/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: AD access control filter tests This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include "providers/ad/ad_pac.h" #include "util/crypto/sss_crypto.h" #ifdef HAVE_NSS #include "util/crypto/nss/nss_util.h" #endif #include "util/util_sss_idmap.h" /* In order to access opaque types */ #include "providers/ad/ad_common.c" #include "tests/cmocka/common_mock.h" #include "tests/cmocka/common_mock_krb5.h" #define DOMNAME "domname" #define SUBDOMNAME "sub."DOMNAME #define REALMNAME DOMNAME #define HOST_NAME "ad."REALMNAME #define TESTS_PATH "tp_" BASE_FILE_STEM #define TEST_AUTHID "host/"HOST_NAME #define KEYTAB_TEST_PRINC TEST_AUTHID"@"REALMNAME #define KEYTAB_PATH TESTS_PATH"/keytab_test.keytab" #define ONEWAY_DOMNAME "ONEWAY" #define ONEWAY_HOST_NAME "ad."ONEWAY_DOMNAME #define ONEWAY_KEYTAB_PATH TESTS_PATH"/oneway_test.keytab" #define ONEWAY_AUTHID "host/"ONEWAY_HOST_NAME #define ONEWAY_TEST_PRINC ONEWAY_AUTHID"@"ONEWAY_DOMNAME #define TESTS_PATH "tp_" BASE_FILE_STEM #define TEST_CONF_DB "test_ad_sysdb.ldb" #define TEST_ID_PROVIDER "ad" #define TEST_DOM1_NAME "test_sysdb_subdomains_1" #define TEST_DOM2_NAME "child2.test_sysdb_subdomains_2" #define TEST_USER "test_user" static bool call_real_sasl_options; const char *domains[] = { TEST_DOM1_NAME, TEST_DOM2_NAME, NULL }; struct ad_sysdb_test_ctx { struct sss_test_ctx *tctx; }; static int test_ad_sysdb_setup(void **state) { struct ad_sysdb_test_ctx *test_ctx; struct sss_test_conf_param params[] = { { NULL, NULL }, /* Sentinel */ }; assert_true(leak_check_setup()); test_ctx = talloc_zero(global_talloc_context, struct ad_sysdb_test_ctx); assert_non_null(test_ctx); test_dom_suite_setup(TESTS_PATH); test_ctx->tctx = create_multidom_test_ctx(test_ctx, TESTS_PATH, TEST_CONF_DB, domains, TEST_ID_PROVIDER, params); assert_non_null(test_ctx->tctx); *state = test_ctx; return 0; } static int test_ad_sysdb_teardown(void **state) { struct ad_sysdb_test_ctx *test_ctx = talloc_get_type(*state, struct ad_sysdb_test_ctx); test_multidom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, domains); talloc_free(test_ctx); assert_true(leak_check_teardown()); return 0; } static void test_check_if_pac_is_available(void **state) { int ret; struct ad_sysdb_test_ctx *test_ctx = talloc_get_type(*state, struct ad_sysdb_test_ctx); struct be_acct_req *ar; struct ldb_message *msg = NULL; struct sysdb_attrs *attrs; ret = check_if_pac_is_available(NULL, NULL, NULL, NULL); assert_int_equal(ret, EINVAL); ar = talloc_zero(test_ctx, struct be_acct_req); assert_non_null(ar); ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg); assert_int_equal(ret, EINVAL); ar->filter_type = BE_FILTER_NAME; ar->filter_value = discard_const(TEST_USER); ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg); assert_int_equal(ret, ENOENT); ret = sysdb_add_user(test_ctx->tctx->dom, TEST_USER, 123, 456, NULL, NULL, NULL, NULL, NULL, 0, 0); assert_int_equal(ret, EOK); ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg); assert_int_equal(ret, ENOENT); attrs = sysdb_new_attrs(test_ctx); assert_non_null(attrs); ret = sysdb_attrs_add_string(attrs, SYSDB_PAC_BLOB, "pac"); assert_int_equal(ret, EOK); ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs, SYSDB_MOD_REP); /* PAC available but too old */ ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg); assert_int_equal(ret, ENOENT); talloc_free(attrs); attrs = sysdb_new_attrs(test_ctx); assert_non_null(attrs); ret = sysdb_attrs_add_time_t(attrs, SYSDB_PAC_BLOB_EXPIRE, 123); assert_int_equal(ret, EOK); ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs, SYSDB_MOD_REP); /* PAC available but still too old */ ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg); assert_int_equal(ret, ENOENT); talloc_free(attrs); attrs = sysdb_new_attrs(test_ctx); assert_non_null(attrs); ret = sysdb_attrs_add_time_t(attrs, SYSDB_PAC_BLOB_EXPIRE, time(NULL) + 10); assert_int_equal(ret, EOK); ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs, SYSDB_MOD_REP); /* PAC available but still too old */ ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); assert_string_equal(ldb_msg_find_attr_as_string(msg, SYSDB_NAME, "x"), TEST_USER); talloc_free(attrs); talloc_free(ar); } #define TEST_PAC_BASE64 \ "BQAAAAAAAAABAAAA6AEAAFgAAAAAAAAACgAAABAAAABAAgAAAA" \ "AAAAwAAAA4AAAAUAIAAAAAAAAGAAAAFAAAAIgCAAAAAAAABwAA" \ "ABQAAACgAgAAAAAAAAEQCADMzMzM2AEAAAAAAAAAAAIA2hr35p" \ "Ji0QH/////////f/////////9/4veKrwAP0AHit/TZyQ/QAf//" \ "//////9/BgAGAAQAAgAGAAYACAACAAAAAAAMAAIAAAAAABAAAg" \ "AAAAAAFAACAAAAAAAYAAIATwAAAFAEAAABAgAABQAAABwAAgAg" \ "AAAAAAAAAAAAAAAAAAAAAAAAABIAFAAgAAIABAAGACQAAgAoAA" \ "IAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAEAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAdA" \ "B1ADEAAAADAAAAAAAAAAMAAAB0ACAAdQAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "UAAAD9ogAABwAAAAECAAAHAAAAXAQAAAcAAABWBAAABwAAAImm" \ "AAAHAAAACgAAAAAAAAAJAAAAQQBEAC0AUwBFAFIAVgBFAFIAAA" \ "ADAAAAAAAAAAIAAABBAEQABAAAAAEEAAAAAAAFFQAAAPgSE9xH" \ "8xx2Ry8u1wEAAAAwAAIABwAAAAUAAAABBQAAAAAABRUAAAApyU" \ "/ZwjzDeDZVh/hUBAAAgD5SqNxk0QEGAHQAdQAxABgAEAAQACgA" \ "AAAAAAAAAAB0AHUAMQBAAGEAZAAuAGQAZQB2AGUAbABBAEQALg" \ "BEAEUAVgBFAEwAdv///4yBQZ5ZQnp3qwj2lKGcd0UAAAAAdv//" \ "/39fn4UneD5l6YxP8w/U0coAAAAA" static void test_ad_get_data_from_pac(void **state) { int ret; struct PAC_LOGON_INFO *logon_info; uint8_t *test_pac_blob; size_t test_pac_blob_size; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); test_pac_blob = sss_base64_decode(test_ctx, TEST_PAC_BASE64, &test_pac_blob_size); assert_non_null(test_pac_blob_size); ret = ad_get_data_from_pac(test_ctx, test_pac_blob, test_pac_blob_size, &logon_info); assert_int_equal(ret, EOK); assert_non_null(logon_info); assert_string_equal(logon_info->info3.base.account_name.string, "tu1"); assert_string_equal(logon_info->info3.base.full_name.string, "t u"); assert_int_equal(logon_info->info3.base.rid, 1104); assert_int_equal(logon_info->info3.base.primary_gid, 513); assert_int_equal(logon_info->info3.base.groups.count, 5); assert_string_equal(logon_info->info3.base.logon_domain.string, "AD"); assert_int_equal(logon_info->info3.sidcount, 1); talloc_free(test_pac_blob); talloc_free(logon_info); } static void test_ad_get_sids_from_pac(void **state) { int ret; struct PAC_LOGON_INFO *logon_info; uint8_t *test_pac_blob; size_t test_pac_blob_size; char *user_sid; char *primary_group_sid; size_t num_sids; char **sid_list; struct sss_idmap_ctx *idmap_ctx; enum idmap_error_code err; size_t c; size_t s; const char *sid_check_list[] = { "S-1-5-21-3692237560-1981608775-3610128199-513", "S-1-5-21-3692237560-1981608775-3610128199-1110", "S-1-5-21-3692237560-1981608775-3610128199-1116", "S-1-5-21-3692237560-1981608775-3610128199-41725", "S-1-5-21-3692237560-1981608775-3610128199-42633", "S-1-5-21-3645884713-2026060994-4169618742-1108", NULL }; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); err = sss_idmap_init(sss_idmap_talloc, test_ctx, sss_idmap_talloc_free, &idmap_ctx); assert_int_equal(err, IDMAP_SUCCESS); test_pac_blob = sss_base64_decode(test_ctx, TEST_PAC_BASE64, &test_pac_blob_size); assert_non_null(test_pac_blob_size); ret = ad_get_data_from_pac(test_ctx, test_pac_blob, test_pac_blob_size, &logon_info); assert_int_equal(ret, EOK); ret = ad_get_sids_from_pac(test_ctx, idmap_ctx, logon_info, &user_sid, &primary_group_sid, &num_sids, &sid_list); assert_int_equal(ret, EOK); assert_string_equal(user_sid, "S-1-5-21-3692237560-1981608775-3610128199-1104"); assert_string_equal(primary_group_sid, "S-1-5-21-3692237560-1981608775-3610128199-513"); assert_int_equal(num_sids, 6); for (c = 0; sid_check_list[c] != NULL; c++) { for (s = 0; s < num_sids; s++) { if (strcmp(sid_check_list[c], sid_list[s]) == 0) { break; } } if (s == num_sids) { fail_msg("SID [%s] not found in SID list.", sid_check_list[c]); } } talloc_free(test_pac_blob); talloc_free(logon_info); talloc_free(user_sid); talloc_free(primary_group_sid); talloc_free(sid_list); sss_idmap_free(idmap_ctx); } static void test_ad_get_pac_data_from_user_entry(void **state) { int ret; struct ldb_message *user_msg; struct ldb_val val; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); struct sss_idmap_ctx *idmap_ctx; enum idmap_error_code err; char *username; char *user_sid; char *primary_group_sid; size_t num_sids; char **sid_list; size_t c; size_t s; const char *sid_check_list[] = { "S-1-5-21-3692237560-1981608775-3610128199-513", "S-1-5-21-3692237560-1981608775-3610128199-1110", "S-1-5-21-3692237560-1981608775-3610128199-1116", "S-1-5-21-3692237560-1981608775-3610128199-41725", "S-1-5-21-3692237560-1981608775-3610128199-42633", "S-1-5-21-3645884713-2026060994-4169618742-1108", NULL }; err = sss_idmap_init(sss_idmap_talloc, test_ctx, sss_idmap_talloc_free, &idmap_ctx); assert_int_equal(err, IDMAP_SUCCESS); user_msg = ldb_msg_new(test_ctx); assert_non_null(user_msg); ret = ldb_msg_add_string(user_msg, SYSDB_NAME, "username"); assert_int_equal(ret, EOK); ret = ldb_msg_add_string(user_msg, SYSDB_OBJECTCLASS, "user"); assert_int_equal(ret, EOK); ret = ldb_msg_add_string(user_msg, SYSDB_PAC_BLOB_EXPIRE, "12345"); assert_int_equal(ret, EOK); val.data = sss_base64_decode(test_ctx, TEST_PAC_BASE64, &val.length); ret = ldb_msg_add_value(user_msg, SYSDB_PAC_BLOB, &val, NULL); assert_int_equal(ret, EOK); ret = ad_get_pac_data_from_user_entry(test_ctx, user_msg, idmap_ctx, &username, &user_sid, &primary_group_sid, &num_sids, &sid_list); assert_int_equal(ret, EOK); assert_string_equal(username, "username"); assert_string_equal(user_sid, "S-1-5-21-3692237560-1981608775-3610128199-1104"); assert_string_equal(primary_group_sid, "S-1-5-21-3692237560-1981608775-3610128199-513"); assert_int_equal(num_sids, 6); for (c = 0; sid_check_list[c] != NULL; c++) { for (s = 0; s < num_sids; s++) { if (strcmp(sid_check_list[c], sid_list[s]) == 0) { break; } } if (s == num_sids) { fail_msg("SID [%s] not found in SID list.", sid_check_list[c]); } } talloc_free(username); talloc_free(user_sid); talloc_free(primary_group_sid); talloc_free(sid_list); talloc_free(val.data); talloc_free(user_msg); sss_idmap_free(idmap_ctx); } krb5_error_code __wrap_krb5_kt_default(krb5_context context, krb5_keytab *id) { return krb5_kt_resolve(context, KEYTAB_PATH, id); } struct ad_common_test_ctx { struct ad_id_ctx *ad_ctx; struct ad_id_ctx *subdom_ad_ctx; struct sss_domain_info *dom; struct sss_domain_info *subdom; }; static void test_ad_create_default_options(void **state) { struct ad_options *ad_options; const char *s; ad_options = ad_create_default_options(global_talloc_context); assert_non_null(ad_options->basic); /* Not too much to test here except some defaults */ s = dp_opt_get_string(ad_options->basic, AD_DOMAIN); assert_null(s); assert_non_null(ad_options->id); talloc_free(ad_options); } static int test_ad_common_setup(void **state) { struct ad_common_test_ctx *test_ctx; test_dom_suite_setup(TESTS_PATH); assert_true(leak_check_setup()); test_ctx = talloc_zero(global_talloc_context, struct ad_common_test_ctx); assert_non_null(test_ctx); test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info); assert_non_null(test_ctx->dom); test_ctx->dom->name = discard_const(DOMNAME); test_ctx->subdom = talloc_zero(test_ctx, struct sss_domain_info); assert_non_null(test_ctx->subdom); test_ctx->subdom->name = discard_const(SUBDOMNAME); test_ctx->subdom->parent = test_ctx->dom; test_ctx->ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx); assert_non_null(test_ctx->ad_ctx); check_leaks_push(test_ctx); *state = test_ctx; return 0; } static int test_ad_common_teardown(void **state) { int ret; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); assert_true(check_leaks_pop(test_ctx) == true); talloc_free(test_ctx); assert_true(leak_check_teardown()); ret = rmdir(TESTS_PATH); assert_return_code(ret, errno); return 0; } static void test_ad_create_1way_trust_options(void **state) { struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); const char *s; call_real_sasl_options = true; /* Make sure this is not the keytab that __wrap_krb5_kt_default uses */ mock_keytab_with_contents(test_ctx, ONEWAY_KEYTAB_PATH, ONEWAY_TEST_PRINC); test_ctx->ad_ctx->ad_options = ad_create_1way_trust_options( test_ctx->ad_ctx, ONEWAY_DOMNAME, ONEWAY_HOST_NAME, ONEWAY_KEYTAB_PATH, ONEWAY_AUTHID); assert_non_null(test_ctx->ad_ctx->ad_options); assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type, SDAP_SCHEMA_AD); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, AD_KRB5_REALM); assert_non_null(s); assert_string_equal(s, ONEWAY_DOMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, AD_DOMAIN); assert_non_null(s); assert_string_equal(s, ONEWAY_DOMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, AD_HOSTNAME); assert_non_null(s); assert_string_equal(s, ONEWAY_HOST_NAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, AD_KEYTAB); assert_non_null(s); assert_string_equal(s, ONEWAY_KEYTAB_PATH); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_KRB5_KEYTAB); assert_non_null(s); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_SASL_REALM); assert_non_null(s); assert_string_equal(s, ONEWAY_DOMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_KRB5_REALM); assert_non_null(s); assert_string_equal(s, ONEWAY_DOMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_SASL_AUTHID); assert_non_null(s); assert_string_equal(s, ONEWAY_AUTHID); talloc_free(test_ctx->ad_ctx->ad_options); unlink(ONEWAY_KEYTAB_PATH); } static void test_ad_create_2way_trust_options(void **state) { struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); const char *s; call_real_sasl_options = true; mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC); test_ctx->ad_ctx->ad_options = ad_create_2way_trust_options( test_ctx->ad_ctx, REALMNAME, DOMNAME, HOST_NAME, NULL); assert_non_null(test_ctx->ad_ctx->ad_options); assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type, SDAP_SCHEMA_AD); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, AD_KRB5_REALM); assert_non_null(s); assert_string_equal(s, REALMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, AD_DOMAIN); assert_non_null(s); assert_string_equal(s, DOMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic, AD_HOSTNAME); assert_non_null(s); assert_string_equal(s, HOST_NAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_KRB5_KEYTAB); assert_null(s); /* This is the system keytab */ s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_SASL_REALM); assert_non_null(s); assert_string_equal(s, REALMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_KRB5_REALM); assert_non_null(s); assert_string_equal(s, REALMNAME); s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic, SDAP_SASL_AUTHID); assert_non_null(s); assert_string_equal(s, TEST_AUTHID); talloc_free(test_ctx->ad_ctx->ad_options); unlink(KEYTAB_PATH); } static int test_ldap_conn_setup(void **state) { struct ad_common_test_ctx *test_ctx; errno_t ret; struct sdap_domain *sdom; struct ad_id_ctx *ad_ctx; struct ad_id_ctx *subdom_ad_ctx; struct sdap_id_conn_ctx *subdom_ldap_ctx; ret = test_ad_common_setup((void **) &test_ctx); assert_int_equal(ret, EOK); mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC); ad_ctx = test_ctx->ad_ctx; ad_ctx->ad_options = ad_create_2way_trust_options(ad_ctx, REALMNAME, DOMNAME, HOST_NAME, NULL); assert_non_null(ad_ctx->ad_options); ad_ctx->gc_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx); assert_non_null(ad_ctx->gc_ctx); ad_ctx->ldap_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx); assert_non_null(ad_ctx->ldap_ctx); ad_ctx->sdap_id_ctx = talloc_zero(ad_ctx, struct sdap_id_ctx); assert_non_null(ad_ctx->sdap_id_ctx); ad_ctx->sdap_id_ctx->opts = talloc_zero(ad_ctx->sdap_id_ctx, struct sdap_options); assert_non_null(ad_ctx->sdap_id_ctx->opts); ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->dom, &sdom); assert_int_equal(ret, EOK); sdom->pvt = ad_ctx; subdom_ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx); assert_non_null(subdom_ad_ctx); subdom_ldap_ctx = talloc_zero(subdom_ad_ctx, struct sdap_id_conn_ctx); assert_non_null(subdom_ldap_ctx); subdom_ad_ctx->ldap_ctx = subdom_ldap_ctx; ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->subdom, &sdom); assert_int_equal(ret, EOK); sdom->pvt = subdom_ad_ctx; test_ctx->subdom_ad_ctx = subdom_ad_ctx; *state = test_ctx; return 0; } static int test_ldap_conn_teardown(void **state) { struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); unlink(KEYTAB_PATH); talloc_free(test_ctx->subdom_ad_ctx); talloc_free(test_ctx->ad_ctx->ad_options); talloc_free(test_ctx->ad_ctx->gc_ctx); talloc_free(test_ctx->ad_ctx->ldap_ctx); talloc_free(test_ctx->ad_ctx->sdap_id_ctx); test_ad_common_teardown((void **) &test_ctx); return 0; } errno_t __real_sdap_set_sasl_options(struct sdap_options *id_opts, char *default_primary, char *default_realm, const char *keytab_path); errno_t __wrap_sdap_set_sasl_options(struct sdap_options *id_opts, char *default_primary, char *default_realm, const char *keytab_path) { /* Pretend SASL is fine */ if (call_real_sasl_options == true) { return __real_sdap_set_sasl_options(id_opts, default_primary, default_realm, keytab_path); } return EOK; } void test_ad_get_dom_ldap_conn(void **state) { struct sdap_id_conn_ctx *conn; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->dom); assert_true(conn == test_ctx->ad_ctx->ldap_ctx); conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->subdom); assert_true(conn == test_ctx->subdom_ad_ctx->ldap_ctx); } void test_gc_conn_list(void **state) { struct sdap_id_conn_ctx **conn_list; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); assert_true(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC)); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx); /* If there is a fallback, we should ignore the offline mode */ assert_true(conn_list[0]->ignore_mark_offline); assert_true(conn_list[1] == test_ctx->ad_ctx->ldap_ctx); assert_false(conn_list[1]->ignore_mark_offline); assert_null(conn_list[2]); talloc_free(conn_list); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx); assert_true(conn_list[0]->ignore_mark_offline); assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx); /* Subdomain error should not set the backend offline! */ assert_true(conn_list[1]->ignore_mark_offline); talloc_free(conn_list); dp_opt_set_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC, false); assert_false(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC)); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx); assert_false(conn_list[0]->ignore_mark_offline); assert_null(conn_list[1]); talloc_free(conn_list); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx); assert_true(conn_list[0]->ignore_mark_offline); assert_null(conn_list[1]); talloc_free(conn_list); } void test_ldap_conn_list(void **state) { struct sdap_id_conn_ctx **conn_list; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); conn_list = ad_ldap_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx); assert_false(conn_list[0]->ignore_mark_offline); assert_null(conn_list[1]); talloc_free(conn_list); conn_list = ad_ldap_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx); assert_true(conn_list[0]->ignore_mark_offline); assert_null(conn_list[1]); talloc_free(conn_list); } void test_user_conn_list(void **state) { struct sdap_id_conn_ctx **conn_list; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); conn_list = ad_user_conn_list(test_ctx->ad_ctx, test_ctx->dom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx); assert_false(conn_list[0]->ignore_mark_offline); assert_null(conn_list[1]); talloc_free(conn_list); conn_list = ad_user_conn_list(test_ctx->ad_ctx, test_ctx->subdom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx); assert_true(conn_list[0]->ignore_mark_offline); assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx); /* Subdomain error should not set the backend offline! */ assert_true(conn_list[1]->ignore_mark_offline); talloc_free(conn_list); } int main(int argc, const char *argv[]) { poptContext pc; int opt; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS POPT_TABLEEND }; const struct CMUnitTest tests[] = { cmocka_unit_test(test_ad_create_default_options), cmocka_unit_test_setup_teardown(test_ad_create_1way_trust_options, test_ad_common_setup, test_ad_common_teardown), cmocka_unit_test_setup_teardown(test_ad_create_2way_trust_options, test_ad_common_setup, test_ad_common_teardown), cmocka_unit_test_setup_teardown(test_ad_get_dom_ldap_conn, test_ldap_conn_setup, test_ldap_conn_teardown), cmocka_unit_test_setup_teardown(test_gc_conn_list, test_ldap_conn_setup, test_ldap_conn_teardown), cmocka_unit_test_setup_teardown(test_ldap_conn_list, test_ldap_conn_setup, test_ldap_conn_teardown), cmocka_unit_test_setup_teardown(test_user_conn_list, test_ldap_conn_setup, test_ldap_conn_teardown), cmocka_unit_test_setup_teardown(test_check_if_pac_is_available, test_ad_sysdb_setup, test_ad_sysdb_teardown), cmocka_unit_test_setup_teardown(test_ad_get_data_from_pac, test_ad_common_setup, test_ad_common_teardown), cmocka_unit_test_setup_teardown(test_ad_get_sids_from_pac, test_ad_common_setup, test_ad_common_teardown), cmocka_unit_test_setup_teardown(test_ad_get_pac_data_from_user_entry, test_ad_common_setup, test_ad_common_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_CLI_INIT(debug_level); tests_set_cwd(); ret = cmocka_run_group_tests(tests, NULL, NULL); #ifdef HAVE_NSS /* Cleanup NSS and NSPR to make valgrind happy. */ nspr_nss_cleanup(); #endif return ret; }