1 files changed, 156 insertions, 0 deletions

diff --git a/src/tests/cwrap/test_become_user.c b/src/tests/cwrap/test_become_user.c
new file mode 100644
index 000000000..06d3ad425
--- /dev/null
+++ b/src/tests/cwrap/test_become_user.c
@@ -0,0 +1,156 @@
+/*
+    Authors:
+        Jakub Hrozek <jhrozek@redhat.com>
+
+    Copyright (C) 2014 Red Hat
+
+    SSSD tests: User switching
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Yes, a .c file. We need to call static functions during the test */
+#include "../../../src/util/become_user.c"
+
+#include <popt.h>
+#include "util/util.h"
+#include "tests/cmocka/common_mock.h"
+
+void test_become_user(void **state)
+{
+    struct passwd *sssd;
+    errno_t ret;
+    pid_t pid, wpid;
+    int status;
+
+    /* Must root as root, real or fake */
+    assert_int_equal(geteuid(), 0);
+
+    sssd = getpwnam("sssd");
+    assert_non_null(sssd);
+
+    pid = fork();
+    if (pid == 0) {
+        /* Change the UID in a child */
+        ret = become_user(sssd->pw_uid, sssd->pw_gid);
+        assert_int_equal(ret, EOK);
+
+        /* Make sure we have the requested UID and GID now and there
+         * are no supplementary groups
+         */
+        assert_int_equal(geteuid(), sssd->pw_uid);
+        assert_int_equal(getegid(), sssd->pw_gid);
+        assert_int_equal(getuid(), sssd->pw_uid);
+        assert_int_equal(getgid(), sssd->pw_gid);
+
+        /* Another become_user is a no-op */
+        ret = become_user(sssd->pw_uid, sssd->pw_gid);
+        assert_int_equal(ret, EOK);
+
+        assert_int_equal(getgroups(0, NULL), 0);
+        exit(0);
+    }
+
+    assert_int_not_equal(pid, -1);
+
+    wpid = waitpid(pid, &status, 0);
+    assert_int_equal(wpid, pid);
+    assert_true(WIFEXITED(status));
+    assert_int_equal(WEXITSTATUS(status), 0);
+}
+
+void test_switch_user(void **state)
+{
+    errno_t ret;
+    struct passwd *sssd;
+    TALLOC_CTX *tmp_ctx;
+    struct sss_creds *saved_creds;
+
+    check_leaks_push(global_talloc_context);
+    tmp_ctx = talloc_new(global_talloc_context);
+    assert_non_null(tmp_ctx);
+
+    /* Must root as root, real or fake */
+    assert_int_equal(geteuid(), 0);
+
+    sssd = getpwnam("sssd");
+    assert_non_null(sssd);
+
+    check_leaks_push(tmp_ctx);
+
+    ret = switch_creds(tmp_ctx, sssd->pw_uid, sssd->pw_gid,
+                       0, NULL, &saved_creds);
+    assert_int_equal(ret, EOK);
+    assert_int_equal(geteuid(), sssd->pw_uid);
+    assert_int_equal(getegid(), sssd->pw_gid);
+    /* Only effective UID is changed.. */
+    assert_int_equal(getuid(), 0);
+    assert_int_equal(getgid(), 0);
+
+    assert_non_null(saved_creds);
+    assert_int_equal(saved_creds->uid, 0);
+    assert_int_equal(saved_creds->gid, 0);
+
+    /* restore root */
+    ret = restore_creds(saved_creds);
+    assert_int_equal(ret, EOK);
+    assert_int_equal(geteuid(), 0);
+    assert_int_equal(getegid(), 0);
+    assert_int_equal(getuid(), 0);
+    assert_int_equal(getgid(), 0);
+
+    talloc_free(saved_creds);
+    check_leaks_pop(tmp_ctx);
+    talloc_free(tmp_ctx);
+    check_leaks_pop(global_talloc_context);
+}
+
+int main(int argc, const char *argv[])
+{
+    poptContext pc;
+    int opt;
+    struct poptOption long_options[] = {
+        POPT_AUTOHELP
+        SSSD_DEBUG_OPTS
+        POPT_TABLEEND
+    };
+
+    const UnitTest tests[] = {
+        unit_test(test_become_user),
+        unit_test(test_switch_user),
+    };
+
+    /* Set debug level to invalid value so we can deside if -d 0 was used. */
+    debug_level = SSSDBG_INVALID;
+
+    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+    while((opt = poptGetNextOpt(pc)) != -1) {
+        switch(opt) {
+        default:
+            fprintf(stderr, "\nInvalid option %s: %s\n\n",
+                    poptBadOption(pc, 0), poptStrerror(opt));
+            poptPrintUsage(pc, stderr, 0);
+            return 1;
+        }
+    }
+    poptFreeContext(pc);
+
+    DEBUG_CLI_INIT(debug_level);
+
+    /* Even though normally the tests should clean up after themselves
+     * they might not after a failed run. Remove the old db to be sure */
+    tests_set_cwd();
+
+    return run_tests(tests);
+}