diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-06 14:12:11 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-06-03 13:31:25 +0200 |
| commit | 2c3fa3a3264c957957db48c6c488049b6cf8b7a1 (patch) | |
| tree | 5896b953c18d80bfce6657212400590829a818e3 /src/tests | |
| parent | f0875d13c3bd4766eea72b054365abfb9fd610a4 (diff) | |
| download | sssd-2c3fa3a3264c957957db48c6c488049b6cf8b7a1.tar.gz sssd-2c3fa3a3264c957957db48c6c488049b6cf8b7a1.tar.xz sssd-2c3fa3a3264c957957db48c6c488049b6cf8b7a1.zip | |
IFP: use a list of allowed_uids for authentication
Similar to the PAC responder, the InfoPipe uses a list of UIDs that are
allowed to communicate with the IFP responder.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stef Walter <stefw@redhat.com>
(cherry picked from commit 3660f49f81e4db07be66fe0887af9d62065f1f2c)
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/cmocka/test_ifp.c | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/src/tests/cmocka/test_ifp.c b/src/tests/cmocka/test_ifp.c index 161f8ffe4..188508bcb 100644 --- a/src/tests/cmocka/test_ifp.c +++ b/src/tests/cmocka/test_ifp.c @@ -24,6 +24,7 @@ #include "db/sysdb.h" #include "tests/cmocka/common_mock.h" +#include "tests/cmocka/common_mock_resp.h" #include "responder/ifp/ifp_private.h" #include "sbus/sssd_dbus_private.h" @@ -35,6 +36,14 @@ mock_ifp_ctx(TALLOC_CTX *mem_ctx) ifp_ctx = talloc_zero(mem_ctx, struct ifp_ctx); assert_non_null(ifp_ctx); + ifp_ctx->rctx = mock_rctx(ifp_ctx, NULL, NULL, NULL); + assert_non_null(ifp_ctx->rctx); + + ifp_ctx->rctx->allowed_uids = talloc_array(ifp_ctx->rctx, uint32_t, 1); + assert_non_null(ifp_ctx->rctx->allowed_uids); + ifp_ctx->rctx->allowed_uids[0] = geteuid(); + ifp_ctx->rctx->allowed_uids_count = 1; + ifp_ctx->sysbus = talloc_zero(ifp_ctx, struct sysbus_ctx); assert_non_null(ifp_ctx->sysbus); @@ -45,7 +54,7 @@ mock_ifp_ctx(TALLOC_CTX *mem_ctx) } static struct sbus_request * -mock_sbus_request(TALLOC_CTX *mem_ctx) +mock_sbus_request(TALLOC_CTX *mem_ctx, uid_t client) { struct sbus_request *sr; @@ -59,6 +68,8 @@ mock_sbus_request(TALLOC_CTX *mem_ctx) assert_non_null(sr->message); dbus_message_set_serial(sr->message, 1); + sr->client = client; + return sr; } @@ -75,7 +86,7 @@ void ifp_test_req_create(void **state) assert_non_null(ifp_ctx); check_leaks_push(ifp_ctx); - sr = mock_sbus_request(ifp_ctx); + sr = mock_sbus_request(ifp_ctx, geteuid()); assert_non_null(sr); check_leaks_push(sr); @@ -92,6 +103,32 @@ void ifp_test_req_create(void **state) assert_true(leak_check_teardown()); } +void ifp_test_req_wrong_uid(void **state) +{ + struct ifp_req *ireq; + struct sbus_request *sr; + struct ifp_ctx *ifp_ctx; + errno_t ret; + + assert_true(leak_check_setup()); + + ifp_ctx = mock_ifp_ctx(global_talloc_context); + assert_non_null(ifp_ctx); + check_leaks_push(ifp_ctx); + + sr = mock_sbus_request(ifp_ctx, geteuid()+1); + assert_non_null(sr); + + ret = ifp_req_create(sr, ifp_ctx, &ireq); + assert_int_equal(ret, EACCES); + talloc_free(sr); + + assert_true(check_leaks_pop(ifp_ctx) == true); + talloc_free(ifp_ctx); + + assert_true(leak_check_teardown()); +} + void test_path_prefix(void **state) { const char *prefix = "foo"; @@ -111,7 +148,7 @@ void test_el_to_dict(void **state) char *attr_name; char *attr_val; - sr = mock_sbus_request(global_talloc_context); + sr = mock_sbus_request(global_talloc_context, geteuid()); assert_non_null(sr); el = talloc(sr, struct ldb_message_element); @@ -181,6 +218,7 @@ int main(int argc, const char *argv[]) const UnitTest tests[] = { unit_test(ifp_test_req_create), + unit_test(ifp_test_req_wrong_uid), unit_test(test_path_prefix), unit_test(test_el_to_dict), }; |