summaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2016-06-15 11:42:10 +0200
committerJakub Hrozek <jhrozek@redhat.com>2016-07-07 10:25:26 +0200
commit583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66 (patch)
treeb6ddb3a6c9ab65f0f7b63de1b20ce897b6dd8c14 /src/tests
parenteef359b508b898ae99d2bf292a43f0f295a2ba5e (diff)
downloadsssd-583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66.tar.gz
sssd-583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66.tar.xz
sssd-583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66.zip
TESTS: Convert the simple access provider to cmocka
Using a cmocka-based test allows us to initialize the domain using the common helper functions which in turn allows us to set different properties with confdb, same as sssd itself does. Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/cmocka/test_simple_access.c692
-rw-r--r--src/tests/simple_access-tests.c686
2 files changed, 692 insertions, 686 deletions
diff --git a/src/tests/cmocka/test_simple_access.c b/src/tests/cmocka/test_simple_access.c
new file mode 100644
index 000000000..1f093cf7f
--- /dev/null
+++ b/src/tests/cmocka/test_simple_access.c
@@ -0,0 +1,692 @@
+/*
+ Copyright (C) 2015 Red Hat
+
+ SSSD tests: Simple access provider tests
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <talloc.h>
+#include <tevent.h>
+#include <errno.h>
+#include <popt.h>
+
+#include "tests/cmocka/common_mock.h"
+#include "tests/cmocka/common_mock_be.h"
+#include "tests/cmocka/common_mock_resp.h"
+#include "db/sysdb_private.h" /* new_subdomain() */
+#include "providers/simple/simple_access.h"
+
+#define TESTS_PATH "tp_" BASE_FILE_STEM
+#define TEST_CONF_DB "test_simple_conf.ldb"
+#define TEST_DOM_NAME "simple_test"
+#define TEST_SUBDOM_NAME "test.subdomain"
+#define TEST_ID_PROVIDER "ldap"
+
+int simple_access_obtain_filter_lists(struct simple_ctx *ctx);
+
+struct simple_test_ctx {
+ struct sss_test_ctx *tctx;
+ struct be_ctx *be_ctx;
+ struct sss_domain_info *subdom;
+
+ bool access_granted;
+ struct simple_ctx *ctx;
+};
+
+static int test_simple_setup(struct sss_test_conf_param params[], void **state)
+{
+ struct simple_test_ctx *simple_test_ctx;
+ int ret;
+
+ simple_test_ctx = talloc_zero(NULL, struct simple_test_ctx);
+ if (simple_test_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ simple_test_ctx->tctx = create_dom_test_ctx(simple_test_ctx, TESTS_PATH,
+ TEST_CONF_DB, TEST_DOM_NAME,
+ TEST_ID_PROVIDER, params);
+ assert_non_null(simple_test_ctx->tctx);
+ if (simple_test_ctx->tctx == NULL) {
+ return ENOMEM;
+ }
+
+ ret = sss_names_init(simple_test_ctx, simple_test_ctx->tctx->confdb,
+ TEST_DOM_NAME, &simple_test_ctx->tctx->dom->names);
+ if (ret != EOK) {
+ return ENOMEM;
+ }
+
+ simple_test_ctx->be_ctx = mock_be_ctx(simple_test_ctx,
+ simple_test_ctx->tctx);
+ if (simple_test_ctx->be_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ *state = simple_test_ctx;
+ return 0;
+}
+
+static int set_simple_lists(struct simple_test_ctx *test_ctx,
+ struct sss_domain_info *dom,
+ struct sss_test_conf_param params[])
+{
+ errno_t ret;
+ const char *val[2] = { NULL, NULL };
+ char *cdb_path;
+
+ cdb_path = talloc_asprintf(test_ctx, CONFDB_DOMAIN_PATH_TMPL, dom->name);
+ if (cdb_path == NULL) {
+ return ENOMEM;
+ }
+
+ ret = EOK;
+
+ if (params != NULL) {
+ for (int i = 0; params[i].key != NULL; i++) {
+ val[0] = params[i].value;
+ ret = confdb_add_param(test_ctx->tctx->confdb,
+ true, cdb_path, params[i].key, val);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add parameter %s [%d]: "
+ "%s\n", params[i].key, ret, sss_strerror(ret));
+ break;
+ }
+ }
+ }
+
+ talloc_free(cdb_path);
+ return ret;
+}
+
+static int setup_with_params(struct simple_test_ctx *test_ctx,
+ struct sss_domain_info *dom,
+ struct sss_test_conf_param params[])
+{
+ errno_t ret;
+
+ ret = set_simple_lists(test_ctx, dom, params);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ test_ctx->ctx = talloc(test_ctx, struct simple_ctx);
+ if (test_ctx->ctx == NULL) {
+ return ENOMEM;
+ }
+
+ test_ctx->ctx->be_ctx = test_ctx->be_ctx;
+ test_ctx->ctx->domain = test_ctx->tctx->dom;
+
+ ret = simple_access_obtain_filter_lists(test_ctx->ctx);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ return EOK;
+}
+
+static int simple_test_setup(void **state)
+{
+ test_dom_suite_setup(TESTS_PATH);
+ return test_simple_setup(NULL, state);
+}
+
+static int simple_test_teardown(void **state)
+{
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+
+ /* make sure there are no leftovers from previous tests */
+ test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
+ talloc_free(simple_test_ctx);
+ return 0;
+}
+
+static void simple_access_check_done(struct tevent_req *req)
+{
+ struct simple_test_ctx *simple_test_ctx =
+ tevent_req_callback_data(req, struct simple_test_ctx);
+
+ simple_test_ctx->tctx->error = simple_access_check_recv(req,
+ &simple_test_ctx->access_granted);
+ talloc_free(req);
+ simple_test_ctx->tctx->done = true;
+}
+
+static void run_simple_access_check(struct simple_test_ctx *simple_test_ctx,
+ const char *username,
+ int expected_rv,
+ bool allow_access)
+{
+ int ret;
+ struct tevent_req *req;
+
+ simple_test_ctx->tctx->done = false;
+ req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
+ simple_test_ctx->ctx, username);
+ assert_non_null(req);
+ tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
+
+ ret = test_ev_loop(simple_test_ctx->tctx);
+ assert_int_equal(ret, expected_rv);
+
+ /* otherwise the output is undefined */
+ if (expected_rv == EOK) {
+ assert_true(simple_test_ctx->access_granted == allow_access);
+ }
+}
+
+static void test_both_empty(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, NULL);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+}
+
+static void test_allow_empty(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_deny_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, true);
+}
+
+static void test_deny_empty(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+static void test_both_set(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { "simple_deny_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+static void test_deny_wrong_case(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "U1@simple_test", EOK, false);
+}
+
+static void test_allow_case_insensitive(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ simple_test_ctx->tctx->dom->case_sensitive = false;
+ run_simple_access_check(simple_test_ctx, "U1@simple_test", EOK, true);
+}
+
+static void test_unknown_user(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "u1, u2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "foo@simple_test", EOK, false);
+}
+
+static void test_space(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_users", "space user, another user@simple_test" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "space user@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "another user@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "not allowed@simple_test", EOK, false);
+}
+
+static int simple_group_test_setup(void **state)
+{
+ int ret;
+ char *u1;
+ char *u2;
+ char *u3;
+ char *g1;
+ char *g2;
+ char *sp;
+ char *sp2;
+ char *pvt;
+ struct simple_test_ctx *test_ctx;
+
+ ret = simple_test_setup((void **) &test_ctx);
+ if (ret != EOK) {
+ return 1;
+ }
+
+ u1 = sss_create_internal_fqname(test_ctx, "u1",
+ test_ctx->be_ctx->domain->name);
+ u2 = sss_create_internal_fqname(test_ctx, "u2",
+ test_ctx->be_ctx->domain->name);
+ u3 = sss_create_internal_fqname(test_ctx, "u3",
+ test_ctx->be_ctx->domain->name);
+ g1 = sss_create_internal_fqname(test_ctx, "g1",
+ test_ctx->be_ctx->domain->name);
+ g2 = sss_create_internal_fqname(test_ctx, "g2",
+ test_ctx->be_ctx->domain->name);
+ sp = sss_create_internal_fqname(test_ctx, "space group",
+ test_ctx->be_ctx->domain->name);
+ sp2 = sss_create_internal_fqname(test_ctx, "another space",
+ test_ctx->be_ctx->domain->name);
+ pvt = sss_create_internal_fqname(test_ctx, "pvt",
+ test_ctx->be_ctx->domain->name);
+ if (u1 == NULL || u2 == NULL || u3 == NULL
+ || g1 == NULL || g2 == NULL || pvt == NULL
+ || sp == NULL || sp2 == NULL) {
+ return 1;
+ }
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, pvt, 999, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_store_user(test_ctx->be_ctx->domain,
+ u1, NULL, 123, 999, "u1", "/home/u1",
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_store_user(test_ctx->be_ctx->domain,
+ u2, NULL, 456, 999, "u1", "/home/u1",
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_store_user(test_ctx->be_ctx->domain,
+ u3, NULL, 789, 999, "u1", "/home/u1",
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, g1, 321, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, g2, 654, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, sp, 1234, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group(test_ctx->be_ctx->domain, sp2, 5678, NULL, 0, 0);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ g1, u1, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ sp, u1, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ g2, u2, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ ret = sysdb_add_group_member(test_ctx->be_ctx->domain,
+ sp2, u2, SYSDB_MEMBER_USER, false);
+ if (ret != EOK) return 1;
+
+ *state = test_ctx;
+ return 0;
+}
+
+static int simple_group_test_teardown(void **state)
+{
+ int ret;
+ char *u1;
+ char *u2;
+ char *u3;
+ char *g1;
+ char *g2;
+ char *sp;
+ char *sp2;
+ char *pvt;
+ struct simple_test_ctx *test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+
+ u1 = sss_create_internal_fqname(test_ctx, "u1",
+ test_ctx->be_ctx->domain->name);
+ u2 = sss_create_internal_fqname(test_ctx, "u2",
+ test_ctx->be_ctx->domain->name);
+ u3 = sss_create_internal_fqname(test_ctx, "u3",
+ test_ctx->be_ctx->domain->name);
+ g1 = sss_create_internal_fqname(test_ctx, "g1",
+ test_ctx->be_ctx->domain->name);
+ g2 = sss_create_internal_fqname(test_ctx, "g2",
+ test_ctx->be_ctx->domain->name);
+ sp = sss_create_internal_fqname(test_ctx, "space group",
+ test_ctx->be_ctx->domain->name);
+ sp2 = sss_create_internal_fqname(test_ctx, "another space",
+ test_ctx->be_ctx->domain->name);
+ pvt = sss_create_internal_fqname(test_ctx, "pvt",
+ test_ctx->be_ctx->domain->name);
+ if (u1 == NULL || u2 == NULL || u3 == NULL
+ || g1 == NULL || g2 == NULL || pvt == NULL
+ || sp == NULL || sp2 == NULL) {
+ return 1;
+ }
+
+ ret = sysdb_delete_user(test_ctx->be_ctx->domain, u1, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_user(test_ctx->be_ctx->domain, u2, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_user(test_ctx->be_ctx->domain, u3, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, g1, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, g2, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, sp, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, sp2, 0);
+ if (ret != EOK) return 1;
+ ret = sysdb_delete_group(test_ctx->be_ctx->domain, pvt, 0);
+ if (ret != EOK) return 1;
+
+ /* make sure there are no leftovers from previous tests */
+ test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
+ talloc_free(test_ctx);
+ return 0;
+}
+
+static void test_group_allow_empty(void **state)
+{
+ errno_t ret;
+ struct tevent_req *req;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_deny_groups", "g1, g2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
+ simple_test_ctx->ctx, "u1@simple_test");
+ assert_non_null(req);
+ tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
+
+ ret = test_ev_loop(simple_test_ctx->tctx);
+ assert_int_equal(ret, EOK);
+ assert_false(simple_test_ctx->access_granted);
+
+ simple_test_ctx->tctx->done = false;
+ req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
+ simple_test_ctx->ctx, "u3@simple_test");
+ assert_non_null(req);
+ tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
+
+ ret = test_ev_loop(simple_test_ctx->tctx);
+ assert_int_equal(ret, EOK);
+ assert_true(simple_test_ctx->access_granted);
+}
+
+static void test_group_deny_empty(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "g1, g2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+static void test_group_both_set(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "g1, g2" },
+ { "simple_deny_groups", "g1, g2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+static void test_group_deny_wrong_case(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "G1, G2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
+}
+
+static void test_group_allow_case_insensitive(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "G1, G2" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx,
+ simple_test_ctx->tctx->dom,
+ params);
+ assert_int_equal(ret, EOK);
+
+ /* Case-sensitive domain, wrong case */
+ simple_test_ctx->tctx->done = false;
+ simple_test_ctx->tctx->dom->case_sensitive = false;
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+}
+
+static void test_group_space(void **state)
+{
+ errno_t ret;
+ struct simple_test_ctx *simple_test_ctx = \
+ talloc_get_type(*state, struct simple_test_ctx);
+ struct sss_test_conf_param params[] = {
+ { "simple_allow_groups", "space group, another space@simple_test" },
+ { NULL, NULL },
+ };
+
+ ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
+ assert_int_equal(ret, EOK);
+
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, true);
+ run_simple_access_check(simple_test_ctx, "u3@simple_test", EOK, false);
+}
+
+int main(int argc, const char *argv[])
+{
+ int rv;
+ int no_cleanup = 0;
+ poptContext pc;
+ int opt;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ SSSD_DEBUG_OPTS
+ {"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0,
+ _("Do not delete the test database after a test run"), NULL },
+ POPT_TABLEEND
+ };
+
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(test_both_empty,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_allow_empty,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_deny_empty,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_both_set,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_deny_wrong_case,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_allow_case_insensitive,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_unknown_user,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_space,
+ simple_test_setup,
+ simple_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_allow_empty,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_deny_empty,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_both_set,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_deny_wrong_case,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_allow_case_insensitive,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ cmocka_unit_test_setup_teardown(test_group_space,
+ simple_group_test_setup,
+ simple_group_test_teardown),
+ };
+
+ /* Set debug level to invalid value so we can decide if -d 0 was used. */
+ debug_level = SSSDBG_INVALID;
+
+ pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch(opt) {
+ default:
+ fprintf(stderr, "\nInvalid option %s: %s\n\n",
+ poptBadOption(pc, 0), poptStrerror(opt));
+ poptPrintUsage(pc, stderr, 0);
+ return 1;
+ }
+ }
+ poptFreeContext(pc);
+
+ DEBUG_CLI_INIT(debug_level);
+
+ /* Even though normally the tests should clean up after themselves
+ * they might not after a failed run. Remove the old db to be sure */
+ tests_set_cwd();
+ test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
+ test_dom_suite_setup(TESTS_PATH);
+
+ rv = cmocka_run_group_tests(tests, NULL, NULL);
+ if (rv == 0 && !no_cleanup) {
+ test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
+ }
+ return rv;
+}
diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c
deleted file mode 100644
index 3481a21c5..000000000
--- a/src/tests/simple_access-tests.c
+++ /dev/null
@@ -1,686 +0,0 @@
-/*
- SSSD
-
- Simple access module -- Tests
-
- Authors:
- Sumit Bose <sbose@redhat.com>
-
- Copyright (C) 2010 Red Hat
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <stdlib.h>
-#include <popt.h>
-#include <check.h>
-
-#include "confdb/confdb.h"
-#include "providers/simple/simple_access.h"
-#include "tests/common.h"
-
-#define TESTS_PATH "tp_" BASE_FILE_STEM
-#define TEST_CONF_FILE "tests_conf.ldb"
-
-const char *ulist_1[] = {"u1", "u2", NULL};
-const char *glist_1[] = {"g1", "g2", NULL};
-const char *glist_1_case[] = {"G1", "G2", NULL};
-
-int simple_access_obtain_filter_lists(struct simple_ctx *ctx);
-
-struct simple_test_ctx *test_ctx = NULL;
-
-struct simple_test_ctx {
- struct sysdb_ctx *sysdb;
- struct confdb_ctx *confdb;
- struct tevent_context *ev;
- struct be_ctx *be_ctx;
- bool done;
- int error;
-
- bool access_granted;
- struct simple_ctx *ctx;
-};
-
-static int test_loop(struct simple_test_ctx *tctx)
-{
- while (!tctx->done)
- tevent_loop_once(tctx->ev);
-
- return tctx->error;
-}
-
-static void simple_access_check_done(struct tevent_req *req)
-{
- struct simple_test_ctx *tctx =
- tevent_req_callback_data(req, struct simple_test_ctx);
-
-
- tctx->error = simple_access_check_recv(req, &tctx->access_granted);
- talloc_free(req);
- tctx->done = true;
-}
-
-void setup_simple(void)
-{
- errno_t ret;
- char *conf_db;
- const char *val[2];
- val[1] = NULL;
-
- fail_unless(test_ctx == NULL, "Simple context already initialized.");
- test_ctx = talloc_zero(NULL, struct simple_test_ctx);
- fail_unless(test_ctx != NULL, "Cannot create simple test context.");
-
- test_ctx->ev = tevent_context_init(test_ctx);
- fail_unless(test_ctx->ev != NULL, "Cannot create tevent context.");
-
- test_ctx->ctx = talloc_zero(test_ctx, struct simple_ctx);
- fail_unless(test_ctx->ctx != NULL, "Cannot create simple context.");
-
- /* Create tests directory if it doesn't exist */
- /* (relative to current dir) */
- ret = mkdir(TESTS_PATH, 0775);
- fail_if(ret == -1 && errno != EEXIST,
- "Could not create %s directory", TESTS_PATH);
-
- conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE);
- fail_if(conf_db == NULL, "Out of memory, aborting!");
- DEBUG(SSSDBG_TRACE_LIBS, "CONFDB: %s\n", conf_db);
-
- /* Connect to the conf db */
- ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db);
- fail_if(ret != EOK, "Could not initialize connection to the confdb");
-
- val[0] = "LOCAL";
- ret = confdb_add_param(test_ctx->confdb, true,
- "config/sssd", "domains", val);
- fail_if(ret != EOK, "Could not initialize domains placeholder");
-
- val[0] = "local";
- ret = confdb_add_param(test_ctx->confdb, true,
- "config/domain/LOCAL", "id_provider", val);
- fail_if(ret != EOK, "Could not initialize provider");
-
- val[0] = "TRUE";
- ret = confdb_add_param(test_ctx->confdb, true,
- "config/domain/LOCAL", "enumerate", val);
- fail_if(ret != EOK, "Could not initialize LOCAL domain");
-
- val[0] = "TRUE";
- ret = confdb_add_param(test_ctx->confdb, true,
- "config/domain/LOCAL", "cache_credentials", val);
- fail_if(ret != EOK, "Could not initialize LOCAL domain");
-
- ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local",
- TESTS_PATH, &test_ctx->ctx->domain);
- fail_if(ret != EOK, "Could not initialize connection to the sysdb (%d)", ret);
- test_ctx->sysdb = test_ctx->ctx->domain->sysdb;
- test_ctx->ctx->domain->case_sensitive = true;
- test_ctx->ctx->domain->mpg = false; /* Simulate an LDAP domain better */
-
- /* be_ctx */
- test_ctx->be_ctx = talloc_zero(test_ctx, struct be_ctx);
- fail_if(test_ctx->be_ctx == NULL, "Unable to setup be_ctx");
-
- test_ctx->be_ctx->cdb = test_ctx->confdb;
- test_ctx->be_ctx->ev = test_ctx->ev;
- test_ctx->be_ctx->conf_path = "config/domain/LOCAL";
- test_ctx->be_ctx->domain = test_ctx->ctx->domain;
-
- test_ctx->ctx->be_ctx = test_ctx->be_ctx;
-
- ret = sss_names_init(test_ctx->ctx->domain, test_ctx->confdb,
- "LOCAL", &test_ctx->be_ctx->domain->names);
- fail_if(ret != EOK, "Unable to setup domain names (%d)", ret);
-}
-
-void teardown_simple(void)
-{
- int ret;
- fail_unless(test_ctx != NULL, "Simple context already freed.");
- ret = talloc_free(test_ctx);
- test_ctx = NULL;
- fail_unless(ret == 0, "Cannot free simple context.");
-}
-
-void setup_simple_group(void)
-{
- errno_t ret;
-
- setup_simple();
-
- /* Add test users u1 and u2 that would be members of test groups
- * g1 and g2 respectively */
- ret = sysdb_add_group(test_ctx->ctx->domain, "pvt", 999, NULL, 0, 0);
- fail_if(ret != EOK, "Could not add private group %s", strerror(ret));
-
- ret = sysdb_store_user(test_ctx->ctx->domain,
- "u1", NULL, 123, 999, "u1", "/home/u1",
- "/bin/bash", NULL, NULL, NULL, -1, 0);
- fail_if(ret != EOK, "Could not add u1");
-
- ret = sysdb_store_user(test_ctx->ctx->domain,
- "u2", NULL, 456, 999, "u1", "/home/u1",
- "/bin/bash", NULL, NULL, NULL, -1, 0);
- fail_if(ret != EOK, "Could not add u2");
-
- ret = sysdb_store_user(test_ctx->ctx->domain,
- "u3", NULL, 789, 999, "u1", "/home/u1",
- "/bin/bash", NULL, NULL, NULL, -1, 0);
- fail_if(ret != EOK, "Could not add u3");
-
- ret = sysdb_add_group(test_ctx->ctx->domain, "g1", 321, NULL, 0, 0);
- fail_if(ret != EOK, "Could not add g1");
-
- ret = sysdb_add_group(test_ctx->ctx->domain, "g2", 654, NULL, 0, 0);
- fail_if(ret != EOK, "Could not add g2");
-
- ret = sysdb_add_group_member(test_ctx->ctx->domain,
- "g1", "u1", SYSDB_MEMBER_USER, false);
- fail_if(ret != EOK, "Could not add u1 to g1");
-
- ret = sysdb_add_group_member(test_ctx->ctx->domain,
- "g2", "u2", SYSDB_MEMBER_USER, false);
- fail_if(ret != EOK, "Could not add u2 to g2");
-}
-
-void teardown_simple_group(void)
-{
- errno_t ret;
-
- ret = sysdb_delete_user(test_ctx->ctx->domain, "u1", 0);
- fail_if(ret != EOK, "Could not delete u1");
- ret = sysdb_delete_user(test_ctx->ctx->domain, "u2", 0);
- fail_if(ret != EOK, "Could not delete u2");
- ret = sysdb_delete_user(test_ctx->ctx->domain, "u3", 0);
- fail_if(ret != EOK, "Could not delete u3");
- ret = sysdb_delete_group(test_ctx->ctx->domain, "g1", 0);
- fail_if(ret != EOK, "Could not delete g1");
- ret = sysdb_delete_group(test_ctx->ctx->domain, "g2", 0);
- fail_if(ret != EOK, "Could not delete g2");
- ret = sysdb_delete_group(test_ctx->ctx->domain, "pvt", 0);
- fail_if(ret != EOK, "Could not delete pvt");
-
- teardown_simple();
-}
-
-void setup_simple_init(void)
-{
- setup_simple();
-}
-
-void teardown_simple_init(void)
-{
- teardown_simple();
-}
-
-START_TEST(test_both_empty)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_users = NULL;
- test_ctx->ctx->deny_users = NULL;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == true,
- "Access denied while both lists are empty.");
-}
-END_TEST
-
-START_TEST(test_allow_empty)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_users = NULL;
- test_ctx->ctx->deny_users = discard_const(ulist_1);
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while user is in deny list.");
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u3");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == true,
- "Access denied while user is not in deny list.");
-}
-END_TEST
-
-START_TEST(test_deny_empty)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_users = discard_const(ulist_1);
- test_ctx->ctx->deny_users = NULL;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == true,
- "Access denied while user is in allow list.");
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u3");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while user is not in allow list.");
-}
-END_TEST
-
-START_TEST(test_both_set)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_users = discard_const(ulist_1);
- test_ctx->ctx->deny_users = discard_const(ulist_1);
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while user is in deny list.");
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u3");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while user is not in allow list.");
-}
-END_TEST
-
-START_TEST(test_case)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_users = discard_const(ulist_1);
- test_ctx->ctx->deny_users = NULL;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "U1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted for user with different case "
- "in case-sensitive domain");
-
- test_ctx->ctx->domain->case_sensitive = false;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "U1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == true,
- "Access denied for user with different case "
- "in case-sensitive domain");
-}
-END_TEST
-
-START_TEST(test_unknown_user)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_users = discard_const(ulist_1);
- test_ctx->ctx->deny_users = NULL;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "foo");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted for user not present in domain");
-}
-END_TEST
-
-
-START_TEST(test_group_allow_empty)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_groups = NULL;
- test_ctx->ctx->deny_groups = discard_const(glist_1);
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while group is in deny list.");
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u3");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == true,
- "Access denied while group is not in deny list.");
-}
-END_TEST
-
-START_TEST(test_group_deny_empty)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_groups = discard_const(glist_1);
- test_ctx->ctx->deny_groups = NULL;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == true,
- "Access denied while user is in allow list.");
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u3");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while user is not in allow list.");
-}
-END_TEST
-
-START_TEST(test_group_both_set)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_groups = discard_const(ulist_1);
- test_ctx->ctx->deny_groups = discard_const(ulist_1);
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while user is in deny list.");
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u3");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted while user is not in allow list.");
-}
-END_TEST
-
-START_TEST(test_group_case)
-{
- struct tevent_req *req;
-
- test_ctx->ctx->allow_groups = discard_const(glist_1_case);
- test_ctx->ctx->deny_groups = NULL;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == false,
- "Access granted for user with different case "
- "in case-sensitive domain");
-
- test_ctx->ctx->domain->case_sensitive = false;
-
- req = simple_access_check_send(test_ctx, test_ctx->ev,
- test_ctx->ctx, "u1");
- fail_unless(test_ctx != NULL, "Cannot create request\n");
- tevent_req_set_callback(req, simple_access_check_done, test_ctx);
-
- test_loop(test_ctx);
- test_ctx->done = false;
-
- fail_unless(test_ctx->error == EOK, "access_simple_check failed.");
- fail_unless(test_ctx->access_granted == true,
- "Access denied for user with different case "
- "in case-sensitive domain");
-}
-END_TEST
-
-static void check_access_list(char **list, const char **values)
-{
- int i;
-
- fail_if(values == NULL, "List is empty, but it shouldn't be");
-
- for (i = 0; list[i] != NULL; i++) {
- fail_if(values[i] == NULL, "List contains too many entries");
- fail_if(strcmp(list[i], values[i]) != 0, "%s != %s", list[i], values[i]);
- }
-
- fail_if(values[i] != NULL, "List contains fewer entries than expected");
-}
-
-START_TEST(test_provider_init)
-{
- struct simple_ctx *ctx = NULL;
- errno_t ret;
-
- const char *val[2] = {"user-1, user-2@LOCAL, user with space, "
- "another space@LOCAL", NULL};
-
- const char *du_val[2] = {"duser-1, duser-2@LOCAL, duser with space, "
- "deny another space@LOCAL", NULL};
-
- const char *correct[] = {"user-1", "user-2", "user with space",
- "another space", NULL};
-
- const char *du_correct[] = {"duser-1", "duser-2", "duser with space",
- "deny another space", NULL};
-
- /* allow users */
- ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
- "simple_allow_users", val);
- fail_if(ret != EOK, "Could not setup allow users list");
-
- /* deny users */
- ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
- "simple_deny_users", du_val);
- fail_if(ret != EOK, "Could not setup deny users list");
-
- /* allow groups */
- ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
- "simple_allow_groups", val);
- fail_if(ret != EOK, "Could not setup allow groups list");
-
- /* deny groups */
- ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL",
- "simple_deny_groups", val);
- fail_if(ret != EOK, "Could not setup deny groups list");
-
- ctx = talloc(test_ctx, struct simple_ctx);
- fail_if(ctx == NULL, "Could not allocate simple_ctx");
-
- ctx->be_ctx = test_ctx->be_ctx;
- ctx->domain = test_ctx->ctx->domain;
-
- ret = simple_access_obtain_filter_lists(ctx);
- fail_if(ret != EOK, "simple_access_obtain_filter_lists failed");
-
- DEBUG(SSSDBG_TRACE_FUNC, "Checking allow users list\n");
- check_access_list(ctx->allow_users, correct);
-
- DEBUG(SSSDBG_TRACE_FUNC, "Checking deny users list\n");
- check_access_list(ctx->deny_users, du_correct);
-
- DEBUG(SSSDBG_TRACE_FUNC, "Checking allow groups list\n");
- check_access_list(ctx->allow_groups, correct);
-
- DEBUG(SSSDBG_TRACE_FUNC, "Checking deny groups list\n");
- check_access_list(ctx->deny_groups, correct);
-}
-END_TEST
-
-Suite *access_simple_suite (void)
-{
- Suite *s = suite_create("access_simple");
-
- TCase *tc_allow_deny = tcase_create("user allow/deny");
- tcase_add_checked_fixture(tc_allow_deny, setup_simple, teardown_simple);
- tcase_add_test(tc_allow_deny, test_both_empty);
- tcase_add_test(tc_allow_deny, test_allow_empty);
- tcase_add_test(tc_allow_deny, test_deny_empty);
- tcase_add_test(tc_allow_deny, test_both_set);
- tcase_add_test(tc_allow_deny, test_case);
- tcase_add_test(tc_allow_deny, test_unknown_user);
- suite_add_tcase(s, tc_allow_deny);
-
- TCase *tc_grp_allow_deny = tcase_create("group allow/deny");
- tcase_add_checked_fixture(tc_grp_allow_deny,
- setup_simple_group, teardown_simple_group);
- tcase_add_test(tc_grp_allow_deny, test_group_allow_empty);
- tcase_add_test(tc_grp_allow_deny, test_group_deny_empty);
- tcase_add_test(tc_grp_allow_deny, test_group_both_set);
- tcase_add_test(tc_grp_allow_deny, test_group_case);
- suite_add_tcase(s, tc_grp_allow_deny);
-
- TCase *tc_init = tcase_create("provider init");
- tcase_add_checked_fixture(tc_init, setup_simple_init, teardown_simple_init);
- tcase_add_test(tc_init, test_provider_init);
- suite_add_tcase(s, tc_init);
-
- return s;
-}
-
-int main(int argc, const char *argv[])
-{
- int opt;
- poptContext pc;
- int number_failed;
-
- struct poptOption long_options[] = {
- POPT_AUTOHELP
- SSSD_MAIN_OPTS
- POPT_TABLEEND
- };
-
- /* Set debug level to invalid value so we can deside if -d 0 was used. */
- debug_level = SSSDBG_INVALID;
-
- pc = poptGetContext(argv[0], argc, argv, long_options, 0);
- while((opt = poptGetNextOpt(pc)) != -1) {
- switch(opt) {
- default:
- fprintf(stderr, "\nInvalid option %s: %s\n\n",
- poptBadOption(pc, 0), poptStrerror(opt));
- poptPrintUsage(pc, stderr, 0);
- return 1;
- }
- }
- poptFreeContext(pc);
-
- DEBUG_CLI_INIT(debug_level);
-
- tests_set_cwd();
- test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE);
-
- Suite *s = access_simple_suite();
- SRunner *sr = srunner_create(s);
- srunner_run_all(sr, CK_ENV);
- number_failed = srunner_ntests_failed(sr);
- srunner_free(sr);
-
- if (number_failed == 0) {
- test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE);
- }
-
- return (number_failed==0 ? EXIT_SUCCESS : EXIT_FAILURE);
-}
-
generated by cgit (git 2.34.1) at 2024-05-14 00:39:22 +0000