diff options
author | Sumit Bose <sbose@redhat.com> | 2017-08-23 17:11:03 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-08-28 21:50:42 +0200 |
commit | b4e45531b3e98efce868d8a01ebd2dbe54348217 (patch) | |
tree | 6ec86dc870c1a046547cc0831182615666c47b56 /src/tests | |
parent | 3f94a979eebd1c9496b49b4e07b7823550dec97e (diff) | |
download | sssd-b4e45531b3e98efce868d8a01ebd2dbe54348217.tar.gz sssd-b4e45531b3e98efce868d8a01ebd2dbe54348217.tar.xz sssd-b4e45531b3e98efce868d8a01ebd2dbe54348217.zip |
tests: add unit tests for krb5 localauth plugin
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/cmocka/test_sssd_krb5_localauth_plugin.c | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_sssd_krb5_localauth_plugin.c b/src/tests/cmocka/test_sssd_krb5_localauth_plugin.c new file mode 100644 index 000000000..36e9f8b29 --- /dev/null +++ b/src/tests/cmocka/test_sssd_krb5_localauth_plugin.c @@ -0,0 +1,197 @@ +/* + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2017 Red Hat + + Test for the MIT Kerberos localauth plugin + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <errno.h> +#include <stdarg.h> +#include <stddef.h> +#include <setjmp.h> +#include <cmocka.h> +#include <stdbool.h> +#include <nss.h> +#include <sys/types.h> +#include <pwd.h> + +#include <krb5/krb5.h> +#include <krb5/localauth_plugin.h> + +#include "tests/cmocka/common_mock.h" + +struct _nss_sss_getpwnam_r_test_data { + uid_t uid; + const char *name; + enum nss_status status; +}; + +enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct _nss_sss_getpwnam_r_test_data *test_data; + + assert_non_null(name); + assert_non_null(result); + assert_non_null(buffer); + assert_int_not_equal(buflen, 0); + assert_non_null(errnop); + + test_data = sss_mock_ptr_type(struct _nss_sss_getpwnam_r_test_data *); + + result->pw_uid = test_data->uid; + if (test_data->name != NULL) { + assert_true(buflen > strlen(test_data->name)); + strncpy(buffer, test_data->name, buflen); + result->pw_name = buffer; + } + + return test_data->status; +} + +krb5_error_code +localauth_sssd_initvt(krb5_context context, int maj_ver, int min_ver, + krb5_plugin_vtable vtable); + +void test_localauth_sssd_initvt(void **state) +{ + krb5_error_code kerr; + struct krb5_localauth_vtable_st vtable = { 0 }; + + kerr = localauth_sssd_initvt(NULL, 0, 0, (krb5_plugin_vtable) &vtable); + assert_int_equal(kerr, KRB5_PLUGIN_VER_NOTSUPP); + + kerr = localauth_sssd_initvt(NULL, 1, 1, (krb5_plugin_vtable) &vtable); + assert_int_equal(kerr, 0); + assert_string_equal(vtable.name, "sssd"); + assert_null(vtable.init); + assert_null(vtable.fini); + assert_non_null(vtable.an2ln); + assert_non_null(vtable.userok); + assert_non_null(vtable.free_string); +} + +void test_sss_userok(void **state) +{ + krb5_error_code kerr; + struct krb5_localauth_vtable_st vtable = { 0 }; + krb5_context krb5_ctx; + krb5_principal princ; + size_t c; + + struct test_data { + struct _nss_sss_getpwnam_r_test_data d1; + struct _nss_sss_getpwnam_r_test_data d2; + krb5_error_code kerr; + } test_data[] = { + {{ 1234, NULL, NSS_STATUS_SUCCESS}, { 1234, NULL, NSS_STATUS_SUCCESS}, + 0}, + /* second _nss_sss_getpwnam_r() is never called because the first one + * alread returned an error */ + {{ 1234, NULL, NSS_STATUS_NOTFOUND}, { 0, NULL, 0}, + KRB5_PLUGIN_NO_HANDLE}, + {{ 1234, NULL, NSS_STATUS_SUCCESS}, { 1234, NULL, NSS_STATUS_NOTFOUND}, + KRB5_PLUGIN_NO_HANDLE}, + {{ 1234, NULL, NSS_STATUS_SUCCESS}, { 4321, NULL, NSS_STATUS_SUCCESS}, + KRB5_PLUGIN_NO_HANDLE}, + /* second _nss_sss_getpwnam_r() is never called because the first one + * alread returned an error */ + {{ 1234, NULL, NSS_STATUS_UNAVAIL}, { 0, NULL, 0}, + KRB5_PLUGIN_NO_HANDLE}, + {{ 1234, NULL, NSS_STATUS_SUCCESS}, { 1234, NULL, NSS_STATUS_TRYAGAIN}, + KRB5_PLUGIN_NO_HANDLE}, + {{ 0, NULL, 0 }, {0 , NULL, 0}, 0} + }; + + kerr = krb5_init_context(&krb5_ctx); + assert_int_equal(kerr, 0); + + kerr = localauth_sssd_initvt(krb5_ctx, 1, 1, (krb5_plugin_vtable) &vtable); + assert_int_equal(kerr, 0); + + kerr = krb5_parse_name(krb5_ctx, "name@REALM", &princ); + assert_int_equal(kerr, 0); + + + for (c = 0; test_data[c].d1.uid != 0; c++) { + will_return(_nss_sss_getpwnam_r, &test_data[c].d1); + if (test_data[c].d2.uid != 0) { + will_return(_nss_sss_getpwnam_r, &test_data[c].d2); + } + kerr = vtable.userok(krb5_ctx, NULL, princ, "name"); + assert_int_equal(kerr, test_data[c].kerr); + } + + krb5_free_principal(krb5_ctx, princ); + krb5_free_context(krb5_ctx); +} + +void test_sss_an2ln(void **state) +{ + krb5_error_code kerr; + struct krb5_localauth_vtable_st vtable = { 0 }; + krb5_context krb5_ctx; + krb5_principal princ; + size_t c; + char *lname; + + struct test_data { + struct _nss_sss_getpwnam_r_test_data d; + krb5_error_code kerr; + } test_data[] = { + { { 0, "my_name", NSS_STATUS_SUCCESS}, 0}, + { { 0, "my_name", NSS_STATUS_NOTFOUND}, KRB5_LNAME_NOTRANS}, + { { 0, "my_name", NSS_STATUS_UNAVAIL}, EIO}, + { { 0, NULL, 0 } , 0} + }; + + kerr = krb5_init_context(&krb5_ctx); + assert_int_equal(kerr, 0); + + kerr = localauth_sssd_initvt(krb5_ctx, 1, 1, (krb5_plugin_vtable) &vtable); + assert_int_equal(kerr, 0); + + kerr = krb5_parse_name(krb5_ctx, "name@REALM", &princ); + assert_int_equal(kerr, 0); + + + for (c = 0; test_data[c].d.name != NULL; c++) { + will_return(_nss_sss_getpwnam_r, &test_data[c].d); + kerr = vtable.an2ln(krb5_ctx, NULL, NULL, NULL, princ, &lname); + assert_int_equal(kerr, test_data[c].kerr); + if (kerr == 0) { + assert_string_equal(lname, test_data[c].d.name); + vtable.free_string(krb5_ctx, NULL, lname); + } + } + + krb5_free_principal(krb5_ctx, princ); + krb5_free_context(krb5_ctx); +} + +int main(int argc, const char *argv[]) +{ + + const struct CMUnitTest tests[] = { + cmocka_unit_test(test_localauth_sssd_initvt), + cmocka_unit_test(test_sss_userok), + cmocka_unit_test(test_sss_an2ln), + }; + + return cmocka_run_group_tests(tests, NULL, NULL); +} |