diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-12-17 07:32:04 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-13 11:28:45 +0100 |
| commit | ed7a26276ad68d55bf10058dda0d617dc7666edf (patch) | |
| tree | a595444dc84f5e91fe508bd9e90c04795b339538 | |
| parent | 23674dfef4225b90d45c27b88fe72dc37b22e32d (diff) | |
| download | sssd-ed7a26276ad68d55bf10058dda0d617dc7666edf.tar.gz sssd-ed7a26276ad68d55bf10058dda0d617dc7666edf.tar.xz sssd-ed7a26276ad68d55bf10058dda0d617dc7666edf.zip | |
foo
| -rw-r--r-- | Makefile.am | 37 | ||||
| -rw-r--r-- | src/providers/simple/simple_access.c | 27 | ||||
| -rw-r--r-- | src/tests/cmocka/test_simple_access.c | 313 |
3 files changed, 338 insertions, 39 deletions
diff --git a/Makefile.am b/Makefile.am index a9d3f25d3..6378b7482 100644 --- a/Makefile.am +++ b/Makefile.am @@ -178,7 +178,6 @@ if HAVE_CHECK auth-tests \ ipa_ldap_opt-tests \ ad_ldap_opt-tests \ - simple_access-tests \ crypto-tests \ util-tests \ debug-tests \ @@ -245,6 +244,7 @@ if HAVE_CMOCKA test_cert_utils \ test_ldap_id_cleanup \ test_data_provider_be \ + simple-access-tests \ $(NULL) if HAVE_LIBRESOLV @@ -1683,20 +1683,6 @@ ad_ldap_opt_tests_LDADD = \ $(TALLOC_LIBS) \ libsss_test_common.la -simple_access_tests_SOURCES = \ - src/tests/simple_access-tests.c \ - src/providers/simple/simple_access.c \ - src/providers/simple/simple_access_check.c \ - $(NULL) -simple_access_tests_LDADD = \ - $(LIBADD_DL) \ - $(CHECK_LIBS) \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - libdlopen_test_providers.la \ - $(NULL) - util_tests_SOURCES = \ src/tests/util-tests.c \ $(NULL) @@ -2626,6 +2612,27 @@ test_data_provider_be_LDADD = \ libdlopen_test_providers.la \ $(NULL) +EXTRA_simple_access_tests_DEPENDENCIES = \ + $(ldblib_LTLIBRARIES) +simple_access_tests_SOURCES = \ + src/tests/cmocka/test_simple_access.c \ + src/tests/cmocka/common_mock_be.c \ + src/providers/simple/simple_access.c \ + src/providers/simple/simple_access_check.c \ + $(NULL) +simple_access_tests_CFLAGS = \ + $(AM_CFLAGS) \ + $(NULL) +simple_access_tests_LDFLAGS = \ + $(NULL) +simple_access_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + libdlopen_test_providers.la \ + $(NULL) + endif # HAVE_CMOCKA noinst_PROGRAMS = pam_test_client diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c index edb4f2f3e..a7298ac42 100644 --- a/src/providers/simple/simple_access.c +++ b/src/providers/simple/simple_access.c @@ -184,8 +184,6 @@ static errno_t simple_access_parse_names(TALLOC_CTX *mem_ctx, { TALLOC_CTX *tmp_ctx = NULL; char **out = NULL; - char *domain = NULL; - char *name = NULL; size_t size; size_t i; errno_t ret; @@ -216,30 +214,11 @@ static errno_t simple_access_parse_names(TALLOC_CTX *mem_ctx, /* Since this is access provider, we should fail on any error so we don't * allow unauthorized access. */ for (i = 0; i < size; i++) { - ret = sss_parse_name(tmp_ctx, be_ctx->domain->names, list[i], - &domain, &name); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name '%s' [%d]: %s\n", - list[i], ret, sss_strerror(ret)); + out[i] = sss_ioname2internal(mem_ctx, be_ctx->domain, list[i]); + if (out[i] == NULL) { + ret = EIO; goto done; } - - if (domain == NULL || strcasecmp(domain, be_ctx->domain->name) == 0 || - (be_ctx->domain->flat_name != NULL && - strcasecmp(domain, be_ctx->domain->flat_name) == 0)) { - /* This object belongs to main SSSD domain. Those users and groups - * are stored without domain part, so we will strip it off. - * */ - out[i] = talloc_move(out, &name); - } else { - /* Subdomain users and groups are stored as fully qualified names, - * thus we will remember the domain part. - * - * Since subdomains may come and go, we will look for their - * existence later, during each access check. - */ - out[i] = talloc_move(out, &list[i]); - } } *_out = talloc_steal(mem_ctx, out); diff --git a/src/tests/cmocka/test_simple_access.c b/src/tests/cmocka/test_simple_access.c new file mode 100644 index 000000000..f3b1e0bd8 --- /dev/null +++ b/src/tests/cmocka/test_simple_access.c @@ -0,0 +1,313 @@ +/* + Copyright (C) 2015 Red Hat + + SSSD tests: Simple access provider tests + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <talloc.h> +#include <tevent.h> +#include <errno.h> +#include <popt.h> + +#include "tests/cmocka/common_mock.h" +#include "tests/cmocka/common_mock_be.h" +#include "tests/cmocka/common_mock_resp.h" +#include "db/sysdb_private.h" /* new_subdomain() */ +#include "providers/simple/simple_access.h" + +#define TESTS_PATH "tp_" BASE_FILE_STEM +#define TEST_CONF_DB "test_simple_conf.ldb" +#define TEST_DOM_NAME "simple_test" +#define TEST_SUBDOM_NAME "test.subdomain" +#define TEST_ID_PROVIDER "ldap" + +const char *ulist_1[] = {"u1", "u2", NULL}; +const char *glist_1[] = {"g1", "g2", NULL}; +const char *glist_1_case[] = {"G1", "G2", NULL}; + +int sssm_simple_access_init(struct be_ctx *bectx, struct bet_ops **ops, + void **pvt_data); + +struct simple_test_ctx { + struct sss_test_ctx *tctx; + struct be_ctx *be_ctx; + struct sss_domain_info *subdom; + + bool access_granted; + struct simple_ctx *ctx; +}; + +static int test_simple_setup(struct sss_test_conf_param params[], void **state) +{ + struct simple_test_ctx *simple_test_ctx; + int ret; + + simple_test_ctx = talloc_zero(NULL, struct simple_test_ctx); + if (simple_test_ctx == NULL) { + return ENOMEM; + } + + simple_test_ctx->tctx = create_dom_test_ctx(simple_test_ctx, TESTS_PATH, + TEST_CONF_DB, TEST_DOM_NAME, + TEST_ID_PROVIDER, params); + assert_non_null(simple_test_ctx->tctx); + if (simple_test_ctx->tctx == NULL) { + return ENOMEM; + } + + ret = sss_names_init(simple_test_ctx, simple_test_ctx->tctx->confdb, + TEST_DOM_NAME, &simple_test_ctx->tctx->dom->names); + if (ret != EOK) { + return ENOMEM; + } + + simple_test_ctx->be_ctx = mock_be_ctx(simple_test_ctx, + simple_test_ctx->tctx); + if (simple_test_ctx->be_ctx == NULL) { + return ENOMEM; + } + + *state = simple_test_ctx; + return 0; +} + +static int set_simple_lists(struct simple_test_ctx *test_ctx, + struct sss_domain_info *dom, + struct sss_test_conf_param params[]) +{ + errno_t ret; + const char *val[2] = { NULL, NULL }; + char *cdb_path; + + cdb_path = talloc_asprintf(test_ctx, CONFDB_DOMAIN_PATH_TMPL, dom->name); + if (cdb_path == NULL) { + return ENOMEM; + } + + ret = EOK; + + if (params != NULL) { + for (int i = 0; params[i].key != NULL; i++) { + val[0] = params[i].value; + ret = confdb_add_param(test_ctx->tctx->confdb, + true, cdb_path, params[i].key, val); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add parameter %s [%d]: " + "%s\n", params[i].key, ret, sss_strerror(ret)); + break; + } + } + } + + talloc_free(cdb_path); + return ret; +} + +static int setup_with_params(struct simple_test_ctx *test_ctx, + struct sss_domain_info *dom, + struct sss_test_conf_param params[]) +{ + errno_t ret; + struct bet_ops *ops; + + ret = set_simple_lists(test_ctx, dom, params); + if (ret != EOK) { + return ret; + } + + ret = sssm_simple_access_init(test_ctx->be_ctx, + &ops, + (void **) &test_ctx->ctx); + if (ret != EOK) { + return ret; + } + + return EOK; +} + +static int simple_test_setup(void **state) +{ + test_dom_suite_setup(TESTS_PATH); + return test_simple_setup(NULL, state); +} + +static int simple_test_teardown(void **state) +{ + struct simple_test_ctx *simple_test_ctx = \ + talloc_get_type(*state, struct simple_test_ctx); + + /* make sure there are no leftovers from previous tests */ + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME); + talloc_free(simple_test_ctx); + return 0; +} + +static void simple_access_check_done(struct tevent_req *req) +{ + struct simple_test_ctx *simple_test_ctx = + tevent_req_callback_data(req, struct simple_test_ctx); + + simple_test_ctx->tctx->error = simple_access_check_recv(req, + &simple_test_ctx->access_granted); + talloc_free(req); + simple_test_ctx->tctx->done = true; +} + +static void test_both_empty(void **state) +{ + errno_t ret; + struct tevent_req *req; + struct simple_test_ctx *simple_test_ctx = \ + talloc_get_type(*state, struct simple_test_ctx); + + ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, NULL); + assert_int_equal(ret, EOK); + + req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev, + simple_test_ctx->ctx, "u1"); + assert_non_null(req); + tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx); + + ret = test_ev_loop(simple_test_ctx->tctx); + assert_int_equal(ret, EOK); + + assert_true(simple_test_ctx->access_granted); +} + +static void test_allow_empty(void **state) +{ + errno_t ret; + struct tevent_req *req; + struct simple_test_ctx *simple_test_ctx = \ + talloc_get_type(*state, struct simple_test_ctx); + struct sss_test_conf_param params[] = { + { "simple_deny_users", "u1, u2" }, + }; + + ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params); + assert_int_equal(ret, EOK); + + req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev, + simple_test_ctx->ctx, "u1"); + assert_non_null(req); + tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx); + + ret = test_ev_loop(simple_test_ctx->tctx); + assert_int_equal(ret, EOK); + assert_false(simple_test_ctx->access_granted); + + simple_test_ctx->tctx->done = false; + + req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev, + simple_test_ctx->ctx, "u3"); + assert_non_null(req); + tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx); + + ret = test_ev_loop(simple_test_ctx->tctx); + assert_int_equal(ret, EOK); + assert_true(simple_test_ctx->access_granted); +} + +static void test_deny_empty(void **state) +{ + errno_t ret; + struct tevent_req *req; + struct simple_test_ctx *simple_test_ctx = \ + talloc_get_type(*state, struct simple_test_ctx); + struct sss_test_conf_param params[] = { + { "simple_allow_users", "u1, u2" }, + }; + + ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params); + assert_int_equal(ret, EOK); + + req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev, + simple_test_ctx->ctx, "u1"); + assert_non_null(req); + tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx); + + ret = test_ev_loop(simple_test_ctx->tctx); + assert_int_equal(ret, EOK); + assert_true(simple_test_ctx->access_granted); + + simple_test_ctx->tctx->done = false; + + req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev, + simple_test_ctx->ctx, "u3"); + assert_non_null(req); + tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx); + + ret = test_ev_loop(simple_test_ctx->tctx); + assert_int_equal(ret, EOK); + assert_false(simple_test_ctx->access_granted); +} + +int main(int argc, const char *argv[]) +{ + int rv; + int no_cleanup = 0; + poptContext pc; + int opt; + struct poptOption long_options[] = { + POPT_AUTOHELP + SSSD_DEBUG_OPTS + {"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0, + _("Do not delete the test database after a test run"), NULL }, + POPT_TABLEEND + }; + + const struct CMUnitTest tests[] = { + /* FIXME - group fixtures? */ + cmocka_unit_test_setup_teardown(test_both_empty, + simple_test_setup, + simple_test_teardown), + cmocka_unit_test_setup_teardown(test_allow_empty, + simple_test_setup, + simple_test_teardown), + cmocka_unit_test_setup_teardown(test_deny_empty, + simple_test_setup, + simple_test_teardown), + }; + + /* Set debug level to invalid value so we can decide if -d 0 was used. */ + debug_level = SSSDBG_INVALID; + + pc = poptGetContext(argv[0], argc, argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + default: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); + return 1; + } + } + poptFreeContext(pc); + + DEBUG_CLI_INIT(debug_level); + + /* Even though normally the tests should clean up after themselves + * they might not after a failed run. Remove the old db to be sure */ + tests_set_cwd(); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME); + test_dom_suite_setup(TESTS_PATH); + + rv = cmocka_run_group_tests(tests, NULL, NULL); + if (rv == 0 && !no_cleanup) { + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME); + } + return rv; +} |