx);
650 :
651 1 : tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB,
652 : TEST_DOM_NAME, TEST_ID_PROVIDER, params);
653 1 : assert_non_null(tc);
654 :
655 1 : ncache = ts->ctx;
656 1 : ts->rctx = mock_rctx(ts, ev, dom, ts->nctx);
657 1 : assert_non_null(ts->rctx);
658 :
659 1 : ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names);
660 1 : assert_int_equal(ret, EOK);
661 :
662 1 : ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx);
663 1 : assert_int_equal(ret, EOK);
664 :
665 1 : sleep(SHORTSPAN);
666 :
667 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
668 1 : assert_int_equal(ret, EEXIST);
669 :
670 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
671 1 : assert_int_equal(ret, EEXIST);
672 :
673 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser2");
674 1 : assert_int_equal(ret, EEXIST);
675 :
676 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2");
677 1 : assert_int_equal(ret, EEXIST);
678 :
679 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser3");
680 1 : assert_int_equal(ret, ENOENT);
681 :
682 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3");
683 1 : assert_int_equal(ret, ENOENT);
684 :
685 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser3@somedomain");
686 1 : assert_int_equal(ret, ENOENT);
687 :
688 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3@somedomain");
689 1 : assert_int_equal(ret, ENOENT);
690 1 : }
691 :
692 1 : static void test_sss_ncache_default_domain_suffix(void **state)
693 : {
694 : int ret;
695 : struct test_state *ts;
696 : struct tevent_context *ev;
697 : struct sss_nc_ctx *ncache;
698 : struct sss_test_ctx *tc;
699 : struct sss_domain_info *dom;
700 :
701 1 : struct sss_test_conf_param params[] = {
702 : { "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" },
703 : { "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" },
704 : { NULL, NULL },
705 : };
706 :
707 1 : ts = talloc_get_type_abort(*state, struct test_state);
708 :
709 1 : ev = tevent_context_init(ts);
710 1 : assert_non_null(ev);
711 :
712 1 : dom = talloc_zero(ts, struct sss_domain_info);
713 1 : assert_non_null(dom);
714 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
715 :
716 1 : ts->nctx = mock_nctx(ts);
717 1 : assert_non_null(ts->nctx);
718 :
719 1 : tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB,
720 : TEST_DOM_NAME, TEST_ID_PROVIDER, params);
721 1 : assert_non_null(tc);
722 :
723 1 : ncache = ts->ctx;
724 1 : ts->rctx = mock_rctx(ts, ev, dom, ts->nctx);
725 1 : assert_non_null(ts->rctx);
726 1 : ts->rctx->default_domain = discard_const(TEST_DOM_NAME);
727 :
728 1 : ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names);
729 1 : assert_int_equal(ret, EOK);
730 :
731 1 : ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx);
732 1 : assert_int_equal(ret, EOK);
733 :
734 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
735 1 : assert_int_equal(ret, EEXIST);
736 :
737 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
738 1 : assert_int_equal(ret, EEXIST);
739 :
740 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser2");
741 1 : assert_int_equal(ret, EEXIST);
742 :
743 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2");
744 1 : assert_int_equal(ret, EEXIST);
745 :
746 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser3");
747 1 : assert_int_equal(ret, ENOENT);
748 :
749 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3");
750 1 : assert_int_equal(ret, ENOENT);
751 :
752 1 : }
753 :
754 1 : static void test_sss_ncache_reset_prepopulate(void **state)
755 : {
756 : int ret;
757 : struct test_state *ts;
758 : struct tevent_context *ev;
759 : struct sss_nc_ctx *ncache;
760 : struct sss_test_ctx *tc;
761 : struct sss_domain_info *dom;
762 : struct sss_domain_info *dom2;
763 :
764 1 : struct sss_test_conf_param params[] = {
765 : { "filter_users", "testuser1@"TEST_DOM_NAME", testuser2@"TEST_DOM_NAME"2" },
766 : { "filter_groups", "testgroup1@"TEST_DOM_NAME", testgroup2@"TEST_DOM_NAME"2" },
767 : { NULL, NULL },
768 : };
769 :
770 1 : const char *nss_filter_users[] = { params[0].value, NULL};
771 1 : const char *nss_filter_groups[] = { params[1].value, NULL};
772 :
773 1 : ts = talloc_get_type_abort(*state, struct test_state);
774 :
775 1 : ev = tevent_context_init(ts);
776 1 : assert_non_null(ev);
777 :
778 1 : dom = talloc_zero(ts, struct sss_domain_info);
779 1 : assert_non_null(dom);
780 1 : dom->name = discard_const_p(char, TEST_DOM_NAME);
781 :
782 1 : ts->nctx = mock_nctx(ts);
783 1 : assert_non_null(ts->nctx);
784 :
785 1 : tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB,
786 : TEST_DOM_NAME, TEST_ID_PROVIDER, params);
787 1 : assert_non_null(tc);
788 :
789 1 : ret = confdb_add_param(tc->confdb, true, "config/nss",
790 : "filter_users", nss_filter_users);
791 1 : assert_int_equal(ret, EOK);
792 :
793 1 : ret = confdb_add_param(tc->confdb, true, "config/nss",
794 : "filter_groups", nss_filter_groups);
795 1 : assert_int_equal(ret, EOK);
796 :
797 1 : ncache = ts->ctx;
798 1 : ts->rctx = mock_rctx(ts, ev, dom, ts->nctx);
799 1 : assert_non_null(ts->rctx);
800 1 : ts->rctx->default_domain = discard_const(TEST_DOM_NAME);
801 1 : ts->rctx->cdb = tc->confdb;
802 :
803 1 : ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names);
804 1 : assert_int_equal(ret, EOK);
805 :
806 1 : ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
807 1 : assert_int_equal(ret, EOK);
808 :
809 : /* Add another domain */
810 1 : dom2 = talloc_zero(ts, struct sss_domain_info);
811 1 : assert_non_null(dom2);
812 1 : dom2->name = discard_const_p(char, TEST_DOM_NAME"2");
813 1 : dom->next = dom2;
814 1 : dom2->names = dom->names;
815 :
816 : /* First domain should not be known, the second not */
817 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
818 1 : assert_int_equal(ret, EEXIST);
819 :
820 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
821 1 : assert_int_equal(ret, EEXIST);
822 :
823 1 : ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
824 1 : assert_int_equal(ret, ENOENT);
825 :
826 1 : ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
827 1 : assert_int_equal(ret, ENOENT);
828 :
829 1 : ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
830 1 : assert_int_equal(ret, EOK);
831 :
832 : /* First domain should not be known, the second not */
833 1 : ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
834 1 : assert_int_equal(ret, EEXIST);
835 :
836 1 : ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
837 1 : assert_int_equal(ret, EEXIST);
838 :
839 1 : ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
840 1 : assert_int_equal(ret, EEXIST);
841 :
842 1 : ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
843 1 : assert_int_equal(ret, EEXIST);
844 1 : }
845 1 : int main(void)
846 : {
847 : int rv;
848 1 : const struct CMUnitTest tests[] = {
849 : cmocka_unit_test(test_sss_ncache_init),
850 : cmocka_unit_test_setup_teardown(test_sss_ncache_uid, setup, teardown),
851 : cmocka_unit_test_setup_teardown(test_sss_ncache_gid, setup, teardown),
852 : cmocka_unit_test_setup_teardown(test_sss_ncache_sid, setup, teardown),
853 : cmocka_unit_test_setup_teardown(test_sss_ncache_cert, setup, teardown),
854 : cmocka_unit_test_setup_teardown(test_sss_ncache_user, setup, teardown),
855 : cmocka_unit_test_setup_teardown(test_sss_ncache_group, setup, teardown),
856 : cmocka_unit_test_setup_teardown(test_sss_ncache_netgr, setup, teardown),
857 : cmocka_unit_test_setup_teardown(test_sss_ncache_service_name, setup,
858 : teardown),
859 : cmocka_unit_test_setup_teardown(test_sss_ncache_service_port,
860 : setup, teardown),
861 : cmocka_unit_test_setup_teardown(test_sss_ncache_reset_permanent, setup,
862 : teardown),
863 : cmocka_unit_test_setup_teardown(test_sss_ncache_prepopulate,
864 : setup, teardown),
865 : cmocka_unit_test_setup_teardown(test_sss_ncache_default_domain_suffix,
866 : setup, teardown),
867 : cmocka_unit_test_setup_teardown(test_sss_ncache_reset_prepopulate,
868 : setup, teardown),
869 : };
870 :
871 1 : tests_set_cwd();
872 1 : test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
873 1 : test_dom_suite_setup(TESTS_PATH);
874 :
875 1 : rv = cmocka_run_group_tests(tests, NULL, NULL);
876 1 : if (rv == 0) {
877 1 : test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
878 : }
879 1 : return rv;
880 : }
|
