Blob Blame History Raw
From 5ec1d31f32583761c05691c951576b6213037393 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 7 Feb 2014 15:54:30 +0100
Subject: [PATCH 94/97] IPA: refactor idmap code and add test

---
 Makefile.am                       |  15 +++
 src/providers/ipa/ipa_common.h    |  10 ++
 src/providers/ipa/ipa_idmap.c     | 248 +++++++++++++++----------------------
 src/tests/cmocka/test_ipa_idmap.c | 249 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 374 insertions(+), 148 deletions(-)
 create mode 100644 src/tests/cmocka/test_ipa_idmap.c

diff --git a/Makefile.am b/Makefile.am
index 16648f9aa2275b60ec84a95ff8a26b1225b97918..2e1a1e6bacfb79e4ef7068a22a64c21d23858cb9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -150,6 +150,7 @@ if HAVE_CMOCKA
         dyndns-tests \
         fqnames-tests \
         test_sss_idmap \
+        test_ipa_idmap \
         test_utils \
         ad_access_filter_tests \
         ad_common_tests \
@@ -1359,6 +1360,20 @@ test_sss_idmap_LDADD = \
     $(SSSD_INTERNAL_LTLIBS) \
     libsss_test_common.la
 
+test_ipa_idmap_SOURCES = \
+    src/tests/cmocka/test_ipa_idmap.c \
+    src/providers/ipa/ipa_idmap.c
+test_ipa_idmap_CFLAGS = \
+    $(AM_CFLAGS)
+test_ipa_idmap_LDFLAGS = \
+    -Wl,-wrap,sysdb_get_ranges
+test_ipa_idmap_LDADD = \
+    $(CMOCKA_LIBS) \
+    $(POPT_LIBS) \
+    libsss_idmap.la \
+    $(SSSD_INTERNAL_LTLIBS) \
+    libsss_test_common.la
+
 test_utils_SOURCES = \
     src/tests/cmocka/test_utils.c
 test_utils_CFLAGS = \
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 02f0baf55f0d226eeb8956076b9bbcce285d4a94..0b8a17c532b7b0081dc749dcef1e6c0e684a7ed2 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -195,6 +195,16 @@ int ipa_sudo_init(struct be_ctx *be_ctx,
                   struct bet_ops **ops,
                   void **pvt_data);
 
+errno_t get_idmap_data_from_range(struct range_info *r, char *domain_name,
+                                  char **_name, char **_sid, uint32_t *_rid,
+                                  struct sss_idmap_range *_range,
+                                  bool *_external_mapping);
+
+errno_t ipa_idmap_get_ranges_from_sysdb(struct sdap_idmap_ctx *idmap_ctx,
+                                        const char *dom_name,
+                                        const char *dom_sid_str,
+                                        bool allow_collisions);
+
 errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
                        struct sdap_id_ctx *id_ctx,
                        struct sdap_idmap_ctx **_idmap_ctx);
diff --git a/src/providers/ipa/ipa_idmap.c b/src/providers/ipa/ipa_idmap.c
index eaca0ed3c3ce2622fbf80dff13d22e2e521f54fe..a65086af4cb4bec7ab85774f3ca1a3555056cee0 100644
--- a/src/providers/ipa/ipa_idmap.c
+++ b/src/providers/ipa/ipa_idmap.c
@@ -156,9 +156,68 @@ done:
     return ret;
 }
 
-errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
-                                  const char *dom_name,
-                                  const char *dom_sid_str)
+errno_t get_idmap_data_from_range(struct range_info *r, char *domain_name,
+                                  char **_name, char **_sid, uint32_t *_rid,
+                                  struct sss_idmap_range *_range,
+                                  bool *_external_mapping)
+{
+    if (r->range_type == NULL) {
+        /* Older IPA servers might not have the range_type attribute, but
+         * only support local ranges and trusts with algorithmic mapping. */
+
+        if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) {
+            /* local IPA domain */
+            *_rid = 0;
+            *_external_mapping = true;
+            *_name = domain_name;
+            *_sid = NULL;
+        } else if (r->trusted_dom_sid != NULL
+                && r->secondary_base_rid == 0) {
+            /* trusted domain */
+            *_rid = r->base_rid;
+            *_external_mapping = false;
+            *_name = r->trusted_dom_sid;
+            *_sid = r->trusted_dom_sid;
+        } else {
+            DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot determine range type, " \
+                                         "for id range [%s].\n",
+                                         r->name));
+            return EINVAL;
+        }
+    } else {
+        if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) {
+            *_rid = 0;
+            *_external_mapping = true;
+            *_name = domain_name;
+            *_sid = NULL;
+        } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) {
+            *_rid = 0;
+            *_external_mapping = true;
+            *_name = r->trusted_dom_sid;
+            *_sid = r->trusted_dom_sid;
+        } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) {
+            *_rid = r->base_rid;
+            *_external_mapping = false;
+            *_name = r->trusted_dom_sid;
+            *_sid = r->trusted_dom_sid;
+        } else {
+            DEBUG(SSSDBG_MINOR_FAILURE, ("Range type [%s] of id range " \
+                                         "[%s] not supported.\n", \
+                                         r->range_type, r->name));
+            return EINVAL;
+        }
+    }
+
+    _range->min = r->base_id;
+    _range->max = r->base_id + r->id_range_size -1;
+
+    return EOK;
+}
+
+errno_t ipa_idmap_get_ranges_from_sysdb(struct sdap_idmap_ctx *idmap_ctx,
+                                        const char *dom_name,
+                                        const char *dom_sid_str,
+                                        bool allow_collisions)
 {
     int ret;
     size_t range_count;
@@ -166,7 +225,6 @@ errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
     TALLOC_CTX *tmp_ctx;
     size_t c;
     enum idmap_error_code err;
-    struct range_info *r;
     struct sss_idmap_range range;
     uint32_t rid;
     bool external_mapping;
@@ -187,74 +245,39 @@ errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
     }
 
     for (c = 0; c < range_count; c++) {
-        r = range_list[c];
-
-        if (r->range_type == NULL) {
-            /* Older IPA servers might not have the range_type attribute, but
-             * only support local ranges and trusts with algorithmic mapping. */
-
-            if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) {
-                /* local IPA domain */
-                rid = 0;
-                external_mapping = true;
-                name = idmap_ctx->id_ctx->be->domain->name;
-                sid = NULL;
-            } else if (r->trusted_dom_sid != NULL
-                    && r->secondary_base_rid == 0) {
-                /* trusted domain */
-                rid = r->base_rid;
-                external_mapping = false;
-                name = r->trusted_dom_sid;
-                sid = r->trusted_dom_sid;
-            } else {
-                DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot determine range type, " \
-                                             "skipping id ange [%s].\n",
-                                             r->name));
-                continue;
-            }
-        } else {
-            if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) {
-                rid = 0;
-                external_mapping = true;
-                name = idmap_ctx->id_ctx->be->domain->name;
-                sid = NULL;
-            } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) {
-                rid = 0;
-                external_mapping = true;
-                name = r->trusted_dom_sid;
-                sid = r->trusted_dom_sid;
-            } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) {
-                rid = r->base_rid;
-                external_mapping = false;
-                name = r->trusted_dom_sid;
-                sid = r->trusted_dom_sid;
-            } else {
-                DEBUG(SSSDBG_MINOR_FAILURE, ("Range type [%s] not supported, " \
-                                             "skipping id range [%s].\n",
-                                             r->range_type, r->name));
-                continue;
-            }
+        ret = get_idmap_data_from_range(range_list[c],
+                                        idmap_ctx->id_ctx->be->domain->name,
+                                        &name, &sid, &rid, &range,
+                                        &external_mapping);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("get_idmap_data_from_range failed for " \
+                                      "id range [%s], skipping.\n",
+                                      range_list[c]->name));
+            continue;
         }
 
-        range.min = r->base_id;
-        range.max = r->base_id + r->id_range_size -1;
         err = sss_idmap_add_domain_ex(idmap_ctx->map, name, sid, &range,
-                                      r->name, rid, external_mapping);
-        if (err != IDMAP_SUCCESS && err != IDMAP_COLLISION) {
-            DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n",
-                                        r->name));
-            ret = EIO;
+                                      range_list[c]->name, rid,
+                                      external_mapping);
+        if (err != IDMAP_SUCCESS) {
+            if (!allow_collisions || err != IDMAP_COLLISION) {
+                DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n",
+                                            range_list[c]->name));
+                ret = EIO;
+                goto done;
+            }
+        }
+    }
+
+    if (dom_name != NULL || dom_sid_str != NULL) {
+        ret = ipa_idmap_check_posix_child(idmap_ctx, dom_name, dom_sid_str,
+                                          range_count, range_list);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("ipa_idmap_check_posix_child failed.\n"));
             goto done;
         }
     }
 
-    ret = ipa_idmap_check_posix_child(idmap_ctx, dom_name, dom_sid_str,
-                                      range_count, range_list);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_OP_FAILURE, ("ipa_idmap_check_posix_child failed.\n"));
-        goto done;
-    }
-
     ret = EOK;
 
 done:
@@ -263,6 +286,14 @@ done:
     return ret;
 }
 
+errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
+                                  const char *dom_name,
+                                  const char *dom_sid_str)
+{
+    return ipa_idmap_get_ranges_from_sysdb(idmap_ctx, dom_name, dom_sid_str,
+                                           true);
+}
+
 errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
                        struct sdap_id_ctx *id_ctx,
                        struct sdap_idmap_ctx **_idmap_ctx)
@@ -270,17 +301,7 @@ errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
     errno_t ret;
     TALLOC_CTX *tmp_ctx;
     enum idmap_error_code err;
-    size_t c;
     struct sdap_idmap_ctx *idmap_ctx = NULL;
-    struct sysdb_ctx *sysdb = id_ctx->be->domain->sysdb;
-    size_t range_count;
-    struct range_info **range_list;
-    struct range_info *r;
-    struct sss_idmap_range range;
-    uint32_t rid;
-    bool external_mapping;
-    char *name;
-    char *sid;
 
     tmp_ctx = talloc_new(NULL);
     if (!tmp_ctx) return ENOMEM;
@@ -309,82 +330,13 @@ errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
-
-    /* Read in any existing mappings from the cache */
-    ret = sysdb_get_ranges(tmp_ctx, sysdb, &range_count, &range_list);
-    if (ret != EOK && ret != ENOENT) {
-        DEBUG(SSSDBG_FATAL_FAILURE,
-              ("Could not read ranges from the cache: [%s]\n",
-               strerror(ret)));
+    ret = ipa_idmap_get_ranges_from_sysdb(idmap_ctx, NULL, NULL, false);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              ("ipa_idmap_get_ranges_from_sysdb failed.\n"));
         goto done;
     }
 
-    DEBUG(SSSDBG_CONF_SETTINGS,
-          ("Initializing [%zu] domains for ID-mapping\n", range_count));
-
-    for (c = 0; c < range_count; c++) {
-
-        r = range_list[c];
-
-        if (r->range_type == NULL) {
-            /* Older IPA servers might not have the range_type attribute, but
-             * only support local ranges and trusts with algorithmic mapping. */
-
-            if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) {
-                /* local IPA domain */
-                rid = 0;
-                external_mapping = true;
-                sid = NULL;
-                name = id_ctx->be->domain->name;
-            } else if (r->trusted_dom_sid != NULL
-                    && r->secondary_base_rid == 0) {
-                /* trusted domain */
-                rid = r->base_rid;
-                external_mapping = false;
-                sid = r->trusted_dom_sid;
-                name = sid;
-            } else {
-                DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot determine range type, " \
-                                             "skipping id ange [%s].\n",
-                                             r->name));
-                continue;
-            }
-        } else {
-            if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) {
-                rid = 0;
-                external_mapping = true;
-                sid = NULL;
-                name = id_ctx->be->domain->name;
-            } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) {
-                rid = 0;
-                external_mapping = true;
-                sid = r->trusted_dom_sid;
-                name = sid;
-            } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) {
-                rid = r->base_rid;
-                external_mapping = false;
-                sid = r->trusted_dom_sid;
-                name = sid;
-            } else {
-                DEBUG(SSSDBG_MINOR_FAILURE, ("Range type [%s] not supported, " \
-                                             "skipping id range [%s].\n",
-                                             r->range_type, r->name));
-                continue;
-            }
-        }
-
-        range.min = r->base_id;
-        range.max = r->base_id + r->id_range_size -1;
-        err = sss_idmap_add_domain_ex(idmap_ctx->map, name, sid, &range,
-                                      r->name, rid, external_mapping);
-        if (err != IDMAP_SUCCESS) {
-            DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n",
-                                        r->name));
-            ret = EIO;
-            goto done;
-        }
-    }
-
     *_idmap_ctx = talloc_steal(mem_ctx, idmap_ctx);
     ret = EOK;
 
diff --git a/src/tests/cmocka/test_ipa_idmap.c b/src/tests/cmocka/test_ipa_idmap.c
new file mode 100644
index 0000000000000000000000000000000000000000..2fb2cde2f9a7f1172fb69b268d19b559ff9d2f32
--- /dev/null
+++ b/src/tests/cmocka/test_ipa_idmap.c
@@ -0,0 +1,249 @@
+/*
+    Authors:
+        Sumit Bose <sbose@redhat.com>
+
+    Copyright (C) 2014 Red Hat
+
+    SSSD tests: Unit tests for id-mapping in the IPA provider
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <popt.h>
+
+#include "tests/cmocka/common_mock.h"
+#include "lib/idmap/sss_idmap.h"
+#include "providers/ipa/ipa_common.h"
+#include "providers/ldap/sdap_idmap.h"
+
+#define RANGE_NAME discard_const("range1")
+#define DOMAIN_SID discard_const("S-1-5-21-2-3-4")
+#define DOMAIN_NAME discard_const("dom.test")
+#define BASE_RID 111
+#define SECONDARY_BASE_RID 11223344
+#define BASE_ID 123456
+#define RANGE_SIZE 222222
+#define RANGE_MAX (BASE_ID + RANGE_SIZE - 1)
+
+void test_get_idmap_data_from_range(void **state)
+{
+    char *dom_name;
+    char *sid;
+    uint32_t rid;
+    struct sss_idmap_range range;
+    bool external_mapping;
+    size_t c;
+    errno_t ret;
+
+    struct test_data {
+        struct range_info r;
+        errno_t exp_ret;
+        char *exp_dom_name;
+        char *exp_sid;
+        uint32_t exp_rid;
+        struct sss_idmap_range exp_range;
+        bool exp_external_mapping;
+    } d[] = {
+        /* working IPA_RANGE_LOCAL range */
+        {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, SECONDARY_BASE_RID,
+          NULL, discard_const(IPA_RANGE_LOCAL)},
+         EOK, DOMAIN_NAME, NULL, 0, {BASE_ID, RANGE_MAX}, true},
+        /* working old-style IPA_RANGE_LOCAL range without range type */
+        {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, SECONDARY_BASE_RID,
+          NULL, NULL},
+         EOK, DOMAIN_NAME, NULL, 0, {BASE_ID, RANGE_MAX}, true},
+        /* old-style IPA_RANGE_LOCAL without SID and secondary base rid */
+        {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, NULL, NULL},
+         EINVAL, NULL, NULL, 0, {0, 0}, false},
+        /* old-style range with SID and secondary base rid */
+        {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, SECONDARY_BASE_RID,
+          DOMAIN_SID, NULL},
+         EINVAL, NULL, NULL, 0, {0, 0}, false},
+        /* working IPA_RANGE_AD_TRUST range */
+        {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, DOMAIN_SID,
+          discard_const(IPA_RANGE_AD_TRUST)},
+         EOK, DOMAIN_SID, DOMAIN_SID, BASE_RID, {BASE_ID, RANGE_MAX}, false},
+        /* working old-style IPA_RANGE_AD_TRUST range without range type */
+        {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, DOMAIN_SID, NULL},
+         EOK, DOMAIN_SID, DOMAIN_SID, BASE_RID, {BASE_ID, RANGE_MAX}, false},
+        /* working IPA_RANGE_AD_TRUST_POSIX range */
+        {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, DOMAIN_SID,
+          discard_const(IPA_RANGE_AD_TRUST_POSIX)},
+         EOK, DOMAIN_SID, DOMAIN_SID, 0, {BASE_ID, RANGE_MAX}, true},
+        {{0}, 0, NULL, NULL, 0, {0, 0}, false}
+    };
+
+    for (c = 0; d[c].exp_dom_name != NULL; c++) {
+        ret = get_idmap_data_from_range(&d[c].r, DOMAIN_NAME, &dom_name, &sid,
+                                        &rid, &range, &external_mapping);
+        assert_int_equal(ret, d[c].exp_ret);
+        assert_string_equal(dom_name, d[c].exp_dom_name);
+        if (d[c].exp_sid == NULL) {
+            assert_null(sid);
+        } else {
+            assert_string_equal(sid, d[c].exp_sid);
+        }
+        assert_int_equal(rid, d[c].exp_rid);
+        assert_int_equal(range.min, d[c].exp_range.min);
+        assert_int_equal(range.max, d[c].exp_range.max);
+        assert_true(external_mapping == d[c].exp_external_mapping);
+    }
+}
+
+errno_t __wrap_sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+                                size_t *range_count,
+                                struct range_info ***range_list)
+{
+
+    *range_count = sss_mock_type(size_t);
+    *range_list = talloc_steal(mem_ctx,
+                               sss_mock_ptr_type(struct range_info **));
+    return EOK;
+}
+
+struct test_ctx {
+    struct sdap_idmap_ctx *idmap_ctx;
+    struct sdap_id_ctx *sdap_id_ctx;
+};
+
+static struct range_info **get_range_list(TALLOC_CTX *mem_ctx)
+{
+    struct range_info **range_list;
+
+    range_list = talloc_array(mem_ctx, struct range_info *, 2);
+    assert_non_null(range_list);
+
+    range_list[0] = talloc_zero(range_list, struct range_info);
+    assert_non_null(range_list[0]);
+
+    range_list[0]->name = talloc_strdup(range_list[0], RANGE_NAME);
+    assert_non_null( range_list[0]->name);
+    range_list[0]->base_id = BASE_ID;
+    range_list[0]->id_range_size = RANGE_SIZE;
+    range_list[0]->base_rid = BASE_RID;
+    range_list[0]->secondary_base_rid = 0;
+    range_list[0]->trusted_dom_sid = talloc_strdup(range_list[0], DOMAIN_SID);
+    assert_non_null(range_list[0]->trusted_dom_sid);
+    range_list[0]->range_type = talloc_strdup(range_list[0],
+                                              IPA_RANGE_AD_TRUST);
+    assert_non_null(range_list[0]->range_type);
+
+    return range_list;
+}
+
+void setup_idmap_ctx(void **state)
+{
+    int ret;
+    struct test_ctx *test_ctx;
+
+    assert_true(leak_check_setup());
+
+    test_ctx = talloc_zero(global_talloc_context, struct test_ctx);
+    assert_non_null(test_ctx);
+
+    test_ctx->sdap_id_ctx = talloc_zero(test_ctx,
+                                        struct sdap_id_ctx);
+    assert_non_null(test_ctx->sdap_id_ctx);
+
+    test_ctx->sdap_id_ctx->be = talloc_zero(test_ctx->sdap_id_ctx,
+                                            struct be_ctx);
+    assert_non_null(test_ctx->sdap_id_ctx->be);
+
+    test_ctx->sdap_id_ctx->be->domain = talloc_zero(test_ctx->sdap_id_ctx->be,
+                                                    struct sss_domain_info);
+    assert_non_null(test_ctx->sdap_id_ctx->be->domain);
+
+    test_ctx->sdap_id_ctx->be->domain->name =
+                  talloc_strdup(test_ctx->sdap_id_ctx->be->domain, DOMAIN_NAME);
+    assert_non_null(test_ctx->sdap_id_ctx->be->domain->name);
+
+    will_return(__wrap_sysdb_get_ranges, 1);
+    will_return(__wrap_sysdb_get_ranges, get_range_list(global_talloc_context));
+
+    ret = ipa_idmap_init(test_ctx, test_ctx->sdap_id_ctx,
+                         &test_ctx->idmap_ctx);
+    assert_int_equal(ret, EOK);
+
+    check_leaks_push(test_ctx);
+    *state = test_ctx;
+}
+
+void teardown_idmap_ctx(void **state)
+{
+    struct test_ctx *test_ctx = talloc_get_type(*state, struct test_ctx);
+
+    assert_non_null(test_ctx);
+
+    assert_true(check_leaks_pop(test_ctx) == true);
+
+    talloc_free(test_ctx);
+    assert_true(leak_check_teardown());
+}
+
+void test_ipa_idmap_get_ranges_from_sysdb(void **state)
+{
+    int ret;
+    struct test_ctx *test_ctx = talloc_get_type(*state, struct test_ctx);
+    assert_non_null(test_ctx);
+
+    will_return(__wrap_sysdb_get_ranges, 1);
+    will_return(__wrap_sysdb_get_ranges, get_range_list(test_ctx->idmap_ctx));
+    ret = ipa_idmap_get_ranges_from_sysdb(test_ctx->idmap_ctx,
+                                          DOMAIN_NAME, DOMAIN_SID, true);
+    assert_int_equal(ret, EOK);
+
+    will_return(__wrap_sysdb_get_ranges, 1);
+    will_return(__wrap_sysdb_get_ranges, get_range_list(global_talloc_context));
+    ret = ipa_idmap_get_ranges_from_sysdb(test_ctx->idmap_ctx,
+                                          DOMAIN_NAME, DOMAIN_SID, false);
+    assert_int_equal(ret, EIO);
+}
+
+int main(int argc, const char *argv[])
+{
+    poptContext pc;
+    int opt;
+    struct poptOption long_options[] = {
+        POPT_AUTOHELP
+        SSSD_DEBUG_OPTS
+        POPT_TABLEEND
+    };
+
+    const UnitTest tests[] = {
+        unit_test(test_get_idmap_data_from_range),
+        unit_test_setup_teardown(test_ipa_idmap_get_ranges_from_sysdb,
+                                 setup_idmap_ctx, teardown_idmap_ctx),
+    };
+
+    /* Set debug level to invalid value so we can deside if -d 0 was used. */
+    debug_level = SSSDBG_INVALID;
+
+    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+    while((opt = poptGetNextOpt(pc)) != -1) {
+        switch(opt) {
+        default:
+            fprintf(stderr, "\nInvalid option %s: %s\n\n",
+                    poptBadOption(pc, 0), poptStrerror(opt));
+            poptPrintUsage(pc, stderr, 0);
+            return 1;
+        }
+    }
+    poptFreeContext(pc);
+
+    DEBUG_INIT(debug_level);
+
+    tests_set_cwd();
+
+    return run_tests(tests);
+}
-- 
1.8.5.3