nss-idmap: add sss_nss_getlistbycert()

This patch adds a getlistbycert() call to libsss_nss_idmap to make it on par with InfoPipe. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2017-03-15 14:21:26 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2017-03-23 17:23:36 +0100
commit: 440797cba931aa491bf418035f55935943e22b4b (patch)
tree: 0ca0fb3263514a230896e1da17fcab7bb43b93d5 /src/tests
parent: c44728a02d5e2c9eaced11e74820a6ae6a985f61 (diff)
download: sssd-440797cba931aa491bf418035f55935943e22b4b.tar.gz
sssd-440797cba931aa491bf418035f55935943e22b4b.tar.xz
sssd-440797cba931aa491bf418035f55935943e22b4b.zip
1 files changed, 158 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 76b9c6fb0..50714715c 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -3454,6 +3454,16 @@ struct passwd testbycert = {
     .pw_passwd = discard_const("*"),
 };
 
+struct passwd testbycert2 = {
+    .pw_name = discard_const("testcertuser2"),
+    .pw_uid = 23457,
+    .pw_gid = 6890,
+    .pw_dir = discard_const("/home/testcertuser2"),
+    .pw_gecos = discard_const("test cert user2"),
+    .pw_shell = discard_const("/bin/sh"),
+    .pw_passwd = discard_const("*"),
+};
+
 #define TEST_TOKEN_CERT \
 "MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
 "REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA2MjMx" \
@@ -3495,6 +3505,57 @@ static int test_nss_getnamebycert_check(uint32_t status, uint8_t *body, size_t b
     return EOK;
 }
 
+static int test_nss_getlistbycert_check(uint32_t status, uint8_t *body, size_t blen)
+{
+    size_t rp = 0;
+    uint32_t id_type;
+    uint32_t num;
+    uint32_t reserved;
+    const char *name;
+    int found = 0;
+    const char *fq_name1 = "testcertuser@"TEST_DOM_NAME ;
+    const char *fq_name2 = "testcertuser2@"TEST_DOM_NAME;
+
+    assert_int_equal(status, EOK);
+
+    /* num_results and reserved */
+    SAFEALIGN_COPY_UINT32(&num, body + rp, &rp);
+    assert_in_range(num, 1, 2);
+    SAFEALIGN_COPY_UINT32(&reserved, body + rp, &rp);
+    assert_int_equal(reserved, 0);
+
+    SAFEALIGN_COPY_UINT32(&id_type, body + rp, &rp);
+    assert_int_equal(id_type, SSS_ID_TYPE_UID);
+
+    name = (const char *)body + rp;
+    if (num == 1) {
+        assert_string_equal(name, fq_name1);
+        return EOK;
+    }
+
+    rp += strlen(name) + 1;
+    if (strcmp(name, fq_name1) == 0) {
+        found = 1;
+    } else if (strcmp(name, fq_name2) == 0) {
+        found = 2;
+    }
+    assert_in_range(found, 1, 2);
+
+    SAFEALIGN_COPY_UINT32(&id_type, body + rp, &rp);
+    assert_int_equal(id_type, SSS_ID_TYPE_UID);
+
+    name = (const char *)body + rp;
+    if (found == 1) {
+        assert_string_equal(name, fq_name2);
+    } else {
+        assert_string_equal(name, fq_name1);
+    }
+
+
+    return EOK;
+}
+
+
 static void test_nss_getnamebycert(void **state)
 {
     errno_t ret;
@@ -3572,6 +3633,99 @@ void test_nss_getnamebycert_neg(void **state)
     assert_int_equal(nss_test_ctx->ncache_hits, 1);
 }
 
+static void test_nss_getlistbycert(void **state)
+{
+    errno_t ret;
+    struct sysdb_attrs *attrs;
+    unsigned char *der = NULL;
+    size_t der_size;
+
+    attrs = sysdb_new_attrs(nss_test_ctx);
+    assert_non_null(attrs);
+
+    der = sss_base64_decode(nss_test_ctx, TEST_TOKEN_CERT, &der_size);
+    assert_non_null(der);
+
+    ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_CERT, der, der_size);
+    talloc_free(der);
+    assert_int_equal(ret, EOK);
+
+    /* Prime the cache with a valid user */
+    ret = store_user(nss_test_ctx, nss_test_ctx->tctx->dom,
+                     &testbycert, attrs, 0);
+    assert_int_equal(ret, EOK);
+    talloc_free(attrs);
+
+    mock_input_cert(TEST_TOKEN_CERT);
+    will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETLISTBYCERT);
+    mock_fill_bysid();
+
+    /* Query for that user, call a callback when command finishes */
+    /* Should go straight to back end, without contacting DP. */
+    /* If there is only a single user mapped the result will look like the */
+    /* result of getnamebycert. */
+    set_cmd_cb(test_nss_getlistbycert_check);
+    ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETLISTBYCERT,
+                          nss_test_ctx->nss_cmds);
+    assert_int_equal(ret, EOK);
+
+    /* Wait until the test finishes with EOK */
+    ret = test_ev_loop(nss_test_ctx->tctx);
+    assert_int_equal(ret, EOK);
+}
+
+static void test_nss_getlistbycert_multi(void **state)
+{
+    errno_t ret;
+    struct sysdb_attrs *attrs;
+    unsigned char *der = NULL;
+    size_t der_size;
+
+    der = sss_base64_decode(nss_test_ctx, TEST_TOKEN_CERT, &der_size);
+    assert_non_null(der);
+
+    attrs = sysdb_new_attrs(nss_test_ctx);
+    assert_non_null(attrs);
+
+    ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_CERT, der, der_size);
+    assert_int_equal(ret, EOK);
+
+    /* Prime the cache with two valid user */
+    ret = store_user(nss_test_ctx, nss_test_ctx->tctx->dom,
+                     &testbycert, attrs, 0);
+    assert_int_equal(ret, EOK);
+    talloc_free(attrs);
+
+    /* Looks like attrs is modified during store_user() makes sure we start
+     * with fresh data. */
+    attrs = sysdb_new_attrs(nss_test_ctx);
+    assert_non_null(attrs);
+
+    ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_CERT, der, der_size);
+    talloc_free(der);
+    assert_int_equal(ret, EOK);
+
+    ret = store_user(nss_test_ctx, nss_test_ctx->tctx->dom,
+                     &testbycert2, attrs, 0);
+    assert_int_equal(ret, EOK);
+    talloc_free(attrs);
+
+    mock_input_cert(TEST_TOKEN_CERT);
+    will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETLISTBYCERT);
+    mock_fill_bysid();
+
+    /* Query for that user, call a callback when command finishes */
+    /* Should go straight to back end, without contacting DP */
+    set_cmd_cb(test_nss_getlistbycert_check);
+    ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETLISTBYCERT,
+                          nss_test_ctx->nss_cmds);
+    assert_int_equal(ret, EOK);
+
+    /* Wait until the test finishes with EOK */
+    ret = test_ev_loop(nss_test_ctx->tctx);
+    assert_int_equal(ret, EOK);
+}
+
 struct passwd sid_user = {
     .pw_name = discard_const("testusersid"),
     .pw_uid = 1234,
@@ -3818,6 +3972,10 @@ int main(int argc, const char *argv[])
                                         nss_test_setup, nss_test_teardown),
         cmocka_unit_test_setup_teardown(test_nss_getnamebycert,
                                         nss_test_setup, nss_test_teardown),
+        cmocka_unit_test_setup_teardown(test_nss_getlistbycert,
+                                        nss_test_setup, nss_test_teardown),
+        cmocka_unit_test_setup_teardown(test_nss_getlistbycert_multi,
+                                        nss_test_setup, nss_test_teardown),
         cmocka_unit_test_setup_teardown(test_nss_getsidbyname,
                                         nss_test_setup, nss_test_teardown),
         cmocka_unit_test_setup_teardown(test_nss_getsidbyupn,
author	Sumit Bose <sbose@redhat.com>	2017-03-15 14:21:26 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2017-03-23 17:23:36 +0100
commit	440797cba931aa491bf418035f55935943e22b4b (patch)
tree	0ca0fb3263514a230896e1da17fcab7bb43b93d5 /src/tests
parent	c44728a02d5e2c9eaced11e74820a6ae6a985f61 (diff)
download	sssd-440797cba931aa491bf418035f55935943e22b4b.tar.gz sssd-440797cba931aa491bf418035f55935943e22b4b.tar.xz sssd-440797cba931aa491bf418035f55935943e22b4b.zip