Blame SOURCES/0086-TESTS-Use-the-DP-handlers-in-simple-provider-tests-a.patch

b2d430
From 157781d8a05975c034858a38d2c00cdd94d374b0 Mon Sep 17 00:00:00 2001
b2d430
From: Jakub Hrozek <jhrozek@redhat.com>
b2d430
Date: Tue, 26 Jul 2016 12:14:47 +0200
b2d430
Subject: [PATCH 86/86] TESTS: Use the DP handlers in simple provider tests,
b2d430
 add more tests
b2d430
MIME-Version: 1.0
b2d430
Content-Type: text/plain; charset=UTF-8
b2d430
Content-Transfer-Encoding: 8bit
b2d430
b2d430
Use the full simple access control handlers, just like SSSD does in the
b2d430
tests.
b2d430
b2d430
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
b2d430
---
b2d430
 src/tests/cmocka/test_simple_access.c | 186 ++++++++++++++++++++++++++++++----
b2d430
 1 file changed, 165 insertions(+), 21 deletions(-)
b2d430
b2d430
diff --git a/src/tests/cmocka/test_simple_access.c b/src/tests/cmocka/test_simple_access.c
b2d430
index 1f093cf7fee4d046dcc727aa8815fb9aafb68c52..d41bb295e24ef2104cf17636f37d487fd14d0b93 100644
b2d430
--- a/src/tests/cmocka/test_simple_access.c
b2d430
+++ b/src/tests/cmocka/test_simple_access.c
b2d430
@@ -21,12 +21,14 @@
b2d430
 #include <tevent.h>
b2d430
 #include <errno.h>
b2d430
 #include <popt.h>
b2d430
+#include <security/pam_appl.h>
b2d430
 
b2d430
 #include "tests/cmocka/common_mock.h"
b2d430
 #include "tests/cmocka/common_mock_be.h"
b2d430
 #include "tests/cmocka/common_mock_resp.h"
b2d430
 #include "db/sysdb_private.h"   /* new_subdomain() */
b2d430
 #include "providers/simple/simple_access.h"
b2d430
+#include "providers/simple/simple_access_pvt.h"
b2d430
 
b2d430
 #define TESTS_PATH "tp_" BASE_FILE_STEM
b2d430
 #define TEST_CONF_DB "test_simple_conf.ldb"
b2d430
@@ -34,8 +36,6 @@
b2d430
 #define TEST_SUBDOM_NAME "test.subdomain"
b2d430
 #define TEST_ID_PROVIDER "ldap"
b2d430
 
b2d430
-int simple_access_obtain_filter_lists(struct simple_ctx *ctx);
b2d430
-
b2d430
 struct simple_test_ctx {
b2d430
     struct sss_test_ctx *tctx;
b2d430
     struct be_ctx *be_ctx;
b2d430
@@ -43,6 +43,8 @@ struct simple_test_ctx {
b2d430
 
b2d430
     bool access_granted;
b2d430
     struct simple_ctx *ctx;
b2d430
+    struct pam_data *pd;
b2d430
+    struct dp_req_params *params;
b2d430
 };
b2d430
 
b2d430
 static int test_simple_setup(struct sss_test_conf_param params[], void **state)
b2d430
@@ -75,6 +77,19 @@ static int test_simple_setup(struct sss_test_conf_param params[], void **state)
b2d430
         return ENOMEM;
b2d430
     }
b2d430
 
b2d430
+    simple_test_ctx->pd = talloc_zero(simple_test_ctx, struct pam_data);
b2d430
+    if (simple_test_ctx->pd == NULL) {
b2d430
+        return ENOMEM;
b2d430
+    }
b2d430
+    simple_test_ctx->pd->cmd = SSS_PAM_ACCT_MGMT;
b2d430
+
b2d430
+    simple_test_ctx->params = talloc_zero(simple_test_ctx,
b2d430
+                                          struct dp_req_params);
b2d430
+    if (simple_test_ctx->params == NULL) {
b2d430
+        return ENOMEM;
b2d430
+    }
b2d430
+    simple_test_ctx->params->ev = simple_test_ctx->tctx->ev;
b2d430
+
b2d430
     *state = simple_test_ctx;
b2d430
     return 0;
b2d430
 }
b2d430
@@ -122,7 +137,7 @@ static int setup_with_params(struct simple_test_ctx *test_ctx,
b2d430
         return ret;
b2d430
     }
b2d430
 
b2d430
-    test_ctx->ctx = talloc(test_ctx, struct simple_ctx);
b2d430
+    test_ctx->ctx = talloc_zero(test_ctx, struct simple_ctx);
b2d430
     if (test_ctx->ctx == NULL) {
b2d430
         return ENOMEM;
b2d430
     }
b2d430
@@ -130,11 +145,6 @@ static int setup_with_params(struct simple_test_ctx *test_ctx,
b2d430
     test_ctx->ctx->be_ctx = test_ctx->be_ctx;
b2d430
     test_ctx->ctx->domain = test_ctx->tctx->dom;
b2d430
 
b2d430
-    ret = simple_access_obtain_filter_lists(test_ctx->ctx);
b2d430
-    if (ret != EOK) {
b2d430
-        return ret;
b2d430
-    }
b2d430
-
b2d430
     return EOK;
b2d430
 }
b2d430
 
b2d430
@@ -155,13 +165,14 @@ static int simple_test_teardown(void **state)
b2d430
     return 0;
b2d430
 }
b2d430
 
b2d430
-static void simple_access_check_done(struct tevent_req *req)
b2d430
+static void simple_access_handler_done(struct tevent_req *req)
b2d430
 {
b2d430
     struct simple_test_ctx *simple_test_ctx =
b2d430
                         tevent_req_callback_data(req, struct simple_test_ctx);
b2d430
 
b2d430
-    simple_test_ctx->tctx->error = simple_access_check_recv(req,
b2d430
-                                              &simple_test_ctx->access_granted);
b2d430
+    simple_test_ctx->tctx->error = simple_access_handler_recv(simple_test_ctx,
b2d430
+                                                    req, &simple_test_ctx->pd);
b2d430
+    simple_test_ctx->access_granted = (simple_test_ctx->pd->pam_status == PAM_SUCCESS);
b2d430
     talloc_free(req);
b2d430
     simple_test_ctx->tctx->done = true;
b2d430
 }
b2d430
@@ -175,10 +186,13 @@ static void run_simple_access_check(struct simple_test_ctx *simple_test_ctx,
b2d430
     struct tevent_req *req;
b2d430
 
b2d430
     simple_test_ctx->tctx->done = false;
b2d430
-    req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
b2d430
-                                   simple_test_ctx->ctx, username);
b2d430
+    simple_test_ctx->pd->user = discard_const(username);
b2d430
+    req = simple_access_handler_send(simple_test_ctx,
b2d430
+                                     simple_test_ctx->ctx,
b2d430
+                                     simple_test_ctx->pd,
b2d430
+                                     simple_test_ctx->params);
b2d430
     assert_non_null(req);
b2d430
-    tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
b2d430
+    tevent_req_set_callback(req, simple_access_handler_done, simple_test_ctx);
b2d430
 
b2d430
     ret = test_ev_loop(simple_test_ctx->tctx);
b2d430
     assert_int_equal(ret, expected_rv);
b2d430
@@ -487,23 +501,29 @@ static void test_group_allow_empty(void **state)
b2d430
         { NULL, NULL },
b2d430
     };
b2d430
 
b2d430
-    ret = setup_with_params(simple_test_ctx, simple_test_ctx->tctx->dom, params);
b2d430
+    ret = setup_with_params(simple_test_ctx,
b2d430
+                            simple_test_ctx->tctx->dom,
b2d430
+                            params);
b2d430
     assert_int_equal(ret, EOK);
b2d430
 
b2d430
-    req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
b2d430
-                                   simple_test_ctx->ctx, "u1@simple_test");
b2d430
+    simple_test_ctx->pd->user = discard_const("u1@simple_test");
b2d430
+    req = simple_access_handler_send(simple_test_ctx, simple_test_ctx->ctx,
b2d430
+                                     simple_test_ctx->pd,
b2d430
+                                     simple_test_ctx->params);
b2d430
     assert_non_null(req);
b2d430
-    tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
b2d430
+    tevent_req_set_callback(req, simple_access_handler_done, simple_test_ctx);
b2d430
 
b2d430
     ret = test_ev_loop(simple_test_ctx->tctx);
b2d430
     assert_int_equal(ret, EOK);
b2d430
     assert_false(simple_test_ctx->access_granted);
b2d430
 
b2d430
     simple_test_ctx->tctx->done = false;
b2d430
-    req = simple_access_check_send(simple_test_ctx, simple_test_ctx->tctx->ev,
b2d430
-                                   simple_test_ctx->ctx, "u3@simple_test");
b2d430
+    simple_test_ctx->pd->user = discard_const("u3@simple_test");
b2d430
+    req = simple_access_handler_send(simple_test_ctx, simple_test_ctx->ctx,
b2d430
+                                     simple_test_ctx->pd,
b2d430
+                                     simple_test_ctx->params);
b2d430
     assert_non_null(req);
b2d430
-    tevent_req_set_callback(req, simple_access_check_done, simple_test_ctx);
b2d430
+    tevent_req_set_callback(req, simple_access_handler_done, simple_test_ctx);
b2d430
 
b2d430
     ret = test_ev_loop(simple_test_ctx->tctx);
b2d430
     assert_int_equal(ret, EOK);
b2d430
@@ -584,6 +604,118 @@ static void test_group_allow_case_insensitive(void **state)
b2d430
     run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, true);
b2d430
 }
b2d430
 
b2d430
+static void test_unparseable_allow_user(void **state)
b2d430
+{
b2d430
+    errno_t ret;
b2d430
+    struct simple_test_ctx *simple_test_ctx = \
b2d430
+                            talloc_get_type(*state, struct simple_test_ctx);
b2d430
+    struct sss_test_conf_param params[] = {
b2d430
+        { "simple_allow_users", "u1, user@no.such.domain" },
b2d430
+        { NULL, NULL },
b2d430
+    };
b2d430
+
b2d430
+    ret = setup_with_params(simple_test_ctx,
b2d430
+                            simple_test_ctx->tctx->dom,
b2d430
+                            params);
b2d430
+    assert_int_equal(ret, EOK);
b2d430
+
b2d430
+    /* Case-sensitive domain, wrong case */
b2d430
+    simple_test_ctx->tctx->done = false;
b2d430
+    simple_test_ctx->tctx->dom->case_sensitive = false;
b2d430
+    /* A user that would normally be denied access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
b2d430
+    /* A user that would normally be allowed access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
b2d430
+}
b2d430
+
b2d430
+static void test_unparseable_deny_user(void **state)
b2d430
+{
b2d430
+    errno_t ret;
b2d430
+    struct simple_test_ctx *simple_test_ctx = \
b2d430
+                            talloc_get_type(*state, struct simple_test_ctx);
b2d430
+    struct sss_test_conf_param params[] = {
b2d430
+        { "simple_deny_users", "u2, user@no.such.domain" },
b2d430
+        { NULL, NULL },
b2d430
+    };
b2d430
+
b2d430
+    ret = setup_with_params(simple_test_ctx,
b2d430
+                            simple_test_ctx->tctx->dom,
b2d430
+                            params);
b2d430
+    assert_int_equal(ret, EOK);
b2d430
+
b2d430
+    /* Case-sensitive domain, wrong case */
b2d430
+    simple_test_ctx->tctx->done = false;
b2d430
+    simple_test_ctx->tctx->dom->case_sensitive = false;
b2d430
+    /* A user that would normally be denied access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
b2d430
+    /* A user that would normally be allowed access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
b2d430
+}
b2d430
+
b2d430
+static void test_unparseable_allow_group(void **state)
b2d430
+{
b2d430
+    errno_t ret;
b2d430
+    struct simple_test_ctx *simple_test_ctx = \
b2d430
+                            talloc_get_type(*state, struct simple_test_ctx);
b2d430
+    struct sss_test_conf_param params[] = {
b2d430
+        { "simple_allow_groups", "g1, group@no.such.domain" },
b2d430
+        { NULL, NULL },
b2d430
+    };
b2d430
+
b2d430
+    ret = setup_with_params(simple_test_ctx,
b2d430
+                            simple_test_ctx->tctx->dom,
b2d430
+                            params);
b2d430
+    assert_int_equal(ret, EOK);
b2d430
+
b2d430
+    /* Case-sensitive domain, wrong case */
b2d430
+    simple_test_ctx->tctx->done = false;
b2d430
+    simple_test_ctx->tctx->dom->case_sensitive = false;
b2d430
+    /* A group that would normally be denied access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
b2d430
+    /* A group that would normally be allowed access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
b2d430
+}
b2d430
+
b2d430
+static void test_unparseable_deny_group(void **state)
b2d430
+{
b2d430
+    errno_t ret;
b2d430
+    struct simple_test_ctx *simple_test_ctx = \
b2d430
+                            talloc_get_type(*state, struct simple_test_ctx);
b2d430
+    struct sss_test_conf_param params[] = {
b2d430
+        { "simple_deny_groups", "g2, group@no.such.domain" },
b2d430
+        { NULL, NULL },
b2d430
+    };
b2d430
+
b2d430
+    ret = setup_with_params(simple_test_ctx,
b2d430
+                            simple_test_ctx->tctx->dom,
b2d430
+                            params);
b2d430
+    assert_int_equal(ret, EOK);
b2d430
+
b2d430
+    /* Case-sensitive domain, wrong case */
b2d430
+    simple_test_ctx->tctx->done = false;
b2d430
+    simple_test_ctx->tctx->dom->case_sensitive = false;
b2d430
+    /* A group that would normally be denied access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u2@simple_test", EOK, false);
b2d430
+    /* A group that would normally be allowed access will be denied because
b2d430
+     * the access list can't be parsed
b2d430
+     */
b2d430
+    run_simple_access_check(simple_test_ctx, "u1@simple_test", EOK, false);
b2d430
+}
b2d430
+
b2d430
 static void test_group_space(void **state)
b2d430
 {
b2d430
     errno_t ret;
b2d430
@@ -659,6 +791,18 @@ int main(int argc, const char *argv[])
b2d430
         cmocka_unit_test_setup_teardown(test_group_space,
b2d430
                                         simple_group_test_setup,
b2d430
                                         simple_group_test_teardown),
b2d430
+        cmocka_unit_test_setup_teardown(test_unparseable_allow_user,
b2d430
+                                        simple_test_setup,
b2d430
+                                        simple_test_teardown),
b2d430
+        cmocka_unit_test_setup_teardown(test_unparseable_deny_user,
b2d430
+                                        simple_test_setup,
b2d430
+                                        simple_test_teardown),
b2d430
+        cmocka_unit_test_setup_teardown(test_unparseable_allow_group,
b2d430
+                                        simple_test_setup,
b2d430
+                                        simple_test_teardown),
b2d430
+        cmocka_unit_test_setup_teardown(test_unparseable_deny_group,
b2d430
+                                        simple_test_setup,
b2d430
+                                        simple_test_teardown),
b2d430
     };
b2d430
 
b2d430
     /* Set debug level to invalid value so we can decide if -d 0 was used. */
b2d430
-- 
b2d430
2.4.11
b2d430