72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek Jakub Hrozek <jhrozek@redhat.com>
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek Copyright (C) 2013 Red Hat
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek SSSD tests: AD access control filter tests
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek This program is free software; you can redistribute it and/or modify
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek it under the terms of the GNU General Public License as published by
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek the Free Software Foundation; either version 3 of the License, or
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek (at your option) any later version.
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek This program is distributed in the hope that it will be useful,
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek GNU General Public License for more details.
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek You should have received a copy of the GNU General Public License
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek along with this program. If not, see <http://www.gnu.org/licenses/>.
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek/* In order to access opaque types */
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek#define KEYTAB_TEST_PRINC TEST_AUTHID"@"REALMNAME
295c8e301e31f9bf27d921f80c14dfa5864b2383Lukas Slebodnik#define KEYTAB_PATH TESTS_PATH"/keytab_test.keytab"
295c8e301e31f9bf27d921f80c14dfa5864b2383Lukas Slebodnik#define ONEWAY_KEYTAB_PATH TESTS_PATH"/oneway_test.keytab"
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek#define ONEWAY_TEST_PRINC ONEWAY_AUTHID"@"ONEWAY_DOMNAME
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose#define TEST_DOM2_NAME "child2.test_sysdb_subdomains_2"
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose test_ctx->tctx = create_multidom_test_ctx(test_ctx, TESTS_PATH,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose talloc_get_type(*state, struct ad_sysdb_test_ctx);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose test_multidom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, domains);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bosestatic void test_check_if_pac_is_available(void **state)
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose talloc_get_type(*state, struct ad_sysdb_test_ctx);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = check_if_pac_is_available(NULL, NULL, NULL, NULL);
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ar = talloc_zero(test_ctx, struct dp_id_data);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = sysdb_add_user(test_ctx->tctx->dom, TEST_USER, 123, 456, NULL, NULL,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_PAC_BLOB, "pac");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose /* PAC available but too old */
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = sysdb_attrs_add_time_t(attrs, SYSDB_PAC_BLOB_EXPIRE, 123);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose /* PAC available but still too old */
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = sysdb_attrs_add_time_t(attrs, SYSDB_PAC_BLOB_EXPIRE, time(NULL) + 10);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose /* PAC available but still too old */
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose assert_string_equal(ldb_msg_find_attr_as_string(msg, SYSDB_NAME, "x"),
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "BQAAAAAAAAABAAAA6AEAAFgAAAAAAAAACgAAABAAAABAAgAAAA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "AAAAwAAAA4AAAAUAIAAAAAAAAGAAAAFAAAAIgCAAAAAAAABwAA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "ABQAAACgAgAAAAAAAAEQCADMzMzM2AEAAAAAAAAAAAIA2hr35p" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "Ji0QH/////////f/////////9/4veKrwAP0AHit/TZyQ/QAf//" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "//////9/BgAGAAQAAgAGAAYACAACAAAAAAAMAAIAAAAAABAAAg" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "AAAAAAFAACAAAAAAAYAAIATwAAAFAEAAABAgAABQAAABwAAgAg" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "AAAAAAAAAAAAAAAAAAAAAAAAABIAFAAgAAIABAAGACQAAgAoAA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "IAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "AAAAAAEAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAdA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "B1ADEAAAADAAAAAAAAAAMAAAB0ACAAdQAAAAAAAAAAAAAAAAAA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "UAAAD9ogAABwAAAAECAAAHAAAAXAQAAAcAAABWBAAABwAAAImm" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "AAAHAAAACgAAAAAAAAAJAAAAQQBEAC0AUwBFAFIAVgBFAFIAAA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "ADAAAAAAAAAAIAAABBAEQABAAAAAEEAAAAAAAFFQAAAPgSE9xH" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "8xx2Ry8u1wEAAAAwAAIABwAAAAUAAAABBQAAAAAABRUAAAApyU" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "/ZwjzDeDZVh/hUBAAAgD5SqNxk0QEGAHQAdQAxABgAEAAQACgA" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "AAAAAAAAAAB0AHUAMQBAAGEAZAAuAGQAZQB2AGUAbABBAEQALg" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "BEAEUAVgBFAEwAdv///4yBQZ5ZQnp3qwj2lKGcd0UAAAAAdv//" \
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bosestatic void test_ad_get_data_from_pac(void **state)
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose test_pac_blob = sss_base64_decode(test_ctx, TEST_PAC_BASE64,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = ad_get_data_from_pac(test_ctx, test_pac_blob, test_pac_blob_size,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose assert_string_equal(logon_info->info3.base.account_name.string, "tu1");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose assert_string_equal(logon_info->info3.base.full_name.string, "t u");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose assert_int_equal(logon_info->info3.base.rid, 1104);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose assert_int_equal(logon_info->info3.base.primary_gid, 513);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose assert_int_equal(logon_info->info3.base.groups.count, 5);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose assert_string_equal(logon_info->info3.base.logon_domain.string, "AD");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bosestatic void test_ad_get_sids_from_pac(void **state)
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose const char *sid_check_list[] = { "S-1-5-21-3692237560-1981608775-3610128199-513",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-1110",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-1116",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-41725",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-42633",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3645884713-2026060994-4169618742-1108",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose err = sss_idmap_init(sss_idmap_talloc, test_ctx, sss_idmap_talloc_free,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose test_pac_blob = sss_base64_decode(test_ctx, TEST_PAC_BASE64,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = ad_get_data_from_pac(test_ctx, test_pac_blob, test_pac_blob_size,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = ad_get_sids_from_pac(test_ctx, idmap_ctx, logon_info, &user_sid,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-1104");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-513");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose for (s = 0; s < num_sids; s++) {
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose if (strcmp(sid_check_list[c], sid_list[s]) == 0) {
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose fail_msg("SID [%s] not found in SID list.", sid_check_list[c]);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bosestatic void test_ad_get_pac_data_from_user_entry(void **state)
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose const char *sid_check_list[] = { "S-1-5-21-3692237560-1981608775-3610128199-513",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-1110",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-1116",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-41725",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-42633",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3645884713-2026060994-4169618742-1108",
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose err = sss_idmap_init(sss_idmap_talloc, test_ctx, sss_idmap_talloc_free,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = ldb_msg_add_string(user_msg, SYSDB_NAME, "username");
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose ret = ldb_msg_add_string(user_msg, SYSDB_OBJECTCATEGORY, SYSDB_USER_CLASS);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = ldb_msg_add_string(user_msg, SYSDB_PAC_BLOB_EXPIRE, "12345");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose val.data = sss_base64_decode(test_ctx, TEST_PAC_BASE64, &val.length);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = ldb_msg_add_value(user_msg, SYSDB_PAC_BLOB, &val, NULL);
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose ret = ad_get_pac_data_from_user_entry(test_ctx, user_msg, idmap_ctx,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-1104");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose "S-1-5-21-3692237560-1981608775-3610128199-513");
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose for (s = 0; s < num_sids; s++) {
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose if (strcmp(sid_check_list[c], sid_list[s]) == 0) {
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose fail_msg("SID [%s] not found in SID list.", sid_check_list[c]);
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozekkrb5_error_code __wrap_krb5_kt_default(krb5_context context, krb5_keytab *id)
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek return krb5_kt_resolve(context, KEYTAB_PATH, id);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek test_ctx = talloc_zero(global_talloc_context, struct ad_common_test_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek test_ctx->subdom = talloc_zero(test_ctx, struct sss_domain_info);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek test_ctx->subdom->name = discard_const(SUBDOMNAME);
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek test_ctx->ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx);
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozekstatic int test_ad_common_teardown(void **state)
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek assert_true(check_leaks_pop(test_ctx) == true);
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozekstatic void test_ad_create_1way_trust_options(void **state)
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek const char *s;
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek /* Make sure this is not the keytab that __wrap_krb5_kt_default uses */
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek mock_keytab_with_contents(test_ctx, ONEWAY_KEYTAB_PATH, ONEWAY_TEST_PRINC);
231bd1b34023daa3080cf461085e6e4aa7f4d733Michal Židek test_ctx->subdom->name = discard_const(ONEWAY_DOMNAME);
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek test_ctx->ad_ctx->ad_options = ad_create_1way_trust_options(
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozekstatic void test_ad_create_2way_trust_options(void **state)
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek const char *s;
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC);
231bd1b34023daa3080cf461085e6e4aa7f4d733Michal Židek test_ctx->subdom->name = discard_const(DOMNAME);
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek test_ctx->ad_ctx->ad_options = ad_create_2way_trust_options(
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
de2bad8ae08f09964834bda0f88db9de39f47c5cJakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek assert_null(s); /* This is the system keytab */
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek ret = test_ad_common_setup((void **) &test_ctx);
295c8e301e31f9bf27d921f80c14dfa5864b2383Lukas Slebodnik mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC);
231bd1b34023daa3080cf461085e6e4aa7f4d733Michal Židek test_ctx->ad_ctx->ad_options = ad_create_2way_trust_options(
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek ad_ctx->gc_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek ad_ctx->ldap_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek ad_ctx->sdap_id_ctx = talloc_zero(ad_ctx, struct sdap_id_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek ad_ctx->sdap_id_ctx->opts = talloc_zero(ad_ctx->sdap_id_ctx,
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->dom, &sdom);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek subdom_ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek subdom_ldap_ctx = talloc_zero(subdom_ad_ctx, struct sdap_id_conn_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->subdom, &sdom);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek__real_sdap_set_sasl_options(struct sdap_options *id_opts,
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek__wrap_sdap_set_sasl_options(struct sdap_options *id_opts,
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek /* Pretend SASL is fine */
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->dom);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek assert_true(conn == test_ctx->ad_ctx->ldap_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->subdom);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek assert_true(conn == test_ctx->subdom_ad_ctx->ldap_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
ba4a81e933deebb416603369b447ead6ebaa040dJakub Hrozek assert_true(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic,
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek /* If there is a fallback, we should ignore the offline mode */
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek assert_true(conn_list[0]->ignore_mark_offline);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek assert_true(conn_list[1] == test_ctx->ad_ctx->ldap_ctx);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek assert_false(conn_list[1]->ignore_mark_offline);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);
266110fa0f6eb086f8f88787bb167cea416fe108Jakub Hrozek assert_true(conn_list[0]->ignore_mark_offline);
266110fa0f6eb086f8f88787bb167cea416fe108Jakub Hrozek assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx);
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek /* Subdomain error should not set the backend offline! */
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek assert_true(conn_list[1]->ignore_mark_offline);
ba4a81e933deebb416603369b447ead6ebaa040dJakub Hrozek dp_opt_set_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC, false);
ba4a81e933deebb416603369b447ead6ebaa040dJakub Hrozek assert_false(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic,
ba4a81e933deebb416603369b447ead6ebaa040dJakub Hrozek conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom);
ba4a81e933deebb416603369b447ead6ebaa040dJakub Hrozek assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);
ba4a81e933deebb416603369b447ead6ebaa040dJakub Hrozek assert_false(conn_list[0]->ignore_mark_offline);
ba4a81e933deebb416603369b447ead6ebaa040dJakub Hrozek conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom);
266110fa0f6eb086f8f88787bb167cea416fe108Jakub Hrozek assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek assert_true(conn_list[0]->ignore_mark_offline);
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek assert_false(conn_list[0]->ignore_mark_offline);
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek assert_true(conn_list[0]->ignore_mark_offline);
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
e6ad16e05f42a1678a8c6cd14eb54ca75b8d775eSumit Bose conn_list = ad_user_conn_list(test_ctx, test_ctx->ad_ctx,
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek assert_false(conn_list[0]->ignore_mark_offline);
e6ad16e05f42a1678a8c6cd14eb54ca75b8d775eSumit Bose conn_list = ad_user_conn_list(test_ctx, test_ctx->ad_ctx,
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek assert_true(conn_list[0]->ignore_mark_offline);
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx);
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek /* Subdomain error should not set the backend offline! */
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek assert_true(conn_list[1]->ignore_mark_offline);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = netlogon_get_domain_info(test_ctx, attrs, false, NULL, NULL, NULL);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = sysdb_attrs_add_val(attrs, AD_AT_NETLOGON, &val);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = netlogon_get_domain_info(test_ctx, attrs, false, NULL, NULL, NULL);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose val.data = sss_base64_decode(test_ctx, "FwAAAP0zAABsGcIYI7j2TL97Rd+TvpATAmFkBWRldmVsAMAYCWFkLXNlcnZlcsAYAkFEAAlBRC1TRVJWRVIAABdEZWZhdWx0LUZpcnN0LVNpdGUtTmFtZQDAQAUAAAD/////", &val.length);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = sysdb_attrs_add_val(attrs, AD_AT_NETLOGON, &val);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = netlogon_get_domain_info(test_ctx, attrs, false, &flat_name, &site, &forest);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose assert_string_equal(site, "Default-First-Site-Name");
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose /* missing site */
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose val.data = sss_base64_decode(test_ctx, "FwAAAH0zAABsGcIYI7j2TL97Rd+TvpATAmFkBWRldmVsAMAYCWFkLXNlcnZlcsAYAkFEAAlBRC1TRVJWRVIAABdEZWZhdWx0LUZpcnN0LVNpdGUtTmFtZQAABQAAAP////8=", &val.length);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = sysdb_attrs_add_val(attrs, AD_AT_NETLOGON, &val);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = netlogon_get_domain_info(test_ctx, attrs, false, &flat_name, &site, &forest);
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose ret = netlogon_get_domain_info(test_ctx, attrs, true, &flat_name, &site, &forest);
30dd3f3e063dded0ec9f58bc2535a94727d8e96dJakub Hrozek cmocka_unit_test_setup_teardown(test_ad_create_1way_trust_options,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek cmocka_unit_test_setup_teardown(test_ad_create_2way_trust_options,
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek cmocka_unit_test_setup_teardown(test_ad_get_dom_ldap_conn,
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek cmocka_unit_test_setup_teardown(test_gc_conn_list,
309aa83d16b5919f727af04850bcd0799ba0962fJakub Hrozek cmocka_unit_test_setup_teardown(test_ldap_conn_list,
afb21fd06690a0bec288a7970abf74ed2ea7dfdcJakub Hrozek cmocka_unit_test_setup_teardown(test_user_conn_list,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose cmocka_unit_test_setup_teardown(test_check_if_pac_is_available,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose cmocka_unit_test_setup_teardown(test_ad_get_data_from_pac,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose cmocka_unit_test_setup_teardown(test_ad_get_sids_from_pac,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose cmocka_unit_test_setup_teardown(test_ad_get_pac_data_from_user_entry,
7fe7073ad2c84946a699528a3bb79f7803c96b69Sumit Bose cmocka_unit_test_setup_teardown(test_netlogon_get_domain_info,
57c5ea8825c7179fd93382dbcbb07e828e5aec19René Genz /* Set debug level to invalid value so we can decide if -d 0 was used. */
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek pc = poptGetContext(argv[0], argc, argv, long_options, 0);
57c5ea8825c7179fd93382dbcbb07e828e5aec19René Genz /* Cleanup NSS and NSPR to make Valgrind happy. */