summaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-07-29 15:03:14 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-08-01 07:28:06 -0400
commita72e9289fe001c85a17acd667ca31d692fd99605 (patch)
treebcf76461776b7196b67823578e7a1a81810ca530 /src/tests
parentf76725bbf87de0ac109a1a5b9898fc67ed2afa59 (diff)
downloadsssd-a72e9289fe001c85a17acd667ca31d692fd99605.tar.gz
sssd-a72e9289fe001c85a17acd667ca31d692fd99605.tar.xz
sssd-a72e9289fe001c85a17acd667ca31d692fd99605.zip
Add rule validator to libipa_hbac
https://fedorahosted.org/sssd/ticket/943
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/ipa_hbac-tests.c115
1 files changed, 115 insertions, 0 deletions
diff --git a/src/tests/ipa_hbac-tests.c b/src/tests/ipa_hbac-tests.c
index d3d803875..330e49e7c 100644
--- a/src/tests/ipa_hbac-tests.c
+++ b/src/tests/ipa_hbac-tests.c
@@ -188,6 +188,8 @@ START_TEST(ipa_hbac_test_allow_all)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -208,6 +210,11 @@ START_TEST(ipa_hbac_test_allow_all)
fail_if(rules[0]->name == NULL);
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -228,6 +235,8 @@ START_TEST(ipa_hbac_test_allow_user)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -258,6 +267,11 @@ START_TEST(ipa_hbac_test_allow_user)
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -270,6 +284,11 @@ START_TEST(ipa_hbac_test_allow_user)
/* Negative test */
rules[0]->users->names[0] = HBAC_TEST_INVALID_USER;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_DENY,
@@ -290,6 +309,8 @@ START_TEST(ipa_hbac_test_allow_utf8)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -343,6 +364,11 @@ START_TEST(ipa_hbac_test_allow_utf8)
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -369,6 +395,11 @@ START_TEST(ipa_hbac_test_allow_utf8)
eval_req->user->name = (const char *) &user_lowcase_tr;
rules[0]->users->names[0] = (const char *) &user_upcase_tr;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_DENY,
@@ -389,6 +420,8 @@ START_TEST(ipa_hbac_test_allow_group)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -420,6 +453,11 @@ START_TEST(ipa_hbac_test_allow_group)
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -432,6 +470,11 @@ START_TEST(ipa_hbac_test_allow_group)
/* Negative test */
rules[0]->users->groups[0] = HBAC_TEST_INVALID_GROUP;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_DENY,
@@ -452,6 +495,8 @@ START_TEST(ipa_hbac_test_allow_svc)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -482,6 +527,11 @@ START_TEST(ipa_hbac_test_allow_svc)
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -494,6 +544,11 @@ START_TEST(ipa_hbac_test_allow_svc)
/* Negative test */
rules[0]->services->names[0] = HBAC_TEST_INVALID_SERVICE;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_DENY,
@@ -514,6 +569,8 @@ START_TEST(ipa_hbac_test_allow_svcgroup)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -545,6 +602,11 @@ START_TEST(ipa_hbac_test_allow_svcgroup)
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -557,6 +619,11 @@ START_TEST(ipa_hbac_test_allow_svcgroup)
/* Negative test */
rules[0]->services->groups[0] = HBAC_TEST_INVALID_SERVICEGROUP;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_DENY,
@@ -577,6 +644,8 @@ START_TEST(ipa_hbac_test_allow_srchost)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -607,6 +676,11 @@ START_TEST(ipa_hbac_test_allow_srchost)
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -619,6 +693,11 @@ START_TEST(ipa_hbac_test_allow_srchost)
/* Negative test */
rules[0]->srchosts->names[0] = HBAC_TEST_INVALID_SRCHOST;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_DENY,
@@ -639,6 +718,8 @@ START_TEST(ipa_hbac_test_allow_srchostgroup)
struct hbac_rule **rules;
struct hbac_eval_req *eval_req;
struct hbac_info *info;
+ bool is_valid;
+ uint32_t missing_attrs;
test_ctx = talloc_new(global_talloc_context);
@@ -670,6 +751,11 @@ START_TEST(ipa_hbac_test_allow_srchostgroup)
rules[1] = NULL;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_ALLOW,
@@ -682,6 +768,11 @@ START_TEST(ipa_hbac_test_allow_srchostgroup)
/* Negative test */
rules[0]->srchosts->groups[0] = HBAC_TEST_INVALID_SRCHOSTGROUP;
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
+ fail_unless(is_valid);
+ fail_unless(missing_attrs == 0);
+
/* Evaluate the rules */
result = hbac_evaluate(rules, eval_req, &info);
fail_unless(result == HBAC_EVAL_DENY,
@@ -695,6 +786,29 @@ START_TEST(ipa_hbac_test_allow_srchostgroup)
}
END_TEST
+START_TEST(ipa_hbac_test_incomplete)
+{
+ TALLOC_CTX *test_ctx;
+ struct hbac_rule *rule;
+ bool is_valid;
+ uint32_t missing_attrs;
+
+ test_ctx = talloc_new(global_talloc_context);
+
+ rule = talloc_zero(test_ctx, struct hbac_rule);
+
+ /* Validate this rule */
+ is_valid = hbac_rule_is_complete(rule, &missing_attrs);
+ fail_if(is_valid);
+ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_USERS);
+ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SERVICES);
+ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_TARGETHOSTS);
+ fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SOURCEHOSTS);
+
+ talloc_free(test_ctx);
+}
+END_TEST
+
Suite *hbac_test_suite (void)
{
Suite *s = suite_create ("HBAC");
@@ -712,6 +826,7 @@ Suite *hbac_test_suite (void)
tcase_add_test(tc_hbac, ipa_hbac_test_allow_srchost);
tcase_add_test(tc_hbac, ipa_hbac_test_allow_srchostgroup);
tcase_add_test(tc_hbac, ipa_hbac_test_allow_utf8);
+ tcase_add_test(tc_hbac, ipa_hbac_test_incomplete);
suite_add_tcase(s, tc_hbac);
return s;