diff options
-rw-r--r-- | Makefile.am | 17 | ||||
-rw-r--r-- | src/providers/ad/ad_common.c | 6 | ||||
-rw-r--r-- | src/providers/ad/ad_common.h | 6 | ||||
-rw-r--r-- | src/providers/ad/ad_subdomains.c | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains_server.c | 4 | ||||
-rw-r--r-- | src/tests/cmocka/test_ad_common.c | 151 |
6 files changed, 150 insertions, 36 deletions
diff --git a/Makefile.am b/Makefile.am index ae44549ac..2904ce776 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2126,23 +2126,30 @@ ad_gpo_tests_LDADD = \ ad_common_tests_SOURCES = \ $(sssd_be_SOURCES) \ - src/tests/cmocka/test_ad_common.c + $(libsss_krb5_common_la_SOURCES) \ + src/tests/cmocka/common_mock_krb5.c \ + src/tests/cmocka/test_ad_common.c \ + $(NULL) ad_common_tests_CFLAGS = \ $(AM_CFLAGS) \ - -DUNIT_TESTING + -DUNIT_TESTING \ + $(NULL) ad_common_tests_LDFLAGS = \ - -Wl,-wrap,sdap_set_sasl_options + -Wl,-wrap,sdap_set_sasl_options \ + -Wl,-wrap,krb5_kt_default \ + $(NULL) ad_common_tests_LDADD = \ $(PAM_LIBS) \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ + $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_ldap_common.la \ libsss_idmap.la \ - libsss_krb5_common.la \ - libsss_test_common.la + libsss_test_common.la \ + $(NULL) dp_opt_tests_SOURCES = \ src/providers/data_provider_opts.c \ diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 4ae08c5a1..e945958fc 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -108,9 +108,9 @@ fail: } struct ad_options * -ad_create_default_options(TALLOC_CTX *mem_ctx, - const char *realm, - const char *hostname) +ad_create_2way_trust_options(TALLOC_CTX *mem_ctx, + const char *realm, + const char *hostname) { struct ad_options *ad_options; errno_t ret; diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index dcd70bf94..5be2bcd84 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -103,9 +103,9 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, struct ad_options **_opts); -struct ad_options *ad_create_default_options(TALLOC_CTX *mem_ctx, - const char *realm, - const char *hostname); +struct ad_options *ad_create_2way_trust_options(TALLOC_CTX *mem_ctx, + const char *realm, + const char *hostname); errno_t ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index d889dfb6d..f67d49a85 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -115,7 +115,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, return EINVAL; } - ad_options = ad_create_default_options(id_ctx, realm, hostname); + ad_options = ad_create_2way_trust_options(id_ctx, realm, hostname); if (ad_options == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD options\n"); talloc_free(ad_options); diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c index 03a2c579e..f20160f4b 100644 --- a/src/providers/ipa/ipa_subdomains_server.c +++ b/src/providers/ipa/ipa_subdomains_server.c @@ -144,8 +144,8 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, errno_t ret; const char *extra_attrs; - ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm, - id_ctx->server_mode->hostname); + ad_options = ad_create_2way_trust_options(id_ctx, id_ctx->server_mode->realm, + id_ctx->server_mode->hostname); if (ad_options == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD options\n"); talloc_free(ad_options); diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c index 1c44bc34b..0013d7833 100644 --- a/src/tests/cmocka/test_ad_common.c +++ b/src/tests/cmocka/test_ad_common.c @@ -33,12 +33,24 @@ #include "providers/ad/ad_common.c" #include "tests/cmocka/common_mock.h" +#include "tests/cmocka/common_mock_krb5.h" #define DOMNAME "domname" #define SUBDOMNAME "sub."DOMNAME #define REALMNAME DOMNAME #define HOST_NAME "ad."REALMNAME +#define TEST_AUTHID "host/"HOST_NAME +#define KEYTAB_TEST_PRINC TEST_AUTHID"@"REALMNAME +#define KEYTAB_PATH TEST_DIR"/keytab_test.keytab" + +static bool call_real_sasl_options; + +krb5_error_code __wrap_krb5_kt_default(krb5_context context, krb5_keytab *id) +{ + return krb5_kt_resolve(context, KEYTAB_PATH, id); +} + struct ad_common_test_ctx { struct ad_id_ctx *ad_ctx; struct ad_id_ctx *subdom_ad_ctx; @@ -47,15 +59,9 @@ struct ad_common_test_ctx { struct sss_domain_info *subdom; }; -static int -ad_common_test_setup(void **state) +static int test_ad_common_setup(void **state) { struct ad_common_test_ctx *test_ctx; - errno_t ret; - struct sdap_domain *sdom; - struct ad_id_ctx *ad_ctx; - struct ad_id_ctx *subdom_ad_ctx; - struct sdap_id_conn_ctx *subdom_ldap_ctx; assert_true(leak_check_setup()); check_leaks_push(global_talloc_context); @@ -72,11 +78,96 @@ ad_common_test_setup(void **state) test_ctx->subdom->name = discard_const(SUBDOMNAME); test_ctx->subdom->parent = test_ctx->dom; - ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx); - assert_non_null(ad_ctx); + test_ctx->ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx); + assert_non_null(test_ctx->ad_ctx); + + check_leaks_push(test_ctx); + *state = test_ctx; + return 0; +} + +static int test_ad_common_teardown(void **state) +{ + struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, + struct ad_common_test_ctx); + assert_non_null(test_ctx); + + assert_true(check_leaks_pop(test_ctx) == true); + talloc_free(test_ctx); + assert_true(check_leaks_pop(global_talloc_context) == true); + assert_true(leak_check_teardown()); + + return 0; +} - ad_ctx->ad_options = ad_create_default_options(ad_ctx, - REALMNAME, HOST_NAME); +static void test_ad_create_2way_trust_options(void **state) +{ + struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, + struct ad_common_test_ctx); + const char *s; + + call_real_sasl_options = true; + mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC); + + test_ctx->ad_ctx->ad_options = ad_create_2way_trust_options( + test_ctx->ad_ctx, + REALMNAME, + HOST_NAME); + assert_non_null(test_ctx->ad_ctx->ad_options); + + assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type, + SDAP_SCHEMA_AD); + + s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, + AD_KRB5_REALM); + assert_non_null(s); + assert_string_equal(s, REALMNAME); + + s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, + AD_HOSTNAME); + assert_non_null(s); + assert_string_equal(s, HOST_NAME); + + s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, + SDAP_KRB5_KEYTAB); + assert_null(s); /* This is the system keytab */ + + s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, + SDAP_SASL_REALM); + assert_non_null(s); + assert_string_equal(s, REALMNAME); + + s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, + SDAP_KRB5_REALM); + assert_non_null(s); + assert_string_equal(s, REALMNAME); + + s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, + SDAP_SASL_AUTHID); + assert_non_null(s); + assert_string_equal(s, TEST_AUTHID); + + talloc_free(test_ctx->ad_ctx->ad_options); +} + +static int +test_ldap_conn_setup(void **state) +{ + struct ad_common_test_ctx *test_ctx; + errno_t ret; + struct sdap_domain *sdom; + struct ad_id_ctx *ad_ctx; + struct ad_id_ctx *subdom_ad_ctx; + struct sdap_id_conn_ctx *subdom_ldap_ctx; + + ret = test_ad_common_setup((void **) &test_ctx); + assert_int_equal(ret, EOK); + + ad_ctx = test_ctx->ad_ctx; + + ad_ctx->ad_options = ad_create_2way_trust_options(ad_ctx, + REALMNAME, + HOST_NAME); assert_non_null(ad_ctx->ad_options); ad_ctx->gc_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx); @@ -107,35 +198,48 @@ ad_common_test_setup(void **state) assert_int_equal(ret, EOK); sdom->pvt = subdom_ad_ctx; - test_ctx->ad_ctx = ad_ctx; test_ctx->subdom_ad_ctx = subdom_ad_ctx; - check_leaks_push(test_ctx); *state = test_ctx; return 0; } static int -ad_common_test_teardown(void **state) +test_ldap_conn_teardown(void **state) { struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); - assert_true(check_leaks_pop(test_ctx) == true); - talloc_free(test_ctx); - assert_true(check_leaks_pop(global_talloc_context) == true); - assert_true(leak_check_teardown()); + talloc_free(test_ctx->subdom_ad_ctx); + talloc_free(test_ctx->ad_ctx->ad_options); + talloc_free(test_ctx->ad_ctx->gc_ctx); + talloc_free(test_ctx->ad_ctx->ldap_ctx); + talloc_free(test_ctx->ad_ctx->sdap_id_ctx); + + test_ad_common_teardown((void **) &test_ctx); return 0; } errno_t +__real_sdap_set_sasl_options(struct sdap_options *id_opts, + char *default_primary, + char *default_realm, + const char *keytab_path); +errno_t __wrap_sdap_set_sasl_options(struct sdap_options *id_opts, char *default_primary, char *default_realm, const char *keytab_path) { /* Pretend SASL is fine */ + if (call_real_sasl_options == true) { + return __real_sdap_set_sasl_options(id_opts, + default_primary, + default_realm, + keytab_path); + } + return EOK; } @@ -214,12 +318,15 @@ int main(int argc, const char *argv[]) }; const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(test_ad_create_2way_trust_options, + test_ad_common_setup, + test_ad_common_teardown), cmocka_unit_test_setup_teardown(test_ldap_conn_list, - ad_common_test_setup, - ad_common_test_teardown), + test_ldap_conn_setup, + test_ldap_conn_teardown), cmocka_unit_test_setup_teardown(test_conn_list, - ad_common_test_setup, - ad_common_test_teardown), + test_ldap_conn_setup, + test_ldap_conn_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ |