4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher Stephen Gallagher <sgallagh@redhat.com>
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher Copyright (C) 2011 Red Hat
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher This program is free software; you can redistribute it and/or modify
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher it under the terms of the GNU General Public License as published by
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher the Free Software Foundation; either version 3 of the License, or
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher (at your option) any later version.
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher This program is distributed in the hope that it will be useful,
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher GNU General Public License for more details.
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher You should have received a copy of the GNU General Public License
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_INVALID_USER "nosuchuser"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_INVALID_GROUP "nosuchgroup"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_INVALID_SERVICE "nosuchservice"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_SERVICEGROUP1 "login_services"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_SERVICEGROUP2 "all_services"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_INVALID_SERVICEGROUP "nosuchservicegroup"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_SRCHOST "client.example.com"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_INVALID_SRCHOST "nosuchsrchost"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_SRCHOSTGROUP1 "site_hosts"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_SRCHOSTGROUP2 "corp_hosts"
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher#define HBAC_TEST_INVALID_SRCHOSTGROUP "nosuchsrchostgroup"
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek/* These don't make sense for a user/group/service but they do the job and
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek * every one is from a different codepage */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek/* Latin Extended A - "Czech" */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t user_utf8_lowcase[] = { 0xC4, 0x8D, 'e', 'c', 'h', 0x0 };
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t user_utf8_upcase[] = { 0xC4, 0x8C, 'e', 'c', 'h', 0x0 };
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t user_utf8_lowcase_neg[] = { 0xC4, 0x8E, 'e', 'c', 'h', 0x0 };
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek/* Latin 1 Supplement - "Munchen" */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t service_utf8_lowcase[] = { 'm', 0xC3, 0xBC, 'n', 'c', 'h', 'e', 'n', 0x0 };
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t service_utf8_upcase[] = { 'M', 0xC3, 0x9C, 'N', 'C', 'H', 'E', 'N', 0x0 };
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek/* Greek - "AlphaBetaGamma" */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t srchost_utf8_lowcase[] = { 0xCE, 0xB1, 0xCE, 0xB2, 0xCE, 0xB3, 0x0 };
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t srchost_utf8_upcase[] = { 0xCE, 0x91, 0xCE, 0x92, 0xCE, 0x93, 0x0 };
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek/* Turkish "capital I" and "dotless i" */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozekconst uint8_t user_lowcase_tr[] = { 0xC4, 0xB1, 0x0 };
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagherstatic void get_allow_all_rule(TALLOC_CTX *mem_ctx,
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a rule that ALLOWs all services, users and
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher * remote hosts.
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule = talloc_zero(mem_ctx, struct hbac_rule);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->services = talloc_zero(rule, struct hbac_rule_element);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->services->category = HBAC_CATEGORY_ALL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->users = talloc_zero(rule, struct hbac_rule_element);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->users->category = HBAC_CATEGORY_ALL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->targethosts = talloc_zero(rule, struct hbac_rule_element);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->targethosts->category = HBAC_CATEGORY_ALL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->srchosts = talloc_zero(rule, struct hbac_rule_element);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rule->srchosts->category = HBAC_CATEGORY_ALL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagherstatic void get_test_user(TALLOC_CTX *mem_ctx,
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_user = talloc_zero(mem_ctx, struct hbac_request_element);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_user->name = talloc_strdup(new_user, HBAC_TEST_USER);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_user->groups = talloc_array(new_user, const char *, 3);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_user->groups[0] = talloc_strdup(new_user->groups, HBAC_TEST_GROUP1);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_user->groups[1] = talloc_strdup(new_user->groups, HBAC_TEST_GROUP2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagherstatic void get_test_service(TALLOC_CTX *mem_ctx,
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_service = talloc_zero(mem_ctx, struct hbac_request_element);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_service->name = talloc_strdup(new_service, HBAC_TEST_SERVICE);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_service->groups = talloc_array(new_service, const char *, 3);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_service->groups[0] = talloc_strdup(new_service->groups, HBAC_TEST_SERVICEGROUP1);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_service->groups[1] = talloc_strdup(new_service->groups, HBAC_TEST_SERVICEGROUP2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagherstatic void get_test_srchost(TALLOC_CTX *mem_ctx,
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_srchost = talloc_zero(mem_ctx, struct hbac_request_element);
05d7defd242466f376af8eb0d06ea49fb8320224Lukas Slebodnik new_srchost->name = talloc_strdup(new_srchost, HBAC_TEST_SRCHOST);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher new_srchost->groups = talloc_array(new_srchost, const char *, 3);
05d7defd242466f376af8eb0d06ea49fb8320224Lukas Slebodnik new_srchost->groups[0] = talloc_strdup(new_srchost->groups,
05d7defd242466f376af8eb0d06ea49fb8320224Lukas Slebodnik new_srchost->groups[1] = talloc_strdup(new_srchost->groups,
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a request */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_service(eval_req, &eval_req->service);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_srchost(eval_req, &eval_req->srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create the rules to evaluate against */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules = talloc_array(test_ctx, struct hbac_rule *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->name = talloc_strdup(rules[0], "Allow All");
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a request */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_service(eval_req, &eval_req->service);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_srchost(eval_req, &eval_req->srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create the rules to evaluate against */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules = talloc_array(test_ctx, struct hbac_rule *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Modify the rule to allow only a specific user */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->name = talloc_strdup(rules[0], "Allow user");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->category = HBAC_CATEGORY_NULL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->names = talloc_array(rules[0], const char *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->names[0] = HBAC_TEST_USER;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Negative test */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->names[0] = HBAC_TEST_INVALID_USER;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Create a request */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek get_test_service(eval_req, &eval_req->service);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek get_test_srchost(eval_req, &eval_req->srchost);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Override the with UTF8 values */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek eval_req->user->name = (const char *) &user_utf8_lowcase;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek eval_req->srchost->name = (const char *) &srchost_utf8_lowcase;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek eval_req->service->name = (const char *) &service_utf8_lowcase;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Create the rules to evaluate against */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules = talloc_array(test_ctx, struct hbac_rule *, 2);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->name = talloc_strdup(rules[0], "Allow user");
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->users->category = HBAC_CATEGORY_NULL;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Modify the rule to allow only a specific user */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->users->names = talloc_array(rules[0], const char *, 2);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->users->names[0] = (const char *) &user_utf8_upcase;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Modify the rule to allow only a specific service */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->services->category = HBAC_CATEGORY_NULL;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->services->names = talloc_array(rules[0], const char *, 2);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->services->names[0] = (const char *) &service_utf8_upcase;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Modify the rule to allow only a specific service */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->srchosts->category = HBAC_CATEGORY_NULL;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->srchosts->names = talloc_array(rules[0], const char *, 2);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->srchosts->names[0] = (const char *) &srchost_utf8_upcase;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Evaluate the rules */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek result = hbac_evaluate(rules, eval_req, &info);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek "Expected [%s], got [%s]; "
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek "Error: [%s]",
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek info ? hbac_error_string(info->code):"Unknown");
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Negative test - a different letter */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->users->names[0] = (const char *) &user_utf8_lowcase_neg;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Evaluate the rules */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek result = hbac_evaluate(rules, eval_req, &info);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek "Expected [%s], got [%s]; "
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek "Error: [%s]",
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek info ? hbac_error_string(info->code):"Unknown");
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Negative test - Turkish dotless i. We cannot know that capital I
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek * casefolds into dotless i unless we know the language is Turkish */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek eval_req->user->name = (const char *) &user_lowcase_tr;
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek rules[0]->users->names[0] = (const char *) &user_upcase_tr;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek /* Evaluate the rules */
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek result = hbac_evaluate(rules, eval_req, &info);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek "Expected [%s], got [%s]; "
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek "Error: [%s]",
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a request */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_service(eval_req, &eval_req->service);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_srchost(eval_req, &eval_req->srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create the rules to evaluate against */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules = talloc_array(test_ctx, struct hbac_rule *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Modify the rule to allow only a group of users */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->name = talloc_strdup(rules[0], "Allow group");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->category = HBAC_CATEGORY_NULL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->groups = talloc_array(rules[0], const char *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->groups[0] = HBAC_TEST_GROUP1;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Negative test */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->users->groups[0] = HBAC_TEST_INVALID_GROUP;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a request */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_service(eval_req, &eval_req->service);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_srchost(eval_req, &eval_req->srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create the rules to evaluate against */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules = talloc_array(test_ctx, struct hbac_rule *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Modify the rule to allow only a specific service */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->name = talloc_strdup(rules[0], "Allow service");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->category = HBAC_CATEGORY_NULL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->names = talloc_array(rules[0], const char *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher fail_if(rules[0]->services->names == NULL);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->names[0] = HBAC_TEST_SERVICE;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Negative test */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->names[0] = HBAC_TEST_INVALID_SERVICE;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a request */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_service(eval_req, &eval_req->service);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_srchost(eval_req, &eval_req->srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create the rules to evaluate against */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules = talloc_array(test_ctx, struct hbac_rule *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Modify the rule to allow only a group of users */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->name = talloc_strdup(rules[0], "Allow servicegroup");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->category = HBAC_CATEGORY_NULL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->groups = talloc_array(rules[0], const char *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher fail_if(rules[0]->services->groups == NULL);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->groups[0] = HBAC_TEST_SERVICEGROUP1;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Negative test */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->services->groups[0] = HBAC_TEST_INVALID_SERVICEGROUP;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a request */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_service(eval_req, &eval_req->service);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_srchost(eval_req, &eval_req->srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create the rules to evaluate against */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules = talloc_array(test_ctx, struct hbac_rule *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Modify the rule to allow only a specific service */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->name = talloc_strdup(rules[0], "Allow srchost");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->category = HBAC_CATEGORY_NULL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->names = talloc_array(rules[0], const char *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher fail_if(rules[0]->srchosts->names == NULL);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->names[0] = HBAC_TEST_SRCHOST;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Negative test */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->names[0] = HBAC_TEST_INVALID_SRCHOST;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
e504025b074f3e13bbb888272ea1fe11d2bbb8bcLukas Slebodnik "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen GallagherSTART_TEST(ipa_hbac_test_allow_srchostgroup)
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create a request */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher eval_req = talloc_zero(test_ctx, struct hbac_eval_req);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_service(eval_req, &eval_req->service);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher get_test_srchost(eval_req, &eval_req->srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Create the rules to evaluate against */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules = talloc_array(test_ctx, struct hbac_rule *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Modify the rule to allow only a group of users */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->name = talloc_strdup(rules[0], "Allow srchostgroup");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->category = HBAC_CATEGORY_NULL;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->groups = talloc_array(rules[0], const char *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher fail_if(rules[0]->srchosts->groups == NULL);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->groups[0] = HBAC_TEST_SRCHOSTGROUP1;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Negative test */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher rules[0]->srchosts->groups[0] = HBAC_TEST_INVALID_SRCHOSTGROUP;
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rules[0], &missing_attrs);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* Evaluate the rules */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher result = hbac_evaluate(rules, eval_req, &info);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Expected [%s], got [%s]; "
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher "Error: [%s]",
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher info ? hbac_error_string(info->code):"Unknown");
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher test_ctx = talloc_new(global_talloc_context);
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher rule = talloc_zero(test_ctx, struct hbac_rule);
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher /* Validate this rule */
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher is_valid = hbac_rule_is_complete(rule, &missing_attrs);
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher fail_unless(missing_attrs | HBAC_RULE_ELEMENT_USERS);
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SERVICES);
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher fail_unless(missing_attrs | HBAC_RULE_ELEMENT_TARGETHOSTS);
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SOURCEHOSTS);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher TCase *tc_hbac = tcase_create("HBAC_rules");
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_allow_all);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_allow_user);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_allow_group);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_allow_svc);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_allow_svcgroup);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_allow_srchost);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_allow_srchostgroup);
3654a0c49e5ef3f24e2af29b34a13ff651a94c3dJakub Hrozek tcase_add_test(tc_hbac, ipa_hbac_test_allow_utf8);
a72e9289fe001c85a17acd667ca31d692fd99605Stephen Gallagher tcase_add_test(tc_hbac, ipa_hbac_test_incomplete);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher number_failed = srunner_ntests_failed (sr);