Line data Source code
1 : /*
2 : SSSD
3 :
4 : Simple access module -- Tests
5 :
6 : Authors:
7 : Sumit Bose <sbose@redhat.com>
8 :
9 : Copyright (C) 2010 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include <stdlib.h>
26 : #include <popt.h>
27 : #include <check.h>
28 :
29 : #include "confdb/confdb.h"
30 : #include "providers/simple/simple_access.h"
31 : #include "tests/common.h"
32 :
33 : #define TESTS_PATH "tp_" BASE_FILE_STEM
34 : #define TEST_CONF_FILE "tests_conf.ldb"
35 :
36 : const char *ulist_1[] = {"u1", "u2", NULL};
37 : const char *glist_1[] = {"g1", "g2", NULL};
38 : const char *glist_1_case[] = {"G1", "G2", NULL};
39 :
40 : struct simple_test_ctx *test_ctx = NULL;
41 :
42 : struct simple_test_ctx {
43 : struct sysdb_ctx *sysdb;
44 : struct confdb_ctx *confdb;
45 : struct tevent_context *ev;
46 : struct be_ctx *be_ctx;
47 : bool done;
48 : int error;
49 :
50 : bool access_granted;
51 : struct simple_ctx *ctx;
52 : };
53 :
54 18 : static int test_loop(struct simple_test_ctx *tctx)
55 : {
56 54 : while (!tctx->done)
57 18 : tevent_loop_once(tctx->ev);
58 :
59 18 : return tctx->error;
60 : }
61 :
62 18 : static void simple_access_check_done(struct tevent_req *req)
63 : {
64 18 : struct simple_test_ctx *tctx =
65 18 : tevent_req_callback_data(req, struct simple_test_ctx);
66 :
67 :
68 18 : tctx->error = simple_access_check_recv(req, &tctx->access_granted);
69 18 : talloc_free(req);
70 18 : tctx->done = true;
71 18 : }
72 :
73 11 : void setup_simple(void)
74 : {
75 : errno_t ret;
76 : char *conf_db;
77 : const char *val[2];
78 11 : val[1] = NULL;
79 :
80 11 : fail_unless(test_ctx == NULL, "Simple context already initialized.");
81 11 : test_ctx = talloc_zero(NULL, struct simple_test_ctx);
82 11 : fail_unless(test_ctx != NULL, "Cannot create simple test context.");
83 :
84 11 : test_ctx->ev = tevent_context_init(test_ctx);
85 11 : fail_unless(test_ctx->ev != NULL, "Cannot create tevent context.");
86 :
87 11 : test_ctx->ctx = talloc_zero(test_ctx, struct simple_ctx);
88 11 : fail_unless(test_ctx->ctx != NULL, "Cannot create simple context.");
89 :
90 : /* Create tests directory if it doesn't exist */
91 : /* (relative to current dir) */
92 11 : ret = mkdir(TESTS_PATH, 0775);
93 11 : fail_if(ret == -1 && errno != EEXIST,
94 : "Could not create %s directory", TESTS_PATH);
95 :
96 11 : conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE);
97 11 : fail_if(conf_db == NULL, "Out of memory, aborting!");
98 11 : DEBUG(SSSDBG_TRACE_LIBS, "CONFDB: %s\n", conf_db);
99 :
100 : /* Connect to the conf db */
101 11 : ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db);
102 11 : fail_if(ret != EOK, "Could not initialize connection to the confdb");
103 :
104 11 : val[0] = "LOCAL";
105 11 : ret = confdb_add_param(test_ctx->confdb, true,
106 : "config/sssd", "domains", val);
107 11 : fail_if(ret != EOK, "Could not initialize domains placeholder");
108 :
109 11 : val[0] = "local";
110 11 : ret = confdb_add_param(test_ctx->confdb, true,
111 : "config/domain/LOCAL", "id_provider", val);
112 11 : fail_if(ret != EOK, "Could not initialize provider");
113 :
114 11 : val[0] = "TRUE";
115 11 : ret = confdb_add_param(test_ctx->confdb, true,
116 : "config/domain/LOCAL", "enumerate", val);
117 11 : fail_if(ret != EOK, "Could not initialize LOCAL domain");
118 :
119 11 : val[0] = "TRUE";
120 11 : ret = confdb_add_param(test_ctx->confdb, true,
121 : "config/domain/LOCAL", "cache_credentials", val);
122 11 : fail_if(ret != EOK, "Could not initialize LOCAL domain");
123 :
124 11 : ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local",
125 11 : TESTS_PATH, &test_ctx->ctx->domain);
126 11 : fail_if(ret != EOK, "Could not initialize connection to the sysdb (%d)", ret);
127 11 : test_ctx->sysdb = test_ctx->ctx->domain->sysdb;
128 11 : test_ctx->ctx->domain->case_sensitive = true;
129 11 : test_ctx->ctx->domain->mpg = false; /* Simulate an LDAP domain better */
130 :
131 : /* be_ctx */
132 11 : test_ctx->be_ctx = talloc_zero(test_ctx, struct be_ctx);
133 11 : fail_if(test_ctx->be_ctx == NULL, "Unable to setup be_ctx");
134 :
135 11 : test_ctx->be_ctx->cdb = test_ctx->confdb;
136 11 : test_ctx->be_ctx->ev = test_ctx->ev;
137 11 : test_ctx->be_ctx->conf_path = "config/domain/LOCAL";
138 11 : test_ctx->be_ctx->domain = test_ctx->ctx->domain;
139 :
140 11 : test_ctx->ctx->be_ctx = test_ctx->be_ctx;
141 :
142 11 : ret = sss_names_init(test_ctx->ctx->domain, test_ctx->confdb,
143 11 : "LOCAL", &test_ctx->be_ctx->domain->names);
144 11 : fail_if(ret != EOK, "Unable to setup domain names (%d)", ret);
145 11 : }
146 :
147 11 : void teardown_simple(void)
148 : {
149 : int ret;
150 11 : fail_unless(test_ctx != NULL, "Simple context already freed.");
151 11 : ret = talloc_free(test_ctx);
152 11 : test_ctx = NULL;
153 11 : fail_unless(ret == 0, "Cannot free simple context.");
154 11 : }
155 :
156 4 : void setup_simple_group(void)
157 : {
158 : errno_t ret;
159 :
160 4 : setup_simple();
161 :
162 : /* Add test users u1 and u2 that would be members of test groups
163 : * g1 and g2 respectively */
164 4 : ret = sysdb_add_group(test_ctx->ctx->domain, "pvt", 999, NULL, 0, 0);
165 4 : fail_if(ret != EOK, "Could not add private group %s", strerror(ret));
166 :
167 4 : ret = sysdb_store_user(test_ctx->ctx->domain,
168 : "u1", NULL, 123, 999, "u1", "/home/u1",
169 : "/bin/bash", NULL, NULL, NULL, -1, 0);
170 4 : fail_if(ret != EOK, "Could not add u1");
171 :
172 4 : ret = sysdb_store_user(test_ctx->ctx->domain,
173 : "u2", NULL, 456, 999, "u1", "/home/u1",
174 : "/bin/bash", NULL, NULL, NULL, -1, 0);
175 4 : fail_if(ret != EOK, "Could not add u2");
176 :
177 4 : ret = sysdb_store_user(test_ctx->ctx->domain,
178 : "u3", NULL, 789, 999, "u1", "/home/u1",
179 : "/bin/bash", NULL, NULL, NULL, -1, 0);
180 4 : fail_if(ret != EOK, "Could not add u3");
181 :
182 4 : ret = sysdb_add_group(test_ctx->ctx->domain, "g1", 321, NULL, 0, 0);
183 4 : fail_if(ret != EOK, "Could not add g1");
184 :
185 4 : ret = sysdb_add_group(test_ctx->ctx->domain, "g2", 654, NULL, 0, 0);
186 4 : fail_if(ret != EOK, "Could not add g2");
187 :
188 4 : ret = sysdb_add_group_member(test_ctx->ctx->domain,
189 : "g1", "u1", SYSDB_MEMBER_USER, false);
190 4 : fail_if(ret != EOK, "Could not add u1 to g1");
191 :
192 4 : ret = sysdb_add_group_member(test_ctx->ctx->domain,
193 : "g2", "u2", SYSDB_MEMBER_USER, false);
194 4 : fail_if(ret != EOK, "Could not add u2 to g2");
195 4 : }
196 :
197 4 : void teardown_simple_group(void)
198 : {
199 : errno_t ret;
200 :
201 4 : ret = sysdb_delete_user(test_ctx->ctx->domain, "u1", 0);
202 4 : fail_if(ret != EOK, "Could not delete u1");
203 4 : ret = sysdb_delete_user(test_ctx->ctx->domain, "u2", 0);
204 4 : fail_if(ret != EOK, "Could not delete u2");
205 4 : ret = sysdb_delete_user(test_ctx->ctx->domain, "u3", 0);
206 4 : fail_if(ret != EOK, "Could not delete u3");
207 4 : ret = sysdb_delete_group(test_ctx->ctx->domain, "g1", 0);
208 4 : fail_if(ret != EOK, "Could not delete g1");
209 4 : ret = sysdb_delete_group(test_ctx->ctx->domain, "g2", 0);
210 4 : fail_if(ret != EOK, "Could not delete g2");
211 4 : ret = sysdb_delete_group(test_ctx->ctx->domain, "pvt", 0);
212 4 : fail_if(ret != EOK, "Could not delete pvt");
213 :
214 4 : teardown_simple();
215 4 : }
216 :
217 1 : void setup_simple_init(void)
218 : {
219 1 : setup_simple();
220 1 : }
221 :
222 1 : void teardown_simple_init(void)
223 : {
224 1 : teardown_simple();
225 1 : }
226 :
227 1 : START_TEST(test_both_empty)
228 : {
229 : struct tevent_req *req;
230 :
231 1 : test_ctx->ctx->allow_users = NULL;
232 1 : test_ctx->ctx->deny_users = NULL;
233 :
234 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
235 1 : test_ctx->ctx, "u1");
236 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
237 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
238 :
239 1 : test_loop(test_ctx);
240 :
241 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
242 1 : fail_unless(test_ctx->access_granted == true,
243 : "Access denied while both lists are empty.");
244 : }
245 1 : END_TEST
246 :
247 1 : START_TEST(test_allow_empty)
248 : {
249 : struct tevent_req *req;
250 :
251 1 : test_ctx->ctx->allow_users = NULL;
252 1 : test_ctx->ctx->deny_users = discard_const(ulist_1);
253 :
254 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
255 1 : test_ctx->ctx, "u1");
256 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
257 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
258 :
259 1 : test_loop(test_ctx);
260 1 : test_ctx->done = false;
261 :
262 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
263 1 : fail_unless(test_ctx->access_granted == false,
264 : "Access granted while user is in deny list.");
265 :
266 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
267 1 : test_ctx->ctx, "u3");
268 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
269 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
270 :
271 1 : test_loop(test_ctx);
272 :
273 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
274 1 : fail_unless(test_ctx->access_granted == true,
275 : "Access denied while user is not in deny list.");
276 : }
277 1 : END_TEST
278 :
279 1 : START_TEST(test_deny_empty)
280 : {
281 : struct tevent_req *req;
282 :
283 1 : test_ctx->ctx->allow_users = discard_const(ulist_1);
284 1 : test_ctx->ctx->deny_users = NULL;
285 :
286 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
287 1 : test_ctx->ctx, "u1");
288 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
289 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
290 :
291 1 : test_loop(test_ctx);
292 1 : test_ctx->done = false;
293 :
294 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
295 1 : fail_unless(test_ctx->access_granted == true,
296 : "Access denied while user is in allow list.");
297 :
298 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
299 1 : test_ctx->ctx, "u3");
300 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
301 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
302 :
303 1 : test_loop(test_ctx);
304 :
305 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
306 1 : fail_unless(test_ctx->access_granted == false,
307 : "Access granted while user is not in allow list.");
308 : }
309 1 : END_TEST
310 :
311 1 : START_TEST(test_both_set)
312 : {
313 : struct tevent_req *req;
314 :
315 1 : test_ctx->ctx->allow_users = discard_const(ulist_1);
316 1 : test_ctx->ctx->deny_users = discard_const(ulist_1);
317 :
318 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
319 1 : test_ctx->ctx, "u1");
320 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
321 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
322 :
323 1 : test_loop(test_ctx);
324 1 : test_ctx->done = false;
325 :
326 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
327 1 : fail_unless(test_ctx->access_granted == false,
328 : "Access granted while user is in deny list.");
329 :
330 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
331 1 : test_ctx->ctx, "u3");
332 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
333 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
334 :
335 1 : test_loop(test_ctx);
336 :
337 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
338 1 : fail_unless(test_ctx->access_granted == false,
339 : "Access granted while user is not in allow list.");
340 : }
341 1 : END_TEST
342 :
343 1 : START_TEST(test_case)
344 : {
345 : struct tevent_req *req;
346 :
347 1 : test_ctx->ctx->allow_users = discard_const(ulist_1);
348 1 : test_ctx->ctx->deny_users = NULL;
349 :
350 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
351 1 : test_ctx->ctx, "U1");
352 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
353 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
354 :
355 1 : test_loop(test_ctx);
356 1 : test_ctx->done = false;
357 :
358 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
359 1 : fail_unless(test_ctx->access_granted == false,
360 : "Access granted for user with different case "
361 : "in case-sensitive domain");
362 :
363 1 : test_ctx->ctx->domain->case_sensitive = false;
364 :
365 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
366 1 : test_ctx->ctx, "U1");
367 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
368 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
369 :
370 1 : test_loop(test_ctx);
371 1 : test_ctx->done = false;
372 :
373 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
374 1 : fail_unless(test_ctx->access_granted == true,
375 : "Access denied for user with different case "
376 : "in case-sensitive domain");
377 : }
378 1 : END_TEST
379 :
380 1 : START_TEST(test_unknown_user)
381 : {
382 : struct tevent_req *req;
383 :
384 1 : test_ctx->ctx->allow_users = discard_const(ulist_1);
385 1 : test_ctx->ctx->deny_users = NULL;
386 :
387 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
388 1 : test_ctx->ctx, "foo");
389 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
390 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
391 :
392 1 : test_loop(test_ctx);
393 1 : test_ctx->done = false;
394 :
395 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
396 1 : fail_unless(test_ctx->access_granted == false,
397 : "Access granted for user not present in domain");
398 : }
399 1 : END_TEST
400 :
401 :
402 1 : START_TEST(test_group_allow_empty)
403 : {
404 : struct tevent_req *req;
405 :
406 1 : test_ctx->ctx->allow_groups = NULL;
407 1 : test_ctx->ctx->deny_groups = discard_const(glist_1);
408 :
409 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
410 1 : test_ctx->ctx, "u1");
411 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
412 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
413 :
414 1 : test_loop(test_ctx);
415 1 : test_ctx->done = false;
416 :
417 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
418 1 : fail_unless(test_ctx->access_granted == false,
419 : "Access granted while group is in deny list.");
420 :
421 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
422 1 : test_ctx->ctx, "u3");
423 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
424 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
425 :
426 1 : test_loop(test_ctx);
427 :
428 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
429 1 : fail_unless(test_ctx->access_granted == true,
430 : "Access denied while group is not in deny list.");
431 : }
432 1 : END_TEST
433 :
434 1 : START_TEST(test_group_deny_empty)
435 : {
436 : struct tevent_req *req;
437 :
438 1 : test_ctx->ctx->allow_groups = discard_const(glist_1);
439 1 : test_ctx->ctx->deny_groups = NULL;
440 :
441 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
442 1 : test_ctx->ctx, "u1");
443 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
444 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
445 :
446 1 : test_loop(test_ctx);
447 1 : test_ctx->done = false;
448 :
449 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
450 1 : fail_unless(test_ctx->access_granted == true,
451 : "Access denied while user is in allow list.");
452 :
453 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
454 1 : test_ctx->ctx, "u3");
455 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
456 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
457 :
458 1 : test_loop(test_ctx);
459 :
460 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
461 1 : fail_unless(test_ctx->access_granted == false,
462 : "Access granted while user is not in allow list.");
463 : }
464 1 : END_TEST
465 :
466 1 : START_TEST(test_group_both_set)
467 : {
468 : struct tevent_req *req;
469 :
470 1 : test_ctx->ctx->allow_groups = discard_const(ulist_1);
471 1 : test_ctx->ctx->deny_groups = discard_const(ulist_1);
472 :
473 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
474 1 : test_ctx->ctx, "u1");
475 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
476 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
477 :
478 1 : test_loop(test_ctx);
479 1 : test_ctx->done = false;
480 :
481 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
482 1 : fail_unless(test_ctx->access_granted == false,
483 : "Access granted while user is in deny list.");
484 :
485 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
486 1 : test_ctx->ctx, "u3");
487 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
488 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
489 :
490 1 : test_loop(test_ctx);
491 :
492 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
493 1 : fail_unless(test_ctx->access_granted == false,
494 : "Access granted while user is not in allow list.");
495 : }
496 1 : END_TEST
497 :
498 1 : START_TEST(test_group_case)
499 : {
500 : struct tevent_req *req;
501 :
502 1 : test_ctx->ctx->allow_groups = discard_const(glist_1_case);
503 1 : test_ctx->ctx->deny_groups = NULL;
504 :
505 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
506 1 : test_ctx->ctx, "u1");
507 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
508 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
509 :
510 1 : test_loop(test_ctx);
511 1 : test_ctx->done = false;
512 :
513 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
514 1 : fail_unless(test_ctx->access_granted == false,
515 : "Access granted for user with different case "
516 : "in case-sensitive domain");
517 :
518 1 : test_ctx->ctx->domain->case_sensitive = false;
519 :
520 1 : req = simple_access_check_send(test_ctx, test_ctx->ev,
521 1 : test_ctx->ctx, "u1");
522 1 : fail_unless(test_ctx != NULL, "Cannot create request\n");
523 1 : tevent_req_set_callback(req, simple_access_check_done, test_ctx);
524 :
525 1 : test_loop(test_ctx);
526 1 : test_ctx->done = false;
527 :
528 1 : fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
529 1 : fail_unless(test_ctx->access_granted == true,
530 : "Access denied for user with different case "
531 : "in case-sensitive domain");
532 : }
533 1 : END_TEST
534 :
535 4 : static void check_access_list(char **list, const char **values)
536 : {
537 : int i;
538 :
539 4 : fail_if(values == NULL, "List is empty, but it shouldn't be");
540 :
541 20 : for (i = 0; list[i] != NULL; i++) {
542 16 : fail_if(values[i] == NULL, "List contains too many entries");
543 16 : fail_if(strcmp(list[i], values[i]) != 0, "%s != %s", list[i], values[i]);
544 : }
545 :
546 4 : fail_if(values[i] != NULL, "List contains fewer entries than expected");
547 4 : }
548 :
549 : int sssm_simple_access_init(struct be_ctx *bectx, struct bet_ops **ops,
550 : void **pvt_data);
551 :
552 1 : START_TEST(test_provider_init)
553 : {
554 1 : struct bet_ops *bet_ops = NULL;
555 1 : struct simple_ctx *ctx = NULL;
556 : errno_t ret;
557 :
558 1 : const char *val[2] = {"user-1, user-2@LOCAL, user with space, "
559 : "another space@LOCAL", NULL};
560 :
561 1 : const char *correct[] = {"user-1", "user-2", "user with space",
562 : "another space", NULL};
563 :
564 : /* allow users */
565 1 : ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
566 : "simple_allow_users", val);
567 1 : fail_if(ret != EOK, "Could not setup allow users list");
568 :
569 : /* deny users */
570 1 : ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
571 : "simple_deny_users", val);
572 1 : fail_if(ret != EOK, "Could not setup deny users list");
573 :
574 : /* allow groups */
575 1 : ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
576 : "simple_allow_groups", val);
577 1 : fail_if(ret != EOK, "Could not setup allow groups list");
578 :
579 : /* deny groups */
580 1 : ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
581 : "simple_deny_groups", val);
582 1 : fail_if(ret != EOK, "Could not setup deny groups list");
583 :
584 1 : ret = sssm_simple_access_init(test_ctx->be_ctx, &bet_ops, (void**)&ctx);
585 1 : fail_if(ret != EOK);
586 :
587 1 : DEBUG(SSSDBG_TRACE_FUNC, "Checking allow users list\n");
588 1 : check_access_list(ctx->allow_users, correct);
589 :
590 1 : DEBUG(SSSDBG_TRACE_FUNC, "Checking deny users list\n");
591 1 : check_access_list(ctx->deny_users, correct);
592 :
593 1 : DEBUG(SSSDBG_TRACE_FUNC, "Checking allow groups list\n");
594 1 : check_access_list(ctx->allow_groups, correct);
595 :
596 1 : DEBUG(SSSDBG_TRACE_FUNC, "Checking deny groups list\n");
597 1 : check_access_list(ctx->deny_groups, correct);
598 : }
599 1 : END_TEST
600 :
601 1 : Suite *access_simple_suite (void)
602 : {
603 1 : Suite *s = suite_create("access_simple");
604 :
605 1 : TCase *tc_allow_deny = tcase_create("user allow/deny");
606 1 : tcase_add_checked_fixture(tc_allow_deny, setup_simple, teardown_simple);
607 1 : tcase_add_test(tc_allow_deny, test_both_empty);
608 1 : tcase_add_test(tc_allow_deny, test_allow_empty);
609 1 : tcase_add_test(tc_allow_deny, test_deny_empty);
610 1 : tcase_add_test(tc_allow_deny, test_both_set);
611 1 : tcase_add_test(tc_allow_deny, test_case);
612 1 : tcase_add_test(tc_allow_deny, test_unknown_user);
613 1 : suite_add_tcase(s, tc_allow_deny);
614 :
615 1 : TCase *tc_grp_allow_deny = tcase_create("group allow/deny");
616 1 : tcase_add_checked_fixture(tc_grp_allow_deny,
617 : setup_simple_group, teardown_simple_group);
618 1 : tcase_add_test(tc_grp_allow_deny, test_group_allow_empty);
619 1 : tcase_add_test(tc_grp_allow_deny, test_group_deny_empty);
620 1 : tcase_add_test(tc_grp_allow_deny, test_group_both_set);
621 1 : tcase_add_test(tc_grp_allow_deny, test_group_case);
622 1 : suite_add_tcase(s, tc_grp_allow_deny);
623 :
624 1 : TCase *tc_init = tcase_create("provider init");
625 1 : tcase_add_checked_fixture(tc_init, setup_simple_init, teardown_simple_init);
626 1 : tcase_add_test(tc_init, test_provider_init);
627 1 : suite_add_tcase(s, tc_init);
628 :
629 1 : return s;
630 : }
631 :
632 1 : int main(int argc, const char *argv[])
633 : {
634 : int opt;
635 : poptContext pc;
636 : int number_failed;
637 :
638 6 : struct poptOption long_options[] = {
639 : POPT_AUTOHELP
640 5 : SSSD_MAIN_OPTS
641 : POPT_TABLEEND
642 : };
643 :
644 : /* Set debug level to invalid value so we can deside if -d 0 was used. */
645 1 : debug_level = SSSDBG_INVALID;
646 :
647 1 : pc = poptGetContext(argv[0], argc, argv, long_options, 0);
648 1 : while((opt = poptGetNextOpt(pc)) != -1) {
649 : switch(opt) {
650 : default:
651 0 : fprintf(stderr, "\nInvalid option %s: %s\n\n",
652 : poptBadOption(pc, 0), poptStrerror(opt));
653 0 : poptPrintUsage(pc, stderr, 0);
654 0 : return 1;
655 : }
656 : }
657 1 : poptFreeContext(pc);
658 :
659 1 : DEBUG_CLI_INIT(debug_level);
660 :
661 1 : tests_set_cwd();
662 1 : test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE);
663 :
664 1 : Suite *s = access_simple_suite();
665 1 : SRunner *sr = srunner_create(s);
666 1 : srunner_run_all(sr, CK_ENV);
667 1 : number_failed = srunner_ntests_failed(sr);
668 1 : srunner_free(sr);
669 :
670 1 : if (number_failed == 0) {
671 1 : test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE);
672 : }
673 :
674 1 : return (number_failed==0 ? EXIT_SUCCESS : EXIT_FAILURE);
675 : }
676 :
|
