Line data Source code
1 : /*
2 : Authors:
3 : Sumit Bose <sbose@redhat.com>
4 :
5 : Copyright (C) 2015 Red Hat
6 :
7 : SSSD tests: PAM responder tests
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include <security/pam_modules.h>
24 : #include <popt.h>
25 :
26 : #include "tests/cmocka/common_mock.h"
27 : #include "tests/cmocka/common_mock_resp.h"
28 : #include "responder/common/responder_packet.h"
29 : #include "responder/common/negcache.h"
30 : #include "responder/pam/pamsrv.h"
31 : #include "responder/pam/pam_helpers.h"
32 : #include "sss_client/pam_message.h"
33 : #include "sss_client/sss_cli.h"
34 :
35 : #include "util/crypto/sss_crypto.h"
36 : #ifdef HAVE_NSS
37 : #include "util/crypto/nss/nss_util.h"
38 : #endif
39 :
40 : #define TESTS_PATH "tp_" BASE_FILE_STEM
41 : #define TEST_CONF_DB "test_pam_conf.ldb"
42 : #define TEST_DOM_NAME "pam_test"
43 : #define TEST_SUBDOM_NAME "test.subdomain"
44 : #define TEST_ID_PROVIDER "ldap"
45 :
46 : #define NSS_DB_PATH "./sssd_test_nssdb"
47 : #define NSS_DB "sql:"NSS_DB_PATH
48 :
49 : #define TEST_TOKEN_NAME "SSSD Test Token"
50 : #define TEST_TOKEN_CERT \
51 : "MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
52 : "REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA2MjMx" \
53 : "NjMyMDdaFw0xNzA2MjMxNjMyMDdaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \
54 : "A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \
55 : "ADCCAQoCggEBALXUq56VlY+Z0aWLLpFAjFfbElPBXGQsbZb85J3cGyPjaMHC9wS+" \
56 : "wjB6Ve4HmQyPLx8hbINdDmbawMHYQvTScLYfsqLtj0Lqw20sUUmedk+Es5Oh9VHo" \
57 : "nd8MavYx25Du2u+T0iSgNIDikXguiwCmtAj8VC49ebbgITcjJGzMmiiuJkV3o93Y" \
58 : "vvYF0VjLGDQbQWOy7IxzYJeNVJnZWKo67CHdok6qOrm9rxQt81rzwV/mGLbCMUbr" \
59 : "+N4M8URtd7EmzaYZQmNm//s2owFrCYMxpLiURPj+URZVuB72504/Ix7X0HCbA/AV" \
60 : "26J27fPY5nc8DMwfhUDCbTqPH/JEjd3mvY8CAwEAAaOCASYwggEiMB8GA1UdIwQY" \
61 : "MBaAFJOq+KAQmPEnNp8Wok23eGTdE7aDMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \
62 : "BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \
63 : "BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \
64 : "aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \
65 : "LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \
66 : "IEF1dGhvcml0eTAdBgNVHQ4EFgQUFaDNd5a53QGpaw5m63hnwXicMQ8wDQYJKoZI" \
67 : "hvcNAQELBQADggEBADH7Nj00qqGhGJeXJQAsepqSskz/wooqXh8vgVyb8SS4N0/c" \
68 : "0aQtVmY81xamlXE12ZFpwDX43d+EufBkwCUKFX/+8JFDd2doAyeJxv1xM22kKRpc" \
69 : "AqITPgMsa9ToGMWxjbVpc/X/5YfZixWPF0/eZUTotBj9oaR039UrhGfyN7OguF/G" \
70 : "rzmxtB5y4ZrMpcD/Oe90mkd9HY7sA/fB8OWOUgeRfQoh97HNS0UiDWsPtfxmjQG5" \
71 : "zotpoBIZmdH+ipYsu58HohHVlM9Wi5H4QmiiXl+Soldkq7eXYlafcmT7wv8+cKwz" \
72 : "Nz0Tm3+eYpFqRo3skr6QzXi525Jkg3r6r+kkhxU=" \
73 :
74 : struct pam_test_ctx {
75 : struct sss_test_ctx *tctx;
76 : struct sss_domain_info *subdom;
77 :
78 : struct resp_ctx *rctx;
79 : struct cli_ctx *cctx;
80 : struct sss_cmd_table *pam_cmds;
81 : struct pam_ctx *pctx;
82 :
83 : int ncache_hits;
84 : int exp_pam_status;
85 : };
86 :
87 : /* Must be global because it is needed in some wrappers */
88 : struct pam_test_ctx *pam_test_ctx;
89 :
90 1 : static errno_t setup_nss_db(void)
91 : {
92 : int ret;
93 : FILE *fp;
94 : int status;
95 : pid_t child_pid;
96 :
97 1 : ret = mkdir(NSS_DB_PATH, 0775);
98 1 : if (ret != EOK) {
99 0 : DEBUG(SSSDBG_FATAL_FAILURE, "Failed to create " NSS_DB_PATH ".\n");
100 0 : return ret;
101 : }
102 :
103 1 : child_pid = fork();
104 2 : if (child_pid == 0) { /* child */
105 1 : ret = execlp("certutil", "certutil", "-N", "--empty-password", "-d",
106 : NSS_DB, NULL);
107 1 : if (ret == -1) {
108 0 : DEBUG(SSSDBG_FATAL_FAILURE, "execl() failed.\n");
109 0 : exit(-1);
110 : }
111 1 : } else if (child_pid > 0) {
112 1 : wait(&status);
113 : } else {
114 0 : ret = errno;
115 0 : DEBUG(SSSDBG_FATAL_FAILURE, "fork() failed\n");
116 0 : return ret;
117 : }
118 :
119 2 : fp = fopen(NSS_DB_PATH"/pkcs11.txt", "w");
120 1 : if (fp == NULL) {
121 0 : DEBUG(SSSDBG_FATAL_FAILURE, "fopen() failed.\n");
122 0 : return ret;
123 : }
124 1 : ret = fprintf(fp, "library=libsoftokn3.so\nname=soft\n");
125 1 : if (ret < 0) {
126 0 : DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
127 0 : return ret;
128 : }
129 1 : ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR);
130 1 : if (ret < 0) {
131 0 : DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
132 0 : return ret;
133 : }
134 1 : ret = fclose(fp);
135 1 : if (ret != 0) {
136 0 : DEBUG(SSSDBG_FATAL_FAILURE, "fclose() failed.\n");
137 0 : return ret;
138 : }
139 :
140 1 : return EOK;
141 : }
142 :
143 2 : static void cleanup_nss_db(void)
144 : {
145 : int ret;
146 :
147 2 : ret = unlink(NSS_DB_PATH"/cert9.db");
148 2 : if (ret != EOK) {
149 1 : DEBUG(SSSDBG_OP_FAILURE, "Failed to remove cert9.db.\n");
150 : }
151 :
152 2 : ret = unlink(NSS_DB_PATH"/key4.db");
153 2 : if (ret != EOK) {
154 1 : DEBUG(SSSDBG_OP_FAILURE, "Failed to remove key4.db.\n");
155 : }
156 :
157 2 : ret = unlink(NSS_DB_PATH"/pkcs11.txt");
158 2 : if (ret != EOK) {
159 1 : DEBUG(SSSDBG_OP_FAILURE, "Failed to remove pkcs11.db.\n");
160 : }
161 :
162 2 : ret = rmdir(NSS_DB_PATH);
163 2 : if (ret != EOK) {
164 1 : DEBUG(SSSDBG_OP_FAILURE, "Failed to remove " NSS_DB_PATH "\n");
165 : }
166 2 : }
167 :
168 31 : struct pam_ctx *mock_pctx(TALLOC_CTX *mem_ctx)
169 : {
170 : struct pam_ctx *pctx;
171 : errno_t ret;
172 :
173 31 : pctx = talloc_zero(mem_ctx, struct pam_ctx);
174 31 : assert_non_null(pctx);
175 :
176 31 : ret = sss_ncache_init(pctx, &pctx->ncache);
177 31 : assert_int_equal(ret, EOK);
178 :
179 31 : pctx->neg_timeout = 10;
180 :
181 31 : ret = sss_hash_create(pctx, 10, &pctx->id_table);
182 31 : assert_int_equal(ret, EOK);
183 :
184 31 : return pctx;
185 : }
186 :
187 31 : static int add_pam_params(struct sss_test_conf_param pam_params[],
188 : struct confdb_ctx *cdb)
189 : {
190 : const char *val[2];
191 : int ret;
192 :
193 31 : val[1] = NULL;
194 :
195 62 : for (int i = 0; pam_params[i].key; i++) {
196 31 : val[0] = pam_params[i].value;
197 31 : ret = confdb_add_param(cdb, true, CONFDB_PAM_CONF_ENTRY,
198 31 : pam_params[i].key, val);
199 31 : assert_int_equal(ret, EOK);
200 : }
201 :
202 31 : return EOK;
203 : }
204 :
205 31 : void test_pam_setup(struct sss_test_conf_param dom_params[],
206 : struct sss_test_conf_param pam_params[],
207 : void **state)
208 : {
209 : errno_t ret;
210 :
211 31 : pam_test_ctx = talloc_zero(NULL, struct pam_test_ctx);
212 31 : assert_non_null(pam_test_ctx);
213 :
214 31 : pam_test_ctx->tctx = create_dom_test_ctx(pam_test_ctx, TESTS_PATH,
215 : TEST_CONF_DB, TEST_DOM_NAME,
216 : TEST_ID_PROVIDER, dom_params);
217 31 : assert_non_null(pam_test_ctx->tctx);
218 :
219 31 : pam_test_ctx->pam_cmds = get_pam_cmds();
220 31 : assert_non_null(pam_test_ctx->pam_cmds);
221 :
222 : /* FIXME - perhaps this should be folded into sssd_domain_init or stricty
223 : * used together
224 : */
225 31 : ret = sss_names_init(pam_test_ctx, pam_test_ctx->tctx->confdb,
226 31 : TEST_DOM_NAME, &pam_test_ctx->tctx->dom->names);
227 31 : assert_int_equal(ret, EOK);
228 :
229 : /* Initialize the PAM responder */
230 31 : pam_test_ctx->pctx = mock_pctx(pam_test_ctx);
231 31 : assert_non_null(pam_test_ctx->pctx);
232 :
233 62 : pam_test_ctx->rctx = mock_rctx(pam_test_ctx, pam_test_ctx->tctx->ev,
234 31 : pam_test_ctx->tctx->dom, pam_test_ctx->pctx);
235 31 : assert_non_null(pam_test_ctx->rctx);
236 31 : pam_test_ctx->rctx->cdb = pam_test_ctx->tctx->confdb;
237 31 : pam_test_ctx->pctx->rctx = pam_test_ctx->rctx;
238 :
239 31 : ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb);
240 31 : assert_int_equal(ret, EOK);
241 :
242 : /* Create client context */
243 31 : pam_test_ctx->cctx = mock_cctx(pam_test_ctx, pam_test_ctx->rctx);
244 31 : assert_non_null(pam_test_ctx->cctx);
245 :
246 31 : pam_test_ctx->cctx->cli_protocol_version = register_cli_protocol_version();
247 31 : pam_test_ctx->cctx->ev = pam_test_ctx->tctx->ev;
248 31 : }
249 :
250 31 : static int pam_test_setup(void **state)
251 : {
252 : int ret;
253 :
254 31 : struct sss_test_conf_param dom_params[] = {
255 : { "enumerate", "false" },
256 : { "cache_credentials", "true" },
257 : { NULL, NULL }, /* Sentinel */
258 : };
259 :
260 31 : struct sss_test_conf_param pam_params[] = {
261 : { "p11_child_timeout", "30"},
262 : { NULL, NULL }, /* Sentinel */
263 : };
264 :
265 31 : test_pam_setup(dom_params, pam_params, state);
266 :
267 : /* Prime the cache with a valid user */
268 31 : ret = sysdb_add_user(pam_test_ctx->tctx->dom,
269 : "pamuser", 123, 456, "pam user",
270 : "/home/pamuser", "/bin/sh", NULL,
271 : NULL, 300, 0);
272 31 : assert_int_equal(ret, EOK);
273 :
274 : /* Add entry to the initgr cache to make sure no initgr request is sent to
275 : * the backend */
276 62 : ret = pam_initgr_cache_set(pam_test_ctx->pctx->rctx->ev,
277 31 : pam_test_ctx->pctx->id_table,
278 : discard_const("pamuser"),
279 31 : pam_test_ctx->pctx->id_timeout);
280 31 : assert_int_equal(ret, EOK);
281 :
282 : /* Prime the cache with a user for wrong matches */
283 31 : ret = sysdb_add_user(pam_test_ctx->tctx->dom,
284 : "wronguser", 321, 654, "wrong user",
285 : "/home/wringuser", "/bin/sh", NULL,
286 : NULL, 300, 0);
287 31 : assert_int_equal(ret, EOK);
288 :
289 : /* Add entry to the initgr cache to make sure no initgr request is sent to
290 : * the backend */
291 62 : ret = pam_initgr_cache_set(pam_test_ctx->pctx->rctx->ev,
292 31 : pam_test_ctx->pctx->id_table,
293 : discard_const("wronguser"),
294 31 : pam_test_ctx->pctx->id_timeout);
295 31 : assert_int_equal(ret, EOK);
296 :
297 31 : return 0;
298 : }
299 :
300 31 : static int pam_test_teardown(void **state)
301 : {
302 : int ret;
303 :
304 31 : ret = sysdb_delete_user(pam_test_ctx->tctx->dom, "pamuser", 0);
305 31 : assert_int_equal(ret, EOK);
306 :
307 31 : ret = sysdb_delete_user(pam_test_ctx->tctx->dom, "wronguser", 0);
308 31 : assert_int_equal(ret, EOK);
309 :
310 31 : talloc_free(pam_test_ctx);
311 31 : return 0;
312 : }
313 :
314 : typedef int (*cmd_cb_fn_t)(uint32_t, uint8_t *, size_t);
315 :
316 :
317 : int __real_read_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
318 : uint8_t **buf, ssize_t *len);
319 :
320 : void __real_sss_packet_get_body(struct sss_packet *packet,
321 : uint8_t **body, size_t *blen);
322 :
323 62 : void __wrap_sss_packet_get_body(struct sss_packet *packet,
324 : uint8_t **body, size_t *blen)
325 : {
326 62 : enum sss_test_wrapper_call wtype = sss_mock_type(enum sss_test_wrapper_call);
327 : size_t len;
328 :
329 62 : if (wtype == WRAP_CALL_REAL) {
330 31 : return __real_sss_packet_get_body(packet, body, blen);
331 : }
332 :
333 31 : *body = sss_mock_ptr_type(uint8_t *);
334 31 : len = sss_mock_type(size_t);
335 31 : if (len == 0) {
336 0 : len = strlen((const char *) *body) + 1;
337 : }
338 31 : *blen = len;
339 31 : return;
340 : }
341 :
342 : void __real_sss_packet_get_body(struct sss_packet *packet,
343 : uint8_t **body, size_t *blen);
344 :
345 31 : void __wrap_sss_cmd_done(struct cli_ctx *cctx, void *freectx)
346 : {
347 31 : struct sss_packet *packet = cctx->creq->out;
348 : uint8_t *body;
349 : size_t blen;
350 : cmd_cb_fn_t check_cb;
351 :
352 31 : assert_non_null(packet);
353 :
354 31 : check_cb = sss_mock_ptr_type(cmd_cb_fn_t);
355 :
356 31 : __real_sss_packet_get_body(packet, &body, &blen);
357 :
358 31 : pam_test_ctx->tctx->error = check_cb(sss_packet_get_status(packet),
359 : body, blen);
360 31 : pam_test_ctx->tctx->done = true;
361 31 : }
362 :
363 31 : enum sss_cli_command __wrap_sss_packet_get_cmd(struct sss_packet *packet)
364 : {
365 31 : return sss_mock_type(enum sss_cli_command);
366 : }
367 :
368 0 : int __wrap_sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx)
369 : {
370 0 : pam_test_ctx->tctx->done = true;
371 0 : pam_test_ctx->tctx->error = ENOENT;
372 0 : return EOK;
373 : }
374 :
375 31 : static void set_cmd_cb(cmd_cb_fn_t fn)
376 : {
377 31 : will_return(__wrap_sss_cmd_done, fn);
378 31 : }
379 :
380 25 : int __wrap_pam_dp_send_req(struct pam_auth_req *preq, int timeout)
381 : {
382 :
383 : /* Set expected status */
384 25 : preq->pd->pam_status = pam_test_ctx->exp_pam_status;
385 :
386 25 : preq->callback(preq);
387 :
388 25 : return EOK;
389 : }
390 :
391 22 : static void mock_input_pam(TALLOC_CTX *mem_ctx, const char *name,
392 : const char *pwd, const char *fa2)
393 : {
394 : size_t buf_size;
395 : uint8_t *m_buf;
396 : uint8_t *buf;
397 22 : struct pam_items pi = { 0 };
398 : int ret;
399 : size_t needed_size;
400 : uint8_t *authtok;
401 :
402 22 : if (name != NULL) {
403 22 : pi.pam_user = name;
404 22 : pi.pam_user_size = strlen(pi.pam_user) + 1;
405 : } else {
406 0 : pi.pam_user = "";
407 0 : pi.pam_user_size = 0;
408 : }
409 :
410 22 : if (pwd != NULL) {
411 12 : if (fa2 != NULL) {
412 4 : ret = sss_auth_pack_2fa_blob(pwd, 0, fa2, 0, NULL, 0, &needed_size);
413 4 : assert_int_equal(ret, EAGAIN);
414 :
415 4 : authtok = talloc_size(mem_ctx, needed_size);
416 4 : assert_non_null(authtok);
417 :
418 4 : ret = sss_auth_pack_2fa_blob(pwd, 0, fa2, 0, authtok,
419 : needed_size, &needed_size);
420 4 : assert_int_equal(ret, EOK);
421 :
422 4 : pi.pam_authtok = (char *) authtok;
423 4 : pi.pam_authtok_size = needed_size;
424 4 : pi.pam_authtok_type = SSS_AUTHTOK_TYPE_2FA;
425 : } else {
426 8 : pi.pam_authtok = discard_const(pwd);
427 8 : pi.pam_authtok_size = strlen(pi.pam_authtok) + 1;
428 8 : pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
429 : }
430 : }
431 :
432 22 : pi.pam_service = "ssh";
433 22 : pi.pam_service_size = strlen(pi.pam_service) + 1;
434 22 : pi.pam_tty = "/dev/tty";
435 22 : pi.pam_tty_size = strlen(pi.pam_tty) + 1;
436 22 : pi.pam_ruser = "remuser";
437 22 : pi.pam_ruser_size = strlen(pi.pam_ruser) + 1;
438 22 : pi.pam_rhost = "remhost";
439 22 : pi.pam_rhost_size = strlen(pi.pam_rhost) + 1;
440 22 : pi.requested_domains = "";
441 22 : pi.cli_pid = 12345;
442 :
443 22 : ret = pack_message_v3(&pi, &buf_size, &m_buf);
444 22 : assert_int_equal(ret, 0);
445 :
446 22 : buf = talloc_memdup(mem_ctx, m_buf, buf_size);
447 22 : free(m_buf);
448 22 : assert_non_null(buf);
449 :
450 22 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER);
451 22 : will_return(__wrap_sss_packet_get_body, buf);
452 22 : will_return(__wrap_sss_packet_get_body, buf_size);
453 22 : }
454 :
455 9 : static void mock_input_pam_cert(TALLOC_CTX *mem_ctx, const char *name,
456 : const char *pin)
457 : {
458 : size_t buf_size;
459 : uint8_t *m_buf;
460 : uint8_t *buf;
461 9 : struct pam_items pi = { 0 };
462 : int ret;
463 :
464 9 : if (name != NULL) {
465 5 : pi.pam_user = name;
466 5 : pi.pam_user_size = strlen(pi.pam_user) + 1;
467 : } else {
468 4 : pi.pam_user = "";
469 4 : pi.pam_user_size = 0;
470 : }
471 :
472 9 : if (pin != NULL) {
473 1 : pi.pam_authtok = discard_const(pin);
474 1 : pi.pam_authtok_size = strlen(pi.pam_authtok) + 1;
475 1 : pi.pam_authtok_type = SSS_AUTHTOK_TYPE_SC_PIN;
476 : }
477 :
478 9 : pi.pam_service = "login";
479 9 : pi.pam_service_size = strlen(pi.pam_service) + 1;
480 9 : pi.pam_tty = "/dev/tty";
481 9 : pi.pam_tty_size = strlen(pi.pam_tty) + 1;
482 9 : pi.pam_ruser = "remuser";
483 9 : pi.pam_ruser_size = strlen(pi.pam_ruser) + 1;
484 9 : pi.pam_rhost = "remhost";
485 9 : pi.pam_rhost_size = strlen(pi.pam_rhost) + 1;
486 9 : pi.requested_domains = "";
487 9 : pi.cli_pid = 12345;
488 :
489 9 : ret = pack_message_v3(&pi, &buf_size, &m_buf);
490 9 : assert_int_equal(ret, 0);
491 :
492 9 : buf = talloc_memdup(mem_ctx, m_buf, buf_size);
493 9 : free(m_buf);
494 9 : assert_non_null(buf);
495 :
496 9 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER);
497 9 : will_return(__wrap_sss_packet_get_body, buf);
498 9 : will_return(__wrap_sss_packet_get_body, buf_size);
499 9 : }
500 :
501 24 : static int test_pam_simple_check(uint32_t status, uint8_t *body, size_t blen)
502 : {
503 24 : size_t rp = 0;
504 : uint32_t val;
505 :
506 24 : assert_int_equal(status, 0);
507 :
508 24 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
509 24 : assert_int_equal(val, pam_test_ctx->exp_pam_status);
510 :
511 24 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
512 24 : assert_int_equal(val, 1);
513 :
514 24 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
515 24 : assert_int_equal(val, SSS_PAM_DOMAIN_NAME);
516 :
517 24 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
518 24 : assert_int_equal(val, 9);
519 :
520 24 : assert_int_equal(*(body + rp + val - 1), 0);
521 24 : assert_string_equal(body + rp, TEST_DOM_NAME);
522 :
523 24 : return EOK;
524 : }
525 :
526 2 : static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen)
527 : {
528 2 : size_t rp = 0;
529 : uint32_t val;
530 :
531 2 : assert_int_equal(status, 0);
532 :
533 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
534 2 : assert_int_equal(val, pam_test_ctx->exp_pam_status);
535 :
536 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
537 2 : assert_int_equal(val, 2);
538 :
539 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
540 2 : assert_int_equal(val, SSS_PAM_DOMAIN_NAME);
541 :
542 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
543 2 : assert_int_equal(val, 9);
544 :
545 2 : assert_int_equal(*(body + rp + val - 1), 0);
546 2 : assert_string_equal(body + rp, TEST_DOM_NAME);
547 2 : rp += val;
548 :
549 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
550 2 : assert_int_equal(val, SSS_PAM_CERT_INFO);
551 :
552 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
553 2 : assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME)));
554 :
555 2 : assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0);
556 2 : assert_string_equal(body + rp, "pamuser");
557 2 : rp += sizeof("pamuser");
558 :
559 2 : assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
560 2 : assert_string_equal(body + rp, TEST_TOKEN_NAME);
561 :
562 2 : return EOK;
563 : }
564 :
565 :
566 2 : static int test_pam_offline_chauthtok_check(uint32_t status,
567 : uint8_t *body, size_t blen)
568 : {
569 2 : size_t rp = 0;
570 : uint32_t val;
571 :
572 2 : pam_test_ctx->exp_pam_status = PAM_AUTHTOK_ERR;
573 :
574 2 : assert_int_equal(status, 0);
575 :
576 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
577 2 : assert_int_equal(val, pam_test_ctx->exp_pam_status);
578 :
579 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
580 2 : assert_int_equal(val, 2);
581 :
582 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
583 2 : assert_int_equal(val, SSS_PAM_DOMAIN_NAME);
584 :
585 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
586 2 : assert_int_equal(val, 9);
587 :
588 2 : assert_int_equal(*(body + rp + val - 1), 0);
589 2 : assert_string_equal(body + rp, TEST_DOM_NAME);
590 2 : rp += val;
591 :
592 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
593 2 : assert_int_equal(val, SSS_PAM_USER_INFO);
594 :
595 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
596 2 : assert_int_equal(val, 4);
597 :
598 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
599 2 : assert_int_equal(val, SSS_PAM_USER_INFO_OFFLINE_CHPASS);
600 :
601 2 : return EOK;
602 : }
603 :
604 :
605 1 : static int test_pam_failed_offline_auth_check(uint32_t status, uint8_t *body,
606 : size_t blen)
607 : {
608 1 : pam_test_ctx->exp_pam_status = PAM_PERM_DENIED;
609 1 : return test_pam_simple_check(status, body, blen);
610 : }
611 :
612 5 : static int test_pam_successful_offline_auth_check(uint32_t status,
613 : uint8_t *body, size_t blen)
614 : {
615 5 : pam_test_ctx->exp_pam_status = PAM_SUCCESS;
616 5 : return test_pam_simple_check(status, body, blen);
617 : }
618 :
619 6 : static int test_pam_wrong_pw_offline_auth_check(uint32_t status,
620 : uint8_t *body, size_t blen)
621 : {
622 6 : pam_test_ctx->exp_pam_status = PAM_AUTH_ERR;
623 6 : return test_pam_simple_check(status, body, blen);
624 : }
625 :
626 1 : static int test_pam_creds_insufficient_check(uint32_t status,
627 : uint8_t *body, size_t blen)
628 : {
629 1 : size_t rp = 0;
630 : uint32_t val;
631 :
632 1 : assert_int_equal(status, 0);
633 :
634 1 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
635 1 : assert_int_equal(val, PAM_CRED_INSUFFICIENT);
636 :
637 1 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
638 1 : assert_int_equal(val, 0);
639 :
640 1 : return EOK;
641 : }
642 :
643 2 : static int test_pam_user_unknown_check(uint32_t status,
644 : uint8_t *body, size_t blen)
645 : {
646 2 : size_t rp = 0;
647 : uint32_t val;
648 :
649 2 : assert_int_equal(status, 0);
650 :
651 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
652 2 : assert_int_equal(val, PAM_USER_UNKNOWN);
653 :
654 2 : SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
655 2 : assert_int_equal(val, 0);
656 :
657 2 : return EOK;
658 : }
659 :
660 1 : void test_pam_authenticate(void **state)
661 : {
662 : int ret;
663 :
664 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
665 :
666 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
667 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
668 :
669 1 : set_cmd_cb(test_pam_simple_check);
670 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
671 1 : pam_test_ctx->pam_cmds);
672 1 : assert_int_equal(ret, EOK);
673 :
674 : /* Wait until the test finishes with EOK */
675 1 : ret = test_ev_loop(pam_test_ctx->tctx);
676 1 : assert_int_equal(ret, EOK);
677 1 : }
678 :
679 1 : void test_pam_setcreds(void **state)
680 : {
681 : int ret;
682 :
683 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
684 :
685 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_SETCRED);
686 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
687 :
688 1 : set_cmd_cb(test_pam_simple_check);
689 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_SETCRED,
690 1 : pam_test_ctx->pam_cmds);
691 1 : assert_int_equal(ret, EOK);
692 :
693 : /* Wait until the test finishes with EOK */
694 1 : ret = test_ev_loop(pam_test_ctx->tctx);
695 1 : assert_int_equal(ret, EOK);
696 1 : }
697 :
698 1 : void test_pam_acct_mgmt(void **state)
699 : {
700 : int ret;
701 :
702 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
703 :
704 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_ACCT_MGMT);
705 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
706 :
707 1 : set_cmd_cb(test_pam_simple_check);
708 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_ACCT_MGMT,
709 1 : pam_test_ctx->pam_cmds);
710 1 : assert_int_equal(ret, EOK);
711 :
712 : /* Wait until the test finishes with EOK */
713 1 : ret = test_ev_loop(pam_test_ctx->tctx);
714 1 : assert_int_equal(ret, EOK);
715 1 : }
716 :
717 1 : void test_pam_open_session(void **state)
718 : {
719 : int ret;
720 :
721 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
722 :
723 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_OPEN_SESSION);
724 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
725 :
726 1 : pam_test_ctx->exp_pam_status = PAM_NO_MODULE_DATA;
727 1 : set_cmd_cb(test_pam_simple_check);
728 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_OPEN_SESSION,
729 1 : pam_test_ctx->pam_cmds);
730 1 : assert_int_equal(ret, EOK);
731 :
732 : /* Wait until the test finishes with EOK */
733 1 : ret = test_ev_loop(pam_test_ctx->tctx);
734 1 : assert_int_equal(ret, EOK);
735 1 : }
736 :
737 1 : void test_pam_close_session(void **state)
738 : {
739 : int ret;
740 :
741 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
742 :
743 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CLOSE_SESSION);
744 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
745 :
746 1 : set_cmd_cb(test_pam_simple_check);
747 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CLOSE_SESSION,
748 1 : pam_test_ctx->pam_cmds);
749 1 : assert_int_equal(ret, EOK);
750 :
751 : /* Wait until the test finishes with EOK */
752 1 : ret = test_ev_loop(pam_test_ctx->tctx);
753 1 : assert_int_equal(ret, EOK);
754 1 : }
755 :
756 1 : void test_pam_chauthtok(void **state)
757 : {
758 : int ret;
759 :
760 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
761 :
762 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CHAUTHTOK);
763 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
764 :
765 1 : set_cmd_cb(test_pam_simple_check);
766 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CHAUTHTOK,
767 1 : pam_test_ctx->pam_cmds);
768 1 : assert_int_equal(ret, EOK);
769 :
770 : /* Wait until the test finishes with EOK */
771 1 : ret = test_ev_loop(pam_test_ctx->tctx);
772 1 : assert_int_equal(ret, EOK);
773 1 : }
774 :
775 1 : void test_pam_chauthtok_prelim(void **state)
776 : {
777 : int ret;
778 :
779 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
780 :
781 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CHAUTHTOK_PRELIM);
782 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
783 :
784 1 : set_cmd_cb(test_pam_simple_check);
785 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CHAUTHTOK_PRELIM,
786 1 : pam_test_ctx->pam_cmds);
787 1 : assert_int_equal(ret, EOK);
788 :
789 : /* Wait until the test finishes with EOK */
790 1 : ret = test_ev_loop(pam_test_ctx->tctx);
791 1 : assert_int_equal(ret, EOK);
792 1 : }
793 :
794 1 : void test_pam_preauth(void **state)
795 : {
796 : int ret;
797 :
798 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
799 :
800 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
801 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
802 :
803 1 : set_cmd_cb(test_pam_simple_check);
804 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
805 1 : pam_test_ctx->pam_cmds);
806 1 : assert_int_equal(ret, EOK);
807 :
808 : /* Wait until the test finishes with EOK */
809 1 : ret = test_ev_loop(pam_test_ctx->tctx);
810 1 : assert_int_equal(ret, EOK);
811 1 : }
812 :
813 1 : void test_pam_offline_auth_no_hash(void **state)
814 : {
815 : int ret;
816 :
817 1 : mock_input_pam(pam_test_ctx, "pamuser", "12345", NULL);
818 :
819 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
820 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
821 :
822 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
823 :
824 1 : set_cmd_cb(test_pam_failed_offline_auth_check);
825 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
826 1 : pam_test_ctx->pam_cmds);
827 1 : assert_int_equal(ret, EOK);
828 :
829 : /* Wait until the test finishes with EOK */
830 1 : ret = test_ev_loop(pam_test_ctx->tctx);
831 1 : assert_int_equal(ret, EOK);
832 1 : }
833 :
834 1 : void test_pam_offline_auth_success(void **state)
835 : {
836 : int ret;
837 :
838 1 : ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345");
839 1 : assert_int_equal(ret, EOK);
840 :
841 1 : mock_input_pam(pam_test_ctx, "pamuser", "12345", NULL);
842 :
843 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
844 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
845 :
846 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
847 :
848 1 : set_cmd_cb(test_pam_successful_offline_auth_check);
849 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
850 1 : pam_test_ctx->pam_cmds);
851 1 : assert_int_equal(ret, EOK);
852 :
853 : /* Wait until the test finishes with EOK */
854 1 : ret = test_ev_loop(pam_test_ctx->tctx);
855 1 : assert_int_equal(ret, EOK);
856 1 : }
857 :
858 1 : void test_pam_offline_auth_wrong_pw(void **state)
859 : {
860 : int ret;
861 :
862 1 : ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345");
863 1 : assert_int_equal(ret, EOK);
864 :
865 1 : mock_input_pam(pam_test_ctx, "pamuser", "11111", NULL);
866 :
867 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
868 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
869 :
870 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
871 :
872 1 : set_cmd_cb(test_pam_wrong_pw_offline_auth_check);
873 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
874 1 : pam_test_ctx->pam_cmds);
875 1 : assert_int_equal(ret, EOK);
876 :
877 : /* Wait until the test finishes with EOK */
878 1 : ret = test_ev_loop(pam_test_ctx->tctx);
879 1 : assert_int_equal(ret, EOK);
880 1 : }
881 :
882 1 : void test_pam_offline_auth_success_2fa(void **state)
883 : {
884 : int ret;
885 :
886 1 : ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345");
887 1 : assert_int_equal(ret, EOK);
888 :
889 1 : mock_input_pam(pam_test_ctx, "pamuser", "12345", "abcde");
890 :
891 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
892 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
893 :
894 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
895 :
896 1 : set_cmd_cb(test_pam_successful_offline_auth_check);
897 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
898 1 : pam_test_ctx->pam_cmds);
899 1 : assert_int_equal(ret, EOK);
900 :
901 : /* Wait until the test finishes with EOK */
902 1 : ret = test_ev_loop(pam_test_ctx->tctx);
903 1 : assert_int_equal(ret, EOK);
904 1 : }
905 :
906 1 : void test_pam_offline_auth_failed_2fa(void **state)
907 : {
908 : int ret;
909 :
910 1 : ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345");
911 1 : assert_int_equal(ret, EOK);
912 :
913 1 : mock_input_pam(pam_test_ctx, "pamuser", "11111", "abcde");
914 :
915 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
916 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
917 :
918 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
919 :
920 1 : set_cmd_cb(test_pam_wrong_pw_offline_auth_check);
921 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
922 1 : pam_test_ctx->pam_cmds);
923 1 : assert_int_equal(ret, EOK);
924 :
925 : /* Wait until the test finishes with EOK */
926 1 : ret = test_ev_loop(pam_test_ctx->tctx);
927 1 : assert_int_equal(ret, EOK);
928 1 : }
929 :
930 1 : void test_pam_offline_auth_success_2fa_with_cached_2fa(void **state)
931 : {
932 : int ret;
933 :
934 1 : ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345",
935 : SSS_AUTHTOK_TYPE_2FA, 5);
936 1 : assert_int_equal(ret, EOK);
937 :
938 1 : mock_input_pam(pam_test_ctx, "pamuser", "12345", "abcde");
939 :
940 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
941 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
942 :
943 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
944 :
945 1 : set_cmd_cb(test_pam_successful_offline_auth_check);
946 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
947 1 : pam_test_ctx->pam_cmds);
948 1 : assert_int_equal(ret, EOK);
949 :
950 : /* Wait until the test finishes with EOK */
951 1 : ret = test_ev_loop(pam_test_ctx->tctx);
952 1 : assert_int_equal(ret, EOK);
953 1 : }
954 :
955 1 : void test_pam_offline_auth_failed_2fa_with_cached_2fa(void **state)
956 : {
957 : int ret;
958 :
959 1 : ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345",
960 : SSS_AUTHTOK_TYPE_2FA, 5);
961 1 : assert_int_equal(ret, EOK);
962 :
963 1 : mock_input_pam(pam_test_ctx, "pamuser", "11111", "abcde");
964 :
965 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
966 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
967 :
968 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
969 :
970 1 : set_cmd_cb(test_pam_wrong_pw_offline_auth_check);
971 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
972 1 : pam_test_ctx->pam_cmds);
973 1 : assert_int_equal(ret, EOK);
974 :
975 : /* Wait until the test finishes with EOK */
976 1 : ret = test_ev_loop(pam_test_ctx->tctx);
977 1 : assert_int_equal(ret, EOK);
978 1 : }
979 :
980 1 : void test_pam_offline_auth_success_pw_with_cached_2fa(void **state)
981 : {
982 : int ret;
983 :
984 1 : ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345",
985 : SSS_AUTHTOK_TYPE_2FA, 5);
986 1 : assert_int_equal(ret, EOK);
987 :
988 1 : mock_input_pam(pam_test_ctx, "pamuser", "12345", NULL);
989 :
990 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
991 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
992 :
993 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
994 :
995 1 : set_cmd_cb(test_pam_successful_offline_auth_check);
996 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
997 1 : pam_test_ctx->pam_cmds);
998 1 : assert_int_equal(ret, EOK);
999 :
1000 : /* Wait until the test finishes with EOK */
1001 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1002 1 : assert_int_equal(ret, EOK);
1003 1 : }
1004 :
1005 1 : void test_pam_offline_auth_failed_pw_with_cached_2fa(void **state)
1006 : {
1007 : int ret;
1008 :
1009 1 : ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345",
1010 : SSS_AUTHTOK_TYPE_2FA, 5);
1011 1 : assert_int_equal(ret, EOK);
1012 :
1013 1 : mock_input_pam(pam_test_ctx, "pamuser", "11111", NULL);
1014 :
1015 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
1016 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1017 :
1018 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
1019 :
1020 1 : set_cmd_cb(test_pam_wrong_pw_offline_auth_check);
1021 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
1022 1 : pam_test_ctx->pam_cmds);
1023 1 : assert_int_equal(ret, EOK);
1024 :
1025 : /* Wait until the test finishes with EOK */
1026 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1027 1 : assert_int_equal(ret, EOK);
1028 1 : }
1029 :
1030 1 : void test_pam_offline_auth_success_combined_pw_with_cached_2fa(void **state)
1031 : {
1032 : int ret;
1033 :
1034 1 : ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser",
1035 : "12345678", SSS_AUTHTOK_TYPE_2FA, 5);
1036 1 : assert_int_equal(ret, EOK);
1037 :
1038 1 : mock_input_pam(pam_test_ctx, "pamuser", "12345678abcde", NULL);
1039 :
1040 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
1041 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1042 :
1043 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
1044 :
1045 1 : set_cmd_cb(test_pam_successful_offline_auth_check);
1046 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
1047 1 : pam_test_ctx->pam_cmds);
1048 1 : assert_int_equal(ret, EOK);
1049 :
1050 : /* Wait until the test finishes with EOK */
1051 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1052 1 : assert_int_equal(ret, EOK);
1053 1 : }
1054 :
1055 1 : void test_pam_offline_auth_failed_combined_pw_with_cached_2fa(void **state)
1056 : {
1057 : int ret;
1058 :
1059 1 : ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser",
1060 : "12345678", SSS_AUTHTOK_TYPE_2FA, 5);
1061 1 : assert_int_equal(ret, EOK);
1062 :
1063 1 : mock_input_pam(pam_test_ctx, "pamuser", "11111111abcde", NULL);
1064 :
1065 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
1066 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1067 :
1068 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
1069 :
1070 1 : set_cmd_cb(test_pam_wrong_pw_offline_auth_check);
1071 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
1072 1 : pam_test_ctx->pam_cmds);
1073 1 : assert_int_equal(ret, EOK);
1074 :
1075 : /* Wait until the test finishes with EOK */
1076 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1077 1 : assert_int_equal(ret, EOK);
1078 1 : }
1079 :
1080 1 : void test_pam_offline_auth_failed_wrong_2fa_size_with_cached_2fa(void **state)
1081 : {
1082 : int ret;
1083 :
1084 1 : ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser",
1085 : "12345678", SSS_AUTHTOK_TYPE_2FA, 5);
1086 1 : assert_int_equal(ret, EOK);
1087 :
1088 1 : mock_input_pam(pam_test_ctx, "pamuser", "12345678abcd", NULL);
1089 :
1090 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
1091 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1092 :
1093 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
1094 :
1095 1 : set_cmd_cb(test_pam_wrong_pw_offline_auth_check);
1096 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
1097 1 : pam_test_ctx->pam_cmds);
1098 1 : assert_int_equal(ret, EOK);
1099 :
1100 : /* Wait until the test finishes with EOK */
1101 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1102 1 : assert_int_equal(ret, EOK);
1103 1 : }
1104 :
1105 1 : void test_pam_offline_chauthtok_prelim(void **state)
1106 : {
1107 : int ret;
1108 :
1109 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
1110 :
1111 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CHAUTHTOK_PRELIM);
1112 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1113 :
1114 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
1115 :
1116 1 : set_cmd_cb(test_pam_offline_chauthtok_check);
1117 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CHAUTHTOK_PRELIM,
1118 1 : pam_test_ctx->pam_cmds);
1119 1 : assert_int_equal(ret, EOK);
1120 :
1121 : /* Wait until the test finishes with EOK */
1122 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1123 1 : assert_int_equal(ret, EOK);
1124 1 : }
1125 :
1126 1 : void test_pam_offline_chauthtok(void **state)
1127 : {
1128 : int ret;
1129 :
1130 1 : mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
1131 :
1132 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CHAUTHTOK);
1133 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1134 :
1135 1 : pam_test_ctx->exp_pam_status = PAM_AUTHINFO_UNAVAIL;
1136 :
1137 1 : set_cmd_cb(test_pam_offline_chauthtok_check);
1138 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CHAUTHTOK,
1139 1 : pam_test_ctx->pam_cmds);
1140 1 : assert_int_equal(ret, EOK);
1141 :
1142 : /* Wait until the test finishes with EOK */
1143 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1144 1 : assert_int_equal(ret, EOK);
1145 1 : }
1146 :
1147 1 : void test_pam_preauth_no_logon_name(void **state)
1148 : {
1149 : int ret;
1150 :
1151 1 : mock_input_pam_cert(pam_test_ctx, NULL, NULL);
1152 :
1153 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1154 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1155 :
1156 1 : set_cmd_cb(test_pam_creds_insufficient_check);
1157 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1158 1 : pam_test_ctx->pam_cmds);
1159 1 : assert_int_equal(ret, EOK);
1160 :
1161 : /* Wait until the test finishes with EOK */
1162 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1163 1 : assert_int_equal(ret, EOK);
1164 1 : }
1165 :
1166 8 : static void set_cert_auth_param(struct pam_ctx *pctx, const char *dbpath)
1167 : {
1168 8 : pam_test_ctx->pctx->cert_auth = true;
1169 8 : pam_test_ctx->pctx->nss_db = discard_const(dbpath);
1170 8 : }
1171 :
1172 1 : void test_pam_preauth_cert_nocert(void **state)
1173 : {
1174 : int ret;
1175 :
1176 1 : set_cert_auth_param(pam_test_ctx->pctx, "/no/path");
1177 :
1178 1 : mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
1179 :
1180 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1181 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1182 :
1183 1 : set_cmd_cb(test_pam_simple_check);
1184 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1185 1 : pam_test_ctx->pam_cmds);
1186 1 : assert_int_equal(ret, EOK);
1187 :
1188 : /* Wait until the test finishes with EOK */
1189 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1190 1 : assert_int_equal(ret, EOK);
1191 1 : }
1192 :
1193 5 : static int test_lookup_by_cert_cb(void *pvt)
1194 : {
1195 : int ret;
1196 : struct sysdb_attrs *attrs;
1197 5 : unsigned char *der = NULL;
1198 : size_t der_size;
1199 :
1200 5 : if (pvt != NULL) {
1201 :
1202 3 : attrs = sysdb_new_attrs(pam_test_ctx);
1203 3 : assert_non_null(attrs);
1204 :
1205 3 : der = sss_base64_decode(pam_test_ctx, pvt, &der_size);
1206 3 : assert_non_null(der);
1207 :
1208 3 : ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_CERT, der, der_size);
1209 3 : talloc_free(der);
1210 3 : assert_int_equal(ret, EOK);
1211 :
1212 3 : ret = sysdb_set_user_attr(pam_test_ctx->tctx->dom, "pamuser", attrs,
1213 : LDB_FLAG_MOD_ADD);
1214 3 : assert_int_equal(ret, EOK);
1215 : }
1216 :
1217 5 : return EOK;
1218 : }
1219 :
1220 1 : static int test_lookup_by_cert_wrong_user_cb(void *pvt)
1221 : {
1222 : int ret;
1223 : struct sysdb_attrs *attrs;
1224 1 : unsigned char *der = NULL;
1225 : size_t der_size;
1226 :
1227 1 : if (pvt != NULL) {
1228 1 : attrs = sysdb_new_attrs(pam_test_ctx);
1229 1 : assert_non_null(attrs);
1230 :
1231 1 : der = sss_base64_decode(pam_test_ctx, pvt, &der_size);
1232 1 : assert_non_null(der);
1233 :
1234 1 : ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_CERT, der, der_size);
1235 1 : talloc_free(der);
1236 1 : assert_int_equal(ret, EOK);
1237 :
1238 1 : ret = sysdb_set_user_attr(pam_test_ctx->tctx->dom, "wronguser", attrs,
1239 : LDB_FLAG_MOD_ADD);
1240 1 : assert_int_equal(ret, EOK);
1241 : }
1242 :
1243 1 : return EOK;
1244 : }
1245 :
1246 :
1247 1 : void test_pam_preauth_cert_nomatch(void **state)
1248 : {
1249 : int ret;
1250 :
1251 1 : set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
1252 :
1253 1 : mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
1254 :
1255 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1256 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1257 1 : mock_account_recv(0, 0, NULL, test_lookup_by_cert_cb, NULL);
1258 :
1259 1 : set_cmd_cb(test_pam_simple_check);
1260 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1261 1 : pam_test_ctx->pam_cmds);
1262 1 : assert_int_equal(ret, EOK);
1263 :
1264 : /* Wait until the test finishes with EOK */
1265 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1266 1 : assert_int_equal(ret, EOK);
1267 1 : }
1268 :
1269 1 : void test_pam_preauth_cert_match(void **state)
1270 : {
1271 : int ret;
1272 :
1273 1 : set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
1274 :
1275 1 : mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
1276 :
1277 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1278 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1279 1 : mock_account_recv(0, 0, NULL, test_lookup_by_cert_cb,
1280 : discard_const(TEST_TOKEN_CERT));
1281 :
1282 1 : set_cmd_cb(test_pam_cert_check);
1283 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1284 1 : pam_test_ctx->pam_cmds);
1285 1 : assert_int_equal(ret, EOK);
1286 :
1287 : /* Wait until the test finishes with EOK */
1288 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1289 1 : assert_int_equal(ret, EOK);
1290 1 : }
1291 :
1292 1 : void test_pam_preauth_cert_match_wrong_user(void **state)
1293 : {
1294 : int ret;
1295 :
1296 1 : set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
1297 :
1298 1 : mock_input_pam_cert(pam_test_ctx, "pamuser", NULL);
1299 :
1300 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1301 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1302 1 : mock_account_recv(0, 0, NULL, test_lookup_by_cert_wrong_user_cb,
1303 : discard_const(TEST_TOKEN_CERT));
1304 :
1305 1 : set_cmd_cb(test_pam_simple_check);
1306 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1307 1 : pam_test_ctx->pam_cmds);
1308 1 : assert_int_equal(ret, EOK);
1309 :
1310 : /* Wait until the test finishes with EOK */
1311 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1312 1 : assert_int_equal(ret, EOK);
1313 1 : }
1314 :
1315 :
1316 1 : void test_pam_preauth_cert_no_logon_name(void **state)
1317 : {
1318 : int ret;
1319 :
1320 1 : set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
1321 :
1322 1 : mock_input_pam_cert(pam_test_ctx, NULL, NULL);
1323 :
1324 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1325 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1326 1 : mock_account_recv(0, 0, NULL, test_lookup_by_cert_cb,
1327 : discard_const(TEST_TOKEN_CERT));
1328 :
1329 1 : set_cmd_cb(test_pam_cert_check);
1330 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1331 1 : pam_test_ctx->pam_cmds);
1332 1 : assert_int_equal(ret, EOK);
1333 :
1334 : /* Wait until the test finishes with EOK */
1335 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1336 1 : assert_int_equal(ret, EOK);
1337 1 : }
1338 :
1339 1 : void test_pam_preauth_no_cert_no_logon_name(void **state)
1340 : {
1341 : int ret;
1342 :
1343 1 : set_cert_auth_param(pam_test_ctx->pctx, "/no/path");
1344 :
1345 1 : mock_input_pam_cert(pam_test_ctx, NULL, NULL);
1346 :
1347 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1348 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1349 :
1350 1 : set_cmd_cb(test_pam_user_unknown_check);
1351 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1352 1 : pam_test_ctx->pam_cmds);
1353 1 : assert_int_equal(ret, EOK);
1354 :
1355 : /* Wait until the test finishes with EOK */
1356 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1357 1 : assert_int_equal(ret, EOK);
1358 1 : }
1359 :
1360 1 : void test_pam_preauth_cert_no_logon_name_no_match(void **state)
1361 : {
1362 : int ret;
1363 :
1364 1 : set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
1365 :
1366 1 : mock_input_pam_cert(pam_test_ctx, NULL, NULL);
1367 :
1368 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1369 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1370 1 : mock_account_recv(0, 0, NULL, test_lookup_by_cert_cb, NULL);
1371 :
1372 1 : set_cmd_cb(test_pam_user_unknown_check);
1373 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1374 1 : pam_test_ctx->pam_cmds);
1375 1 : assert_int_equal(ret, EOK);
1376 :
1377 : /* Wait until the test finishes with EOK */
1378 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1379 1 : assert_int_equal(ret, EOK);
1380 1 : }
1381 :
1382 1 : void test_pam_cert_auth(void **state)
1383 : {
1384 : int ret;
1385 :
1386 1 : set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
1387 :
1388 1 : mock_input_pam_cert(pam_test_ctx, "pamuser", "123456");
1389 :
1390 1 : will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
1391 1 : will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1392 1 : mock_account_recv(0, 0, NULL, test_lookup_by_cert_cb,
1393 : discard_const(TEST_TOKEN_CERT));
1394 :
1395 1 : set_cmd_cb(test_pam_simple_check);
1396 1 : ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
1397 1 : pam_test_ctx->pam_cmds);
1398 1 : assert_int_equal(ret, EOK);
1399 :
1400 : /* Wait until the test finishes with EOK */
1401 1 : ret = test_ev_loop(pam_test_ctx->tctx);
1402 1 : assert_int_equal(ret, EOK);
1403 1 : }
1404 :
1405 1 : int main(int argc, const char *argv[])
1406 : {
1407 : int rv;
1408 1 : int no_cleanup = 0;
1409 : poptContext pc;
1410 : int opt;
1411 7 : struct poptOption long_options[] = {
1412 : POPT_AUTOHELP
1413 5 : SSSD_DEBUG_OPTS
1414 : { "no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0,
1415 1 : _("Do not delete the test database after a test run"), NULL },
1416 : POPT_TABLEEND
1417 : };
1418 :
1419 1 : const struct CMUnitTest tests[] = {
1420 : cmocka_unit_test_setup_teardown(test_pam_authenticate,
1421 : pam_test_setup, pam_test_teardown),
1422 : cmocka_unit_test_setup_teardown(test_pam_setcreds,
1423 : pam_test_setup, pam_test_teardown),
1424 : cmocka_unit_test_setup_teardown(test_pam_acct_mgmt,
1425 : pam_test_setup, pam_test_teardown),
1426 : cmocka_unit_test_setup_teardown(test_pam_open_session,
1427 : pam_test_setup, pam_test_teardown),
1428 : cmocka_unit_test_setup_teardown(test_pam_close_session,
1429 : pam_test_setup, pam_test_teardown),
1430 : cmocka_unit_test_setup_teardown(test_pam_chauthtok,
1431 : pam_test_setup, pam_test_teardown),
1432 : cmocka_unit_test_setup_teardown(test_pam_chauthtok_prelim,
1433 : pam_test_setup, pam_test_teardown),
1434 : cmocka_unit_test_setup_teardown(test_pam_preauth,
1435 : pam_test_setup, pam_test_teardown),
1436 : cmocka_unit_test_setup_teardown(test_pam_offline_auth_no_hash,
1437 : pam_test_setup, pam_test_teardown),
1438 : cmocka_unit_test_setup_teardown(test_pam_offline_auth_success,
1439 : pam_test_setup, pam_test_teardown),
1440 : cmocka_unit_test_setup_teardown(test_pam_offline_auth_wrong_pw,
1441 : pam_test_setup, pam_test_teardown),
1442 : cmocka_unit_test_setup_teardown(test_pam_offline_auth_success_2fa,
1443 : pam_test_setup, pam_test_teardown),
1444 : cmocka_unit_test_setup_teardown(test_pam_offline_auth_failed_2fa,
1445 : pam_test_setup, pam_test_teardown),
1446 : cmocka_unit_test_setup_teardown(
1447 : test_pam_offline_auth_success_2fa_with_cached_2fa,
1448 : pam_test_setup, pam_test_teardown),
1449 : cmocka_unit_test_setup_teardown(
1450 : test_pam_offline_auth_failed_2fa_with_cached_2fa,
1451 : pam_test_setup, pam_test_teardown),
1452 : cmocka_unit_test_setup_teardown(
1453 : test_pam_offline_auth_success_pw_with_cached_2fa,
1454 : pam_test_setup, pam_test_teardown),
1455 : cmocka_unit_test_setup_teardown(
1456 : test_pam_offline_auth_failed_pw_with_cached_2fa,
1457 : pam_test_setup, pam_test_teardown),
1458 : cmocka_unit_test_setup_teardown(
1459 : test_pam_offline_auth_success_combined_pw_with_cached_2fa,
1460 : pam_test_setup, pam_test_teardown),
1461 : cmocka_unit_test_setup_teardown(
1462 : test_pam_offline_auth_failed_combined_pw_with_cached_2fa,
1463 : pam_test_setup, pam_test_teardown),
1464 : cmocka_unit_test_setup_teardown(
1465 : test_pam_offline_auth_failed_wrong_2fa_size_with_cached_2fa,
1466 : pam_test_setup, pam_test_teardown),
1467 : cmocka_unit_test_setup_teardown(test_pam_offline_chauthtok_prelim,
1468 : pam_test_setup, pam_test_teardown),
1469 : cmocka_unit_test_setup_teardown(test_pam_offline_chauthtok,
1470 : pam_test_setup, pam_test_teardown),
1471 : cmocka_unit_test_setup_teardown(test_pam_preauth_no_logon_name,
1472 : pam_test_setup, pam_test_teardown),
1473 : /* p11_child is not built without NSS */
1474 : #ifdef HAVE_NSS
1475 : cmocka_unit_test_setup_teardown(test_pam_preauth_cert_nocert,
1476 : pam_test_setup, pam_test_teardown),
1477 : cmocka_unit_test_setup_teardown(test_pam_preauth_cert_nomatch,
1478 : pam_test_setup, pam_test_teardown),
1479 : cmocka_unit_test_setup_teardown(test_pam_preauth_cert_match,
1480 : pam_test_setup, pam_test_teardown),
1481 : cmocka_unit_test_setup_teardown(test_pam_preauth_cert_match_wrong_user,
1482 : pam_test_setup, pam_test_teardown),
1483 : cmocka_unit_test_setup_teardown(test_pam_preauth_cert_no_logon_name,
1484 : pam_test_setup, pam_test_teardown),
1485 : cmocka_unit_test_setup_teardown(test_pam_preauth_no_cert_no_logon_name,
1486 : pam_test_setup, pam_test_teardown),
1487 : cmocka_unit_test_setup_teardown(
1488 : test_pam_preauth_cert_no_logon_name_no_match,
1489 : pam_test_setup, pam_test_teardown),
1490 : cmocka_unit_test_setup_teardown(test_pam_cert_auth,
1491 : pam_test_setup, pam_test_teardown),
1492 : #endif /* HAVE_NSS */
1493 : };
1494 :
1495 : /* Set debug level to invalid value so we can deside if -d 0 was used. */
1496 1 : debug_level = SSSDBG_INVALID;
1497 :
1498 1 : pc = poptGetContext(argv[0], argc, argv, long_options, 0);
1499 1 : while ((opt = poptGetNextOpt(pc)) != -1) {
1500 : switch (opt) {
1501 : default:
1502 0 : fprintf(stderr, "\nInvalid option %s: %s\n\n",
1503 : poptBadOption(pc, 0), poptStrerror(opt));
1504 0 : poptPrintUsage(pc, stderr, 0);
1505 0 : return 1;
1506 : }
1507 : }
1508 1 : poptFreeContext(pc);
1509 :
1510 1 : DEBUG_CLI_INIT(debug_level);
1511 :
1512 : /* Even though normally the tests should clean up after themselves
1513 : * they might not after a failed run. Remove the old db to be sure */
1514 1 : tests_set_cwd();
1515 1 : test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
1516 1 : test_dom_suite_setup(TESTS_PATH);
1517 :
1518 1 : cleanup_nss_db();
1519 1 : rv = setup_nss_db();
1520 1 : if (rv != EOK) {
1521 0 : DEBUG(SSSDBG_FATAL_FAILURE, "setup_nss_db failed.\n");
1522 0 : exit(-1);
1523 : }
1524 :
1525 1 : rv = cmocka_run_group_tests(tests, NULL, NULL);
1526 1 : if (rv == 0 && !no_cleanup) {
1527 1 : cleanup_nss_db();
1528 1 : test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
1529 : }
1530 :
1531 : #ifdef HAVE_NSS
1532 : /* Cleanup NSS and NSPR to make valgrund happy. */
1533 1 : nspr_nss_cleanup();
1534 : #endif
1535 :
1536 1 : return rv;
1537 : }
|
