AD: Rename ad_create_default_options to ad_create_2way_trust_options

Related:
    https://fedorahosted.org/sssd/ticket/2638

Better reflects what's going on in the function. Also adds a unit test.

Reviewed-by: Sumit Bose <sbose@redhat.com>

6 files changed, 150 insertions, 36 deletions

diff --git a/Makefile.am b/Makefile.am
index ae44549ac..2904ce776 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2126,23 +2126,30 @@ ad_gpo_tests_LDADD = \
 
 ad_common_tests_SOURCES = \
     $(sssd_be_SOURCES) \
-    src/tests/cmocka/test_ad_common.c
+    $(libsss_krb5_common_la_SOURCES) \
+    src/tests/cmocka/common_mock_krb5.c \
+    src/tests/cmocka/test_ad_common.c \
+    $(NULL)
 ad_common_tests_CFLAGS = \
     $(AM_CFLAGS) \
-    -DUNIT_TESTING
+    -DUNIT_TESTING \
+    $(NULL)
 ad_common_tests_LDFLAGS = \
-    -Wl,-wrap,sdap_set_sasl_options
+    -Wl,-wrap,sdap_set_sasl_options \
+    -Wl,-wrap,krb5_kt_default \
+    $(NULL)
 ad_common_tests_LDADD = \
     $(PAM_LIBS) \
     $(CMOCKA_LIBS) \
     $(SSSD_LIBS) \
     $(CARES_LIBS) \
+    $(KEYUTILS_LIBS) \
     $(KRB5_LIBS) \
     $(SSSD_INTERNAL_LTLIBS) \
     libsss_ldap_common.la \
     libsss_idmap.la \
-    libsss_krb5_common.la \
-    libsss_test_common.la
+    libsss_test_common.la \
+    $(NULL)
 
 dp_opt_tests_SOURCES = \
     src/providers/data_provider_opts.c \
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 4ae08c5a1..e945958fc 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -108,9 +108,9 @@ fail:
 }
 
 struct ad_options *
-ad_create_default_options(TALLOC_CTX *mem_ctx,
-                          const char *realm,
-                          const char *hostname)
+ad_create_2way_trust_options(TALLOC_CTX *mem_ctx,
+                             const char *realm,
+                             const char *hostname)
 {
     struct ad_options *ad_options;
     errno_t ret;
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index dcd70bf94..5be2bcd84 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -103,9 +103,9 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
                       struct sss_domain_info *dom,
                       struct ad_options **_opts);
 
-struct ad_options *ad_create_default_options(TALLOC_CTX *mem_ctx,
-                                             const char *realm,
-                                             const char *hostname);
+struct ad_options *ad_create_2way_trust_options(TALLOC_CTX *mem_ctx,
+                                                const char *realm,
+                                                const char *hostname);
 
 errno_t
 ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index d889dfb6d..f67d49a85 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -115,7 +115,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
         return EINVAL;
     }
 
-    ad_options = ad_create_default_options(id_ctx, realm, hostname);
+    ad_options = ad_create_2way_trust_options(id_ctx, realm, hostname);
     if (ad_options == NULL) {
         DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD options\n");
         talloc_free(ad_options);
diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c
index 03a2c579e..f20160f4b 100644
--- a/src/providers/ipa/ipa_subdomains_server.c
+++ b/src/providers/ipa/ipa_subdomains_server.c
@@ -144,8 +144,8 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
     errno_t ret;
     const char *extra_attrs;
 
-    ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm,
-                                           id_ctx->server_mode->hostname);
+    ad_options = ad_create_2way_trust_options(id_ctx, id_ctx->server_mode->realm,
+                                              id_ctx->server_mode->hostname);
     if (ad_options == NULL) {
         DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD options\n");
         talloc_free(ad_options);
diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c
index 1c44bc34b..0013d7833 100644
--- a/src/tests/cmocka/test_ad_common.c
+++ b/src/tests/cmocka/test_ad_common.c
@@ -33,12 +33,24 @@
 #include "providers/ad/ad_common.c"
 
 #include "tests/cmocka/common_mock.h"
+#include "tests/cmocka/common_mock_krb5.h"
 
 #define DOMNAME     "domname"
 #define SUBDOMNAME  "sub."DOMNAME
 #define REALMNAME   DOMNAME
 #define HOST_NAME   "ad."REALMNAME
 
+#define TEST_AUTHID       "host/"HOST_NAME
+#define KEYTAB_TEST_PRINC TEST_AUTHID"@"REALMNAME
+#define KEYTAB_PATH       TEST_DIR"/keytab_test.keytab"
+
+static bool call_real_sasl_options;
+
+krb5_error_code __wrap_krb5_kt_default(krb5_context context, krb5_keytab *id)
+{
+    return krb5_kt_resolve(context, KEYTAB_PATH, id);
+}
+
 struct ad_common_test_ctx {
     struct ad_id_ctx *ad_ctx;
     struct ad_id_ctx *subdom_ad_ctx;
@@ -47,15 +59,9 @@ struct ad_common_test_ctx {
     struct sss_domain_info *subdom;
 };
 
-static int
-ad_common_test_setup(void **state)
+static int test_ad_common_setup(void **state)
 {
     struct ad_common_test_ctx *test_ctx;
-    errno_t ret;
-    struct sdap_domain *sdom;
-    struct ad_id_ctx *ad_ctx;
-    struct ad_id_ctx *subdom_ad_ctx;
-    struct sdap_id_conn_ctx *subdom_ldap_ctx;
 
     assert_true(leak_check_setup());
     check_leaks_push(global_talloc_context);
@@ -72,11 +78,96 @@ ad_common_test_setup(void **state)
     test_ctx->subdom->name = discard_const(SUBDOMNAME);
     test_ctx->subdom->parent = test_ctx->dom;
 
-    ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx);
-    assert_non_null(ad_ctx);
+    test_ctx->ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx);
+    assert_non_null(test_ctx->ad_ctx);
+
+    check_leaks_push(test_ctx);
+    *state = test_ctx;
+    return 0;
+}
+
+static int test_ad_common_teardown(void **state)
+{
+    struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
+                                                  struct ad_common_test_ctx);
+    assert_non_null(test_ctx);
+
+    assert_true(check_leaks_pop(test_ctx) == true);
+    talloc_free(test_ctx);
+    assert_true(check_leaks_pop(global_talloc_context) == true);
+    assert_true(leak_check_teardown());
+
+    return 0;
+}
 
-    ad_ctx->ad_options = ad_create_default_options(ad_ctx,
-                                                   REALMNAME, HOST_NAME);
+static void test_ad_create_2way_trust_options(void **state)
+{
+    struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
+                                                  struct ad_common_test_ctx);
+    const char *s;
+
+    call_real_sasl_options = true;
+    mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC);
+
+    test_ctx->ad_ctx->ad_options = ad_create_2way_trust_options(
+                                                            test_ctx->ad_ctx,
+                                                            REALMNAME,
+                                                            HOST_NAME);
+    assert_non_null(test_ctx->ad_ctx->ad_options);
+
+    assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type,
+                     SDAP_SCHEMA_AD);
+
+    s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
+                          AD_KRB5_REALM);
+    assert_non_null(s);
+    assert_string_equal(s, REALMNAME);
+
+    s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
+                          AD_HOSTNAME);
+    assert_non_null(s);
+    assert_string_equal(s, HOST_NAME);
+
+    s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
+                          SDAP_KRB5_KEYTAB);
+    assert_null(s); /* This is the system keytab */
+
+    s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
+                          SDAP_SASL_REALM);
+    assert_non_null(s);
+    assert_string_equal(s, REALMNAME);
+
+    s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
+                          SDAP_KRB5_REALM);
+    assert_non_null(s);
+    assert_string_equal(s, REALMNAME);
+
+    s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
+                          SDAP_SASL_AUTHID);
+    assert_non_null(s);
+    assert_string_equal(s, TEST_AUTHID);
+
+    talloc_free(test_ctx->ad_ctx->ad_options);
+}
+
+static int
+test_ldap_conn_setup(void **state)
+{
+    struct ad_common_test_ctx *test_ctx;
+    errno_t ret;
+    struct sdap_domain *sdom;
+    struct ad_id_ctx *ad_ctx;
+    struct ad_id_ctx *subdom_ad_ctx;
+    struct sdap_id_conn_ctx *subdom_ldap_ctx;
+
+    ret = test_ad_common_setup((void **) &test_ctx);
+    assert_int_equal(ret, EOK);
+
+    ad_ctx = test_ctx->ad_ctx;
+
+    ad_ctx->ad_options = ad_create_2way_trust_options(ad_ctx,
+                                                      REALMNAME,
+                                                      HOST_NAME);
     assert_non_null(ad_ctx->ad_options);
 
     ad_ctx->gc_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx);
@@ -107,35 +198,48 @@ ad_common_test_setup(void **state)
     assert_int_equal(ret, EOK);
     sdom->pvt = subdom_ad_ctx;
 
-    test_ctx->ad_ctx = ad_ctx;
     test_ctx->subdom_ad_ctx = subdom_ad_ctx;
 
-    check_leaks_push(test_ctx);
     *state = test_ctx;
     return 0;
 }
 
 static int
-ad_common_test_teardown(void **state)
+test_ldap_conn_teardown(void **state)
 {
     struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
                                                   struct ad_common_test_ctx);
     assert_non_null(test_ctx);
 
-    assert_true(check_leaks_pop(test_ctx) == true);
-    talloc_free(test_ctx);
-    assert_true(check_leaks_pop(global_talloc_context) == true);
-    assert_true(leak_check_teardown());
+    talloc_free(test_ctx->subdom_ad_ctx);
+    talloc_free(test_ctx->ad_ctx->ad_options);
+    talloc_free(test_ctx->ad_ctx->gc_ctx);
+    talloc_free(test_ctx->ad_ctx->ldap_ctx);
+    talloc_free(test_ctx->ad_ctx->sdap_id_ctx);
+
+    test_ad_common_teardown((void **) &test_ctx);
     return 0;
 }
 
 errno_t
+__real_sdap_set_sasl_options(struct sdap_options *id_opts,
+                             char *default_primary,
+                             char *default_realm,
+                             const char *keytab_path);
+errno_t
 __wrap_sdap_set_sasl_options(struct sdap_options *id_opts,
                              char *default_primary,
                              char *default_realm,
                              const char *keytab_path)
 {
     /* Pretend SASL is fine */
+    if (call_real_sasl_options == true) {
+        return __real_sdap_set_sasl_options(id_opts,
+                                            default_primary,
+                                            default_realm,
+                                            keytab_path);
+    }
+
     return EOK;
 }
 
@@ -214,12 +318,15 @@ int main(int argc, const char *argv[])
     };
 
     const struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(test_ad_create_2way_trust_options,
+                                        test_ad_common_setup,
+                                        test_ad_common_teardown),
         cmocka_unit_test_setup_teardown(test_ldap_conn_list,
-                                        ad_common_test_setup,
-                                        ad_common_test_teardown),
+                                        test_ldap_conn_setup,
+                                        test_ldap_conn_teardown),
         cmocka_unit_test_setup_teardown(test_conn_list,
-                                        ad_common_test_setup,
-                                        ad_common_test_teardown),
+                                        test_ldap_conn_setup,
+                                        test_ldap_conn_teardown),
     };
 
     /* Set debug level to invalid value so we can deside if -d 0 was used. */