|
 |
b2d430 |
From 157781d8a05975c034858a38d2c00cdd94d374b0 Mon Sep 17 00:00:00 2001
|
|
|
b2d430 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
b2d430 |
Date: Tue, 26 Jul 2016 12:14:47 +0200
|
|
|
b2d430 |
Subject: [PATCH 86/86] TESTS: Use the DP handlers in simple provider tests,
|
|
|
b2d430 |
add more tests
|
|
|
b2d430 |
MIME-Version: 1.0
|
|
|
b2d430 |
Content-Type: text/plain; charset=UTF-8
|
|
|
b2d430 |
Content-Transfer-Encoding: 8bit
|
|
|
b2d430 |
|
|
|
b2d430 |
Use the full simple access control handlers, just like SSSD does in the
|
|
|
b2d430 |
tests.
|
|
|
b2d430 |
|
|
|
b2d430 |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
b2d430 |
---
|
|
|
b2d430 |
src/tests/cmocka/test_simple_access.c | 186 ++++++++++++++++++++++++++++++----
|
|
|
b2d430 |
1 file changed, 165 insertions(+), 21 deletions(-)
|
|
|
b2d430 |
|
|
|
b2d430 |
diff --git a/src/tests/cmocka/test_simple_access.c b/src/tests/cmocka/test_simple_access.c
|
|
|
b2d430 |
index 1f093cf7fee4d046dcc727aa8815fb9aafb68c52..d41bb295e24ef2104cf17636f37d487fd14d0b93 100644
|
|
|
b2d430 |
--- a/src/tests/cmocka/test_simple_access.c
|
|
|
b2d430 |
+++ b/src/tests/cmocka/test_simple_access.c
|
|
|
b2d430 |
@@ -21,12 +21,14 @@
|
|
|
b2d430 |
#include <tevent.h>
|
|
|
b2d430 |
#include <errno.h>
|
|
|
b2d430 |
#include <popt.h>
|
|
|
b2d430 |
+#include <security/pam_appl.h>
|
|
|
b2d430 |
|
|
|
b2d430 |
#include "tests/cmocka/common_mock.h"
|
|
|
b2d430 |
#include "tests/cmocka/common_mock_be.h"
|
|
|
b2d430 |
#include "tests/cmocka/common_mock_resp.h"
|
|
|
b2d430 |
#include "db/sysdb_private.h" /* new_subdomain() */
|
|
|
b2d430 |
#include "providers/simple/simple_access.h"
|
|
|
b2d430 |
+#include "providers/simple/simple_access_pvt.h"
|
|
|
b2d430 |
|
|
|
b2d430 |
#define TESTS_PATH "tp_" BASE_FILE_STEM
|
|
|
b2d430 |
#define TEST_CONF_DB "test_simple_conf.ldb"
|
|
|
b2d430 |
@@ -34,8 +36,6 @@
|
|
|
b2d430 |
#define TEST_SUBDOM_NAME "test.subdomain"
|
|
|
b2d430 |
#define TEST_ID_PROVIDER "ldap"
|
|
|
b2d430 |
|
|
|
b2d430 |
-int simple_access_obtain_filter_lists(struct simple_ctx *ctx);
|
|
|
b2d430 |
-
|
|
|
b2d430 |
struct simple_test_ctx {
|
|
|
b2d430 |
struct sss_test_ctx *tctx;
|
|
|
b2d430 |
struct be_ctx *be_ctx;
|
|
|
b2d430 |
@@ -43,6 +43,8 @@ struct simple_test_ctx {
|
|
|
b2d430 |
|
|
|
b2d430 |
bool access_granted;
|
|
|
b2d430 |
struct simple_ctx *ctx;
|
|
|
b2d430 |
+ struct pam_data *pd;
|
|
|
b2d430 |
+ struct dp_req_params *params;
|
|
|
b2d430 |
};
|
|
|
b2d430 |
|
|
|
b2d430 |
static int test_simple_setup(struct sss_test_conf_param params[], void **state)
|
|
|
b2d430 |
@@ -75,6 +77,19 @@ static int test_simple_setup(struct sss_test_conf_param params[], void **state)
|
|
|
b2d430 |
return ENOMEM;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
+ simple_test_ctx->pd = talloc_zero(simple_test_ctx, struct pam_data);
|
|
|
b2d430 |
+ if (simple_test_ctx->pd == NULL) {
|
|
|
b2d430 |
+ return ENOMEM;
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+ simple_test_ctx->pd->cmd = SSS_PAM_ACCT_MGMT;
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ simple_test_ctx->params = talloc_zero(simple_test_ctx,
|
|
|
b2d430 |
+ struct dp_req_params);
|
|
|
b2d430 |
+ if (simple_test_ctx->params == NULL) {
|
|
|
b2d430 |
+ return ENOMEM;
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+ simple_test_ctx->params->ev = simple_test_ctx->tctx->ev;
|
|
|
b2d430 |
+
|
|
|
b2d430 |
*state = simple_test_ctx;
|
|
|
b2d430 |
return 0;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
@@ -122,7 +137,7 @@ static int setup_with_params(struct simple_test_ctx *test_ctx,
|
|
|
b2d430 |
return ret;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- test_ctx->ctx = talloc(test_ctx, struct simple_ctx);
|
|
|
b2d430 |
+ test_ctx->ctx = talloc_zero(test_ctx, struct simple_ctx);
|
|
|
b2d430 |
if (test_ctx->ctx == NULL) {
|
|
|
b2d430 |
return ENOMEM;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
@@ -130,11 +145,6 @@ static int setup_with_params(struct simple_test_ctx *test_ctx,
|
|
|
b2d430 |
test_ctx->ctx->be_ctx = test_ctx->be_ctx;
|
|
|
b2d430 |
test_ctx->ctx->domain = test_ctx->tctx->dom;
|
|
|
b2d430 |
|
|
|
b2d430 |
- ret = simple_access_obtain_filter_lists(test_ctx->ctx);
|
|
|
b2d430 |
- if (ret != EOK) {
|
|
|
b2d430 |
- return ret;
|
|
|
b2d430 |
- }
|
|
|
b2d430 |
-
|
|
|
b2d430 |
return EOK;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -155,13 +165,14 @@ static int simple_test_teardown(void **state)
|
|
|
b2d430 |
return 0;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
-static void simple_access_check_done(struct tevent_req *req)
|
|
|
b2d430 |
+static void simple_access_handler_done(struct tevent_req *req)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
struct simple_test_ctx *simple_test_ctx =
|
|
|
b2d430 |
tevent_req_callback_data(req, struct simple_test_ctx);
|
|
|
b2d430 |
|
|
|
b2d430 |
- simple_test_ctx->tctx->error = simple_access_check_recv(req,
|
|
|
b2d430 |
- &simple_test_ctx->access_granted);
|
|
|
b2d430 |
+ simple_test_ctx->tctx->error = simple_access_handler_recv(simple_test_ctx,
|
|
|
b2d430 |
+ req, &simple_test_ctx->pd);
|
|
|
b2d430 |
+ simple_test_ctx->access_granted = (simple_test_ctx->pd->pam_status == PAM_SUCCESS);
|
|
|
b2d430 |
talloc_free(req);
|
|
|
b2d430 |
simple_test_ctx->tctx->done = true;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
@@ -175,10 +186,13 @@ static void run_simple_access_check(struct simple_test_ctx *simple_test_ctx,
|
|
|
b2d430 |
struct tevent_req *req;
|
|
|
b2d430 |
|
|
|
b2d430 |
simple_test_ctx->tctx->done = false;
|
|
|
b2d430 |
- req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
|
|
|
b2d430 |
- simple_test_ctx->ctx, username);
|
|
|
b2d430 |
+ simple_test_ctx->pd->user = discard_const(username);
|
|
|
b2d430 |
+ req = simple_access_handler_send(simple_test_ctx,
|
|
|
b2d430 |
+ simple_test_ctx->ctx,
|
|
|
b2d430 |
+ simple_test_ctx->pd,
|
|
|
b2d430 |
+ simple_test_ctx->params);
|
|
|
b2d430 |
assert_non_null(req);
|
|
|
b2d430 |
- tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
|
|
|
b2d430 |
+ tevent_req_set_callback(req, simple_access_handler_done, simple_test_ctx);
|
|
|
b2d430 |
|
|
|
b2d430 |
ret = test_ev_loop(simple_test_ctx->tctx);
|
|
|
b2d430 |
assert_int_equal(ret, expected_rv);
|
|
|
b2d430 |
@@ -487,23 +501,29 @@ static void test_group_allow_empty(void **state)
|
|
|
b2d430 |
{ NULL, NULL },
|
|
|
b2d430 |
};
|
|
|
b2d430 |
|
|
|
b2d430 |
- ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
|
|
|
b2d430 |
+ ret = setup_with_params(simple_test_ctx,
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom,
|
|
|
b2d430 |
+ params);
|
|
|
b2d430 |
assert_int_equal(ret, EOK);
|
|
|
b2d430 |
|
|
|
b2d430 |
- req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
|
|
|
b2d430 |
- simple_test_ctx->ctx, "u1@simple_test");
|
|
|
b2d430 |
+ simple_test_ctx->pd->user = discard_const("u1@simple_test");
|
|
|
b2d430 |
+ req = simple_access_handler_send(simple_test_ctx, simple_test_ctx->ctx,
|
|
|
b2d430 |
+ simple_test_ctx->pd,
|
|
|
b2d430 |
+ simple_test_ctx->params);
|
|
|
b2d430 |
assert_non_null(req);
|
|
|
b2d430 |
- tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
|
|
|
b2d430 |
+ tevent_req_set_callback(req, simple_access_handler_done, simple_test_ctx);
|
|
|
b2d430 |
|
|
|
b2d430 |
ret = test_ev_loop(simple_test_ctx->tctx);
|
|
|
b2d430 |
assert_int_equal(ret, EOK);
|
|
|
b2d430 |
assert_false(simple_test_ctx->access_granted);
|
|
|
b2d430 |
|
|
|
b2d430 |
simple_test_ctx->tctx->done = false;
|
|
|
b2d430 |
- req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
|
|
|
b2d430 |
- simple_test_ctx->ctx, "u3@simple_test");
|
|
|
b2d430 |
+ simple_test_ctx->pd->user = discard_const("u3@simple_test");
|
|
|
b2d430 |
+ req = simple_access_handler_send(simple_test_ctx, simple_test_ctx->ctx,
|
|
|
b2d430 |
+ simple_test_ctx->pd,
|
|
|
b2d430 |
+ simple_test_ctx->params);
|
|
|
b2d430 |
assert_non_null(req);
|
|
|
b2d430 |
- tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
|
|
|
b2d430 |
+ tevent_req_set_callback(req, simple_access_handler_done, simple_test_ctx);
|
|
|
b2d430 |
|
|
|
b2d430 |
ret = test_ev_loop(simple_test_ctx->tctx);
|
|
|
b2d430 |
assert_int_equal(ret, EOK);
|
|
|
b2d430 |
@@ -584,6 +604,118 @@ static void test_group_allow_case_insensitive(void **state)
|
|
|
b2d430 |
run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
+static void test_unparseable_allow_user(void **state)
|
|
|
b2d430 |
+{
|
|
|
b2d430 |
+ errno_t ret;
|
|
|
b2d430 |
+ struct simple_test_ctx *simple_test_ctx = \
|
|
|
b2d430 |
+ talloc_get_type(*state, struct simple_test_ctx);
|
|
|
b2d430 |
+ struct sss_test_conf_param params[] = {
|
|
|
b2d430 |
+ { "simple_allow_users", "u1, user@no.such.domain" },
|
|
|
b2d430 |
+ { NULL, NULL },
|
|
|
b2d430 |
+ };
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ ret = setup_with_params(simple_test_ctx,
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom,
|
|
|
b2d430 |
+ params);
|
|
|
b2d430 |
+ assert_int_equal(ret, EOK);
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ /* Case-sensitive domain, wrong case */
|
|
|
b2d430 |
+ simple_test_ctx->tctx->done = false;
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom->case_sensitive = false;
|
|
|
b2d430 |
+ /* A user that would normally be denied access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
|
|
|
b2d430 |
+ /* A user that would normally be allowed access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
|
|
|
b2d430 |
+}
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+static void test_unparseable_deny_user(void **state)
|
|
|
b2d430 |
+{
|
|
|
b2d430 |
+ errno_t ret;
|
|
|
b2d430 |
+ struct simple_test_ctx *simple_test_ctx = \
|
|
|
b2d430 |
+ talloc_get_type(*state, struct simple_test_ctx);
|
|
|
b2d430 |
+ struct sss_test_conf_param params[] = {
|
|
|
b2d430 |
+ { "simple_deny_users", "u2, user@no.such.domain" },
|
|
|
b2d430 |
+ { NULL, NULL },
|
|
|
b2d430 |
+ };
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ ret = setup_with_params(simple_test_ctx,
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom,
|
|
|
b2d430 |
+ params);
|
|
|
b2d430 |
+ assert_int_equal(ret, EOK);
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ /* Case-sensitive domain, wrong case */
|
|
|
b2d430 |
+ simple_test_ctx->tctx->done = false;
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom->case_sensitive = false;
|
|
|
b2d430 |
+ /* A user that would normally be denied access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
|
|
|
b2d430 |
+ /* A user that would normally be allowed access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
|
|
|
b2d430 |
+}
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+static void test_unparseable_allow_group(void **state)
|
|
|
b2d430 |
+{
|
|
|
b2d430 |
+ errno_t ret;
|
|
|
b2d430 |
+ struct simple_test_ctx *simple_test_ctx = \
|
|
|
b2d430 |
+ talloc_get_type(*state, struct simple_test_ctx);
|
|
|
b2d430 |
+ struct sss_test_conf_param params[] = {
|
|
|
b2d430 |
+ { "simple_allow_groups", "g1, group@no.such.domain" },
|
|
|
b2d430 |
+ { NULL, NULL },
|
|
|
b2d430 |
+ };
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ ret = setup_with_params(simple_test_ctx,
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom,
|
|
|
b2d430 |
+ params);
|
|
|
b2d430 |
+ assert_int_equal(ret, EOK);
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ /* Case-sensitive domain, wrong case */
|
|
|
b2d430 |
+ simple_test_ctx->tctx->done = false;
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom->case_sensitive = false;
|
|
|
b2d430 |
+ /* A group that would normally be denied access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
|
|
|
b2d430 |
+ /* A group that would normally be allowed access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
|
|
|
b2d430 |
+}
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+static void test_unparseable_deny_group(void **state)
|
|
|
b2d430 |
+{
|
|
|
b2d430 |
+ errno_t ret;
|
|
|
b2d430 |
+ struct simple_test_ctx *simple_test_ctx = \
|
|
|
b2d430 |
+ talloc_get_type(*state, struct simple_test_ctx);
|
|
|
b2d430 |
+ struct sss_test_conf_param params[] = {
|
|
|
b2d430 |
+ { "simple_deny_groups", "g2, group@no.such.domain" },
|
|
|
b2d430 |
+ { NULL, NULL },
|
|
|
b2d430 |
+ };
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ ret = setup_with_params(simple_test_ctx,
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom,
|
|
|
b2d430 |
+ params);
|
|
|
b2d430 |
+ assert_int_equal(ret, EOK);
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ /* Case-sensitive domain, wrong case */
|
|
|
b2d430 |
+ simple_test_ctx->tctx->done = false;
|
|
|
b2d430 |
+ simple_test_ctx->tctx->dom->case_sensitive = false;
|
|
|
b2d430 |
+ /* A group that would normally be denied access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
|
|
|
b2d430 |
+ /* A group that would normally be allowed access will be denied because
|
|
|
b2d430 |
+ * the access list can't be parsed
|
|
|
b2d430 |
+ */
|
|
|
b2d430 |
+ run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
|
|
|
b2d430 |
+}
|
|
|
b2d430 |
+
|
|
|
b2d430 |
static void test_group_space(void **state)
|
|
|
b2d430 |
{
|
|
|
b2d430 |
errno_t ret;
|
|
|
b2d430 |
@@ -659,6 +791,18 @@ int main(int argc, const char *argv[])
|
|
|
b2d430 |
cmocka_unit_test_setup_teardown(test_group_space,
|
|
|
b2d430 |
simple_group_test_setup,
|
|
|
b2d430 |
simple_group_test_teardown),
|
|
|
b2d430 |
+ cmocka_unit_test_setup_teardown(test_unparseable_allow_user,
|
|
|
b2d430 |
+ simple_test_setup,
|
|
|
b2d430 |
+ simple_test_teardown),
|
|
|
b2d430 |
+ cmocka_unit_test_setup_teardown(test_unparseable_deny_user,
|
|
|
b2d430 |
+ simple_test_setup,
|
|
|
b2d430 |
+ simple_test_teardown),
|
|
|
b2d430 |
+ cmocka_unit_test_setup_teardown(test_unparseable_allow_group,
|
|
|
b2d430 |
+ simple_test_setup,
|
|
|
b2d430 |
+ simple_test_teardown),
|
|
|
b2d430 |
+ cmocka_unit_test_setup_teardown(test_unparseable_deny_group,
|
|
|
b2d430 |
+ simple_test_setup,
|
|
|
b2d430 |
+ simple_test_teardown),
|
|
|
b2d430 |
};
|
|
|
b2d430 |
|
|
|
b2d430 |
/* Set debug level to invalid value so we can decide if -d 0 was used. */
|
|
|
b2d430 |
--
|
|
|
b2d430 |
2.4.11
|
|
|
b2d430 |
|