diff options
author | Sumit Bose <sbose@redhat.com> | 2013-11-07 11:09:35 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-15 20:38:08 +0100 |
commit | 36c266d467e9105041b33e9b1cdcd9ff073d893e (patch) | |
tree | daab56fb42c446f8103cd1aabd2f4495f1e347d6 /src/tests/cmocka | |
parent | 32b976eb666044d106dd85e27f8d0bb1d7b6cd6c (diff) | |
download | sssd-36c266d467e9105041b33e9b1cdcd9ff073d893e.tar.gz sssd-36c266d467e9105041b33e9b1cdcd9ff073d893e.tar.xz sssd-36c266d467e9105041b33e9b1cdcd9ff073d893e.zip |
nss: check for Well-Known SIDs in SID based requests
Diffstat (limited to 'src/tests/cmocka')
-rw-r--r-- | src/tests/cmocka/test_nss_srv.c | 192 |
1 files changed, 192 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index b5b4565e9..d1a4d4bd8 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -30,6 +30,8 @@ #include "responder/common/negcache.h" #include "responder/nss/nsssrv.h" #include "responder/nss/nsssrv_private.h" +#include "sss_client/idmap/sss_nss_idmap.h" +#include "util/util_sss_idmap.h" #define TESTS_PATH "tests_nss" #define TEST_CONF_DB "test_nss_conf.ldb" @@ -58,6 +60,7 @@ mock_nctx(TALLOC_CTX *mem_ctx) { struct nss_ctx *nctx; errno_t ret; + enum idmap_error_code err; nctx = talloc_zero(mem_ctx, struct nss_ctx); if (!nctx) { @@ -72,6 +75,14 @@ mock_nctx(TALLOC_CTX *mem_ctx) nctx->neg_timeout = 10; nctx->pwfield = discard_const("*"); + err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free, + &nctx->idmap_ctx); + if (err != IDMAP_SUCCESS) { + DEBUG(SSSDBG_FATAL_FAILURE, ("sss_idmap_init failed.\n")); + talloc_free(nctx); + return NULL; + } + return nctx; } @@ -605,6 +616,11 @@ void test_nss_setup(struct sss_test_conf_param params[], nss_test_ctx->nctx = mock_nctx(nss_test_ctx); assert_non_null(nss_test_ctx->nctx); + ret = sss_names_init(nss_test_ctx->nctx, nss_test_ctx->tctx->confdb, + NULL, &nss_test_ctx->nctx->global_names); + assert_int_equal(ret, EOK); + assert_non_null(nss_test_ctx->nctx->global_names); + nss_test_ctx->rctx = mock_rctx(nss_test_ctx, nss_test_ctx->tctx->ev, nss_test_ctx->tctx->dom, nss_test_ctx->nctx); assert_non_null(nss_test_ctx->rctx); @@ -1075,6 +1091,168 @@ void test_nss_getgrnam_mix_subdom(void **state) assert_int_equal(ret, EOK); } +static int test_nss_well_known_sid_check(uint32_t status, + uint8_t *body, size_t blen) +{ + const char *name; + enum sss_id_type type; + size_t rp = 2 * sizeof(uint32_t); + char *expected_result = sss_mock_ptr_type(char *); + + if (expected_result == NULL) { + assert_int_equal(status, EINVAL); + assert_int_equal(blen, 0); + } else { + assert_int_equal(status, EOK); + + SAFEALIGN_COPY_UINT32(&type, body+rp, &rp); + + name = (char *) body+rp; + + assert_int_equal(type, SSS_ID_TYPE_GID); + assert_string_equal(name, expected_result); + } + + return EOK; +} + +void test_nss_well_known_getnamebysid(void **state) +{ + errno_t ret; + + will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); + will_return(__wrap_sss_packet_get_body, "S-1-5-32-550"); + will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETNAMEBYSID); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + will_return(test_nss_well_known_sid_check, "Print Operators@BUILTIN"); + + set_cmd_cb(test_nss_well_known_sid_check); + ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETNAMEBYSID, + nss_test_ctx->nss_cmds); + assert_int_equal(ret, EOK); + + /* Wait until the test finishes with EOK */ + ret = test_ev_loop(nss_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + +void test_nss_well_known_getnamebysid_special(void **state) +{ + errno_t ret; + + will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); + will_return(__wrap_sss_packet_get_body, "S-1-2-0"); + will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETNAMEBYSID); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + will_return(test_nss_well_known_sid_check, "LOCAL@LOCAL AUTHORITY"); + + set_cmd_cb(test_nss_well_known_sid_check); + ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETNAMEBYSID, + nss_test_ctx->nss_cmds); + assert_int_equal(ret, EOK); + + /* Wait until the test finishes with EOK */ + ret = test_ev_loop(nss_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + +void test_nss_well_known_getnamebysid_non_existing(void **state) +{ + errno_t ret; + + will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); + will_return(__wrap_sss_packet_get_body, "S-1-5-32-123"); + will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETNAMEBYSID); + will_return(test_nss_well_known_sid_check, NULL); + + set_cmd_cb(test_nss_well_known_sid_check); + ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETNAMEBYSID, + nss_test_ctx->nss_cmds); + assert_int_equal(ret, EOK); + + /* Wait until the test finishes with EOK */ + ret = test_ev_loop(nss_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + +void test_nss_well_known_getidbysid_failure(void **state) +{ + errno_t ret; + + will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); + will_return(__wrap_sss_packet_get_body, "S-1-5-32-550"); + will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETIDBYSID); + will_return(test_nss_well_known_sid_check, NULL); + + set_cmd_cb(test_nss_well_known_sid_check); + ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETIDBYSID, + nss_test_ctx->nss_cmds); + assert_int_equal(ret, EOK); + + /* Wait until the test finishes with EOK */ + ret = test_ev_loop(nss_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + +void test_nss_well_known_getsidbyname(void **state) +{ + errno_t ret; + + will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); + will_return(__wrap_sss_packet_get_body, "Cryptographic Operators@BUILTIN"); + will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETSIDBYNAME); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + will_return(test_nss_well_known_sid_check, "S-1-5-32-569"); + + set_cmd_cb(test_nss_well_known_sid_check); + ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETSIDBYNAME, + nss_test_ctx->nss_cmds); + assert_int_equal(ret, EOK); + + /* Wait until the test finishes with EOK */ + ret = test_ev_loop(nss_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + +void test_nss_well_known_getsidbyname_nonexisting(void **state) +{ + errno_t ret; + + will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); + will_return(__wrap_sss_packet_get_body, "Abc@BUILTIN"); + will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETSIDBYNAME); + will_return(test_nss_well_known_sid_check, NULL); + + set_cmd_cb(test_nss_well_known_sid_check); + ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETSIDBYNAME, + nss_test_ctx->nss_cmds); + assert_int_equal(ret, EOK); + + /* Wait until the test finishes with EOK */ + ret = test_ev_loop(nss_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + +void test_nss_well_known_getsidbyname_special(void **state) +{ + errno_t ret; + + will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); + will_return(__wrap_sss_packet_get_body, "CREATOR OWNER@CREATOR AUTHORITY"); + will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETSIDBYNAME); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + will_return(test_nss_well_known_sid_check, "S-1-3-0"); + + set_cmd_cb(test_nss_well_known_sid_check); + ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETSIDBYNAME, + nss_test_ctx->nss_cmds); + assert_int_equal(ret, EOK); + + /* Wait until the test finishes with EOK */ + ret = test_ev_loop(nss_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + void nss_test_setup(void **state) { struct sss_test_conf_param params[] = { @@ -1177,6 +1355,20 @@ int main(int argc, const char *argv[]) nss_subdom_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_mix_subdom, nss_subdom_test_setup, nss_test_teardown), + unit_test_setup_teardown(test_nss_well_known_getnamebysid, + nss_test_setup, nss_test_teardown), + unit_test_setup_teardown(test_nss_well_known_getnamebysid_special, + nss_test_setup, nss_test_teardown), + unit_test_setup_teardown(test_nss_well_known_getnamebysid_non_existing, + nss_test_setup, nss_test_teardown), + unit_test_setup_teardown(test_nss_well_known_getidbysid_failure, + nss_test_setup, nss_test_teardown), + unit_test_setup_teardown(test_nss_well_known_getsidbyname, + nss_test_setup, nss_test_teardown), + unit_test_setup_teardown(test_nss_well_known_getsidbyname_nonexisting, + nss_test_setup, nss_test_teardown), + unit_test_setup_teardown(test_nss_well_known_getsidbyname_special, + nss_test_setup, nss_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ |