summaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/simple_access-tests.c361
1 files changed, 261 insertions, 100 deletions
diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c
index 577c6d334..ab2612db8 100644
--- a/src/tests/simple_access-tests.c
+++ b/src/tests/simple_access-tests.c
@@ -27,6 +27,7 @@
#include <check.h>
#include "confdb/confdb.h"
+#include "db/sysdb_private.h"
#include "providers/simple/simple_access.h"
#include "tests/common.h"
@@ -35,16 +36,40 @@
const char *ulist_1[] = {"u1", "u2", NULL};
const char *glist_1[] = {"g1", "g2", NULL};
+const char *glist_1_case[] = {"G1", "G2", NULL};
struct simple_test_ctx *test_ctx = NULL;
struct simple_test_ctx {
struct sysdb_ctx *sysdb;
struct confdb_ctx *confdb;
+ struct tevent_context *ev;
+ bool done;
+ int error;
+ bool access_granted;
struct simple_ctx *ctx;
};
+static int test_loop(struct simple_test_ctx *tctx)
+{
+ while (!tctx->done)
+ tevent_loop_once(tctx->ev);
+
+ return tctx->error;
+}
+
+static void simple_access_check_done(struct tevent_req *req)
+{
+ struct simple_test_ctx *tctx =
+ tevent_req_callback_data(req, struct simple_test_ctx);
+
+
+ tctx->error = simple_access_check_recv(req, &tctx->access_granted);
+ talloc_free(req);
+ tctx->done = true;
+}
+
void setup_simple(void)
{
errno_t ret;
@@ -52,19 +77,22 @@ void setup_simple(void)
const char *val[2];
val[1] = NULL;
- /* Create tests directory if it doesn't exist */
- /* (relative to current dir) */
- ret = mkdir(TESTS_PATH, 0775);
- fail_if(ret == -1 && errno != EEXIST,
- "Could not create %s directory", TESTS_PATH);
-
fail_unless(test_ctx == NULL, "Simple context already initialized.");
test_ctx = talloc_zero(NULL, struct simple_test_ctx);
fail_unless(test_ctx != NULL, "Cannot create simple test context.");
+ test_ctx->ev = tevent_context_init(test_ctx);
+ fail_unless(test_ctx->ev != NULL, "Cannot create tevent context.");
+
test_ctx->ctx = talloc_zero(test_ctx, struct simple_ctx);
fail_unless(test_ctx->ctx != NULL, "Cannot create simple context.");
+ /* Create tests directory if it doesn't exist */
+ /* (relative to current dir) */
+ ret = mkdir(TESTS_PATH, 0775);
+ fail_if(ret == -1 && errno != EEXIST,
+ "Could not create %s directory", TESTS_PATH);
+
conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE);
fail_if(conf_db == NULL, "Out of memory, aborting!");
DEBUG(SSSDBG_TRACE_LIBS, ("CONFDB: %s\n", conf_db));
@@ -98,6 +126,7 @@ void setup_simple(void)
&test_ctx->ctx->domain, &test_ctx->ctx->sysdb);
fail_if(ret != EOK, "Could not initialize connection to the sysdb (%d)", ret);
test_ctx->ctx->domain->case_sensitive = true;
+ test_ctx->ctx->sysdb->mpg = false; /* Simulate an LDAP domain better */
}
void teardown_simple(void)
@@ -117,18 +146,22 @@ void setup_simple_group(void)
/* Add test users u1 and u2 that would be members of test groups
* g1 and g2 respectively */
+ ret = sysdb_add_group(test_ctx->ctx->sysdb,
+ "pvt", 999, NULL, 0, 0);
+ fail_if(ret != EOK, "Could not add private group");
+
ret = sysdb_store_user(test_ctx->ctx->sysdb,
- "u1", NULL, 123, 0, "u1", "/home/u1",
+ "u1", NULL, 123, 999, "u1", "/home/u1",
"/bin/bash", NULL, NULL, NULL, -1, 0);
fail_if(ret != EOK, "Could not add u1");
ret = sysdb_store_user(test_ctx->ctx->sysdb,
- "u2", NULL, 456, 0, "u1", "/home/u1",
+ "u2", NULL, 456, 999, "u1", "/home/u1",
"/bin/bash", NULL, NULL, NULL, -1, 0);
fail_if(ret != EOK, "Could not add u2");
ret = sysdb_store_user(test_ctx->ctx->sysdb,
- "u3", NULL, 789, 0, "u1", "/home/u1",
+ "u3", NULL, 789, 999, "u1", "/home/u1",
"/bin/bash", NULL, NULL, NULL, -1, 0);
fail_if(ret != EOK, "Could not add u3");
@@ -163,190 +196,317 @@ void teardown_simple_group(void)
fail_if(ret != EOK, "Could not delete g1");
ret = sysdb_delete_group(test_ctx->ctx->sysdb, "g2", 0);
fail_if(ret != EOK, "Could not delete g2");
+ ret = sysdb_delete_group(test_ctx->ctx->sysdb, "pvt", 0);
+ fail_if(ret != EOK, "Could not delete pvt");
teardown_simple();
}
START_TEST(test_both_empty)
{
- int ret;
- bool access_granted = false;
+ struct tevent_req *req;
test_ctx->ctx->allow_users = NULL;
test_ctx->ctx->deny_users = NULL;
- ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == true, "Access denied "
- "while both lists are empty.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == true,
+ "Access denied while both lists are empty.");
}
END_TEST
START_TEST(test_allow_empty)
{
- int ret;
- bool access_granted = true;
+ struct tevent_req *req;
test_ctx->ctx->allow_users = NULL;
test_ctx->ctx->deny_users = discard_const(ulist_1);
- ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while user is in deny list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while user is in deny list.");
- ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == true, "Access denied "
- "while user is not in deny list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u3");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == true,
+ "Access denied while user is not in deny list.");
}
END_TEST
START_TEST(test_deny_empty)
{
- int ret;
- bool access_granted = false;
+ struct tevent_req *req;
test_ctx->ctx->allow_users = discard_const(ulist_1);
test_ctx->ctx->deny_users = NULL;
- ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == true, "Access denied "
- "while user is in allow list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == true,
+ "Access denied while user is in allow list.");
- ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while user is not in allow list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u3");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while user is not in allow list.");
}
END_TEST
START_TEST(test_both_set)
{
- int ret;
- bool access_granted = false;
+ struct tevent_req *req;
test_ctx->ctx->allow_users = discard_const(ulist_1);
test_ctx->ctx->deny_users = discard_const(ulist_1);
- ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while user is in deny list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while user is in deny list.");
- ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while user is not in allow list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u3");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while user is not in allow list.");
}
END_TEST
START_TEST(test_case)
{
- int ret;
- bool access_granted = false;
+ struct tevent_req *req;
test_ctx->ctx->allow_users = discard_const(ulist_1);
test_ctx->ctx->deny_users = NULL;
- ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "for user with different case "
- "in case-sensitive domain");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "U1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted for user with different case "
+ "in case-sensitive domain");
test_ctx->ctx->domain->case_sensitive = false;
- ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == true, "Access denied "
- "for user with different case "
- "in case-insensitive domain");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "U1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == true,
+ "Access denied for user with different case "
+ "in case-sensitive domain");
+}
+END_TEST
+
+START_TEST(test_unknown_user)
+{
+ struct tevent_req *req;
+
+ test_ctx->ctx->allow_users = discard_const(ulist_1);
+ test_ctx->ctx->deny_users = NULL;
+
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "foo");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted for user not present in domain");
}
END_TEST
+
START_TEST(test_group_allow_empty)
{
- int ret;
- bool access_granted = true;
+ struct tevent_req *req;
test_ctx->ctx->allow_groups = NULL;
test_ctx->ctx->deny_groups = discard_const(glist_1);
- ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while group is in deny list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
- ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == true, "Access denied "
- "while group is not in deny list.");
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while group is in deny list.");
+
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u3");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == true,
+ "Access denied while group is not in deny list.");
}
END_TEST
START_TEST(test_group_deny_empty)
{
- int ret;
- bool access_granted = false;
+ struct tevent_req *req;
test_ctx->ctx->allow_groups = discard_const(glist_1);
test_ctx->ctx->deny_groups = NULL;
- ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == true, "Access denied "
- "while group is in allow list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
- ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while group is not in allow list.");
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == true,
+ "Access denied while user is in allow list.");
+
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u3");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while user is not in allow list.");
}
END_TEST
START_TEST(test_group_both_set)
{
- int ret;
- bool access_granted = false;
+ struct tevent_req *req;
test_ctx->ctx->allow_groups = discard_const(ulist_1);
test_ctx->ctx->deny_groups = discard_const(ulist_1);
- ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while group is in deny list.");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
- ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "while group is not in allow list.");
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while user is in deny list.");
+
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "u3");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted while user is not in allow list.");
}
END_TEST
START_TEST(test_group_case)
{
- int ret;
- bool access_granted = false;
+ struct tevent_req *req;
- test_ctx->ctx->allow_groups = discard_const(ulist_1);
+ test_ctx->ctx->allow_groups = discard_const(glist_1_case);
test_ctx->ctx->deny_groups = NULL;
- ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == false, "Access granted "
- "for group with different case "
- "in case-sensitive domain");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "U1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == false,
+ "Access granted for user with different case "
+ "in case-sensitive domain");
test_ctx->ctx->domain->case_sensitive = false;
- ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
- fail_unless(ret == EOK, "access_simple_check failed.");
- fail_unless(access_granted == true, "Access denied "
- "for group with different case "
- "in case-insensitive domain");
+ req = simple_access_check_send(test_ctx, test_ctx->ev,
+ test_ctx->ctx, "U1");
+ fail_unless(test_ctx != NULL, "Cannot create request\n");
+ tevent_req_set_callback(req, simple_access_check_done, test_ctx);
+
+ test_loop(test_ctx);
+ test_ctx->done = false;
+
+ fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
+ fail_unless(test_ctx->access_granted == true,
+ "Access denied for user with different case "
+ "in case-sensitive domain");
}
END_TEST
@@ -361,6 +521,7 @@ Suite *access_simple_suite (void)
tcase_add_test(tc_allow_deny, test_deny_empty);
tcase_add_test(tc_allow_deny, test_both_set);
tcase_add_test(tc_allow_deny, test_case);
+ tcase_add_test(tc_allow_deny, test_unknown_user);
suite_add_tcase(s, tc_allow_deny);
TCase *tc_grp_allow_deny = tcase_create("group allow/deny");