diff options
author | Sumit Bose <sbose@redhat.com> | 2013-02-19 12:16:37 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-08 10:46:00 +0100 |
commit | efd4d80827a24794245327ce8b74b47e735f5b16 (patch) | |
tree | 556d6eb1e2c7d0b2b473c7f6b86f7e66681db654 /daemons/ipa-kdb | |
parent | 4e3468211e37f71ca9d434512b68a4caddb2b314 (diff) | |
download | freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.tar.gz freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.tar.xz freeipa-efd4d80827a24794245327ce8b74b47e735f5b16.zip |
Add unit test for get_authz_data_types()
https://fedorahosted.org/freeipa/ticket/2960
Diffstat (limited to 'daemons/ipa-kdb')
-rw-r--r-- | daemons/ipa-kdb/Makefile.am | 29 | ||||
-rw-r--r-- | daemons/ipa-kdb/tests/ipa_kdb_tests.c | 217 |
2 files changed, 246 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am index 5f4e6e2a6..23ba1cc05 100644 --- a/daemons/ipa-kdb/Makefile.am +++ b/daemons/ipa-kdb/Makefile.am @@ -52,6 +52,35 @@ ipadb_la_LIBADD = \ $(NDRPAC_LIBS) \ $(NULL) +if HAVE_CHECK +TESTS = ipa_kdb_tests +check_PROGRAMS = ipa_kdb_tests +endif + +ipa_kdb_tests_SOURCES = \ + tests/ipa_kdb_tests.c \ + ipa_kdb.c \ + ipa_kdb_common.c \ + ipa_kdb_mkey.c \ + ipa_kdb_passwords.c \ + ipa_kdb_principals.c \ + ipa_kdb_pwdpolicy.c \ + ipa_kdb_mspac.c \ + ipa_kdb_delegation.c \ + ipa_kdb_audit_as.c \ + $(KRB5_UTIL_SRCS) \ + $(NULL) +ipa_kdb_tests_CFLAGS = $(CHECK_CFLAGS) +ipa_kdb_tests_LDADD = \ + $(CHECK_LIBS) \ + $(KRB5_LIBS) \ + $(LDAP_LIBS) \ + $(NDRPAC_LIBS) \ + -lnss3 \ + -lkdb5 \ + -lsss_idmap \ + $(NULL) + dist_noinst_DATA = ipa_kdb.exports EXTRA_DIST = \ diff --git a/daemons/ipa-kdb/tests/ipa_kdb_tests.c b/daemons/ipa-kdb/tests/ipa_kdb_tests.c new file mode 100644 index 000000000..fbee4acdb --- /dev/null +++ b/daemons/ipa-kdb/tests/ipa_kdb_tests.c @@ -0,0 +1,217 @@ +/** BEGIN COPYRIGHT BLOCK + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * Additional permission under GPLv3 section 7: + * + * In the following paragraph, "GPL" means the GNU General Public + * License, version 3 or any later version, and "Non-GPL Code" means + * code that is governed neither by the GPL nor a license + * compatible with the GPL. + * + * You may link the code of this Program with Non-GPL Code and convey + * linked combinations including the two, provided that such Non-GPL + * Code only links to the code of this Program through those well + * defined interfaces identified in the file named EXCEPTION found in + * the source code files (the "Approved Interfaces"). The files of + * Non-GPL Code may instantiate templates or use macros or inline + * functions from the Approved Interfaces without causing the resulting + * work to be covered by the GPL. Only the copyright holders of this + * Program may make changes or additions to the list of Approved + * Interfaces. + * + * Authors: + * Sumit Bose <sbose@redhat.com> + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK **/ + +#include <check.h> +#include <stdlib.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdbool.h> +#include <krb5/krb5.h> +#include <kdb.h> + +#include "ipa-kdb/ipa_kdb.h" + +#define NFS_PRINC_STRING "nfs/fully.qualified.host.name@REALM.NAME" +#define NON_NFS_PRINC_STRING "abcdef/fully.qualified.host.name@REALM.NAME" + +int krb5_klog_syslog(int l, const char *format, ...) +{ + va_list ap; + char *s = NULL; + int ret; + + va_start(ap, format); + + ret = vasprintf(&s, format, ap); + va_end(ap); + if (ret < 0) { + /* ENOMEM */ + return -1; + } + + fprintf(stderr, "%s\n", s); + free(s); + + return 0; +} + +extern void get_authz_data_types(krb5_context context, krb5_db_entry *entry, + bool *with_pac, bool *with_pad); + +START_TEST(test_get_authz_data_types) +{ + bool with_pac; + bool with_pad; + krb5_db_entry *entry; + struct ipadb_e_data *ied; + size_t c; + char *ad_none_only[] = {"NONE", NULL}; + char *ad_pad_only[] = {"PAD", NULL}; + char *ad_pac_only[] = {"MS-PAC", NULL}; + char *ad_illegal_only[] = {"abc", NULL}; + char *ad_pac_and_pad[] = {"MS-PAC", "PAD", NULL}; + char *ad_pac_and_none[] = {"MS-PAC", "NONE", NULL}; + char *ad_none_and_pad[] = {"NONE", "PAD", NULL}; + char *ad_global_pac_nfs_none[] = {"MS-PAC", "nfs:NONE", NULL}; + char *ad_global_pac_nfs_pad[] = {"MS-PAC", "nfs:PAD", NULL}; + krb5_context krb5_ctx; + krb5_error_code kerr; + struct ipadb_context *ipa_ctx; + krb5_principal nfs_princ; + krb5_principal non_nfs_princ; + + get_authz_data_types(NULL, NULL, NULL, NULL); + + with_pad = true; + get_authz_data_types(NULL, NULL, NULL, &with_pad); + fail_unless(!with_pad, "with_pad not false with NULL inuput."); + + with_pac = true; + get_authz_data_types(NULL, NULL, &with_pac, NULL); + fail_unless(!with_pac, "with_pac not false with NULL inuput."); + + with_pad = true; + with_pac = true; + get_authz_data_types(NULL, NULL, &with_pac, &with_pad); + fail_unless(!with_pad, "with_pad not false with NULL inuput."); + fail_unless(!with_pac, "with_pac not false with NULL inuput."); + + entry = calloc(1, sizeof(krb5_db_entry)); + fail_unless(entry != NULL, "calloc krb5_db_entry failed."); + + ied = calloc(1, sizeof(struct ipadb_e_data)); + fail_unless(ied != NULL, "calloc struct ipadb_e_data failed."); + entry->e_data = (void *) ied; + + kerr = krb5_init_context(&krb5_ctx); + fail_unless(kerr == 0, "krb5_init_context failed."); + kerr = krb5_db_setup_lib_handle(krb5_ctx); + fail_unless(kerr == 0, "krb5_db_setup_lib_handle failed.\n"); + ipa_ctx = calloc(1, sizeof(struct ipadb_context)); + fail_unless(ipa_ctx != NULL, "calloc failed.\n"); + ipa_ctx->kcontext = krb5_ctx; + kerr = krb5_db_set_context(krb5_ctx, ipa_ctx); + fail_unless(kerr == 0, "krb5_db_set_context failed.\n"); + + kerr = krb5_parse_name(krb5_ctx, NFS_PRINC_STRING, &nfs_princ); + fail_unless(kerr == 0, "krb5_parse_name failed."); + + kerr = krb5_parse_name(krb5_ctx, NON_NFS_PRINC_STRING, &non_nfs_princ); + fail_unless(kerr == 0, "krb5_parse_name failed."); + + struct test_set { + char **authz_data; + char **global_authz_data; + krb5_principal princ; + bool exp_with_pac; + bool exp_with_pad; + const char *err_msg; + } test_set[] = { + {ad_none_only, NULL, NULL, false, false, "with only NONE in entry"}, + {ad_pac_only, NULL, NULL, true, false, "with only MS-PAC in entry"}, + {ad_pad_only, NULL, NULL, false, true, "with only PAD in entry"}, + {ad_illegal_only, NULL, NULL, false, false, "with only an invalid value in entry"}, + {ad_pac_and_pad, NULL, NULL, true, true, "with MS-PAC and PAD in entry"}, + {ad_pac_and_none, NULL, NULL, false, false, "with MS-PAC and NONE in entry"}, + {ad_none_and_pad, NULL, NULL, false, false, "with NONE and PAD in entry"}, + {NULL, ad_none_only, NULL, false, false, "with only NONE in global config"}, + {NULL, ad_pac_only, NULL, true, false, "with only MS-PAC in global config"}, + {NULL, ad_pad_only, NULL, false, true, "with only PAD in global config"}, + {NULL, ad_illegal_only, NULL, false, false, "with only an invalid value in global config"}, + {NULL, ad_pac_and_pad, NULL, true, true, "with MS-PAC and PAD in global config"}, + {NULL, ad_pac_and_none, NULL, false, false, "with MS-PAC and NONE in global config"}, + {NULL, ad_none_and_pad, NULL, false, false, "with NONE and PAD in global entry"}, + {NULL, ad_global_pac_nfs_none, NULL, true, false, "with NULL principal and PAC and nfs:NONE in global entry"}, + {NULL, ad_global_pac_nfs_none, nfs_princ, false, false, "with nfs principal and PAC and nfs:NONE in global entry"}, + {NULL, ad_global_pac_nfs_none, non_nfs_princ, true, false, "with non-nfs principal and PAC and nfs:NONE in global entry"}, + {NULL, ad_global_pac_nfs_pad, NULL, true, false, "with NULL principal and PAC and nfs:PAD in global entry"}, + {NULL, ad_global_pac_nfs_pad, nfs_princ, false, true, "with nfs principal and PAC and nfs:PAD in global entry"}, + {NULL, ad_global_pac_nfs_pad, non_nfs_princ, true, false, "with non-nfs principal and PAC and nfs:PAD in global entry"}, + {ad_none_only, ad_pac_only, NULL, false, false, "with NONE overriding PAC in global entry"}, + {ad_pad_only, ad_pac_only, NULL, false, true, "with PAC overriding PAC in global entry"}, + {ad_illegal_only, ad_pac_only, NULL, false, false, "with invalid value overriding PAC in global entry"}, + {ad_pac_and_pad, ad_pac_only, NULL, true, true, "with PAC and PAD overriding PAC in global entry"}, + {ad_none_and_pad, ad_pac_only, NULL, false, false, "with NONE and PAD overriding PAC in global entry"}, + {NULL, NULL, NULL, false, false, NULL} + }; + + for (c = 0; test_set[c].authz_data != NULL || + test_set[c].global_authz_data != NULL; c++) { + ied->authz_data = test_set[c].authz_data; + ipa_ctx->authz_data = test_set[c].global_authz_data; + entry->princ = test_set[c].princ; + get_authz_data_types(krb5_ctx, entry, &with_pac, &with_pad); + fail_unless(with_pad == test_set[c].exp_with_pad, "with_pad not %s %s.", + test_set[c].exp_with_pad ? "true" : "false", + test_set[c].err_msg); + fail_unless(with_pac == test_set[c].exp_with_pac, "with_pac not %s %s.", + test_set[c].exp_with_pac ? "true" : "false", + test_set[c].err_msg); + } + + krb5_free_principal(krb5_ctx, nfs_princ); + krb5_free_principal(krb5_ctx, non_nfs_princ); + krb5_db_fini(krb5_ctx); + krb5_free_context(krb5_ctx); +} +END_TEST + +Suite * ipa_kdb_suite(void) +{ + Suite *s = suite_create("IPA kdb"); + + TCase *tc_helper = tcase_create("Helper functions"); + tcase_add_test(tc_helper, test_get_authz_data_types); + suite_add_tcase(s, tc_helper); + + return s; +} + +int main(void) +{ + int number_failed; + + Suite *s = ipa_kdb_suite (); + SRunner *sr = srunner_create (s); + srunner_run_all (sr, CK_VERBOSE); + number_failed = srunner_ntests_failed (sr); + srunner_free (sr); + + return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; +} |