5 files changed, 222 insertions, 0 deletions

diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
new file mode 100644
index 000000000..34aec92c1
--- /dev/null
+++ b/src/tests/cwrap/Makefile.am
@@ -0,0 +1,47 @@
+AM_CPPFLAGS = \
+    -Wall \
+    -I$(top_srcdir)/src \
+    -I. \
+    $(DBUS_CFLAGS) \
+    $(NULL)
+
+TESTS_ENVIRONMENT = \
+    CWRAP_TEST_SRCDIR=$(abs_srcdir) \
+    . $(srcdir)/cwrap_test_setup.sh; \
+    $(AUX_TESTS_ENVIRONMENT) \
+    $(NULL)
+
+dist_noinst_SCRIPTS = \
+    cwrap_test_setup.sh \
+    $(NULL)
+
+dist_noinst_DATA = \
+    group \
+    passwd \
+    $(NULL)
+
+check_PROGRAMS =
+if HAVE_CMOCKA
+if HAVE_NSS_WRAPPER
+if HAVE_UID_WRAPPER
+check_PROGRAMS += become_user-tests
+endif # HAVE_UID_WRAPPER
+endif # HAVE_NSS_WRAPPER
+endif # HAVE_CMOCKA
+
+TESTS = $(check_PROGRAMS)
+
+become_user_tests_SOURCES = \
+    test_become_user.c \
+    $(NULL)
+become_user_tests_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(NULL)
+become_user_tests_LDADD = \
+    $(POPT_LIBS) \
+    $(CMOCKA_LIBS) \
+    $(abs_top_builddir)/libsss_debug.la \
+    $(abs_top_builddir)/libsss_test_common.la \
+    $(NULL)
+
+tests: $(check_PROGRAMS)
diff --git a/src/tests/cwrap/cwrap_test_setup.sh b/src/tests/cwrap/cwrap_test_setup.sh
new file mode 100755
index 000000000..0d35cb7e5
--- /dev/null
+++ b/src/tests/cwrap/cwrap_test_setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+pkg-config --exists nss_wrapper || exit 1
+pkg-config --exists uid_wrapper || exit 1
+
+nss_wrapper=$(pkg-config --libs nss_wrapper)
+uid_wrapper=$(pkg-config --libs uid_wrapper)
+if [ -z $nss_wrapper -o -z $uid_wrapper ]; then
+    echo "Cannot locate cwrap libraries"
+    exit 2
+fi
+
+export LD_PRELOAD="$nss_wrapper $uid_wrapper"
+export NSS_WRAPPER_PASSWD=$CWRAP_TEST_SRCDIR/passwd
+export NSS_WRAPPER_GROUP=$CWRAP_TEST_SRCDIR/group
+export UID_WRAPPER=1
+export UID_WRAPPER_ROOT=1
diff --git a/src/tests/cwrap/group b/src/tests/cwrap/group
new file mode 100644
index 000000000..61e428c41
--- /dev/null
+++ b/src/tests/cwrap/group
@@ -0,0 +1 @@
+sssd:x:123:
diff --git a/src/tests/cwrap/passwd b/src/tests/cwrap/passwd
new file mode 100644
index 000000000..aa0a97db5
--- /dev/null
+++ b/src/tests/cwrap/passwd
@@ -0,0 +1 @@
+sssd:x:123:123:sssd unprivileged user:/:/sbin/nologin
diff --git a/src/tests/cwrap/test_become_user.c b/src/tests/cwrap/test_become_user.c
new file mode 100644
index 000000000..06d3ad425
--- /dev/null
+++ b/src/tests/cwrap/test_become_user.c
@@ -0,0 +1,156 @@
+/*
+    Authors:
+        Jakub Hrozek <jhrozek@redhat.com>
+
+    Copyright (C) 2014 Red Hat
+
+    SSSD tests: User switching
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Yes, a .c file. We need to call static functions during the test */
+#include "../../../src/util/become_user.c"
+
+#include <popt.h>
+#include "util/util.h"
+#include "tests/cmocka/common_mock.h"
+
+void test_become_user(void **state)
+{
+    struct passwd *sssd;
+    errno_t ret;
+    pid_t pid, wpid;
+    int status;
+
+    /* Must root as root, real or fake */
+    assert_int_equal(geteuid(), 0);
+
+    sssd = getpwnam("sssd");
+    assert_non_null(sssd);
+
+    pid = fork();
+    if (pid == 0) {
+        /* Change the UID in a child */
+        ret = become_user(sssd->pw_uid, sssd->pw_gid);
+        assert_int_equal(ret, EOK);
+
+        /* Make sure we have the requested UID and GID now and there
+         * are no supplementary groups
+         */
+        assert_int_equal(geteuid(), sssd->pw_uid);
+        assert_int_equal(getegid(), sssd->pw_gid);
+        assert_int_equal(getuid(), sssd->pw_uid);
+        assert_int_equal(getgid(), sssd->pw_gid);
+
+        /* Another become_user is a no-op */
+        ret = become_user(sssd->pw_uid, sssd->pw_gid);
+        assert_int_equal(ret, EOK);
+
+        assert_int_equal(getgroups(0, NULL), 0);
+        exit(0);
+    }
+
+    assert_int_not_equal(pid, -1);
+
+    wpid = waitpid(pid, &status, 0);
+    assert_int_equal(wpid, pid);
+    assert_true(WIFEXITED(status));
+    assert_int_equal(WEXITSTATUS(status), 0);
+}
+
+void test_switch_user(void **state)
+{
+    errno_t ret;
+    struct passwd *sssd;
+    TALLOC_CTX *tmp_ctx;
+    struct sss_creds *saved_creds;
+
+    check_leaks_push(global_talloc_context);
+    tmp_ctx = talloc_new(global_talloc_context);
+    assert_non_null(tmp_ctx);
+
+    /* Must root as root, real or fake */
+    assert_int_equal(geteuid(), 0);
+
+    sssd = getpwnam("sssd");
+    assert_non_null(sssd);
+
+    check_leaks_push(tmp_ctx);
+
+    ret = switch_creds(tmp_ctx, sssd->pw_uid, sssd->pw_gid,
+                       0, NULL, &saved_creds);
+    assert_int_equal(ret, EOK);
+    assert_int_equal(geteuid(), sssd->pw_uid);
+    assert_int_equal(getegid(), sssd->pw_gid);
+    /* Only effective UID is changed.. */
+    assert_int_equal(getuid(), 0);
+    assert_int_equal(getgid(), 0);
+
+    assert_non_null(saved_creds);
+    assert_int_equal(saved_creds->uid, 0);
+    assert_int_equal(saved_creds->gid, 0);
+
+    /* restore root */
+    ret = restore_creds(saved_creds);
+    assert_int_equal(ret, EOK);
+    assert_int_equal(geteuid(), 0);
+    assert_int_equal(getegid(), 0);
+    assert_int_equal(getuid(), 0);
+    assert_int_equal(getgid(), 0);
+
+    talloc_free(saved_creds);
+    check_leaks_pop(tmp_ctx);
+    talloc_free(tmp_ctx);
+    check_leaks_pop(global_talloc_context);
+}
+
+int main(int argc, const char *argv[])
+{
+    poptContext pc;
+    int opt;
+    struct poptOption long_options[] = {
+        POPT_AUTOHELP
+        SSSD_DEBUG_OPTS
+        POPT_TABLEEND
+    };
+
+    const UnitTest tests[] = {
+        unit_test(test_become_user),
+        unit_test(test_switch_user),
+    };
+
+    /* Set debug level to invalid value so we can deside if -d 0 was used. */
+    debug_level = SSSDBG_INVALID;
+
+    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+    while((opt = poptGetNextOpt(pc)) != -1) {
+        switch(opt) {
+        default:
+            fprintf(stderr, "\nInvalid option %s: %s\n\n",
+                    poptBadOption(pc, 0), poptStrerror(opt));
+            poptPrintUsage(pc, stderr, 0);
+            return 1;
+        }
+    }
+    poptFreeContext(pc);
+
+    DEBUG_CLI_INIT(debug_level);
+
+    /* Even though normally the tests should clean up after themselves
+     * they might not after a failed run. Remove the old db to be sure */
+    tests_set_cwd();
+
+    return run_tests(tests);
+}