Add unit test for get_authz_data_types()

https://fedorahosted.org/freeipa/ticket/2960
author: Sumit Bose <sbose@redhat.com> 2013-02-19 12:16:37 +0100
committer: Martin Kosek <mkosek@redhat.com> 2013-03-08 10:46:00 +0100
commit: efd4d80827a24794245327ce8b74b47e735f5b16 (patch)
tree: 556d6eb1e2c7d0b2b473c7f6b86f7e66681db654 /daemons/ipa-kdb
parent: 4e3468211e37f71ca9d434512b68a4caddb2b314 (diff)
download: freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.tar.gz
freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.tar.xz
freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.zip
2 files changed, 246 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am
index 5f4e6e2a6..23ba1cc05 100644
--- a/daemons/ipa-kdb/Makefile.am
+++ b/daemons/ipa-kdb/Makefile.am
@@ -52,6 +52,35 @@ ipadb_la_LIBADD = 		\
 	$(NDRPAC_LIBS)		\
 	$(NULL)
 
+if HAVE_CHECK
+TESTS = ipa_kdb_tests
+check_PROGRAMS = ipa_kdb_tests
+endif
+
+ipa_kdb_tests_SOURCES =        \
+       tests/ipa_kdb_tests.c   \
+       ipa_kdb.c               \
+       ipa_kdb_common.c        \
+       ipa_kdb_mkey.c          \
+       ipa_kdb_passwords.c     \
+       ipa_kdb_principals.c    \
+       ipa_kdb_pwdpolicy.c     \
+       ipa_kdb_mspac.c         \
+       ipa_kdb_delegation.c    \
+       ipa_kdb_audit_as.c      \
+       $(KRB5_UTIL_SRCS)       \
+       $(NULL)
+ipa_kdb_tests_CFLAGS = $(CHECK_CFLAGS)
+ipa_kdb_tests_LDADD =          \
+       $(CHECK_LIBS)           \
+       $(KRB5_LIBS)            \
+       $(LDAP_LIBS)            \
+       $(NDRPAC_LIBS)          \
+       -lnss3                  \
+       -lkdb5                  \
+       -lsss_idmap             \
+       $(NULL)
+
 dist_noinst_DATA = ipa_kdb.exports
 
 EXTRA_DIST =			\
diff --git a/daemons/ipa-kdb/tests/ipa_kdb_tests.c b/daemons/ipa-kdb/tests/ipa_kdb_tests.c
new file mode 100644
index 000000000..fbee4acdb
--- /dev/null
+++ b/daemons/ipa-kdb/tests/ipa_kdb_tests.c
@@ -0,0 +1,217 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Additional permission under GPLv3 section 7:
+ *
+ * In the following paragraph, "GPL" means the GNU General Public
+ * License, version 3 or any later version, and "Non-GPL Code" means
+ * code that is governed neither by the GPL nor a license
+ * compatible with the GPL.
+ *
+ * You may link the code of this Program with Non-GPL Code and convey
+ * linked combinations including the two, provided that such Non-GPL
+ * Code only links to the code of this Program through those well
+ * defined interfaces identified in the file named EXCEPTION found in
+ * the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline
+ * functions from the Approved Interfaces without causing the resulting
+ * work to be covered by the GPL. Only the copyright holders of this
+ * Program may make changes or additions to the list of Approved
+ * Interfaces.
+ *
+ * Authors:
+ * Sumit Bose <sbose@redhat.com>
+ *
+ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include <check.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <krb5/krb5.h>
+#include <kdb.h>
+
+#include "ipa-kdb/ipa_kdb.h"
+
+#define NFS_PRINC_STRING "nfs/fully.qualified.host.name@REALM.NAME"
+#define NON_NFS_PRINC_STRING "abcdef/fully.qualified.host.name@REALM.NAME"
+
+int krb5_klog_syslog(int l, const char *format, ...)
+{
+    va_list ap;
+    char *s = NULL;
+    int ret;
+
+    va_start(ap, format);
+
+    ret = vasprintf(&s, format, ap);
+    va_end(ap);
+    if (ret < 0) {
+        /* ENOMEM */
+        return -1;
+    }
+
+    fprintf(stderr, "%s\n", s);
+    free(s);
+
+    return 0;
+}
+
+extern void get_authz_data_types(krb5_context context, krb5_db_entry *entry,
+                                 bool *with_pac, bool *with_pad);
+
+START_TEST(test_get_authz_data_types)
+{
+    bool with_pac;
+    bool with_pad;
+    krb5_db_entry *entry;
+    struct ipadb_e_data *ied;
+    size_t c;
+    char *ad_none_only[] = {"NONE", NULL};
+    char *ad_pad_only[] = {"PAD", NULL};
+    char *ad_pac_only[] = {"MS-PAC", NULL};
+    char *ad_illegal_only[] = {"abc", NULL};
+    char *ad_pac_and_pad[] = {"MS-PAC", "PAD", NULL};
+    char *ad_pac_and_none[] = {"MS-PAC", "NONE", NULL};
+    char *ad_none_and_pad[] = {"NONE", "PAD", NULL};
+    char *ad_global_pac_nfs_none[] = {"MS-PAC", "nfs:NONE", NULL};
+    char *ad_global_pac_nfs_pad[] = {"MS-PAC", "nfs:PAD", NULL};
+    krb5_context krb5_ctx;
+    krb5_error_code kerr;
+    struct ipadb_context *ipa_ctx;
+    krb5_principal nfs_princ;
+    krb5_principal non_nfs_princ;
+
+    get_authz_data_types(NULL, NULL, NULL, NULL);
+
+    with_pad = true;
+    get_authz_data_types(NULL, NULL, NULL, &with_pad);
+    fail_unless(!with_pad, "with_pad not false with NULL inuput.");
+
+    with_pac = true;
+    get_authz_data_types(NULL, NULL, &with_pac, NULL);
+    fail_unless(!with_pac, "with_pac not false with NULL inuput.");
+
+    with_pad = true;
+    with_pac = true;
+    get_authz_data_types(NULL, NULL, &with_pac, &with_pad);
+    fail_unless(!with_pad, "with_pad not false with NULL inuput.");
+    fail_unless(!with_pac, "with_pac not false with NULL inuput.");
+
+    entry = calloc(1, sizeof(krb5_db_entry));
+    fail_unless(entry != NULL, "calloc krb5_db_entry failed.");
+
+    ied = calloc(1, sizeof(struct ipadb_e_data));
+    fail_unless(ied != NULL, "calloc struct ipadb_e_data failed.");
+    entry->e_data = (void *) ied;
+
+    kerr = krb5_init_context(&krb5_ctx);
+    fail_unless(kerr == 0, "krb5_init_context failed.");
+    kerr = krb5_db_setup_lib_handle(krb5_ctx);
+    fail_unless(kerr == 0, "krb5_db_setup_lib_handle failed.\n");
+    ipa_ctx = calloc(1, sizeof(struct ipadb_context));
+    fail_unless(ipa_ctx != NULL, "calloc failed.\n");
+    ipa_ctx->kcontext = krb5_ctx;
+    kerr = krb5_db_set_context(krb5_ctx, ipa_ctx);
+    fail_unless(kerr == 0, "krb5_db_set_context failed.\n");
+
+    kerr = krb5_parse_name(krb5_ctx, NFS_PRINC_STRING, &nfs_princ);
+    fail_unless(kerr == 0, "krb5_parse_name failed.");
+
+    kerr = krb5_parse_name(krb5_ctx, NON_NFS_PRINC_STRING, &non_nfs_princ);
+    fail_unless(kerr == 0, "krb5_parse_name failed.");
+
+    struct test_set {
+        char **authz_data;
+        char **global_authz_data;
+        krb5_principal princ;
+        bool exp_with_pac;
+        bool exp_with_pad;
+        const char *err_msg;
+    } test_set[] = {
+        {ad_none_only, NULL, NULL, false, false, "with only NONE in entry"},
+        {ad_pac_only, NULL, NULL, true, false, "with only MS-PAC in entry"},
+        {ad_pad_only, NULL, NULL, false, true, "with only PAD in entry"},
+        {ad_illegal_only, NULL, NULL, false, false, "with only an invalid value in entry"},
+        {ad_pac_and_pad, NULL, NULL, true, true, "with MS-PAC and PAD in entry"},
+        {ad_pac_and_none, NULL, NULL, false, false, "with MS-PAC and NONE in entry"},
+        {ad_none_and_pad, NULL, NULL, false, false, "with NONE and PAD in entry"},
+        {NULL, ad_none_only, NULL, false, false, "with only NONE in global config"},
+        {NULL, ad_pac_only, NULL, true, false, "with only MS-PAC in global config"},
+        {NULL, ad_pad_only, NULL, false, true, "with only PAD in global config"},
+        {NULL, ad_illegal_only, NULL, false, false, "with only an invalid value in global config"},
+        {NULL, ad_pac_and_pad, NULL, true, true, "with MS-PAC and PAD in global config"},
+        {NULL, ad_pac_and_none, NULL, false, false, "with MS-PAC and NONE in global config"},
+        {NULL, ad_none_and_pad, NULL, false, false, "with NONE and PAD in global entry"},
+        {NULL, ad_global_pac_nfs_none, NULL, true, false, "with NULL principal and PAC and nfs:NONE in global entry"},
+        {NULL, ad_global_pac_nfs_none, nfs_princ, false, false, "with nfs principal and PAC and nfs:NONE in global entry"},
+        {NULL, ad_global_pac_nfs_none, non_nfs_princ, true, false, "with non-nfs principal and PAC and nfs:NONE in global entry"},
+        {NULL, ad_global_pac_nfs_pad, NULL, true, false, "with NULL principal and PAC and nfs:PAD in global entry"},
+        {NULL, ad_global_pac_nfs_pad, nfs_princ, false, true, "with nfs principal and PAC and nfs:PAD in global entry"},
+        {NULL, ad_global_pac_nfs_pad, non_nfs_princ, true, false, "with non-nfs principal and PAC and nfs:PAD in global entry"},
+        {ad_none_only, ad_pac_only, NULL, false, false, "with NONE overriding PAC in global entry"},
+        {ad_pad_only, ad_pac_only, NULL, false, true, "with PAC overriding PAC in global entry"},
+        {ad_illegal_only, ad_pac_only, NULL, false, false, "with invalid value overriding PAC in global entry"},
+        {ad_pac_and_pad, ad_pac_only, NULL, true, true, "with PAC and PAD overriding PAC in global entry"},
+        {ad_none_and_pad, ad_pac_only, NULL, false, false, "with NONE and PAD overriding PAC in global entry"},
+        {NULL, NULL, NULL, false, false, NULL}
+    };
+
+    for (c = 0; test_set[c].authz_data != NULL ||
+                test_set[c].global_authz_data != NULL; c++) {
+        ied->authz_data = test_set[c].authz_data;
+        ipa_ctx->authz_data = test_set[c].global_authz_data;
+        entry->princ = test_set[c].princ;
+        get_authz_data_types(krb5_ctx, entry, &with_pac, &with_pad);
+        fail_unless(with_pad == test_set[c].exp_with_pad, "with_pad not %s %s.",
+                    test_set[c].exp_with_pad ? "true" : "false",
+                    test_set[c].err_msg);
+        fail_unless(with_pac == test_set[c].exp_with_pac, "with_pac not %s %s.",
+                    test_set[c].exp_with_pac ? "true" : "false",
+                    test_set[c].err_msg);
+    }
+
+    krb5_free_principal(krb5_ctx, nfs_princ);
+    krb5_free_principal(krb5_ctx, non_nfs_princ);
+    krb5_db_fini(krb5_ctx);
+    krb5_free_context(krb5_ctx);
+}
+END_TEST
+
+Suite * ipa_kdb_suite(void)
+{
+    Suite *s = suite_create("IPA kdb");
+
+    TCase *tc_helper = tcase_create("Helper functions");
+    tcase_add_test(tc_helper, test_get_authz_data_types);
+    suite_add_tcase(s, tc_helper);
+
+    return s;
+}
+
+int main(void)
+{
+    int number_failed;
+
+    Suite *s = ipa_kdb_suite ();
+    SRunner *sr = srunner_create (s);
+    srunner_run_all (sr, CK_VERBOSE);
+    number_failed = srunner_ntests_failed (sr);
+    srunner_free (sr);
+
+    return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
+}
author	Sumit Bose <sbose@redhat.com>	2013-02-19 12:16:37 +0100
committer	Martin Kosek <mkosek@redhat.com>	2013-03-08 10:46:00 +0100
commit	efd4d80827a24794245327ce8b74b47e735f5b16 (patch)
tree	556d6eb1e2c7d0b2b473c7f6b86f7e66681db654 /daemons/ipa-kdb
parent	4e3468211e37f71ca9d434512b68a4caddb2b314 (diff)
download	freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.tar.gz freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.tar.xz freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.zip