8d1cf9fc1abcce38714c9f54a51d40e718774decjim

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#include <talloc.h>

70c233f481e297e0e07fb987072bc6d16dbf95e5sctemme#include <tevent.h>

70c233f481e297e0e07fb987072bc6d16dbf95e5sctemme#include <errno.h>

70c233f481e297e0e07fb987072bc6d16dbf95e5sctemme#include <popt.h>

70c233f481e297e0e07fb987072bc6d16dbf95e5sctemme#include <unistd.h>

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#include <sys/types.h>

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#include <ifaddrs.h>

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#include <arpa/inet.h>

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#include "providers/ad/ad_pac.h"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#include "util/crypto/sss_crypto.h"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#include "util/util_sss_idmap.h"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#include "providers/ad/ad_common.c"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#include "tests/cmocka/common_mock.h"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#include "tests/cmocka/common_mock_krb5.h"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define DOMNAME "domname"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define SUBDOMNAME "sub."DOMNAME

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define REALMNAME DOMNAME

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define HOST_NAME "ad."REALMNAME

8d1cf9fc1abcce38714c9f54a51d40e718774decjim

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define TESTS_PATH "tp_" BASE_FILE_STEM

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define TEST_AUTHID "host/"HOST_NAME

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define KEYTAB_TEST_PRINC TEST_AUTHID"@"REALMNAME

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#define KEYTAB_PATH TESTS_PATH"/keytab_test.keytab"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define ONEWAY_DOMNAME "ONEWAY"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define ONEWAY_HOST_NAME "ad."ONEWAY_DOMNAME

8d1cf9fc1abcce38714c9f54a51d40e718774decjim

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define ONEWAY_KEYTAB_PATH TESTS_PATH"/oneway_test.keytab"

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define ONEWAY_AUTHID "host/"ONEWAY_HOST_NAME

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define ONEWAY_TEST_PRINC ONEWAY_AUTHID"@"ONEWAY_DOMNAME

b8d55029467b9f139d081cf38c6d06ff45e742a9nd

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define TESTS_PATH "tp_" BASE_FILE_STEM

8d1cf9fc1abcce38714c9f54a51d40e718774decjim#define TEST_CONF_DB "test_ad_sysdb.ldb"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#define TEST_ID_PROVIDER "ad"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#define TEST_DOM1_NAME "test_sysdb_subdomains_1"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#define TEST_DOM2_NAME "child2.test_sysdb_subdomains_2"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding#define TEST_USER "test_user"

static bool call_real_sasl_options;

const char *domains[] = { TEST_DOM1_NAME,

TEST_DOM2_NAME,

NULL };

struct ad_sysdb_test_ctx {

struct sss_test_ctx *tctx;

};

static int test_ad_sysdb_setup(void **state)

{

struct ad_sysdb_test_ctx *test_ctx;

struct sss_test_conf_param params[] = {

{ NULL, NULL }, /* Sentinel */

};

assert_true(leak_check_setup());

test_ctx = talloc_zero(global_talloc_context,

struct ad_sysdb_test_ctx);

assert_non_null(test_ctx);

test_dom_suite_setup(TESTS_PATH);

test_ctx->tctx = create_multidom_test_ctx(test_ctx, TESTS_PATH,

TEST_CONF_DB, domains,

TEST_ID_PROVIDER, params);

assert_non_null(test_ctx->tctx);

*state = test_ctx;

return 0;

}

static int test_ad_sysdb_teardown(void **state)

{

struct ad_sysdb_test_ctx *test_ctx =

talloc_get_type(*state, struct ad_sysdb_test_ctx);

test_multidom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, domains);

talloc_free(test_ctx);

assert_true(leak_check_teardown());

return 0;

}

static void test_check_if_pac_is_available(void **state)

{

int ret;

struct ad_sysdb_test_ctx *test_ctx =

talloc_get_type(*state, struct ad_sysdb_test_ctx);

struct be_acct_req *ar;

struct ldb_message *msg = NULL;

struct sysdb_attrs *attrs;

ret = check_if_pac_is_available(NULL, NULL, NULL, NULL);

assert_int_equal(ret, EINVAL);

ar = talloc_zero(test_ctx, struct be_acct_req);

assert_non_null(ar);

ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);

assert_int_equal(ret, EINVAL);

ar->filter_type = BE_FILTER_NAME;

ar->filter_value = discard_const(TEST_USER);

ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);

assert_int_equal(ret, ENOENT);

ret = sysdb_add_user(test_ctx->tctx->dom, TEST_USER, 123, 456, NULL, NULL,

NULL, NULL, NULL, 0, 0);

assert_int_equal(ret, EOK);

ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);

assert_int_equal(ret, ENOENT);

attrs = sysdb_new_attrs(test_ctx);

assert_non_null(attrs);

ret = sysdb_attrs_add_string(attrs, SYSDB_PAC_BLOB, "pac");

assert_int_equal(ret, EOK);

ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs,

SYSDB_MOD_REP);

/* PAC available but too old */

ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);

assert_int_equal(ret, ENOENT);

talloc_free(attrs);

attrs = sysdb_new_attrs(test_ctx);

assert_non_null(attrs);

ret = sysdb_attrs_add_time_t(attrs, SYSDB_PAC_BLOB_EXPIRE, 123);

assert_int_equal(ret, EOK);

ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs,

SYSDB_MOD_REP);

/* PAC available but still too old */

ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);

assert_int_equal(ret, ENOENT);

talloc_free(attrs);

attrs = sysdb_new_attrs(test_ctx);

assert_non_null(attrs);

ret = sysdb_attrs_add_time_t(attrs, SYSDB_PAC_BLOB_EXPIRE, time(NULL) + 10);

assert_int_equal(ret, EOK);

ret = sysdb_set_user_attr(test_ctx->tctx->dom, TEST_USER, attrs,

SYSDB_MOD_REP);

/* PAC available but still too old */

ret = check_if_pac_is_available(test_ctx, test_ctx->tctx->dom, ar, &msg);

assert_int_equal(ret, EOK);

assert_non_null(msg);

assert_string_equal(ldb_msg_find_attr_as_string(msg, SYSDB_NAME, "x"),

TEST_USER);

talloc_free(attrs);

talloc_free(ar);

}

#define TEST_PAC_BASE64 \

"BQAAAAAAAAABAAAA6AEAAFgAAAAAAAAACgAAABAAAABAAgAAAA" \

"AAAAwAAAA4AAAAUAIAAAAAAAAGAAAAFAAAAIgCAAAAAAAABwAA" \

"ABQAAACgAgAAAAAAAAEQCADMzMzM2AEAAAAAAAAAAAIA2hr35p" \

"Ji0QH/////////f/////////9/4veKrwAP0AHit/TZyQ/QAf//" \

"//////9/BgAGAAQAAgAGAAYACAACAAAAAAAMAAIAAAAAABAAAg" \

"AAAAAAFAACAAAAAAAYAAIATwAAAFAEAAABAgAABQAAABwAAgAg" \

"AAAAAAAAAAAAAAAAAAAAAAAAABIAFAAgAAIABAAGACQAAgAoAA" \

"IAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \

"AAAAAAEAAAAsAAIAAAAAAAAAAAAAAAAAAwAAAAAAAAADAAAAdA" \

"B1ADEAAAADAAAAAAAAAAMAAAB0ACAAdQAAAAAAAAAAAAAAAAAA" \

"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \

"UAAAD9ogAABwAAAAECAAAHAAAAXAQAAAcAAABWBAAABwAAAImm" \

"AAAHAAAACgAAAAAAAAAJAAAAQQBEAC0AUwBFAFIAVgBFAFIAAA" \

"ADAAAAAAAAAAIAAABBAEQABAAAAAEEAAAAAAAFFQAAAPgSE9xH" \

"8xx2Ry8u1wEAAAAwAAIABwAAAAUAAAABBQAAAAAABRUAAAApyU" \

"/ZwjzDeDZVh/hUBAAAgD5SqNxk0QEGAHQAdQAxABgAEAAQACgA" \

"AAAAAAAAAAB0AHUAMQBAAGEAZAAuAGQAZQB2AGUAbABBAEQALg" \

"BEAEUAVgBFAEwAdv///4yBQZ5ZQnp3qwj2lKGcd0UAAAAAdv//" \

"/39fn4UneD5l6YxP8w/U0coAAAAA"

static void test_ad_get_data_from_pac(void **state)

{

int ret;

struct PAC_LOGON_INFO *logon_info;

uint8_t *test_pac_blob;

size_t test_pac_blob_size;

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

test_pac_blob = sss_base64_decode(test_ctx, TEST_PAC_BASE64,

&test_pac_blob_size);

assert_non_null(test_pac_blob_size);

ret = ad_get_data_from_pac(test_ctx, test_pac_blob, test_pac_blob_size,

&logon_info);

assert_int_equal(ret, EOK);

assert_non_null(logon_info);

assert_string_equal(logon_info->info3.base.account_name.string, "tu1");

assert_string_equal(logon_info->info3.base.full_name.string, "t u");

assert_int_equal(logon_info->info3.base.rid, 1104);

assert_int_equal(logon_info->info3.base.primary_gid, 513);

assert_int_equal(logon_info->info3.base.groups.count, 5);

assert_string_equal(logon_info->info3.base.logon_domain.string, "AD");

assert_int_equal(logon_info->info3.sidcount, 1);

talloc_free(test_pac_blob);

talloc_free(logon_info);

}

static void test_ad_get_sids_from_pac(void **state)

{

int ret;

struct PAC_LOGON_INFO *logon_info;

uint8_t *test_pac_blob;

size_t test_pac_blob_size;

char *user_sid;

char *primary_group_sid;

size_t num_sids;

char **sid_list;

struct sss_idmap_ctx *idmap_ctx;

enum idmap_error_code err;

size_t c;

size_t s;

const char *sid_check_list[] = { "S-1-5-21-3692237560-1981608775-3610128199-513",

"S-1-5-21-3692237560-1981608775-3610128199-1110",

"S-1-5-21-3692237560-1981608775-3610128199-1116",

"S-1-5-21-3692237560-1981608775-3610128199-41725",

"S-1-5-21-3692237560-1981608775-3610128199-42633",

"S-1-5-21-3645884713-2026060994-4169618742-1108",

NULL };

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

err = sss_idmap_init(sss_idmap_talloc, test_ctx, sss_idmap_talloc_free,

&idmap_ctx);

assert_int_equal(err, IDMAP_SUCCESS);

test_pac_blob = sss_base64_decode(test_ctx, TEST_PAC_BASE64,

&test_pac_blob_size);

assert_non_null(test_pac_blob_size);

ret = ad_get_data_from_pac(test_ctx, test_pac_blob, test_pac_blob_size,

&logon_info);

assert_int_equal(ret, EOK);

ret = ad_get_sids_from_pac(test_ctx, idmap_ctx, logon_info, &user_sid,

&primary_group_sid, &num_sids, &sid_list);

assert_int_equal(ret, EOK);

assert_string_equal(user_sid,

"S-1-5-21-3692237560-1981608775-3610128199-1104");

assert_string_equal(primary_group_sid,

"S-1-5-21-3692237560-1981608775-3610128199-513");

assert_int_equal(num_sids, 6);

for (c = 0; sid_check_list[c] != NULL; c++) {

for (s = 0; s < num_sids; s++) {

if (strcmp(sid_check_list[c], sid_list[s]) == 0) {

break;

}

}

if (s == num_sids) {

fail_msg("SID [%s] not found in SID list.", sid_check_list[c]);

}

}

talloc_free(test_pac_blob);

talloc_free(logon_info);

talloc_free(user_sid);

talloc_free(primary_group_sid);

talloc_free(sid_list);

sss_idmap_free(idmap_ctx);

}

static void test_ad_get_pac_data_from_user_entry(void **state)

{

int ret;

struct ldb_message *user_msg;

struct ldb_val val;

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

struct sss_idmap_ctx *idmap_ctx;

enum idmap_error_code err;

char *username;

char *user_sid;

char *primary_group_sid;

size_t num_sids;

char **sid_list;

size_t c;

size_t s;

const char *sid_check_list[] = { "S-1-5-21-3692237560-1981608775-3610128199-513",

"S-1-5-21-3692237560-1981608775-3610128199-1110",

"S-1-5-21-3692237560-1981608775-3610128199-1116",

"S-1-5-21-3692237560-1981608775-3610128199-41725",

"S-1-5-21-3692237560-1981608775-3610128199-42633",

"S-1-5-21-3645884713-2026060994-4169618742-1108",

NULL };

err = sss_idmap_init(sss_idmap_talloc, test_ctx, sss_idmap_talloc_free,

&idmap_ctx);

assert_int_equal(err, IDMAP_SUCCESS);

user_msg = ldb_msg_new(test_ctx);

assert_non_null(user_msg);

ret = ldb_msg_add_string(user_msg, SYSDB_NAME, "username");

assert_int_equal(ret, EOK);

ret = ldb_msg_add_string(user_msg, SYSDB_OBJECTCLASS, "user");

assert_int_equal(ret, EOK);

ret = ldb_msg_add_string(user_msg, SYSDB_PAC_BLOB_EXPIRE, "12345");

assert_int_equal(ret, EOK);

val.data = sss_base64_decode(test_ctx, TEST_PAC_BASE64, &val.length);

ret = ldb_msg_add_value(user_msg, SYSDB_PAC_BLOB, &val, NULL);

assert_int_equal(ret, EOK);

ret = ad_get_pac_data_from_user_entry(test_ctx, user_msg, idmap_ctx,

&username, &user_sid,

&primary_group_sid, &num_sids,

&sid_list);

assert_int_equal(ret, EOK);

assert_string_equal(username, "username");

assert_string_equal(user_sid,

"S-1-5-21-3692237560-1981608775-3610128199-1104");

assert_string_equal(primary_group_sid,

"S-1-5-21-3692237560-1981608775-3610128199-513");

assert_int_equal(num_sids, 6);

for (c = 0; sid_check_list[c] != NULL; c++) {

for (s = 0; s < num_sids; s++) {

if (strcmp(sid_check_list[c], sid_list[s]) == 0) {

break;

}

}

if (s == num_sids) {

fail_msg("SID [%s] not found in SID list.", sid_check_list[c]);

}

}

talloc_free(username);

talloc_free(user_sid);

talloc_free(primary_group_sid);

talloc_free(sid_list);

talloc_free(val.data);

talloc_free(user_msg);

sss_idmap_free(idmap_ctx);

}

krb5_error_code __wrap_krb5_kt_default(krb5_context context, krb5_keytab *id)

{

return krb5_kt_resolve(context, KEYTAB_PATH, id);

}

struct ad_common_test_ctx {

struct ad_id_ctx *ad_ctx;

struct ad_id_ctx *subdom_ad_ctx;

struct sss_domain_info *dom;

struct sss_domain_info *subdom;

};

static void test_ad_create_default_options(void **state)

{

struct ad_options *ad_options;

const char *s;

ad_options = ad_create_default_options(global_talloc_context);

assert_non_null(ad_options->basic);

/* Not too much to test here except some defaults */

s = dp_opt_get_string(ad_options->basic, AD_DOMAIN);

assert_null(s);

assert_non_null(ad_options->id);

talloc_free(ad_options);

}

static int test_ad_common_setup(void **state)

{

struct ad_common_test_ctx *test_ctx;

test_dom_suite_setup(TESTS_PATH);

assert_true(leak_check_setup());

test_ctx = talloc_zero(global_talloc_context, struct ad_common_test_ctx);

assert_non_null(test_ctx);

test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info);

assert_non_null(test_ctx->dom);

test_ctx->dom->name = discard_const(DOMNAME);

test_ctx->subdom = talloc_zero(test_ctx, struct sss_domain_info);

assert_non_null(test_ctx->subdom);

test_ctx->subdom->name = discard_const(SUBDOMNAME);

test_ctx->subdom->parent = test_ctx->dom;

test_ctx->ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx);

assert_non_null(test_ctx->ad_ctx);

check_leaks_push(test_ctx);

*state = test_ctx;

return 0;

}

static int test_ad_common_teardown(void **state)

{

int ret;

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

assert_non_null(test_ctx);

assert_true(check_leaks_pop(test_ctx) == true);

talloc_free(test_ctx);

assert_true(leak_check_teardown());

ret = rmdir(TESTS_PATH);

assert_return_code(ret, errno);

return 0;

}

static void test_ad_create_1way_trust_options(void **state)

{

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

const char *s;

call_real_sasl_options = true;

/* Make sure this is not the keytab that __wrap_krb5_kt_default uses */

mock_keytab_with_contents(test_ctx, ONEWAY_KEYTAB_PATH, ONEWAY_TEST_PRINC);

test_ctx->ad_ctx->ad_options = ad_create_1way_trust_options(

test_ctx->ad_ctx,

ONEWAY_DOMNAME,

ONEWAY_HOST_NAME,

ONEWAY_KEYTAB_PATH,

ONEWAY_AUTHID);

assert_non_null(test_ctx->ad_ctx->ad_options);

assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type,

SDAP_SCHEMA_AD);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,

AD_KRB5_REALM);

assert_non_null(s);

assert_string_equal(s, ONEWAY_DOMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,

AD_DOMAIN);

assert_non_null(s);

assert_string_equal(s, ONEWAY_DOMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,

AD_HOSTNAME);

assert_non_null(s);

assert_string_equal(s, ONEWAY_HOST_NAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,

AD_KEYTAB);

assert_non_null(s);

assert_string_equal(s, ONEWAY_KEYTAB_PATH);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_KRB5_KEYTAB);

assert_non_null(s);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_SASL_REALM);

assert_non_null(s);

assert_string_equal(s, ONEWAY_DOMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_KRB5_REALM);

assert_non_null(s);

assert_string_equal(s, ONEWAY_DOMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_SASL_AUTHID);

assert_non_null(s);

assert_string_equal(s, ONEWAY_AUTHID);

talloc_free(test_ctx->ad_ctx->ad_options);

unlink(ONEWAY_KEYTAB_PATH);

}

static void test_ad_create_2way_trust_options(void **state)

{

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

const char *s;

call_real_sasl_options = true;

mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC);

test_ctx->ad_ctx->ad_options = ad_create_2way_trust_options(

test_ctx->ad_ctx,

REALMNAME,

DOMNAME,

HOST_NAME);

assert_non_null(test_ctx->ad_ctx->ad_options);

assert_int_equal(test_ctx->ad_ctx->ad_options->id->schema_type,

SDAP_SCHEMA_AD);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,

AD_KRB5_REALM);

assert_non_null(s);

assert_string_equal(s, REALMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,

AD_DOMAIN);

assert_non_null(s);

assert_string_equal(s, DOMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->basic,

AD_HOSTNAME);

assert_non_null(s);

assert_string_equal(s, HOST_NAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_KRB5_KEYTAB);

assert_null(s); /* This is the system keytab */

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_SASL_REALM);

assert_non_null(s);

assert_string_equal(s, REALMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_KRB5_REALM);

assert_non_null(s);

assert_string_equal(s, REALMNAME);

s = dp_opt_get_string(test_ctx->ad_ctx->ad_options->id->basic,

SDAP_SASL_AUTHID);

assert_non_null(s);

assert_string_equal(s, TEST_AUTHID);

talloc_free(test_ctx->ad_ctx->ad_options);

unlink(KEYTAB_PATH);

}

static int

test_ldap_conn_setup(void **state)

{

struct ad_common_test_ctx *test_ctx;

errno_t ret;

struct sdap_domain *sdom;

struct ad_id_ctx *ad_ctx;

struct ad_id_ctx *subdom_ad_ctx;

struct sdap_id_conn_ctx *subdom_ldap_ctx;

ret = test_ad_common_setup((void **) &test_ctx);

assert_int_equal(ret, EOK);

mock_keytab_with_contents(test_ctx, KEYTAB_PATH, KEYTAB_TEST_PRINC);

ad_ctx = test_ctx->ad_ctx;

ad_ctx->ad_options = ad_create_2way_trust_options(ad_ctx,

REALMNAME,

DOMNAME,

HOST_NAME);

assert_non_null(ad_ctx->ad_options);

ad_ctx->gc_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx);

assert_non_null(ad_ctx->gc_ctx);

ad_ctx->ldap_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx);

assert_non_null(ad_ctx->ldap_ctx);

ad_ctx->sdap_id_ctx = talloc_zero(ad_ctx, struct sdap_id_ctx);

assert_non_null(ad_ctx->sdap_id_ctx);

ad_ctx->sdap_id_ctx->opts = talloc_zero(ad_ctx->sdap_id_ctx,

struct sdap_options);

assert_non_null(ad_ctx->sdap_id_ctx->opts);

ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->dom, &sdom);

assert_int_equal(ret, EOK);

sdom->pvt = ad_ctx;

subdom_ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx);

assert_non_null(subdom_ad_ctx);

subdom_ldap_ctx = talloc_zero(subdom_ad_ctx, struct sdap_id_conn_ctx);

assert_non_null(subdom_ldap_ctx);

subdom_ad_ctx->ldap_ctx = subdom_ldap_ctx;

ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->subdom, &sdom);

assert_int_equal(ret, EOK);

sdom->pvt = subdom_ad_ctx;

test_ctx->subdom_ad_ctx = subdom_ad_ctx;

*state = test_ctx;

return 0;

}

static int

test_ldap_conn_teardown(void **state)

{

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

assert_non_null(test_ctx);

unlink(KEYTAB_PATH);

talloc_free(test_ctx->subdom_ad_ctx);

talloc_free(test_ctx->ad_ctx->ad_options);

talloc_free(test_ctx->ad_ctx->gc_ctx);

talloc_free(test_ctx->ad_ctx->ldap_ctx);

talloc_free(test_ctx->ad_ctx->sdap_id_ctx);

test_ad_common_teardown((void **) &test_ctx);

return 0;

}

__real_sdap_set_sasl_options(struct sdap_options *id_opts,

char *default_primary,

char *default_realm,

const char *keytab_path);

__wrap_sdap_set_sasl_options(struct sdap_options *id_opts,

char *default_primary,

char *default_realm,

const char *keytab_path)

{

/* Pretend SASL is fine */

if (call_real_sasl_options == true) {

return __real_sdap_set_sasl_options(id_opts,

default_primary,

default_realm,

keytab_path);

}

return EOK;

}

void test_ad_get_dom_ldap_conn(void **state)

{

struct sdap_id_conn_ctx *conn;

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

assert_non_null(test_ctx);

conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->dom);

assert_true(conn == test_ctx->ad_ctx->ldap_ctx);

conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->subdom);

assert_true(conn == test_ctx->subdom_ad_ctx->ldap_ctx);

}

void test_gc_conn_list(void **state)

{

struct sdap_id_conn_ctx **conn_list;

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

assert_non_null(test_ctx);

assert_true(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic,

AD_ENABLE_GC));

conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);

/* If there is a fallback, we should ignore the offline mode */

assert_true(conn_list[0]->ignore_mark_offline);

assert_true(conn_list[1] == test_ctx->ad_ctx->ldap_ctx);

assert_false(conn_list[1]->ignore_mark_offline);

assert_null(conn_list[2]);

talloc_free(conn_list);

conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);

assert_true(conn_list[0]->ignore_mark_offline);

assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx);

/* Subdomain error should not set the backend offline! */

assert_true(conn_list[1]->ignore_mark_offline);

talloc_free(conn_list);

dp_opt_set_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC, false);

assert_false(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic,

AD_ENABLE_GC));

conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);

assert_false(conn_list[0]->ignore_mark_offline);

assert_null(conn_list[1]);

talloc_free(conn_list);

conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);

assert_true(conn_list[0]->ignore_mark_offline);

assert_null(conn_list[1]);

talloc_free(conn_list);

}

void test_ldap_conn_list(void **state)

{

struct sdap_id_conn_ctx **conn_list;

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

assert_non_null(test_ctx);

conn_list = ad_ldap_conn_list(test_ctx,

test_ctx->ad_ctx,

test_ctx->dom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);

assert_false(conn_list[0]->ignore_mark_offline);

assert_null(conn_list[1]);

talloc_free(conn_list);

conn_list = ad_ldap_conn_list(test_ctx,

test_ctx->ad_ctx,

test_ctx->subdom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);

assert_true(conn_list[0]->ignore_mark_offline);

assert_null(conn_list[1]);

talloc_free(conn_list);

}

void test_user_conn_list(void **state)

{

struct sdap_id_conn_ctx **conn_list;

struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,

struct ad_common_test_ctx);

assert_non_null(test_ctx);

conn_list = ad_user_conn_list(test_ctx->ad_ctx,

test_ctx->dom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);

assert_false(conn_list[0]->ignore_mark_offline);

assert_null(conn_list[1]);

talloc_free(conn_list);

conn_list = ad_user_conn_list(test_ctx->ad_ctx,

test_ctx->subdom);

assert_non_null(conn_list);

assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);

assert_true(conn_list[0]->ignore_mark_offline);

assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx);

/* Subdomain error should not set the backend offline! */

assert_true(conn_list[1]->ignore_mark_offline);

talloc_free(conn_list);

}

int main(int argc, const char *argv[])

{

poptContext pc;

int opt;

int ret;

struct poptOption long_options[] = {

POPT_AUTOHELP

SSSD_DEBUG_OPTS

POPT_TABLEEND

};

const struct CMUnitTest tests[] = {

cmocka_unit_test(test_ad_create_default_options),

cmocka_unit_test_setup_teardown(test_ad_create_1way_trust_options,

test_ad_common_setup,

test_ad_common_teardown),

cmocka_unit_test_setup_teardown(test_ad_create_2way_trust_options,

test_ad_common_setup,

test_ad_common_teardown),

cmocka_unit_test_setup_teardown(test_ad_get_dom_ldap_conn,

test_ldap_conn_setup,

test_ldap_conn_teardown),

cmocka_unit_test_setup_teardown(test_gc_conn_list,

test_ldap_conn_setup,

test_ldap_conn_teardown),

cmocka_unit_test_setup_teardown(test_ldap_conn_list,

test_ldap_conn_setup,

test_ldap_conn_teardown),

cmocka_unit_test_setup_teardown(test_user_conn_list,

test_ldap_conn_setup,

test_ldap_conn_teardown),

cmocka_unit_test_setup_teardown(test_check_if_pac_is_available,

test_ad_sysdb_setup,

test_ad_sysdb_teardown),

cmocka_unit_test_setup_teardown(test_ad_get_data_from_pac,

test_ad_common_setup,

test_ad_common_teardown),

cmocka_unit_test_setup_teardown(test_ad_get_sids_from_pac,

test_ad_common_setup,

test_ad_common_teardown),

cmocka_unit_test_setup_teardown(test_ad_get_pac_data_from_user_entry,

test_ad_common_setup,

test_ad_common_teardown),

};

/* Set debug level to invalid value so we can deside if -d 0 was used. */

debug_level = SSSDBG_INVALID;

pc = poptGetContext(argv[0], argc, argv, long_options, 0);

while((opt = poptGetNextOpt(pc)) != -1) {

switch(opt) {

default:

fprintf(stderr, "\nInvalid option %s: %s\n\n",

poptBadOption(pc, 0), poptStrerror(opt));

poptPrintUsage(pc, stderr, 0);

return 1;

}

}

poptFreeContext(pc);

DEBUG_CLI_INIT(debug_level);

tests_set_cwd();

ret = cmocka_run_group_tests(tests, NULL, NULL);

#ifdef HAVE_NSS

/* Cleanup NSS and NSPR to make valgrind happy. */

nspr_nss_cleanup();

#endif

return ret;

}