tests/cmocka/test_sssd_krb5_localauth_plugin.c

b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose/*
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    Authors:
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        Sumit Bose <sbose@redhat.com>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    Copyright (C) 2017 Red Hat
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    Test for the MIT Kerberos localauth plugin
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    This program is free software; you can redistribute it and/or modify
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    it under the terms of the GNU General Public License as published by
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    the Free Software Foundation; either version 3 of the License, or
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    (at your option) any later version.
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    This program is distributed in the hope that it will be useful,
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    but WITHOUT ANY WARRANTY; without even the implied warranty of
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    GNU General Public License for more details.
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    You should have received a copy of the GNU General Public License
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    along with this program.  If not, see <http://www.gnu.org/licenses/>.
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose*/
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <errno.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <stdarg.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <stddef.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <setjmp.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <cmocka.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <stdbool.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <nss.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <sys/types.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <pwd.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <krb5/krb5.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include <krb5/localauth_plugin.h>
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose#include "tests/cmocka/common_mock.h"
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bosestruct _nss_sss_getpwnam_r_test_data {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    uid_t uid;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    const char *name;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    enum nss_status status;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose};
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Boseenum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result,
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                                    char *buffer, size_t buflen, int *errnop)
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose{
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    struct _nss_sss_getpwnam_r_test_data *test_data;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_non_null(name);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_non_null(result);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_non_null(buffer);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_not_equal(buflen, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_non_null(errnop);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    test_data = sss_mock_ptr_type(struct _nss_sss_getpwnam_r_test_data *);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    result->pw_uid = test_data->uid;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    if (test_data->name != NULL) {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        assert_true(buflen > strlen(test_data->name));
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        strncpy(buffer, test_data->name, buflen);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        result->pw_name = buffer;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    }
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    return test_data->status;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose}
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bosekrb5_error_code
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Boselocalauth_sssd_initvt(krb5_context context, int maj_ver, int min_ver,
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                       krb5_plugin_vtable vtable);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bosevoid test_localauth_sssd_initvt(void **state)
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose{
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_error_code kerr;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    struct krb5_localauth_vtable_st vtable = { 0 };
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = localauth_sssd_initvt(NULL, 0, 0, (krb5_plugin_vtable) &vtable);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, KRB5_PLUGIN_VER_NOTSUPP);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = localauth_sssd_initvt(NULL, 1, 1, (krb5_plugin_vtable) &vtable);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_string_equal(vtable.name, "sssd");
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_null(vtable.init);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_null(vtable.fini);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_non_null(vtable.an2ln);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_non_null(vtable.userok);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_non_null(vtable.free_string);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose}
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bosevoid test_sss_userok(void **state)
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose{
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_error_code kerr;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    struct krb5_localauth_vtable_st vtable = { 0 };
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_context krb5_ctx;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_principal princ;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    size_t c;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    struct test_data {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        struct _nss_sss_getpwnam_r_test_data d1;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        struct _nss_sss_getpwnam_r_test_data d2;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        krb5_error_code kerr;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    } test_data[] = {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        {{ 1234, NULL, NSS_STATUS_SUCCESS},  { 1234, NULL, NSS_STATUS_SUCCESS},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                                                                             0},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        /* second _nss_sss_getpwnam_r() is never called because the first one
57c5ea8825c7179fd93382dbcbb07e828e5aec19René Genz         * already returned an error */
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        {{ 1234, NULL, NSS_STATUS_NOTFOUND}, { 0, NULL, 0},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                                                         KRB5_PLUGIN_NO_HANDLE},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        {{ 1234, NULL, NSS_STATUS_SUCCESS},  { 1234, NULL, NSS_STATUS_NOTFOUND},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                                                         KRB5_PLUGIN_NO_HANDLE},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        {{ 1234, NULL, NSS_STATUS_SUCCESS},  { 4321, NULL, NSS_STATUS_SUCCESS},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                                                         KRB5_PLUGIN_NO_HANDLE},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        /* second _nss_sss_getpwnam_r() is never called because the first one
57c5ea8825c7179fd93382dbcbb07e828e5aec19René Genz         * already returned an error */
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        {{ 1234, NULL, NSS_STATUS_UNAVAIL},  { 0, NULL, 0},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                                                         KRB5_PLUGIN_NO_HANDLE},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        {{ 1234, NULL, NSS_STATUS_SUCCESS},  { 1234, NULL, NSS_STATUS_TRYAGAIN},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose                                                         KRB5_PLUGIN_NO_HANDLE},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        {{ 0, NULL, 0 },                     {0 , NULL, 0}, 0}
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    };
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = krb5_init_context(&krb5_ctx);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = localauth_sssd_initvt(krb5_ctx, 1, 1, (krb5_plugin_vtable) &vtable);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = krb5_parse_name(krb5_ctx, "name@REALM", &princ);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    for (c = 0; test_data[c].d1.uid != 0; c++) {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        will_return(_nss_sss_getpwnam_r, &test_data[c].d1);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        if (test_data[c].d2.uid != 0) {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose            will_return(_nss_sss_getpwnam_r, &test_data[c].d2);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        }
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        kerr = vtable.userok(krb5_ctx, NULL, princ, "name");
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        assert_int_equal(kerr, test_data[c].kerr);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    }
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_free_principal(krb5_ctx, princ);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_free_context(krb5_ctx);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose}
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bosevoid test_sss_an2ln(void **state)
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose{
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_error_code kerr;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    struct krb5_localauth_vtable_st vtable = { 0 };
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_context krb5_ctx;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_principal princ;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    size_t c;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    char *lname;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    struct test_data {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        struct _nss_sss_getpwnam_r_test_data d;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        krb5_error_code kerr;
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    } test_data[] = {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        { { 0, "my_name", NSS_STATUS_SUCCESS}, 0},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        { { 0, "my_name", NSS_STATUS_NOTFOUND}, KRB5_LNAME_NOTRANS},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        { { 0, "my_name", NSS_STATUS_UNAVAIL}, EIO},
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        { { 0, NULL, 0 }                     , 0}
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    };
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = krb5_init_context(&krb5_ctx);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = localauth_sssd_initvt(krb5_ctx, 1, 1, (krb5_plugin_vtable) &vtable);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    kerr = krb5_parse_name(krb5_ctx, "name@REALM", &princ);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    assert_int_equal(kerr, 0);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    for (c = 0; test_data[c].d.name != NULL; c++) {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        will_return(_nss_sss_getpwnam_r, &test_data[c].d);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        kerr = vtable.an2ln(krb5_ctx, NULL, NULL, NULL, princ, &lname);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        assert_int_equal(kerr, test_data[c].kerr);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        if (kerr == 0) {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose            assert_string_equal(lname, test_data[c].d.name);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose            vtable.free_string(krb5_ctx, NULL, lname);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        }
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    }
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_free_principal(krb5_ctx, princ);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    krb5_free_context(krb5_ctx);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose}
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Boseint main(int argc, const char *argv[])
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose{
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    const struct CMUnitTest tests[] = {
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        cmocka_unit_test(test_localauth_sssd_initvt),
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        cmocka_unit_test(test_sss_userok),
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose        cmocka_unit_test(test_sss_an2ln),
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    };
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose    return cmocka_run_group_tests(tests, NULL, NULL);
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose}