eb6c560542
Resolves: rhbz#1392916 - sssd failes to start after update Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd
226 lines
8.1 KiB
Diff
226 lines
8.1 KiB
Diff
From 1cd53e7a9cdb95aeca6a3f9ae4a6e32072f74ee7 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pcech@redhat.com>
|
|
Date: Thu, 13 Oct 2016 09:31:52 +0200
|
|
Subject: [PATCH 23/39] TESTS: Extending sysdb sudo store tests
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
We covered diference between case sensitive and case insensitive
|
|
domains. If domain is case insensitive we add lowercase form of
|
|
sudoUser to local sysdb cache.
|
|
|
|
Resolves:
|
|
https://fedorahosted.org/sssd/ticket/3203
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
(cherry picked from commit 23637e2fd2b1fe42bdd2335893a11ac8016f56bc)
|
|
(cherry picked from commit 143b1dcbbe865a139616a22b139e19bd772e46f0)
|
|
---
|
|
src/tests/cmocka/test_sysdb_sudo.c | 168 ++++++++++++++++++++++++++++++++++++-
|
|
1 file changed, 167 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c
|
|
index 889de7237..f21ff3655 100644
|
|
--- a/src/tests/cmocka/test_sysdb_sudo.c
|
|
+++ b/src/tests/cmocka/test_sysdb_sudo.c
|
|
@@ -44,7 +44,7 @@ struct test_user {
|
|
const char *name;
|
|
uid_t uid;
|
|
gid_t gid;
|
|
-} users[] = { { "test_user1", 1001, 1001 },
|
|
+} users[] = { { "test_USER1", 1001, 1001 },
|
|
{ "test_user2", 1002, 1002 },
|
|
{ "test_user3", 1003, 1003 } };
|
|
|
|
@@ -104,6 +104,29 @@ static void create_rule_attrs(struct sysdb_attrs *rule, int i)
|
|
assert_int_equal(ret, EOK);
|
|
}
|
|
|
|
+static void create_rule_attrs_multiple_sudoUser(struct sysdb_attrs *rule)
|
|
+{
|
|
+ errno_t ret;
|
|
+
|
|
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_CN,
|
|
+ rules[0].name);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_HOST,
|
|
+ rules[0].host);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_RUNASUSER,
|
|
+ rules[0].as_user);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ for (int i = 0; i < 3; i++ ) {
|
|
+ ret = sysdb_attrs_add_string_safe(rule, SYSDB_SUDO_CACHE_AT_USER,
|
|
+ users[i].name);
|
|
+ assert_int_equal(ret, EOK);
|
|
+ }
|
|
+}
|
|
+
|
|
static int get_stored_rules_count(struct sysdb_test_ctx *test_ctx)
|
|
{
|
|
errno_t ret;
|
|
@@ -217,6 +240,143 @@ void test_store_sudo(void **state)
|
|
talloc_zfree(msgs);
|
|
}
|
|
|
|
+void test_store_sudo_case_sensitive(void **state)
|
|
+{
|
|
+ errno_t ret;
|
|
+ char *filter;
|
|
+ const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_HOST,
|
|
+ SYSDB_SUDO_CACHE_AT_RUNASUSER,
|
|
+ SYSDB_SUDO_CACHE_AT_USER, NULL };
|
|
+ struct ldb_message **msgs = NULL;
|
|
+ size_t msgs_count;
|
|
+ const char *result;
|
|
+ struct ldb_message_element *element;
|
|
+ struct sysdb_attrs *rule;
|
|
+ struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state,
|
|
+ struct sysdb_test_ctx);
|
|
+ const char *lowered_name = sss_tc_utf8_str_tolower(test_ctx, users[0].name);
|
|
+
|
|
+ rule = sysdb_new_attrs(test_ctx);
|
|
+ assert_non_null(rule);
|
|
+ create_rule_attrs_multiple_sudoUser(rule);
|
|
+
|
|
+ test_ctx->tctx->dom->case_sensitive = true;
|
|
+
|
|
+ ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0);
|
|
+ assert_non_null(filter);
|
|
+
|
|
+ ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter,
|
|
+ attrs, &msgs_count, &msgs);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ assert_int_equal(msgs_count, 1);
|
|
+
|
|
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_CN, NULL);
|
|
+ assert_non_null(result);
|
|
+ assert_string_equal(result, rules[0].name);
|
|
+
|
|
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_HOST,
|
|
+ NULL);
|
|
+ assert_non_null(result);
|
|
+ assert_string_equal(result, rules[0].host);
|
|
+
|
|
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_RUNASUSER,
|
|
+ NULL);
|
|
+ assert_non_null(result);
|
|
+ assert_string_equal(result, rules[0].as_user);
|
|
+
|
|
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
|
|
+ users[0].name);
|
|
+ assert_int_equal(ret, 1);
|
|
+
|
|
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
|
|
+ lowered_name);
|
|
+ assert_int_equal(ret, 0);
|
|
+
|
|
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
|
|
+ users[1].name);
|
|
+ assert_int_equal(ret, 1);
|
|
+
|
|
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
|
|
+ users[2].name);
|
|
+ assert_int_equal(ret, 1);
|
|
+
|
|
+ element = ldb_msg_find_element(msgs[0], SYSDB_SUDO_CACHE_AT_USER);
|
|
+ assert_int_equal(element->num_values, 3);
|
|
+
|
|
+ talloc_zfree(lowered_name);
|
|
+ talloc_zfree(rule);
|
|
+ talloc_zfree(filter);
|
|
+ talloc_zfree(msgs);
|
|
+}
|
|
+
|
|
+void test_store_sudo_case_insensitive(void **state)
|
|
+{
|
|
+ errno_t ret;
|
|
+ char *filter;
|
|
+ const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_HOST,
|
|
+ SYSDB_SUDO_CACHE_AT_RUNASUSER,
|
|
+ SYSDB_SUDO_CACHE_AT_USER, NULL };
|
|
+ struct ldb_message **msgs = NULL;
|
|
+ size_t msgs_count;
|
|
+ const char *result;
|
|
+ struct ldb_message_element *element;
|
|
+ struct sysdb_attrs *rule;
|
|
+ struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state,
|
|
+ struct sysdb_test_ctx);
|
|
+ const char *lowered_name = sss_tc_utf8_str_tolower(test_ctx, users[0].name);
|
|
+
|
|
+ rule = sysdb_new_attrs(test_ctx);
|
|
+ assert_non_null(rule);
|
|
+ create_rule_attrs_multiple_sudoUser(rule);
|
|
+
|
|
+ test_ctx->tctx->dom->case_sensitive = false;
|
|
+
|
|
+ ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0);
|
|
+ assert_non_null(filter);
|
|
+
|
|
+ ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter,
|
|
+ attrs, &msgs_count, &msgs);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ assert_int_equal(msgs_count, 1);
|
|
+
|
|
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_CN, NULL);
|
|
+ assert_non_null(result);
|
|
+ assert_string_equal(result, rules[0].name);
|
|
+
|
|
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_HOST,
|
|
+ NULL);
|
|
+ assert_non_null(result);
|
|
+ assert_string_equal(result, rules[0].host);
|
|
+
|
|
+ result = ldb_msg_find_attr_as_string(msgs[0], SYSDB_SUDO_CACHE_AT_RUNASUSER,
|
|
+ NULL);
|
|
+ assert_non_null(result);
|
|
+ assert_string_equal(result, rules[0].as_user);
|
|
+
|
|
+ for (int i = 0; i < 3; i++) {
|
|
+ ret = ldb_msg_check_string_attribute(msgs[0], SYSDB_SUDO_CACHE_AT_USER,
|
|
+ users[i].name);
|
|
+ assert_int_equal(ret, 1);
|
|
+ }
|
|
+
|
|
+ /* test there is no duplication of lowercase forms */
|
|
+ element = ldb_msg_find_element(msgs[0], SYSDB_SUDO_CACHE_AT_USER);
|
|
+ assert_int_equal(element->num_values, 4);
|
|
+
|
|
+ talloc_zfree(lowered_name);
|
|
+ talloc_zfree(rule);
|
|
+ talloc_zfree(filter);
|
|
+ talloc_zfree(msgs);
|
|
+}
|
|
+
|
|
void test_sudo_purge_by_filter(void **state)
|
|
{
|
|
errno_t ret;
|
|
@@ -648,6 +808,12 @@ int main(int argc, const char *argv[])
|
|
cmocka_unit_test_setup_teardown(test_store_sudo,
|
|
test_sysdb_setup,
|
|
test_sysdb_teardown),
|
|
+ cmocka_unit_test_setup_teardown(test_store_sudo_case_sensitive,
|
|
+ test_sysdb_setup,
|
|
+ test_sysdb_teardown),
|
|
+ cmocka_unit_test_setup_teardown(test_store_sudo_case_insensitive,
|
|
+ test_sysdb_setup,
|
|
+ test_sysdb_teardown),
|
|
|
|
/* sysdb_sudo_purge() */
|
|
cmocka_unit_test_setup_teardown(test_sudo_purge_by_filter,
|
|
--
|
|
2.11.0
|
|
|