/*
Authors:
Jakub Hrozek <jhrozek@redhat.com>
Copyright (C) 2015 Red Hat
SSSD tests: IPA subdomain server utils tests
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <talloc.h>
#include <tevent.h>
#include <errno.h>
#include <popt.h>
#include <stdlib.h>
#include <fcntl.h>
#include <ifaddrs.h>
#include "providers/ipa/ipa_subdomains.h"
#include "providers/ipa/ipa_opts.h"
#include "providers/data_provider.h"
#include "tests/cmocka/common_mock.h"
#include "tests/cmocka/common_mock_resp.h"
#include "tests/cmocka/common_mock_krb5.h"
#include "tests/cmocka/common_mock_sdap.h"
#include "tests/cmocka/common_mock_be.h"
static bool global_rename_called;
#ifdef HAVE_SELINUX
/* Provide faster implementation of Kerberos function
* krb5int_labeled_[f]?open. Real functions take care also
* about SELinux context which is very expensive operation
* and cause failures due to timeout when executing with Valgrind.
* It's approximately 40 times slower with real function
*/
FILE *
{
}
int
{
}
#endif /* HAVE_SELINUX */
{
}
{
assert_int_equal(ret, 0);
}
static int wrap_exec(void)
{
const char *test_kt;
const char *fail_creating_kt;
_exit(1);
}
unsetenv("TEST_KT_ENV");
if (fail_creating_kt != NULL) {
_exit(1);
}
_exit(0);
return 1; /* Should not happen */
}
{
return wrap_exec();
}
{
return wrap_exec();
}
{
int ret;
int sret;
assert_int_equal(sret, 0);
}
return ret;
}
{
global_rename_called = true;
}
struct trust_test_ctx {
bool expect_rename;
};
struct sss_test_ctx *tctx,
const char *krb5_realm,
const char *hostname)
{
struct sdap_options);
IPA_SERVER_MODE, true);
return ipa_ctx;
}
{
return server_mode;
}
{
/* Add two subdomains */
true, false, SUBDOM_REALM,
true, false, SUBDOM_REALM,
}
{
}
{
}
{
};
struct trust_test_ctx);
global_rename_called = false;
return 0;
}
{
assert_int_equal(ret, 0);
/* Ignore failures */
/* If a test needs this variable, it should be set again in
* each test
*/
unsetenv("KT_CREATE_FAIL");
return 0;
}
{
}
{
/* Add two subdomains */
}
const char *dom_name,
const char *dom_realm,
const char *sid,
const char *keytab,
const char *authid,
const char *sdap_realm)
{
const char *s;
assert_non_null(s);
} else {
assert_null(s);
}
assert_non_null(s);
} else {
assert_null(s);
}
/* the system keytab is always used with two-way trusts */
assert_non_null(s);
} else {
assert_null(s);
}
if (sdap_realm != NULL) {
assert_non_null(s);
} else {
assert_null(s);
}
assert_non_null(s);
} else {
assert_null(s);
}
}
{
/* Trust object should be around now */
SUBDOM_NAME) == 0) {
} else {
}
/* Two-way trusts should use the system realm */
NULL,
NULL,
/* No more trust objects */
NULL,
}
static void
struct tevent_timer *te,
{
}
{
/* Trust object should be around now */
SUBDOM_NAME) == 0) {
} else {
}
/* Two-way trusts should use the system realm */
NULL,
NULL,
/* No more trust objects */
}
struct dir_test_ctx {
};
{
struct dir_test_ctx);
return 0;
}
{
return 0;
}
/* These are stupid tests, but test real data */
{
}
{
}
{
}
{
}
{
"cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com");
/* With root domains we assume two-way trust */
}
{
"cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com");
/* With members we set zero and take a look at the parent */
assert_int_equal(dir, 0);
}
{
assert_int_not_equal(ret, 0);
test_ctx->expect_rename = true;
}
{
assert_int_equal(ret, 0);
/* Trust object should be around now */
SUBDOM_NAME) == 0) {
} else {
}
CHILD_NAME, /* AD domain name */
CHILD_REALM, /* AD realm can be child if SDAP realm is parent's */
ONEWAY_KEYTAB, /* Keytab shared with parent AD dom */
ONEWAY_PRINC, /* Principal shared with parent AD dom */
SUBDOM_REALM); /* SDAP realm must be AD root domain */
/* Here all properties point to the AD domain */
}
{
assert_int_equal(ret, 0);
test_ctx->expect_rename = true;
}
/* Test scenario where a keytab already exists, but refresh fails. In this case,
* sssd should attempt to reuse the previous keytab
*/
{
assert_int_equal(ret, 0);
test_ctx->expect_rename = false;
}
/* Tests case where there's no keytab and retrieving fails. Just fail the
* request in that case
*/
{
test_ctx->expect_rename = false;
test_ctx);
}
{
}
{
}
{
/* Just make sure the caller can rely on getting a valid string.. */
}
{
int rv;
int no_cleanup = 0;
int opt;
_("Do not delete the test database after a test run"), NULL },
};
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */
switch(opt) {
default:
return 1;
}
}
/* Even though normally the tests should clean up after themselves
* they might not after a failed run. Remove the old DB to be sure */
if (rv == 0 && !no_cleanup) {
}
return rv;
}