Clean up initgroups processing for RFC2307

Instead of recursively updating all users of each group the user
being queried belongs to, just add or remove membership for the
requested user.

Resolves: rhbz#617623

2 files changed, 426 insertions, 0 deletions

diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 8557be5ad..5bdc00547 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -3124,6 +3124,200 @@ START_TEST (test_sysdb_memberof_check_memberuid_loop_without_group_5)
 }
 END_TEST
 
+START_TEST (test_sysdb_attrs_to_list)
+{
+    struct sysdb_attrs *attrs_list[3];
+    char **list;
+    errno_t ret;
+
+    TALLOC_CTX *test_ctx = talloc_new(NULL);
+
+    attrs_list[0] = sysdb_new_attrs(test_ctx);
+    sysdb_attrs_add_string(attrs_list[0], "test_attr", "attr1");
+    attrs_list[1] = sysdb_new_attrs(test_ctx);
+    sysdb_attrs_add_string(attrs_list[1], "test_attr", "attr2");
+    attrs_list[2] = sysdb_new_attrs(test_ctx);
+    sysdb_attrs_add_string(attrs_list[2], "nottest_attr", "attr3");
+
+    ret = sysdb_attrs_to_list(test_ctx, attrs_list, 3,
+                              "test_attr", &list);
+    fail_unless(ret == EOK, "sysdb_attrs_to_list failed with code %d", ret);
+
+    fail_unless(strcmp(list[0],"attr1") == 0, "Expected [attr1], got [%s]",
+                                              list[0]);
+    fail_unless(strcmp(list[1],"attr2") == 0, "Expected [attr2], got [%s]",
+                                              list[1]);
+    fail_unless(list[2] == NULL, "List should be NULL-terminated");
+
+    talloc_free(test_ctx);
+}
+END_TEST
+
+static void test_sysdb_update_members_add(struct tevent_req *req);
+START_TEST (test_sysdb_update_members)
+{
+    struct sysdb_test_ctx *test_ctx;
+    struct test_data *data;
+    struct tevent_req *req;
+    int ret;
+
+    /* Setup */
+    ret = setup_sysdb_tests(&test_ctx);
+    if (ret != EOK) {
+        fail("Could not set up the test");
+        return;
+    }
+
+    data = talloc_zero(test_ctx, struct test_data);
+    data->ctx = test_ctx;
+    data->ev = test_ctx->ev;
+
+    /* Start the transaction */
+    req = sysdb_transaction_send(data, data->ev, test_ctx->sysdb);
+    if (!req) {
+        ret = ENOMEM;
+    }
+
+    if (ret == EOK) {
+        tevent_req_set_callback(req, test_sysdb_update_members_add, data);
+
+        ret = test_loop(data);
+    }
+
+    fail_if(ret != EOK, "Could not test sysdb_update_members");
+    talloc_free(test_ctx);
+}
+END_TEST
+
+static void test_sysdb_update_members_add_del(struct tevent_req *req);
+static void test_sysdb_update_members_add(struct tevent_req *req)
+{
+    struct test_data *data = tevent_req_callback_data(req, struct test_data);
+    char **add_groups;
+    char *user;
+    errno_t ret;
+
+    ret = sysdb_transaction_recv(req, data, &data->handle);
+    talloc_zfree(req);
+    if (ret != EOK) {
+        DEBUG(0, ("Could not start transaction\n"));
+        test_return(data, ret);
+        return;
+    }
+
+    /* Add a user to two groups */
+    data->username = talloc_strdup(data, "testuser27000");
+    user = talloc_strdup(data, data->username);
+    add_groups = talloc_array(data, char *, 3);
+    add_groups[0] = talloc_strdup(data, "testgroup28001");
+    add_groups[1] = talloc_strdup(data, "testgroup28002");
+    add_groups[2] = NULL;
+
+    req = sysdb_update_members_send(data, data->ev, data->handle,
+                                    data->ctx->domain, user,
+                                    add_groups, NULL);
+    talloc_free(add_groups);
+    talloc_free(user);
+    if (!req) {
+        DEBUG(0, ("Could not add groups\n"));
+        test_return(data, EIO);
+        return;
+    }
+
+    tevent_req_set_callback(req, test_sysdb_update_members_add_del, data);
+}
+
+static void test_sysdb_update_members_del(struct tevent_req *req);
+static void test_sysdb_update_members_add_del(struct tevent_req *req)
+{
+    struct test_data *data = tevent_req_callback_data(req, struct test_data);
+    errno_t ret;
+    char **add_groups = NULL;
+    char **del_groups = NULL;
+    char *user;
+
+    ret = sysdb_update_members_recv(req);
+    talloc_zfree(req);
+    if (ret != EOK) {
+        DEBUG(0, ("Group addition failed [%d](%s)\n", ret, strerror(ret)));
+        test_return(data, ret);
+        return;
+    }
+
+    /* Remove a user from one group and add to another */
+    user = talloc_strdup(data, data->username);
+    del_groups = talloc_array(data, char *, 2);
+    del_groups[0] = talloc_strdup(del_groups, "testgroup28001");
+    del_groups[1] = NULL;
+    add_groups = talloc_array(data, char *, 2);
+    add_groups[0] = talloc_strdup(add_groups, "testgroup28003");
+    add_groups[1] = NULL;
+
+    req = sysdb_update_members_send(data, data->ev, data->handle,
+                                    data->ctx->domain, user,
+                                    add_groups, del_groups);
+    talloc_free(add_groups);
+    talloc_free(del_groups);
+    talloc_free(user);
+    if (!req) {
+        DEBUG(0, ("Could not add/del groups\n"));
+        test_return(data, EIO);
+        return;
+    }
+
+    tevent_req_set_callback(req, test_sysdb_update_members_del, data);
+}
+
+static void test_sysdb_update_members_done(struct tevent_req *req);
+static void test_sysdb_update_members_del(struct tevent_req *req)
+{
+    struct test_data *data = tevent_req_callback_data(req, struct test_data);
+    errno_t ret;
+    char **del_groups = NULL;
+    char *user;
+
+    ret = sysdb_update_members_recv(req);
+    talloc_zfree(req);
+    if (ret != EOK) {
+        DEBUG(0, ("Group replace failed [%d](%s)\n", ret, strerror(ret)));
+        test_return(data, EIO);
+        return;
+    }
+
+    /* Remove a user from one group and add to another */
+    user = talloc_strdup(data, data->username);
+    del_groups = talloc_array(data, char *, 3);
+    del_groups[0] = talloc_strdup(del_groups, "testgroup28002");
+    del_groups[1] = talloc_strdup(del_groups, "testgroup28003");
+    del_groups[2] = NULL;
+
+    req = sysdb_update_members_send(data, data->ev, data->handle,
+                                    data->ctx->domain, user,
+                                    NULL, del_groups);
+    talloc_free(del_groups);
+    talloc_free(user);
+    if (!req) {
+        DEBUG(0, ("Could not del groups\n"));
+        test_return(data, EIO);
+        return;
+    }
+
+    tevent_req_set_callback(req, test_sysdb_update_members_done, data);
+}
+
+static void test_sysdb_update_members_done(struct tevent_req *req)
+{
+    struct test_data *data = tevent_req_callback_data(req, struct test_data);
+    errno_t ret;
+
+    ret = sysdb_update_members_recv(req);
+    talloc_zfree(req);
+    if (ret != EOK) {
+        DEBUG(0, ("Group delete failed [%d](%s)\n", ret, strerror(ret)));
+    }
+    test_return(data, ret);
+}
+
 Suite *create_sysdb_suite(void)
 {
     Suite *s = suite_create("sysdb");
@@ -3148,6 +3342,9 @@ Suite *create_sysdb_suite(void)
     /* test the change */
     tcase_add_loop_test(tc_sysdb, test_sysdb_get_user_attr, 27000, 27010);
 
+    /* Add and remove users in a group with sysdb_update_members */
+    tcase_add_test(tc_sysdb, test_sysdb_update_members);
+
     /* Remove the other half by gid */
     tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_group_by_gid, 28000, 28010);
 
@@ -3233,6 +3430,8 @@ Suite *create_sysdb_suite(void)
 
     tcase_add_test(tc_sysdb, test_sysdb_attrs_replace_name);
 
+    tcase_add_test(tc_sysdb, test_sysdb_attrs_to_list);
+
 /* Add all test cases to the test suite */
     suite_add_tcase(s, tc_sysdb);
 
diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c
new file mode 100644
index 000000000..d8d3800fd
--- /dev/null
+++ b/src/tests/util-tests.c
@@ -0,0 +1,227 @@
+/*
+    SSSD
+
+    util-tests.c
+
+    Authors:
+        Stephen Gallagher <sgallagh@redhat.com>
+
+    Copyright (C) 2010 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <popt.h>
+#include <talloc.h>
+#include <check.h>
+#include "util/util.h"
+#include "tests/common.h"
+
+START_TEST(test_diff_string_lists)
+{
+    TALLOC_CTX *test_ctx;
+    char **l1;
+    char **l2;
+    char **l3;
+    char **only_l1;
+    char **only_l2;
+    char **both;
+    int ret;
+
+    test_ctx = talloc_new(NULL);
+
+    /* Test with all values returned */
+    l1 = talloc_array(test_ctx, char *, 4);
+    l1[0] = talloc_strdup(l1, "a");
+    l1[1] = talloc_strdup(l1, "b");
+    l1[2] = talloc_strdup(l1, "c");
+    l1[3] = NULL;
+
+    l2 = talloc_array(test_ctx, char *, 4);
+    l2[0] = talloc_strdup(l1, "d");
+    l2[1] = talloc_strdup(l1, "c");
+    l2[2] = talloc_strdup(l1, "b");
+    l2[3] = NULL;
+
+    ret = diff_string_lists(test_ctx,
+                            l1, l2,
+                            &only_l1, &only_l2, &both);
+
+    fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret);
+    fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1");
+    fail_unless(only_l1[1] == NULL, "only_l1 not NULL-terminated");
+    fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"d\" from only_l2");
+    fail_unless(only_l2[1] == NULL, "only_l2 not NULL-terminated");
+    fail_unless(strcmp(both[0], "c") == 0, "Missing \"c\" from both");
+    fail_unless(strcmp(both[1], "b") == 0, "Missing \"b\" from both");
+    fail_unless(both[2] == NULL, "both not NULL-terminated");
+
+    talloc_zfree(only_l1);
+    talloc_zfree(only_l2);
+    talloc_zfree(both);
+
+    /* Test with restricted return values */
+    ret = diff_string_lists(test_ctx,
+                            l1, l2,
+                            &only_l1, &only_l2, NULL);
+
+    fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret);
+    fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1");
+    fail_unless(only_l1[1] == NULL, "only_l1 not NULL-terminated");
+    fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"d\" from only_l2");
+    fail_unless(only_l2[1] == NULL, "only_l2 not NULL-terminated");
+    fail_unless(both == NULL, "Nothing returned to both");
+
+    talloc_zfree(only_l1);
+    talloc_zfree(only_l2);
+    talloc_zfree(both);
+
+    ret = diff_string_lists(test_ctx,
+                            l1, l2,
+                            &only_l1, NULL, NULL);
+
+    fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret);
+    fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1");
+    fail_unless(only_l1[1] == NULL, "only_l1 not NULL-terminated");
+    fail_unless(only_l2 == NULL, "Nothing returned to only_l2");
+    fail_unless(both == NULL, "Nothing returned to both");
+
+    talloc_zfree(only_l1);
+    talloc_zfree(only_l2);
+    talloc_zfree(both);
+
+    ret = diff_string_lists(test_ctx,
+                            l1, l2,
+                            NULL, &only_l2, NULL);
+
+    fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret);
+    fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"d\" from only_l2");
+    fail_unless(only_l2[1] == NULL, "only_l2 not NULL-terminated");
+    fail_unless(only_l1 == NULL, "Nothing returned to only_l1");
+    fail_unless(both == NULL, "Nothing returned to both");
+
+    talloc_zfree(only_l1);
+    talloc_zfree(only_l2);
+    talloc_zfree(both);
+
+    /* Test with no overlap */
+    l3 = talloc_array(test_ctx, char *, 4);
+    l3[0] = talloc_strdup(l1, "d");
+    l3[1] = talloc_strdup(l1, "e");
+    l3[2] = talloc_strdup(l1, "f");
+    l3[3] = NULL;
+
+    ret = diff_string_lists(test_ctx,
+                            l1, l3,
+                            &only_l1, &only_l2, &both);
+
+    fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret);
+    fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1");
+    fail_unless(strcmp(only_l1[1], "b") == 0, "Missing \"b\" from only_l1");
+    fail_unless(strcmp(only_l1[2], "c") == 0, "Missing \"c\" from only_l1");
+    fail_unless(only_l1[3] == NULL, "only_l1 not NULL-terminated");
+    fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"f\" from only_l2");
+    fail_unless(strcmp(only_l2[1], "e") == 0, "Missing \"e\" from only_l2");
+    fail_unless(strcmp(only_l2[2], "f") == 0, "Missing \"d\" from only_l2");
+    fail_unless(only_l2[3] == NULL, "only_l2 not NULL-terminated");
+    fail_unless(both[0] == NULL, "both should have zero entries");
+
+    talloc_zfree(only_l1);
+    talloc_zfree(only_l2);
+    talloc_zfree(both);
+
+    /* Test with 100% overlap */
+    ret = diff_string_lists(test_ctx,
+                            l1, l1,
+                            &only_l1, &only_l2, &both);
+
+    fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret);
+    fail_unless(only_l1[0] == NULL, "only_l1 should have zero entries");
+    fail_unless(only_l2[0] == NULL, "only_l2 should have zero entries");
+    fail_unless(strcmp(both[0], "a") == 0, "Missing \"a\" from both");
+    fail_unless(strcmp(both[1], "b") == 0, "Missing \"b\" from both");
+    fail_unless(strcmp(both[2], "c") == 0, "Missing \"c\" from both");
+    fail_unless(both[3] == NULL, "both is not NULL-terminated");
+
+    talloc_zfree(only_l1);
+    talloc_zfree(only_l2);
+    talloc_zfree(both);
+
+    /* Test with no second list */
+    ret = diff_string_lists(test_ctx,
+                            l1, NULL,
+                            &only_l1, &only_l2, &both);
+
+    fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret);
+    fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1");
+    fail_unless(strcmp(only_l1[1], "b") == 0, "Missing \"b\" from only_l1");
+    fail_unless(strcmp(only_l1[2], "c") == 0, "Missing \"c\" from only_l1");
+    fail_unless(only_l1[3] == NULL, "only_l1 not NULL-terminated");
+    fail_unless(only_l2[0] == NULL, "only_l2 should have zero entries");
+    fail_unless(both[0] == NULL, "both should have zero entries");
+
+    talloc_free(test_ctx);
+}
+END_TEST
+
+Suite *util_suite(void)
+{
+    Suite *s = suite_create("util");
+
+    TCase *tc_util = tcase_create("util");
+
+    tcase_add_test (tc_util, test_diff_string_lists);
+    tcase_set_timeout(tc_util, 60);
+
+    suite_add_tcase (s, tc_util);
+
+    return s;
+}
+
+int main(int argc, const char *argv[])
+{
+    int opt;
+    int failure_count;
+    poptContext pc;
+    Suite *s = util_suite();
+    SRunner *sr = srunner_create (s);
+
+    struct poptOption long_options[] = {
+        POPT_AUTOHELP
+        SSSD_MAIN_OPTS
+        { NULL }
+    };
+
+    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+    while((opt = poptGetNextOpt(pc)) != -1) {
+        switch(opt) {
+        default:
+            fprintf(stderr, "\nInvalid option %s: %s\n\n",
+                    poptBadOption(pc, 0), poptStrerror(opt));
+            poptPrintUsage(pc, stderr, 0);
+            return 1;
+        }
+    }
+    poptFreeContext(pc);
+
+    tests_set_cwd();
+
+    srunner_run_all(sr, CK_ENV);
+    failure_count = srunner_ntests_failed (sr);
+    srunner_free (sr);
+    if (failure_count == 0) {
+        return EXIT_SUCCESS;
+    }
+    return  EXIT_FAILURE;
+}