From 266f5d8c836c7e625a17566a1eb53c51076f0400 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 5 Oct 2009 09:10:32 +0200
Subject: more documentation and test for sssd.conf

- add a hint to the man page about permissions on sssd.conf
- add a test if a symbolic link can be opened
---
 server/man/sssd.conf.5.xml          |  5 +++++
 server/tests/check_and_open-tests.c | 29 +++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

(limited to 'server')

diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 62d0c2b42..59f249dec 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -47,6 +47,11 @@
             <replaceable>description</replaceable> parameter. Its function
             is only as a label for the section.
         </para>
+
+        <para>
+            <filename>sssd.conf</filename> must be a regular file, owned by
+            root and only root may read from or write to the file.
+        </para>
     </refsect1>
 
     <refsect1 id='special-sections'>
diff --git a/server/tests/check_and_open-tests.c b/server/tests/check_and_open-tests.c
index 2045085eb..ce5ebe19d 100644
--- a/server/tests/check_and_open-tests.c
+++ b/server/tests/check_and_open-tests.c
@@ -30,6 +30,8 @@
 
 #include "util/util.h"
 
+#define SUFFIX ".symlink"
+
 char filename[] = "check_and_open-tests-XXXXXX";
 uid_t uid;
 gid_t gid;
@@ -75,6 +77,32 @@ START_TEST(test_wrong_filename)
 }
 END_TEST
 
+START_TEST(test_symlink)
+{
+    int ret;
+    char *newpath;
+    size_t newpath_length;
+
+    newpath_length = strlen(filename) + strlen(SUFFIX) + 1;
+    newpath = malloc((newpath_length) * sizeof(char));
+    fail_unless(newpath != NULL, "malloc failed");
+
+    ret = snprintf(newpath, newpath_length, "%s%s", filename, SUFFIX);
+    fail_unless(ret == newpath_length - 1,
+                "snprintf failed: expected [%d] got [%d]", newpath_length -1,
+                                                           ret);
+
+    ret = symlink(filename, newpath);
+    fail_unless(ret == 0, "symlink failed [%d][%s]", ret, strerror(ret));
+
+    ret = check_and_open_readonly(newpath, &fd, uid, gid, mode);
+    unlink(newpath);
+    fail_unless(ret == EINVAL,
+                "check_and_open_readonly succeeded on symlink");
+    fail_unless(fd == -1, "check_and_open_readonly file descriptor not -1");
+}
+END_TEST
+
 START_TEST(test_not_regular_file)
 {
     int ret;
@@ -161,6 +189,7 @@ Suite *check_and_open_suite (void)
                                teardown_check_and_open);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_filename);
     tcase_add_test (tc_check_and_open_readonly, test_not_regular_file);
+    tcase_add_test (tc_check_and_open_readonly, test_symlink);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_uid);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_gid);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_permission);
-- 
cgit