tests/cmocka/test_krb5_common.c

bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/*
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    SSSD
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    krb5_common - Test for some krb5 utility functions
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    Authors:
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen        Sumit Bose <sbose@redhat.com>
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    Copyright (C) 2016 Red Hat
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    This program is free software; you can redistribute it and/or modify
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    it under the terms of the GNU General Public License as published by
e2ce8d4a6ac5d82a906178148453e7613fab9ba0Timo Sirainen    the Free Software Foundation; either version 3 of the License, or
e2ce8d4a6ac5d82a906178148453e7613fab9ba0Timo Sirainen    (at your option) any later version.
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    This program is distributed in the hope that it will be useful,
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    but WITHOUT ANY WARRANTY; without even the implied warranty of
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
e2ce8d4a6ac5d82a906178148453e7613fab9ba0Timo Sirainen    GNU General Public License for more details.
e2ce8d4a6ac5d82a906178148453e7613fab9ba0Timo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    You should have received a copy of the GNU General Public License
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    along with this program.  If not, see <http://www.gnu.org/licenses/>.
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen*/
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen#include <stdarg.h>
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen#include <stddef.h>
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen#include <setjmp.h>
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen#include <cmocka.h>
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#include <popt.h>
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen#include <stdbool.h>
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen#include "tests/cmocka/common_mock.h"
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen#include "tests/common.h"
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#include "src/providers/krb5/krb5_common.h"
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_REALM "MY.REALM"
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_FAST_PRINC "fast_princ@" TEST_REALM
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_FAST_STR "dummy"
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_LIFE_STR "dummy-life"
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_RLIFE_STR "dummy-rlife"
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TESTS_PATH "tp_" BASE_FILE_STEM
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_CONF_DB "test_krb5_common_conf.ldb"
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_DOM_NAME "test.krb5.common"
3f7b9d04c1fb9b0a55ea2082214ea66a0ace96c7Timo Sirainen#define TEST_ID_PROVIDER "ldap"
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainenstruct test_ctx {
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    struct sss_test_ctx *tctx;
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen};
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainenstatic int test_setup(void **state)
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen{
f1ed4fa248aaf6841ba638b9d66b2738d9f7aa18Timo Sirainen    struct test_ctx *test_ctx;
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen    assert_true(leak_check_setup());
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    test_ctx = talloc_zero(global_talloc_context, struct test_ctx);
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    assert_non_null(test_ctx);
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    test_ctx->tctx = create_dom_test_ctx(test_ctx, TESTS_PATH, TEST_CONF_DB,
e93184a9055c2530366dfe617e07199603c399ddMartti Rannanjärvi                                         TEST_DOM_NAME,
e93184a9055c2530366dfe617e07199603c399ddMartti Rannanjärvi                                         TEST_ID_PROVIDER, NULL);
e93184a9055c2530366dfe617e07199603c399ddMartti Rannanjärvi    assert_non_null(test_ctx->tctx);
e93184a9055c2530366dfe617e07199603c399ddMartti Rannanjärvi
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen    check_leaks_push(test_ctx);
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen    *state = test_ctx;
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen    return 0;
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen}
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainenstatic int test_teardown(void **state)
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen{
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen    struct test_ctx *test_ctx = talloc_get_type(*state, struct test_ctx);
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen    assert_true(check_leaks_pop(test_ctx));
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainen    talloc_free(test_ctx);
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    assert_true(leak_check_teardown());
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    return 0;
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen}
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen
76d4ff1c1b31a1a09f6cbfe613a8d0efe62cbfd2Timo Sirainenvoid test_set_extra_args(void **state)
f1ed4fa248aaf6841ba638b9d66b2738d9f7aa18Timo Sirainen{
93936b4e7179f97ca490c863f666f378ebb08905Timo Sirainen    int ret;
93936b4e7179f97ca490c863f666f378ebb08905Timo Sirainen    struct krb5_ctx *krb5_ctx;
be6ad6e46ecb8c7126b421819046e7f4857a2babTimo Sirainen    char *uid_opt;
    char *gid_opt;
    const char **krb5_child_extra_args;

    ret = set_extra_args(NULL, NULL, NULL);
    assert_int_equal(ret, EINVAL);

    krb5_ctx = talloc_zero(global_talloc_context, struct krb5_ctx);
    assert_non_null(krb5_ctx);
    uid_opt = talloc_asprintf(krb5_ctx, "--fast-ccache-uid=%"SPRIuid, getuid());
    assert_non_null(uid_opt);

    gid_opt = talloc_asprintf(krb5_ctx, "--fast-ccache-gid=%"SPRIgid, getgid());
    assert_non_null(gid_opt);

    ret = set_extra_args(global_talloc_context, krb5_ctx,
                         &krb5_child_extra_args);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_child_extra_args[0], uid_opt);
    assert_string_equal(krb5_child_extra_args[1], gid_opt);
    assert_null(krb5_child_extra_args[2]);
    talloc_free(krb5_child_extra_args);

    krb5_ctx->canonicalize = true;
    ret = set_extra_args(global_talloc_context, krb5_ctx,
                         &krb5_child_extra_args);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_child_extra_args[0], uid_opt);
    assert_string_equal(krb5_child_extra_args[1], gid_opt);
    assert_string_equal(krb5_child_extra_args[2], "--canonicalize");
    assert_null(krb5_child_extra_args[3]);
    talloc_free(krb5_child_extra_args);

    krb5_ctx->realm = discard_const(TEST_REALM);
    ret = set_extra_args(global_talloc_context, krb5_ctx,
                         &krb5_child_extra_args);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_child_extra_args[0], uid_opt);
    assert_string_equal(krb5_child_extra_args[1], gid_opt);
    assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
    assert_string_equal(krb5_child_extra_args[3], "--canonicalize");
    assert_null(krb5_child_extra_args[4]);
    talloc_free(krb5_child_extra_args);

    /* --fast-principal will be only set if FAST is used */
    krb5_ctx->fast_principal = discard_const(TEST_FAST_PRINC);
    ret = set_extra_args(global_talloc_context, krb5_ctx,
                         &krb5_child_extra_args);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_child_extra_args[0], uid_opt);
    assert_string_equal(krb5_child_extra_args[1], gid_opt);
    assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
    assert_string_equal(krb5_child_extra_args[3], "--canonicalize");
    assert_null(krb5_child_extra_args[4]);
    talloc_free(krb5_child_extra_args);

    krb5_ctx->use_fast_str = discard_const(TEST_FAST_STR);
    ret = set_extra_args(global_talloc_context, krb5_ctx,
                         &krb5_child_extra_args);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_child_extra_args[0], uid_opt);
    assert_string_equal(krb5_child_extra_args[1], gid_opt);
    assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
    assert_string_equal(krb5_child_extra_args[3], "--use-fast=" TEST_FAST_STR);
    assert_string_equal(krb5_child_extra_args[4],
                        "--fast-principal=" TEST_FAST_PRINC);
    assert_string_equal(krb5_child_extra_args[5], "--canonicalize");
    assert_null(krb5_child_extra_args[6]);
    talloc_free(krb5_child_extra_args);

    krb5_ctx->lifetime_str = discard_const(TEST_LIFE_STR);
    krb5_ctx->rlife_str = discard_const(TEST_RLIFE_STR);
    ret = set_extra_args(global_talloc_context, krb5_ctx,
                         &krb5_child_extra_args);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_child_extra_args[0], uid_opt);
    assert_string_equal(krb5_child_extra_args[1], gid_opt);
    assert_string_equal(krb5_child_extra_args[2], "--realm=" TEST_REALM);
    assert_string_equal(krb5_child_extra_args[3], "--lifetime=" TEST_LIFE_STR);
    assert_string_equal(krb5_child_extra_args[4],
                        "--renewable-lifetime=" TEST_RLIFE_STR);
    assert_string_equal(krb5_child_extra_args[5], "--use-fast=" TEST_FAST_STR);
    assert_string_equal(krb5_child_extra_args[6],
                        "--fast-principal=" TEST_FAST_PRINC);
    assert_string_equal(krb5_child_extra_args[7], "--canonicalize");
    assert_null(krb5_child_extra_args[8]);
    talloc_free(krb5_child_extra_args);

    talloc_free(krb5_ctx);
}

void test_sss_krb5_check_options(void **state)
{
    int ret;
    struct dp_option *opts;
    struct test_ctx *test_ctx = talloc_get_type(*state, struct test_ctx);
    struct krb5_ctx *krb5_ctx;

    ret = sss_krb5_check_options(NULL, NULL, NULL);
    assert_int_equal(ret, EINVAL);

    ret = sss_krb5_get_options(test_ctx, test_ctx->tctx->confdb,
                               "[domain/" TEST_DOM_NAME "]", &opts);
    assert_int_equal(ret, EOK);
    assert_non_null(opts);

    krb5_ctx = talloc_zero(test_ctx, struct krb5_ctx);
    assert_non_null(krb5_ctx);

    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_ctx->realm, TEST_DOM_NAME);

    /* check check_lifetime() indirectly */
    ret = dp_opt_set_string(opts, KRB5_LIFETIME, "123");
    assert_int_equal(ret, EOK);
    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_ctx->lifetime_str, "123s");

    ret = dp_opt_set_string(opts, KRB5_LIFETIME, "abc");
    assert_int_equal(ret, EOK);
    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EINVAL);

    ret = dp_opt_set_string(opts, KRB5_LIFETIME, "s");
    assert_int_equal(ret, EOK);
    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EINVAL);

    ret = dp_opt_set_string(opts, KRB5_LIFETIME, "1d");
    assert_int_equal(ret, EOK);
    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_ctx->lifetime_str, "1d");

    ret = dp_opt_set_string(opts, KRB5_LIFETIME, "7d 0h 0m 0s");
    assert_int_equal(ret, EOK);
    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EOK);
    assert_string_equal(krb5_ctx->lifetime_str, "7d 0h 0m 0s");

    /* check canonicalize */
    assert_false(krb5_ctx->canonicalize);

    ret = dp_opt_set_bool(opts, KRB5_USE_ENTERPRISE_PRINCIPAL, true);
    assert_int_equal(ret, EOK);
    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EOK);
    assert_true(krb5_ctx->canonicalize);

    ret = dp_opt_set_bool(opts, KRB5_USE_ENTERPRISE_PRINCIPAL, false);
    assert_int_equal(ret, EOK);
    ret = dp_opt_set_bool(opts, KRB5_CANONICALIZE, true);
    assert_int_equal(ret, EOK);
    ret = sss_krb5_check_options(opts, test_ctx->tctx->dom, krb5_ctx);
    assert_int_equal(ret, EOK);
    assert_true(krb5_ctx->canonicalize);

    talloc_free(krb5_ctx);
    talloc_free(opts);
}

int main(int argc, const char *argv[])
{
    int rv;
    int no_cleanup = 0;
    poptContext pc;
    int opt;
    struct poptOption long_options[] = {
        POPT_AUTOHELP
        SSSD_DEBUG_OPTS
        {"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0,
         _("Do not delete the test database after a test run"), NULL },
        POPT_TABLEEND
    };

    const struct CMUnitTest tests[] = {
        cmocka_unit_test_setup_teardown(test_set_extra_args,
                                        test_setup, test_teardown),
        cmocka_unit_test_setup_teardown(test_sss_krb5_check_options,
                                        test_setup, test_teardown),
    };

    /* Set debug level to invalid value so we can decide if -d 0 was used. */
    debug_level = SSSDBG_INVALID;

    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
    while ((opt = poptGetNextOpt(pc)) != -1) {
        switch (opt) {
        default:
            fprintf(stderr, "\nInvalid option %s: %s\n\n",
                    poptBadOption(pc, 0), poptStrerror(opt));
            poptPrintUsage(pc, stderr, 0);
            return 1;
        }
    }
    poptFreeContext(pc);

    DEBUG_CLI_INIT(debug_level);

    tests_set_cwd();
    test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
    test_dom_suite_setup(TESTS_PATH);

    rv = cmocka_run_group_tests(tests, NULL, NULL);
    if (rv == 0 && !no_cleanup) {
        test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
    }

    return rv;
}