TESTS: Add unit test for the subdomain_server.c module

Reviewed-by: Sumit Bose <sbose@redhat.com>

2 files changed, 652 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index db5b23242..4eed1069b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -227,6 +227,7 @@ if HAVE_CMOCKA
         test_fo_srv \
         pam-srv-tests \
         test_ipa_subdom_util \
+        test_ipa_subdom_server \
         $(NULL)
 
 if HAVE_LIBRESOLV
@@ -2441,6 +2442,36 @@ test_ipa_subdom_util_LDADD = \
     libsss_test_common.la \
     $(NULL)
 
+test_ipa_subdom_server_SOURCES = \
+    $(sssd_be_SOURCES) \
+    $(libsss_krb5_common_la_SOURCES) \
+    src/tests/cmocka/common_mock_sdap.c \
+    src/tests/cmocka/common_mock_be.c \
+    src/tests/cmocka/common_mock_krb5.c \
+    src/tests/cmocka/test_ipa_subdomains_server.c \
+    src/providers/ipa/ipa_subdomains_server.c \
+    src/providers/ipa/ipa_subdomains_utils.c \
+    $(NULL)
+test_ipa_subdom_server_CFLAGS = \
+    $(AM_CFLAGS) \
+    -DUNIT_TESTING \
+    $(NULL)
+test_ipa_subdom_server_LDFLAGS = \
+    -Wl,-wrap,krb5_kt_default \
+    $(NULL)
+test_ipa_subdom_server_LDADD = \
+    $(PAM_LIBS) \
+    $(CMOCKA_LIBS) \
+    $(SSSD_LIBS) \
+    $(CARES_LIBS) \
+    $(KRB5_LIBS) \
+    $(SSSD_INTERNAL_LTLIBS) \
+    libsss_ldap_common.la \
+    libsss_idmap.la \
+    libsss_ad_common.la \
+    libsss_test_common.la \
+    $(NULL)
+
 endif # HAVE_CMOCKA
 
 noinst_PROGRAMS = pam_test_client
diff --git a/src/tests/cmocka/test_ipa_subdomains_server.c b/src/tests/cmocka/test_ipa_subdomains_server.c
new file mode 100644
index 000000000..9ec5d720a
--- /dev/null
+++ b/src/tests/cmocka/test_ipa_subdomains_server.c
@@ -0,0 +1,621 @@
+/*
+    Authors:
+        Jakub Hrozek <jhrozek@redhat.com>
+
+    Copyright (C) 2015 Red Hat
+
+    SSSD tests: IPA subdomain server utils tests
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <talloc.h>
+#include <tevent.h>
+#include <errno.h>
+#include <popt.h>
+#include <stdlib.h>
+
+#include <sys/types.h>
+#include <ifaddrs.h>
+#include <arpa/inet.h>
+
+#include "providers/ipa/ipa_subdomains.h"
+#include "providers/ipa/ipa_opts.h"
+#include "providers/data_provider.h"
+#include "tests/cmocka/common_mock.h"
+#include "tests/cmocka/common_mock_resp.h"
+#include "tests/cmocka/common_mock_krb5.h"
+#include "tests/cmocka/common_mock_sdap.h"
+#include "tests/cmocka/common_mock_be.h"
+
+#define DOM_REALM       "DOM.MAIN"
+#define HOSTNAME        "ipaserver.dom.main"
+
+#define TEST_AUTHID       "host/"HOSTNAME
+#define KEYTAB_TEST_PRINC TEST_AUTHID"@"DOM_REALM
+#define KEYTAB_PATH       TEST_DIR"/keytab_test.keytab"
+
+#define SUBDOM_NAME  "twoway.subdom.test"
+#define SUBDOM_REALM "TWOWAY.SUBDOM.TEST"
+#define SUBDOM_FLAT  "TWOWAY"
+#define SUBDOM_SID   "S-1-2-3"
+
+#define CHILD_NAME  "child."SUBDOM_NAME
+#define CHILD_REALM "CHILD."SUBDOM_REALM
+#define CHILD_FLAT  "CHILD"
+#define CHILD_SID   "S-1-2-3-4"
+
+#define TESTS_PATH "tests_ipa_subdom_server"
+#define TEST_CONF_DB "test_ipa_subdom_server.ldb"
+#define TEST_DOM_NAME "ipa_subdom_server_test"
+#define TEST_ID_PROVIDER "ipa"
+
+krb5_error_code __wrap_krb5_kt_default(krb5_context context, krb5_keytab *id)
+{
+    return krb5_kt_resolve(context, KEYTAB_PATH, id);
+}
+
+struct trust_test_ctx {
+    struct sss_test_ctx *tctx;
+    struct be_ctx *be_ctx;
+
+    struct ipa_id_ctx *ipa_ctx;
+};
+
+static struct ipa_id_ctx *mock_ipa_ctx(TALLOC_CTX *mem_ctx,
+                                       struct be_ctx *be_ctx,
+                                       struct sss_test_ctx *tctx,
+                                       const char *krb5_realm,
+                                       const char *hostname)
+{
+    struct ipa_id_ctx *ipa_ctx;
+    errno_t ret;
+
+    ipa_ctx = talloc_zero(mem_ctx, struct ipa_id_ctx);
+    assert_non_null(ipa_ctx);
+
+    ipa_ctx->ipa_options = talloc_zero(ipa_ctx, struct ipa_options);
+    assert_non_null(ipa_ctx->ipa_options);
+
+    ipa_ctx->ipa_options->id = talloc_zero(ipa_ctx->ipa_options,
+                                           struct sdap_options);
+    assert_non_null(ipa_ctx->ipa_options->id);
+
+    ret = sdap_copy_map(ipa_ctx->ipa_options->id,
+                        ipa_user_map,
+                        SDAP_OPTS_USER,
+                        &ipa_ctx->ipa_options->id->user_map);
+    assert_int_equal(ret, ERR_OK);
+
+    ret = dp_get_options(ipa_ctx->ipa_options->id,
+                         tctx->confdb,
+                         tctx->conf_dom_path,
+                         ipa_def_ldap_opts,
+                         SDAP_OPTS_BASIC,
+                         &ipa_ctx->ipa_options->id->basic);
+    assert_int_equal(ret, EOK);
+
+    ret = dp_get_options(ipa_ctx->ipa_options->basic,
+                         tctx->confdb,
+                         tctx->conf_dom_path,
+                         ipa_basic_opts,
+                         IPA_OPTS_BASIC,
+                         &ipa_ctx->ipa_options->basic);
+    assert_int_equal(ret, EOK);
+
+    ret = dp_opt_set_string(ipa_ctx->ipa_options->basic,
+                            IPA_KRB5_REALM, krb5_realm);
+    assert_int_equal(ret, EOK);
+
+    ret = dp_opt_set_string(ipa_ctx->ipa_options->basic,
+                            IPA_HOSTNAME, hostname);
+    assert_int_equal(ret, EOK);
+
+    ret = dp_opt_set_bool(ipa_ctx->ipa_options->basic,
+                          IPA_SERVER_MODE, true);
+    assert_int_equal(ret, EOK);
+
+    ipa_ctx->sdap_id_ctx = mock_sdap_id_ctx(ipa_ctx, be_ctx,
+                                            ipa_ctx->ipa_options->id);
+    assert_non_null(ipa_ctx->sdap_id_ctx);
+
+    return ipa_ctx;
+}
+
+static struct ipa_server_mode_ctx *mock_server_mode(TALLOC_CTX *mem_ctx)
+{
+    struct ipa_server_mode_ctx *server_mode;
+
+    server_mode = talloc_zero(mem_ctx, struct ipa_server_mode_ctx);
+    assert_non_null(server_mode);
+
+    server_mode->hostname = HOSTNAME;
+    server_mode->realm = DOM_REALM;
+
+    return server_mode;
+}
+
+static void add_test_subdomains(struct trust_test_ctx *test_ctx)
+{
+    errno_t
+
+    /* Add two subdomains */
+    ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
+                                SUBDOM_NAME, SUBDOM_REALM,
+                                NULL, SUBDOM_SID,
+                                true, false, SUBDOM_REALM,
+                                0);
+    assert_int_equal(ret, EOK);
+
+    ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
+                                CHILD_NAME, CHILD_REALM,
+                                CHILD_FLAT, CHILD_SID,
+                                true, false, SUBDOM_REALM,
+                                0);
+    assert_int_equal(ret, EOK);
+
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    assert_int_equal(ret, EOK);
+
+}
+
+static int test_ipa_server_create_trusts_setup(void **state)
+{
+    errno_t ret;
+    struct trust_test_ctx *test_ctx;
+    struct sss_test_conf_param params[] = {
+        { NULL, NULL },             /* Sentinel */
+    };
+
+    test_ctx = talloc_zero(NULL,
+                           struct trust_test_ctx);
+    assert_non_null(test_ctx);
+
+    test_ctx->tctx = create_dom_test_ctx(test_ctx, TESTS_PATH,
+                                         TEST_CONF_DB, TEST_DOM_NAME,
+                                         TEST_ID_PROVIDER, params);
+    assert_non_null(test_ctx->tctx);
+
+    test_ctx->be_ctx = mock_be_ctx(test_ctx, test_ctx->tctx);
+    assert_non_null(test_ctx->be_ctx);
+
+    test_ctx->ipa_ctx = mock_ipa_ctx(test_ctx, test_ctx->be_ctx, test_ctx->tctx,
+                                     DOM_REALM, HOSTNAME);
+    assert_non_null(test_ctx->tctx);
+
+    test_ctx->ipa_ctx->server_mode = mock_server_mode(test_ctx->ipa_ctx);
+    assert_non_null(test_ctx->ipa_ctx->server_mode);
+
+    ret = be_init_failover(test_ctx->be_ctx);
+    assert_int_equal(ret, EOK);
+
+    mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC);
+
+    *state = test_ctx;
+    return 0;
+}
+
+static int test_ipa_server_create_trusts_teardown(void **state)
+{
+    struct trust_test_ctx *test_ctx =
+        talloc_get_type(*state, struct trust_test_ctx);
+    errno_t ret;
+
+    ret = unlink(KEYTAB_PATH);
+    assert_int_equal(ret, 0);
+
+    talloc_free(test_ctx);
+    return 0;
+}
+
+static void test_ipa_server_create_trusts_none(struct tevent_req *req);
+static void test_ipa_server_create_trusts_twoway(struct tevent_req *req);
+static void test_ipa_server_create_trusts_finish(struct trust_test_ctx *test_ctx);
+
+static void test_ipa_server_create_trusts(void **state)
+{
+    struct trust_test_ctx *test_ctx =
+        talloc_get_type(*state, struct trust_test_ctx);
+    struct tevent_req *req;
+    errno_t ret;
+
+    req = ipa_server_create_trusts_send(test_ctx,
+                                        test_ctx->tctx->ev,
+                                        test_ctx->be_ctx,
+                                        test_ctx->ipa_ctx,
+                                        test_ctx->be_ctx->domain);
+    assert_non_null(req);
+
+    tevent_req_set_callback(req, test_ipa_server_create_trusts_none, test_ctx);
+
+    ret = test_ev_loop(test_ctx->tctx);
+    assert_int_equal(ret, ERR_OK);
+}
+
+static void test_ipa_server_create_trusts_none(struct tevent_req *req)
+{
+    struct trust_test_ctx *test_ctx = \
+        tevent_req_callback_data(req, struct trust_test_ctx);
+    errno_t ret;
+
+    ret = ipa_server_create_trusts_recv(req);
+    talloc_zfree(req);
+    assert_int_equal(ret, EOK);
+
+    /* Add two subdomains */
+    add_test_subdomains(test_ctx);
+
+    req = ipa_server_create_trusts_send(test_ctx,
+                                        test_ctx->tctx->ev,
+                                        test_ctx->be_ctx,
+                                        test_ctx->ipa_ctx,
+                                        test_ctx->be_ctx->domain);
+    assert_non_null(req);
+
+    tevent_req_set_callback(req, test_ipa_server_create_trusts_twoway, test_ctx);
+
+}
+
+static void assert_trust_object(struct ipa_ad_server_ctx *trust,
+                                const char *dom_name,
+                                const char *dom_realm,
+                                const char *sid,
+                                const char *keytab,
+                                const char *authid,
+                                const char *sdap_realm)
+{
+    const char *s;
+
+    assert_non_null(trust);
+    assert_non_null(trust->dom);
+    assert_string_equal(trust->dom->name, dom_name);
+    assert_string_equal(trust->dom->domain_id, sid);
+
+    s = dp_opt_get_string(trust->ad_id_ctx->ad_options->basic,
+                          AD_KRB5_REALM);
+    if (dom_realm != NULL) {
+        assert_non_null(s);
+        assert_string_equal(s, dom_realm);
+    } else {
+        assert_null(s);
+    }
+
+    s = dp_opt_get_string(trust->ad_id_ctx->ad_options->basic,
+                          AD_DOMAIN);
+    if (dom_name != NULL) {
+        assert_non_null(s);
+        assert_string_equal(s, dom_name);
+    } else {
+        assert_null(s);
+    }
+
+    /* the system keytab is always used with two-way trusts */
+    s = dp_opt_get_string(trust->ad_id_ctx->ad_options->id->basic,
+                          SDAP_KRB5_KEYTAB);
+    if (keytab != NULL) {
+        assert_non_null(s);
+        assert_string_equal(s, keytab);
+    } else {
+        assert_null(s);
+    }
+
+    s = dp_opt_get_string(trust->ad_id_ctx->ad_options->id->basic,
+                          SDAP_SASL_REALM);
+    if (sdap_realm != NULL) {
+        assert_non_null(s);
+        assert_string_equal(s, sdap_realm);
+    } else {
+        assert_null(s);
+    }
+
+    s = dp_opt_get_string(trust->ad_id_ctx->ad_options->id->basic,
+                          SDAP_SASL_AUTHID);
+    if (authid != NULL) {
+        assert_non_null(s);
+        assert_string_equal(s, authid);
+    } else {
+        assert_null(s);
+    }
+}
+
+static void test_ipa_server_create_trusts_twoway(struct tevent_req *req)
+{
+    struct trust_test_ctx *test_ctx = \
+        tevent_req_callback_data(req, struct trust_test_ctx);
+    errno_t ret;
+    struct sss_domain_info *child_dom;
+
+    ret = ipa_server_create_trusts_recv(req);
+    talloc_zfree(req);
+    assert_int_equal(ret, EOK);
+
+    /* Trust object should be around now */
+    assert_non_null(test_ctx->ipa_ctx->server_mode->trusts);
+
+    /* Two-way trusts should use the system realm */
+    assert_trust_object(test_ctx->ipa_ctx->server_mode->trusts,
+                        CHILD_NAME,
+                        DOM_REALM,
+                        CHILD_SID,
+                        NULL,
+                        TEST_AUTHID,
+                        DOM_REALM);
+
+    assert_non_null(test_ctx->ipa_ctx->server_mode->trusts->next);
+
+    assert_trust_object(test_ctx->ipa_ctx->server_mode->trusts->next,
+                        SUBDOM_NAME,
+                        DOM_REALM,
+                        SUBDOM_SID,
+                        NULL,
+                        TEST_AUTHID,
+                        DOM_REALM);
+
+    /* No more trust objects */
+    assert_null(test_ctx->ipa_ctx->server_mode->trusts->next->next);
+
+    ret = sysdb_subdomain_delete(test_ctx->tctx->sysdb, CHILD_NAME);
+    assert_int_equal(ret, EOK);
+
+    child_dom = find_domain_by_name(test_ctx->be_ctx->domain, CHILD_NAME, true);
+    assert_non_null(child_dom);
+
+    ipa_ad_subdom_remove(test_ctx->be_ctx, test_ctx->ipa_ctx, child_dom);
+
+    assert_trust_object(test_ctx->ipa_ctx->server_mode->trusts,
+                        SUBDOM_NAME,
+                        DOM_REALM,
+                        SUBDOM_SID,
+                        NULL,
+                        TEST_AUTHID,
+                        DOM_REALM);
+    assert_null(test_ctx->ipa_ctx->server_mode->trusts->next);
+
+    test_ipa_server_create_trusts_finish(test_ctx);
+}
+
+static void test_ipa_server_create_trusts_finish(struct trust_test_ctx *test_ctx)
+{
+    test_ctx->tctx->error = EOK;
+    test_ctx->tctx->done = true;
+}
+
+static void
+ipa_server_init_done(struct tevent_context *ev,
+                     struct tevent_timer *te,
+                     struct timeval tv, void *pvt)
+{
+    struct trust_test_ctx *test_ctx =
+        talloc_get_type(pvt, struct trust_test_ctx);
+
+    test_ctx->tctx->done = true;
+}
+
+static void test_ipa_server_trust_init(void **state)
+{
+    struct trust_test_ctx *test_ctx =
+        talloc_get_type(*state, struct trust_test_ctx);
+    errno_t ret;
+    struct tevent_timer *timeout_handler;
+    struct timeval tv;
+
+    add_test_subdomains(test_ctx);
+
+    ret = ipa_ad_subdom_init(test_ctx->be_ctx, test_ctx->ipa_ctx);
+    assert_int_equal(ret, EOK);
+
+    tv = tevent_timeval_current_ofs(1, 0);
+    timeout_handler = tevent_add_timer(test_ctx->tctx->ev, test_ctx, tv,
+                                       ipa_server_init_done, test_ctx);
+    assert_non_null(timeout_handler);
+
+    ret = test_ev_loop(test_ctx->tctx);
+    assert_int_equal(ret, ERR_OK);
+
+    assert_non_null(test_ctx->ipa_ctx->server_mode->trusts);
+
+    /* Trust object should be around now */
+    assert_non_null(test_ctx->ipa_ctx->server_mode->trusts);
+
+    /* Two-way trusts should use the system realm */
+    assert_trust_object(test_ctx->ipa_ctx->server_mode->trusts,
+                        CHILD_NAME,
+                        DOM_REALM,
+                        CHILD_SID,
+                        NULL,
+                        TEST_AUTHID,
+                        DOM_REALM);
+
+    assert_non_null(test_ctx->ipa_ctx->server_mode->trusts->next);
+
+    assert_trust_object(test_ctx->ipa_ctx->server_mode->trusts->next,
+                        SUBDOM_NAME,
+                        DOM_REALM,
+                        SUBDOM_SID,
+                        NULL,
+                        TEST_AUTHID,
+                        DOM_REALM);
+
+    /* No more trust objects */
+    assert_null(test_ctx->ipa_ctx->server_mode->trusts->next->next);
+}
+
+struct dir_test_ctx {
+    struct ldb_context *ldb;
+    struct sysdb_attrs *tdo;
+};
+
+static int test_get_trust_direction_setup(void **state)
+{
+    struct dir_test_ctx *test_ctx;
+
+    test_ctx = talloc_zero(global_talloc_context,
+                           struct dir_test_ctx);
+    assert_non_null(test_ctx);
+
+    test_ctx->ldb = ldb_init(test_ctx, NULL);
+    assert_non_null(test_ctx->ldb);
+
+    test_ctx->tdo = sysdb_new_attrs(test_ctx);
+    assert_non_null(test_ctx->tdo);
+
+    *state = test_ctx;
+    return 0;
+}
+
+static int test_get_trust_direction_teardown(void **state)
+{
+    struct dir_test_ctx *test_ctx =
+        talloc_get_type(*state, struct dir_test_ctx);
+
+    talloc_free(test_ctx);
+    return 0;
+}
+
+/* These are stupid tests, but test real data */
+static void test_trust_dir_getset(struct dir_test_ctx *test_ctx,
+                                  uint32_t dir_in)
+{
+    errno_t ret;
+    uint32_t dir;
+
+    ret = sysdb_attrs_add_uint32(test_ctx->tdo, IPA_TRUST_DIRECTION, dir_in);
+    assert_int_equal(ret, EOK);
+
+    ret = ipa_server_get_trust_direction(test_ctx->tdo, test_ctx->ldb, &dir);
+    assert_int_equal(dir, dir_in);
+}
+
+static void test_get_trust_direction_inbound(void **state)
+{
+    struct dir_test_ctx *test_ctx =
+        talloc_get_type(*state, struct dir_test_ctx);
+
+    test_trust_dir_getset(test_ctx, 0x1);
+}
+
+static void test_get_trust_direction_outbound(void **state)
+{
+    struct dir_test_ctx *test_ctx =
+        talloc_get_type(*state, struct dir_test_ctx);
+
+    test_trust_dir_getset(test_ctx, 0x2);
+}
+
+static void test_get_trust_direction_twoway(void **state)
+{
+    struct dir_test_ctx *test_ctx =
+        talloc_get_type(*state, struct dir_test_ctx);
+
+    test_trust_dir_getset(test_ctx, 0x1 | 0x2);
+}
+
+static void test_get_trust_direction_notset_root(void **state)
+{
+    errno_t ret;
+    uint32_t dir;
+    struct dir_test_ctx *test_ctx =
+        talloc_get_type(*state, struct dir_test_ctx);
+
+    ret = sysdb_attrs_add_string(test_ctx->tdo, SYSDB_ORIG_DN,
+                                 "cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com");
+    assert_int_equal(ret, EOK);
+
+    ret = ipa_server_get_trust_direction(test_ctx->tdo, test_ctx->ldb, &dir);
+    assert_int_equal(ret, EOK);
+
+    /* With root domains we assume two-way trust */
+    assert_int_equal(dir, 0x1 | 0x2);
+}
+
+static void test_get_trust_direction_notset_member(void **state)
+{
+    errno_t ret;
+    uint32_t dir;
+    struct dir_test_ctx *test_ctx =
+        talloc_get_type(*state, struct dir_test_ctx);
+
+    ret = sysdb_attrs_add_string(test_ctx->tdo, SYSDB_ORIG_DN,
+                   "cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com");
+    assert_int_equal(ret, EOK);
+
+    ret = ipa_server_get_trust_direction(test_ctx->tdo, test_ctx->ldb, &dir);
+    assert_int_equal(ret, EOK);
+
+    /* With members we set zero and take a look at the parent */
+    assert_int_equal(dir, 0);
+}
+
+int main(int argc, const char *argv[])
+{
+    int rv;
+    poptContext pc;
+    int opt;
+    struct poptOption long_options[] = {
+        POPT_AUTOHELP
+        SSSD_DEBUG_OPTS
+        POPT_TABLEEND
+    };
+
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(test_ipa_server_trust_init,
+                                        test_ipa_server_create_trusts_setup,
+                                        test_ipa_server_create_trusts_teardown),
+        cmocka_unit_test_setup_teardown(test_ipa_server_create_trusts,
+                                        test_ipa_server_create_trusts_setup,
+                                        test_ipa_server_create_trusts_teardown),
+
+        cmocka_unit_test_setup_teardown(test_get_trust_direction_inbound,
+                                        test_get_trust_direction_setup,
+                                        test_get_trust_direction_teardown),
+        cmocka_unit_test_setup_teardown(test_get_trust_direction_outbound,
+                                        test_get_trust_direction_setup,
+                                        test_get_trust_direction_teardown),
+        cmocka_unit_test_setup_teardown(test_get_trust_direction_twoway,
+                                        test_get_trust_direction_setup,
+                                        test_get_trust_direction_teardown),
+        cmocka_unit_test_setup_teardown(test_get_trust_direction_notset_root,
+                                        test_get_trust_direction_setup,
+                                        test_get_trust_direction_teardown),
+        cmocka_unit_test_setup_teardown(test_get_trust_direction_notset_member,
+                                        test_get_trust_direction_setup,
+                                        test_get_trust_direction_teardown),
+    };
+
+    /* Set debug level to invalid value so we can deside if -d 0 was used. */
+    debug_level = SSSDBG_INVALID;
+
+    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+    while((opt = poptGetNextOpt(pc)) != -1) {
+        switch(opt) {
+        default:
+            fprintf(stderr, "\nInvalid option %s: %s\n\n",
+                    poptBadOption(pc, 0), poptStrerror(opt));
+            poptPrintUsage(pc, stderr, 0);
+            return 1;
+        }
+    }
+    poptFreeContext(pc);
+
+    DEBUG_CLI_INIT(debug_level);
+
+    /* Even though normally the tests should clean up after themselves
+     * they might not after a failed run. Remove the old db to be sure */
+    tests_set_cwd();
+    test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
+    test_dom_suite_setup(TESTS_PATH);
+
+    rv = cmocka_run_group_tests(tests, NULL, NULL);
+    return rv;
+}