test_negcache.c revision 9face844e3063b61ab19e1d82bbf3d9f9de76ac7
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen/*
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen SSSD
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen NSS Responder
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen Authors:
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen Pallavi Jha <pallavikumarijha@gmail.com>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen Copyright (C) 2013 Red Hat
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen This program is free software; you can redistribute it and/or modify
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen it under the terms of the GNU General Public License as published by
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen the Free Software Foundation; either version 3 of the License, or
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen (at your option) any later version.
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen This program is distributed in the hope that it will be useful,
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen GNU General Public License for more details.
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen You should have received a copy of the GNU General Public License
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen*/
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <stdarg.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <stdlib.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <stddef.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <setjmp.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <errno.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <unistd.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <sys/types.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <inttypes.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include <cmocka.h>
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include "tests/cmocka/common_mock.h"
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen#include "tests/cmocka/common_mock_resp.h"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include "responder/nss/nsssrv.h"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include "responder/nss/nsssrv_private.h"
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen#include "sss_client/idmap/sss_nss_idmap.h"
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen#include "util/util_sss_idmap.h"
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen#include "lib/idmap/sss_idmap.h"
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen#include "util/util.h"
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen#include "util/util_sss_idmap.h"
08a0b7b0d0444875001847ef2b1b7b76122620abTimo Sirainen#include "responder/common/responder.h"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#include "responder/common/negcache.h"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define PORT 21
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define SID "S-1-2-3-4-5"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define CERT "MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEuREVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA0MjgxMDIxMTFaFw0xNzA0MjgxMDIxMTFaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoGA1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIykqtHuAwTVEofHikG/9BQy/dfeZFlsTkBg2qtnnc78w3XufbcnkpJp9Bmcsy/d9beqf5nlsxJ8TcjLsRQ9Ou6YtQjTfM3OILuOz8s0ICbF6qb66bd9hX/BrLO/9+KnpWFSR+E/YEmzgYyDTbKfBWBaGuPPrOi/K6vwkRYFZVA/FYZkYDtQhFmBO884HYzS4P6frRH3PvtRqWNCmaHpe97dGKsvnM2ybT+IMSB8/54GajQr3+BciRh2XaT4wvSTxkXM1fUgrDxqAP2AZmpuIyDyboZh+rWOwbrTPfx5SipELZG3uHhP8HMcr4qQ8b20LWgxCRuT73sIooHET350xUCAwEAAaOCASYwggEiMB8GA1UdIwQYMBaAFPKdQk4PxEglWC8czg+hPyLIVciRMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGswaaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQULSs/y/Wy/zIsqMIc3b2MgB7dMYIwDQYJKoZIhvcNAQELBQADggEBAJpHLlCnTR1TD8lxQgzl2n1JZOeryN/fAsGH0Vve2m8r5PC+ugnfAoULiuabBn1pOGxy/0x7Kg0/Iy8WRv8Fk7DqJCjXEqFXuFkZJfNDCtP9DzeNuMoV50iKoMfHS38BPFjXN+X/fSsBrA2fUWrlQCTmXlUN97gvQqxt5Slrxgukvxm9OSfu/sWz22LUvtJHupYwWv1iALgnXS86lAuVNYVALLxn34r58XsZlj5CSBMjBJWpaxEzgUdag3L2IPqOQXuPd0d8x11G9E/9gQquOSe2aiZjsdO/VYOCmzZsM2QPUMBVlBPDhfTVcWXQwN385uycW/ARtSzzSME2jKKWSIQ="
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define PROTO "TCP"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define LIFETIME 200
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define SHORTSPAN 1
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define NAME "foo_name"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define TESTS_PATH "tp_" BASE_FILE_STEM
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define TEST_CONF_DB "test_nss_conf.ldb"
7fb70daba4e571eab5b64f496d20b9e37e31141bTimo Sirainen#define TEST_DOM_NAME "nss_test"
#define TEST_ID_PROVIDER "ldap"
/* register_cli_protocol_version is required in test since it links with
* responder_common.c module
*/
struct cli_protocol_version *register_cli_protocol_version(void)
{
static struct cli_protocol_version responder_test_cli_protocol_version[] = {
{0, NULL, NULL}
};
return responder_test_cli_protocol_version;
}
/* Mock NSS structure */
static struct nss_ctx *
mock_nctx(TALLOC_CTX *mem_ctx)
{
struct nss_ctx *nctx;
errno_t ret;
enum idmap_error_code err;
nctx = talloc_zero(mem_ctx, struct nss_ctx);
if (!nctx) {
return NULL;
}
ret = sss_ncache_init(nctx, &nctx->ncache);
if (ret != EOK) {
talloc_free(nctx);
return NULL;
}
nctx->neg_timeout = 10;
nctx->pwfield = discard_const("*");
err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
&nctx->idmap_ctx);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, ("sss_idmap_init failed.\n"));
talloc_free(nctx);
return NULL;
}
return nctx;
}
struct test_state {
struct sss_nc_ctx *ctx;
struct nss_ctx *nctx;
struct resp_ctx *rctx;
};
static int setup(void **state)
{
int ret;
struct test_state *ts;
ts = talloc(NULL, struct test_state);
assert_non_null(ts);
ret = sss_ncache_init(ts, &ts->ctx);
assert_int_equal(ret, EOK);
assert_non_null(ts->ctx);
*state = (void *)ts;
return 0;
}
static int teardown(void **state)
{
struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
talloc_free(ts);
return 0;
}
static void test_sss_ncache_init(void **state)
{
int ret;
TALLOC_CTX *memctx;
struct sss_nc_ctx *ctx;
memctx = talloc_new(NULL);
assert_non_null(memctx);
ret = sss_ncache_init(memctx, &ctx );
assert_int_equal(ret, EOK);
assert_non_null(ctx);
talloc_free(memctx);
}
/* @test_sss_ncache_uid : test following functions
* sss_ncache_set_uid
* sss_ncache_check_uid
*/
static void test_sss_ncache_uid(void **state)
{
uid_t uid;
int ret, ttl;
bool permanent;
struct test_state *ts;
ttl = LIFETIME;
uid = getuid();
ts = talloc_get_type_abort(*state, struct test_state);
/* test when uid not present in database */
ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
assert_int_equal(ret, ENOENT);
/* test when uid is present in database */
permanent = true;
ret = sss_ncache_reset_permanent(ts->ctx);
assert_int_equal(ret, EOK);
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
assert_int_equal(ret, EEXIST);
ttl = SHORTSPAN;
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
assert_int_equal(ret, EEXIST);
sleep(SHORTSPAN + 1);
ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
assert_int_equal(ret, EEXIST);
sleep(SHORTSPAN + 1);
ret = sss_ncache_check_uid(ts->ctx, ttl, NULL, uid);
assert_int_equal(ret, ENOENT);
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, uid);
assert_int_equal(ret, EOK);
}
/* @test_sss_ncache_gid : test following functions
* sss_ncache_set_gid
* sss_ncache_check_gid
*/
static void test_sss_ncache_gid(void **state)
{
gid_t gid;
int ret, ttl;
bool permanent;
struct test_state *ts;
ttl = LIFETIME;
gid = getgid();
ts = talloc_get_type_abort(*state, struct test_state);
/* test when gid is not present in database */
ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
assert_int_equal(ret, ENOENT);
/* test when gid is present in database */
permanent = true;
ret = sss_ncache_set_gid(ts->ctx, permanent, NULL, gid);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_gid(ts->ctx, permanent, NULL, gid);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_gid(ts->ctx, ttl, NULL, gid);
assert_int_equal(ret, EEXIST);
}
/* @test_sss_ncache_sid : test following functions
* sss_ncache_set_sid
* sss_ncache_check_sid
*/
static void test_sss_ncache_sid(void **state)
{
int ret, ttl;
bool permanent;
const char *sid = NULL;
struct test_state *ts;
ttl = LIFETIME;
sid = SID;
ts = talloc_get_type_abort(*state, struct test_state);
/*test when sid in not present in database */
ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
assert_int_equal(ret, ENOENT);
/* test when sid is present in database */
permanent = true;
ret = sss_ncache_set_sid(ts->ctx, permanent, sid);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_sid(ts->ctx, permanent, sid);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_sid(ts->ctx, ttl, sid);
assert_int_equal(ret, EEXIST);
}
/* @test_sss_ncache_cert : test following functions
* sss_ncache_set_cert
* sss_ncache_check_cert_
*/
static void test_sss_ncache_cert(void **state)
{
int ret, ttl;
bool permanent;
const char *cert = NULL;
struct test_state *ts;
ttl = LIFETIME;
cert = CERT;
ts = talloc_get_type_abort(*state, struct test_state);
/*test when cert in not present in database */
ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
assert_int_equal(ret, ENOENT);
/* test when cert is present in database */
permanent = true;
ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
assert_int_equal(ret, EEXIST);
}
/* @test_sss_ncache_user : test following functions
* sss_ncache_check_user
* sss_ncache_set_user
*/
static void test_sss_ncache_user(void **state)
{
int ret, ttl;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name is not present in database */
dom->case_sensitive = false;
ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
assert_int_equal(ret, ENOENT);
/* test when domain name is present in database */
permanent = true;
ret = sss_ncache_set_user(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_user(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_user(ts->ctx, ttl, dom, name);
assert_int_equal(ret, EEXIST);
}
/* @test_sss_ncache_group : test following functions
* sss_ncache_check_group
* sss_ncache_set_group
*/
static void test_sss_ncache_group(void **state)
{
int ret, ttl;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name is not present in database */
dom->case_sensitive = false;
ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
assert_int_equal(ret, ENOENT);
/* test when domain name is present in database */
permanent = true;
ret = sss_ncache_set_group(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_group(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_group(ts->ctx, ttl, dom, name);
assert_int_equal(ret, EEXIST);
}
/* @test_sss_ncache_netgr : test following functions
* sss_ncache_check_netgr
* sss_ncache_set_netgr
*/
static void test_sss_ncache_netgr(void **state)
{
int ret, ttl;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name is not present in database */
dom->case_sensitive = false;
ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
assert_int_equal(ret, ENOENT);
/* test when domain name is present in database */
permanent = true;
ret = sss_ncache_set_netgr(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_netgr(ts->ctx, permanent, dom, name);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_netgr(ts->ctx, ttl, dom, name);
assert_int_equal(ret, EEXIST);
}
/* @test_sss_ncache_service_name : test following functions
* sss_ncache_check_service
* sss_ncache_set_service_name
*/
static void test_sss_ncache_service_name(void **state)
{
int ret, ttl;
bool permanent;
const char *name = NAME;
struct test_state *ts;
struct sss_domain_info *dom;
ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name and protocol are not present in database */
dom->case_sensitive = false;
ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
assert_int_equal(ret, ENOENT);
/* test when domain name and protocol are present in database */
permanent = true;
ret = sss_ncache_set_service_name(ts->ctx, permanent, dom, name, PROTO);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_service_name(ts->ctx, permanent, dom, name, PROTO);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_service(ts->ctx, ttl, dom, name, PROTO);
assert_int_equal(ret, EEXIST);
}
/* @test_sss_ncache_service_port : test following functions
* sss_ncache_check_service_port
* sss_ncache_set_service_port
*/
static void test_sss_ncache_service_port(void **state)
{
int ret, ttl;
bool permanent;
struct test_state *ts;
struct sss_domain_info *dom;
ttl = LIFETIME;
ts = talloc_get_type_abort(*state, struct test_state);
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
/* test when domain name, port and protocol are not present in database */
dom->case_sensitive = false;
ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, ENOENT);
dom->case_sensitive = true;
ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, ENOENT);
/* test when domain name, port and protocol are present in database */
permanent = true;
ret = sss_ncache_set_service_port(ts->ctx, permanent, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, EEXIST);
permanent = false;
ret = sss_ncache_set_service_port(ts->ctx, permanent, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_service_port(ts->ctx, ttl, dom, (uint16_t)PORT,
PROTO);
assert_int_equal(ret, EEXIST);
}
static void test_sss_ncache_reset_permanent(void **state)
{
int ret;
struct test_state *ts;
const bool permanent = true;
ts = talloc_get_type_abort(*state, struct test_state);
ret = sss_ncache_set_uid(ts->ctx, permanent, NULL, 0);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0);
assert_int_equal(ret, EEXIST);
ret = sss_ncache_reset_permanent(ts->ctx);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_uid(ts->ctx, 0, NULL, 0);
assert_int_equal(ret, ENOENT);
}
static void test_sss_ncache_prepopulate(void **state)
{
int ret;
struct test_state *ts;
struct tevent_context *ev;
struct sss_nc_ctx *ncache;
struct sss_test_ctx *tc;
struct sss_domain_info *dom;
struct sss_test_conf_param params[] = {
{ "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" },
{ "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" },
{ NULL, NULL },
};
ts = talloc_get_type_abort(*state, struct test_state);
ev = tevent_context_init(ts);
assert_non_null(ev);
dom = talloc_zero(ts, struct sss_domain_info);
assert_non_null(dom);
dom->name = discard_const_p(char, TEST_DOM_NAME);
ts->nctx = mock_nctx(ts);
assert_non_null(ts->nctx);
tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB,
TEST_DOM_NAME, TEST_ID_PROVIDER, params);
assert_non_null(tc);
ncache = ts->ctx;
ts->rctx = mock_rctx(ts, ev, dom, ts->nctx);
assert_non_null(ts->rctx);
ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names);
assert_int_equal(ret, EOK);
ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx);
assert_int_equal(ret, EOK);
sleep(SHORTSPAN);
ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_user(ncache, 1, dom, "testuser2");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_user(ncache, 1, dom, "testuser3");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_check_user(ncache, 1, dom, "testuser3@somedomain");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3@somedomain");
assert_int_equal(ret, ENOENT);
}
static void test_sss_ncache_default_domain_suffix(void **state)
{
int ret;
struct test_state *ts;
struct tevent_context *ev;
struct sss_nc_ctx *ncache;
struct sss_test_ctx *tc;
struct sss_domain_info *dom;
struct sss_test_conf_param params[] = {
{ "filter_users", "testuser1, testuser2@"TEST_DOM_NAME", testuser3@somedomain" },
{ "filter_groups", "testgroup1, testgroup2@"TEST_DOM_NAME", testgroup3@somedomain" },
{ NULL, NULL },
};
ts = talloc_get_type_abort(*state, struct test_state);
ev = tevent_context_init(ts);
assert_non_null(ev);
dom = talloc_zero(ts, struct sss_domain_info);
assert_non_null(dom);
dom->name = discard_const_p(char, TEST_DOM_NAME);
ts->nctx = mock_nctx(ts);
assert_non_null(ts->nctx);
tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB,
TEST_DOM_NAME, TEST_ID_PROVIDER, params);
assert_non_null(tc);
ncache = ts->ctx;
ts->rctx = mock_rctx(ts, ev, dom, ts->nctx);
assert_non_null(ts->rctx);
ts->rctx->default_domain = discard_const(TEST_DOM_NAME);
ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names);
assert_int_equal(ret, EOK);
ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx);
assert_int_equal(ret, EOK);
ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_user(ncache, 1, dom, "testuser2");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup2");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_user(ncache, 1, dom, "testuser3");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup3");
assert_int_equal(ret, ENOENT);
}
static void test_sss_ncache_reset_prepopulate(void **state)
{
int ret;
struct test_state *ts;
struct tevent_context *ev;
struct sss_nc_ctx *ncache;
struct sss_test_ctx *tc;
struct sss_domain_info *dom;
struct sss_domain_info *dom2;
struct sss_test_conf_param params[] = {
{ "filter_users", "testuser1@"TEST_DOM_NAME", testuser2@"TEST_DOM_NAME"2" },
{ "filter_groups", "testgroup1@"TEST_DOM_NAME", testgroup2@"TEST_DOM_NAME"2" },
{ NULL, NULL },
};
const char *nss_filter_users[] = { params[0].value, NULL};
const char *nss_filter_groups[] = { params[1].value, NULL};
ts = talloc_get_type_abort(*state, struct test_state);
ev = tevent_context_init(ts);
assert_non_null(ev);
dom = talloc_zero(ts, struct sss_domain_info);
assert_non_null(dom);
dom->name = discard_const_p(char, TEST_DOM_NAME);
ts->nctx = mock_nctx(ts);
assert_non_null(ts->nctx);
tc = create_dom_test_ctx(ts, TESTS_PATH, TEST_CONF_DB,
TEST_DOM_NAME, TEST_ID_PROVIDER, params);
assert_non_null(tc);
ret = confdb_add_param(tc->confdb, true, "config/nss",
"filter_users", nss_filter_users);
assert_int_equal(ret, EOK);
ret = confdb_add_param(tc->confdb, true, "config/nss",
"filter_groups", nss_filter_groups);
assert_int_equal(ret, EOK);
ncache = ts->ctx;
ts->rctx = mock_rctx(ts, ev, dom, ts->nctx);
assert_non_null(ts->rctx);
ts->rctx->default_domain = discard_const(TEST_DOM_NAME);
ts->rctx->cdb = tc->confdb;
ret = sss_names_init(ts, tc->confdb, TEST_DOM_NAME, &dom->names);
assert_int_equal(ret, EOK);
ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
assert_int_equal(ret, EOK);
/* Add another domain */
dom2 = talloc_zero(ts, struct sss_domain_info);
assert_non_null(dom2);
dom2->name = discard_const_p(char, TEST_DOM_NAME"2");
dom->next = dom2;
dom2->names = dom->names;
/* First domain should not be known, the second not */
ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
assert_int_equal(ret, EOK);
/* First domain should not be known, the second not */
ret = sss_ncache_check_user(ncache, 1, dom, "testuser1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_group(ncache, 1, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_user(ncache, 1, dom2, "testuser2");
assert_int_equal(ret, EEXIST);
ret = sss_ncache_check_group(ncache, 1, dom2, "testgroup2");
assert_int_equal(ret, EEXIST);
}
int main(void)
{
int rv;
const struct CMUnitTest tests[] = {
cmocka_unit_test(test_sss_ncache_init),
cmocka_unit_test_setup_teardown(test_sss_ncache_uid, setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_gid, setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_sid, setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_cert, setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_user, setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_group, setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_netgr, setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_service_name, setup,
teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_service_port,
setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_reset_permanent, setup,
teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_prepopulate,
setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_default_domain_suffix,
setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_ncache_reset_prepopulate,
setup, teardown),
};
tests_set_cwd();
test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
test_dom_suite_setup(TESTS_PATH);
rv = cmocka_run_group_tests(tests, NULL, NULL);
if (rv == 0) {
test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
}
return rv;
}