rpms/sssd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
feafcbceb6
sssd/0023-TESTS-Extending-sysdb-sudo-store-tests.patch
Lukas Slebodnik feafcbceb6 Resolves: rhbz#1369130 - nss_sss should not link against libpthread 
Resolves: rhbz#1392916 - sssd failes to start after update
Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
                           on the directory /etc/sssd

(cherry picked from commit eb6c560542)
2016-12-13 20:15:43 +01:00

226 lines
8.1 KiB
Diff
Raw Blame History

From 1cd53e7a9cdb95aeca6a3f9ae4a6e32072f74ee7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
Date: Thu, 13 Oct 2016 09:31:52 +0200
Subject: [PATCH 23/39] TESTS: Extending sysdb sudo store tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We covered diference between case sensitive and case insensitive
domains. If domain is case insensitive we add lowercase form of
sudoUser to local sysdb cache.
Resolves:
https://fedorahosted.org/sssd/ticket/3203
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 23637e2fd2b1fe42bdd2335893a11ac8016f56bc)
(cherry picked from commit 143b1dcbbe865a139616a22b139e19bd772e46f0)
---
src/tests/cmocka/test_sysdb_sudo.c | 168 ++++++++++++++++++++++++++++++++++++-
1 file changed, 167 insertions(+), 1 deletion(-)
diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c
index 889de7237..f21ff3655 100644
--- a/src/tests/cmocka/test_sysdb_sudo.c
+++ b/src/tests/cmocka/test_sysdb_sudo.c
@@ -44,7 +44,7 @@ struct test_user {
const char *name;
uid_t uid;
gid_t gid;
-} users[] = { { "test_user1", 1001, 1001 },
+} users[] = { { "test_USER1", 1001, 1001 },
{ "test_user2", 1002, 1002 },
{ "test_user3", 1003, 1003 } };
@@ -104,6 +104,29 @@ static void create_rule_attrs(struct sysdb_attrs *rule, int i)
assert_int_equal(ret, EOK);
}
+static void create_rule_attrs_multiple_sudoUser(struct sysdb_attrs *rule)
+{
+ errno_t ret;
+
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_CN,
+ rules[0].name);
+ assert_int_equal(ret, EOK);
+
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_HOST,
+ rules[0].host);
+ assert_int_equal(ret, EOK);
+
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_RUNASUSER,
+ rules[0].as_user);
+ assert_int_equal(ret, EOK);
+
+ for (int i = 0; i < 3; i++ ) {
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_USER,
+ users[i].name);
+ assert_int_equal(ret, EOK);
+ }
+}
+
static int get_stored_rules_count(struct sysdb_test_ctx *test_ctx)
{
errno_t ret;
@@ -217,6 +240,143 @@ void test_store_sudo(void **state)
talloc_zfree(msgs);
}
+void test_store_sudo_case_sensitive(void **state)
+{
+ errno_t ret;
+ char *filter;
+ const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_HOST,
+ SYSDB_SUDO_CACHE_AT_RUNASUSER,
+ SYSDB_SUDO_CACHE_AT_USER, NULL };
+ struct ldb_message **msgs = NULL;
+ size_t msgs_count;
+ const char *result;
+ struct ldb_message_element *element;
+ struct sysdb_attrs *rule;
+ struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state,
+ struct sysdb_test_ctx);
+ const char *lowered_name = sss_tc_utf8_str_tolower(test_ctx, users[0].name);
+
+ rule = sysdb_new_attrs(test_ctx);
+ assert_non_null(rule);
+ create_rule_attrs_multiple_sudoUser(rule);
+
+ test_ctx->tctx->dom->case_sensitive = true;
+
+ ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1);
+ assert_int_equal(ret, EOK);
+
+ filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0);
+ assert_non_null(filter);
+
+ ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter,
+ attrs, &msgs_count, &msgs);
+ assert_int_equal(ret, EOK);
+
+ assert_int_equal(msgs_count, 1);
+
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_CN, NULL);
+ assert_non_null(result);
+ assert_string_equal(result, rules[0].name);
+
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_HOST,
+ NULL);
+ assert_non_null(result);
+ assert_string_equal(result, rules[0].host);
+
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_RUNASUSER,
+ NULL);
+ assert_non_null(result);
+ assert_string_equal(result, rules[0].as_user);
+
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
+ users[0].name);
+ assert_int_equal(ret, 1);
+
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
+ lowered_name);
+ assert_int_equal(ret, 0);
+
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
+ users[1].name);
+ assert_int_equal(ret, 1);
+
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
+ users[2].name);
+ assert_int_equal(ret, 1);
+
+ element = ldb_msg_find_element(msgs[0], SYSDB_SUDO_CACHE_AT_USER);
+ assert_int_equal(element->num_values, 3);
+
+ talloc_zfree(lowered_name);
+ talloc_zfree(rule);
+ talloc_zfree(filter);
+ talloc_zfree(msgs);
+}
+
+void test_store_sudo_case_insensitive(void **state)
+{
+ errno_t ret;
+ char *filter;
+ const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_HOST,
+ SYSDB_SUDO_CACHE_AT_RUNASUSER,
+ SYSDB_SUDO_CACHE_AT_USER, NULL };
+ struct ldb_message **msgs = NULL;
+ size_t msgs_count;
+ const char *result;
+ struct ldb_message_element *element;
+ struct sysdb_attrs *rule;
+ struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state,
+ struct sysdb_test_ctx);
+ const char *lowered_name = sss_tc_utf8_str_tolower(test_ctx, users[0].name);
+
+ rule = sysdb_new_attrs(test_ctx);
+ assert_non_null(rule);
+ create_rule_attrs_multiple_sudoUser(rule);
+
+ test_ctx->tctx->dom->case_sensitive = false;
+
+ ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1);
+ assert_int_equal(ret, EOK);
+
+ filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0);
+ assert_non_null(filter);
+
+ ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter,
+ attrs, &msgs_count, &msgs);
+ assert_int_equal(ret, EOK);
+
+ assert_int_equal(msgs_count, 1);
+
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_CN, NULL);
+ assert_non_null(result);
+ assert_string_equal(result, rules[0].name);
+
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_HOST,
+ NULL);
+ assert_non_null(result);
+ assert_string_equal(result, rules[0].host);
+
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_RUNASUSER,
+ NULL);
+ assert_non_null(result);
+ assert_string_equal(result, rules[0].as_user);
+
+ for (int i = 0; i < 3; i++) {
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
+ users[i].name);
+ assert_int_equal(ret, 1);
+ }
+
+ /* test there is no duplication of lowercase forms */
+ element = ldb_msg_find_element(msgs[0], SYSDB_SUDO_CACHE_AT_USER);
+ assert_int_equal(element->num_values, 4);
+
+ talloc_zfree(lowered_name);
+ talloc_zfree(rule);
+ talloc_zfree(filter);
+ talloc_zfree(msgs);
+}
+
void test_sudo_purge_by_filter(void **state)
{
errno_t ret;
@@ -648,6 +808,12 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(test_store_sudo,
test_sysdb_setup,
test_sysdb_teardown),
+ cmocka_unit_test_setup_teardown(test_store_sudo_case_sensitive,
+ test_sysdb_setup,
+ test_sysdb_teardown),
+ cmocka_unit_test_setup_teardown(test_store_sudo_case_insensitive,
+ test_sysdb_setup,
+ test_sysdb_teardown),
/* sysdb_sudo_purge() */
cmocka_unit_test_setup_teardown(test_sudo_purge_by_filter,
--
2.11.0
Reference in New Issue View Git Blame Copy Permalink