2 Unix SMB/CIFS implementation.
4 local testing of the nss wrapper
6 Copyright (C) Guenther Deschner 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "torture/torture.h"
24 #include "lib/replace/system/passwd.h"
25 #include "lib/nss_wrapper/nss_wrapper.h"
27 static bool copy_passwd(struct torture_context *tctx,
28 const struct passwd *pwd,
31 p->pw_name = talloc_strdup(tctx, pwd->pw_name);
32 p->pw_passwd = talloc_strdup(tctx, pwd->pw_passwd);
33 p->pw_uid = pwd->pw_uid;
34 p->pw_gid = pwd->pw_gid;
35 p->pw_gecos = talloc_strdup(tctx, pwd->pw_gecos);
36 p->pw_dir = talloc_strdup(tctx, pwd->pw_dir);
37 p->pw_shell = talloc_strdup(tctx, pwd->pw_shell);
42 static void print_passwd(struct passwd *pwd)
44 printf("%s:%s:%lu:%lu:%s:%s:%s\n",
47 (unsigned long)pwd->pw_uid,
48 (unsigned long)pwd->pw_gid,
55 static bool test_nwrap_getpwnam(struct torture_context *tctx,
61 torture_comment(tctx, "Testing getpwnam: %s\n", name);
69 copy_passwd(tctx, pwd, pwd_p);
72 return pwd ? true : false;
75 static bool test_nwrap_getpwnam_r(struct torture_context *tctx,
79 struct passwd pwd, *pwdp;
83 torture_comment(tctx, "Testing getpwnam_r: %s\n", name);
85 ret = getpwnam_r(name, &pwd, buffer, sizeof(buffer), &pwdp);
88 torture_comment(tctx, "got %d return code\n", ret);
96 copy_passwd(tctx, &pwd, pwd_p);
102 static bool test_nwrap_getpwuid(struct torture_context *tctx,
104 struct passwd *pwd_p)
108 torture_comment(tctx, "Testing getpwuid: %lu\n", (unsigned long)uid);
116 copy_passwd(tctx, pwd, pwd_p);
119 return pwd ? true : false;
122 static bool test_nwrap_getpwuid_r(struct torture_context *tctx,
124 struct passwd *pwd_p)
126 struct passwd pwd, *pwdp;
130 torture_comment(tctx, "Testing getpwuid_r: %lu\n", (unsigned long)uid);
132 ret = getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &pwdp);
135 torture_comment(tctx, "got %d return code\n", ret);
143 copy_passwd(tctx, &pwd, pwd_p);
150 static bool copy_group(struct torture_context *tctx,
151 const struct group *grp,
156 g->gr_name = talloc_strdup(tctx, grp->gr_name);
157 g->gr_passwd = talloc_strdup(tctx, grp->gr_passwd);
158 g->gr_gid = grp->gr_gid;
161 for (i=0; grp->gr_mem && grp->gr_mem[i]; i++) {
162 g->gr_mem = talloc_realloc(tctx, g->gr_mem, char *, i + 2);
163 g->gr_mem[i] = talloc_strdup(g->gr_mem, grp->gr_mem[i]);
164 g->gr_mem[i+1] = NULL;
170 static void print_group(struct group *grp)
176 (unsigned long)grp->gr_gid);
178 if (!grp->gr_mem[0]) {
183 for (i=0; grp->gr_mem[i+1]; i++) {
184 printf("%s,", grp->gr_mem[i]);
186 printf("%s\n", grp->gr_mem[i]);
189 static bool test_nwrap_getgrnam(struct torture_context *tctx,
195 torture_comment(tctx, "Testing getgrnam: %s\n", name);
197 grp = getgrnam(name);
203 copy_group(tctx, grp, grp_p);
206 return grp ? true : false;
209 static bool test_nwrap_getgrnam_r(struct torture_context *tctx,
213 struct group grp, *grpp;
217 torture_comment(tctx, "Testing getgrnam_r: %s\n", name);
219 ret = getgrnam_r(name, &grp, buffer, sizeof(buffer), &grpp);
222 torture_comment(tctx, "got %d return code\n", ret);
230 copy_group(tctx, &grp, grp_p);
237 static bool test_nwrap_getgrgid(struct torture_context *tctx,
243 torture_comment(tctx, "Testing getgrgid: %lu\n", (unsigned long)gid);
251 copy_group(tctx, grp, grp_p);
254 return grp ? true : false;
257 static bool test_nwrap_getgrgid_r(struct torture_context *tctx,
261 struct group grp, *grpp;
265 torture_comment(tctx, "Testing getgrgid_r: %lu\n", (unsigned long)gid);
267 ret = getgrgid_r(gid, &grp, buffer, sizeof(buffer), &grpp);
270 torture_comment(tctx, "got %d return code\n", ret);
278 copy_group(tctx, &grp, grp_p);
284 static bool test_nwrap_enum_passwd(struct torture_context *tctx,
285 struct passwd **pwd_array_p,
289 struct passwd *pwd_array = NULL;
292 torture_comment(tctx, "Testing setpwent\n");
295 while ((pwd = getpwent()) != NULL) {
296 torture_comment(tctx, "Testing getpwent\n");
299 if (pwd_array_p && num_pwd_p) {
300 pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
301 torture_assert(tctx, pwd_array, "out of memory");
302 copy_passwd(tctx, pwd, &pwd_array[num_pwd]);
307 torture_comment(tctx, "Testing endpwent\n");
311 *pwd_array_p = pwd_array;
314 *num_pwd_p = num_pwd;
320 static bool test_nwrap_enum_r_passwd(struct torture_context *tctx,
321 struct passwd **pwd_array_p,
324 struct passwd pwd, *pwdp;
325 struct passwd *pwd_array = NULL;
330 torture_comment(tctx, "Testing setpwent\n");
334 torture_comment(tctx, "Testing getpwent_r\n");
336 ret = getpwent_r(&pwd, buffer, sizeof(buffer), &pwdp);
339 torture_comment(tctx, "got %d return code\n", ret);
344 if (pwd_array_p && num_pwd_p) {
345 pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
346 torture_assert(tctx, pwd_array, "out of memory");
347 copy_passwd(tctx, &pwd, &pwd_array[num_pwd]);
352 torture_comment(tctx, "Testing endpwent\n");
356 *pwd_array_p = pwd_array;
359 *num_pwd_p = num_pwd;
365 static bool torture_assert_passwd_equal(struct torture_context *tctx,
366 const struct passwd *p1,
367 const struct passwd *p2,
370 torture_assert_str_equal(tctx, p1->pw_name, p2->pw_name, comment);
371 torture_assert_str_equal(tctx, p1->pw_passwd, p2->pw_passwd, comment);
372 torture_assert_int_equal(tctx, p1->pw_uid, p2->pw_uid, comment);
373 torture_assert_int_equal(tctx, p1->pw_gid, p2->pw_gid, comment);
374 torture_assert_str_equal(tctx, p1->pw_gecos, p2->pw_gecos, comment);
375 torture_assert_str_equal(tctx, p1->pw_dir, p2->pw_dir, comment);
376 torture_assert_str_equal(tctx, p1->pw_shell, p2->pw_shell, comment);
381 static bool test_nwrap_passwd(struct torture_context *tctx)
384 struct passwd *pwd, pwd1, pwd2;
387 torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
388 "failed to enumerate passwd");
390 for (i=0; i < num_pwd; i++) {
391 torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd1),
392 "failed to call getpwnam for enumerated user");
393 torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
394 "getpwent and getpwnam gave different results");
395 torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
396 "failed to call getpwuid for enumerated user");
397 torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
398 "getpwent and getpwuid gave different results");
399 torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
400 "getpwnam and getpwuid gave different results");
406 static bool test_nwrap_passwd_r(struct torture_context *tctx)
409 struct passwd *pwd, pwd1, pwd2;
412 torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
413 "failed to enumerate passwd");
415 for (i=0; i < num_pwd; i++) {
416 torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
417 "failed to call getpwnam_r for enumerated user");
418 torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
419 "getpwent_r and getpwnam_r gave different results");
420 torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
421 "failed to call getpwuid_r for enumerated user");
422 torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
423 "getpwent_r and getpwuid_r gave different results");
424 torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
425 "getpwnam_r and getpwuid_r gave different results");
431 static bool test_nwrap_enum_group(struct torture_context *tctx,
432 struct group **grp_array_p,
436 struct group *grp_array = NULL;
439 torture_comment(tctx, "Testing setgrent\n");
442 while ((grp = getgrent()) != NULL) {
443 torture_comment(tctx, "Testing getgrent\n");
446 if (grp_array_p && num_grp_p) {
447 grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
448 torture_assert(tctx, grp_array, "out of memory");
449 copy_group(tctx, grp, &grp_array[num_grp]);
454 torture_comment(tctx, "Testing endgrent\n");
458 *grp_array_p = grp_array;
461 *num_grp_p = num_grp;
467 static bool test_nwrap_enum_r_group(struct torture_context *tctx,
468 struct group **grp_array_p,
471 struct group grp, *grpp;
472 struct group *grp_array = NULL;
477 torture_comment(tctx, "Testing setgrent\n");
481 torture_comment(tctx, "Testing getgrent_r\n");
483 ret = getgrent_r(&grp, buffer, sizeof(buffer), &grpp);
486 torture_comment(tctx, "got %d return code\n", ret);
491 if (grp_array_p && num_grp_p) {
492 grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
493 torture_assert(tctx, grp_array, "out of memory");
494 copy_group(tctx, &grp, &grp_array[num_grp]);
499 torture_comment(tctx, "Testing endgrent\n");
503 *grp_array_p = grp_array;
506 *num_grp_p = num_grp;
512 static bool torture_assert_group_equal(struct torture_context *tctx,
513 const struct group *g1,
514 const struct group *g2,
518 torture_assert_str_equal(tctx, g1->gr_name, g2->gr_name, comment);
519 torture_assert_str_equal(tctx, g1->gr_passwd, g2->gr_passwd, comment);
520 torture_assert_int_equal(tctx, g1->gr_gid, g2->gr_gid, comment);
521 if (g1->gr_mem && !g2->gr_mem) {
524 if (!g1->gr_mem && g2->gr_mem) {
527 if (!g1->gr_mem && !g2->gr_mem) {
530 for (i=0; g1->gr_mem[i] && g2->gr_mem[i]; i++) {
531 torture_assert_str_equal(tctx, g1->gr_mem[i], g2->gr_mem[i], comment);
537 static bool test_nwrap_group(struct torture_context *tctx)
540 struct group *grp, grp1, grp2;
543 torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
544 "failed to enumerate group");
546 for (i=0; i < num_grp; i++) {
547 torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp1),
548 "failed to call getgrnam for enumerated user");
549 torture_assert_group_equal(tctx, &grp[i], &grp1,
550 "getgrent and getgrnam gave different results");
551 torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp2),
552 "failed to call getgrgid for enumerated user");
553 torture_assert_group_equal(tctx, &grp[i], &grp2,
554 "getgrent and getgruid gave different results");
555 torture_assert_group_equal(tctx, &grp1, &grp2,
556 "getgrnam and getgrgid gave different results");
562 static bool test_nwrap_group_r(struct torture_context *tctx)
565 struct group *grp, grp1, grp2;
568 torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
569 "failed to enumerate group");
571 for (i=0; i < num_grp; i++) {
572 torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
573 "failed to call getgrnam_r for enumerated user");
574 torture_assert_group_equal(tctx, &grp[i], &grp1,
575 "getgrent_r and getgrnam_r gave different results");
576 torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
577 "failed to call getgrgid_r for enumerated user");
578 torture_assert_group_equal(tctx, &grp[i], &grp2,
579 "getgrent_r and getgrgid_r gave different results");
580 torture_assert_group_equal(tctx, &grp1, &grp2,
581 "getgrnam_r and getgrgid_r gave different results");
587 static bool test_nwrap_getgrouplist(struct torture_context *tctx,
595 gid_t *groups = NULL;
597 torture_comment(tctx, "Testing getgrouplist: %s\n", user);
599 ret = getgrouplist(user, gid, NULL, &num_groups);
600 if (ret == -1 || num_groups != 0) {
602 groups = talloc_array(tctx, gid_t, num_groups);
603 torture_assert(tctx, groups, "out of memory\n");
605 ret = getgrouplist(user, gid, groups, &num_groups);
608 torture_assert(tctx, (ret != -1), "failed to call getgrouplist");
610 torture_comment(tctx, "%s is member in %d groups\n", user, num_groups);
616 *num_gids_p = num_groups;
622 static bool test_nwrap_user_in_group(struct torture_context *tctx,
623 const struct passwd *pwd,
624 const struct group *grp)
628 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
629 if (strequal(grp->gr_mem[i], pwd->pw_name)) {
637 static bool test_nwrap_membership_user(struct torture_context *tctx,
638 const struct passwd *pwd,
639 struct group *grp_array,
642 int num_user_groups = 0;
643 int num_user_groups_from_enum = 0;
644 gid_t *user_groups = NULL;
646 bool primary_group_had_user_member = false;
648 torture_assert(tctx, test_nwrap_getgrouplist(tctx,
653 "failed to test getgrouplist");
655 for (g=0; g < num_user_groups; g++) {
656 torture_assert(tctx, test_nwrap_getgrgid(tctx, user_groups[g], NULL),
657 "failed to find the group the user is a member of");
661 for (i=0; i < num_grp; i++) {
663 struct group grp = grp_array[i];
665 if (test_nwrap_user_in_group(tctx, pwd, &grp)) {
667 struct group current_grp;
668 num_user_groups_from_enum++;
670 torture_assert(tctx, test_nwrap_getgrnam(tctx, grp.gr_name, ¤t_grp),
671 "failed to find the group the user is a member of");
673 if (current_grp.gr_gid == pwd->pw_gid) {
674 torture_comment(tctx, "primary group %s of user %s lists user as member\n",
677 primary_group_had_user_member = true;
684 if (!primary_group_had_user_member) {
685 num_user_groups_from_enum++;
688 torture_assert_int_equal(tctx, num_user_groups, num_user_groups_from_enum,
689 "getgrouplist and real inspection of grouplist gave different results\n");
694 static bool test_nwrap_membership(struct torture_context *tctx)
696 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
697 const char *old_group = getenv("NSS_WRAPPER_GROUP");
704 if (!old_pwd || !old_group) {
705 torture_skip(tctx, "nothing to test\n");
709 torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
710 "failed to enumerate passwd");
711 torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
712 "failed to enumerate group");
714 for (i=0; i < num_pwd; i++) {
716 torture_assert(tctx, test_nwrap_membership_user(tctx, &pwd[i], grp, num_grp),
717 "failed to test membership for user");
724 static bool test_nwrap_enumeration(struct torture_context *tctx)
726 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
727 const char *old_group = getenv("NSS_WRAPPER_GROUP");
729 if (!old_pwd || !old_group) {
730 torture_skip(tctx, "nothing to test\n");
734 torture_assert(tctx, test_nwrap_passwd(tctx),
735 "failed to test users");
736 torture_assert(tctx, test_nwrap_group(tctx),
737 "failed to test groups");
742 static bool test_nwrap_reentrant_enumeration(struct torture_context *tctx)
744 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
745 const char *old_group = getenv("NSS_WRAPPER_GROUP");
747 if (!old_pwd || !old_group) {
748 torture_skip(tctx, "nothing to test\n");
752 torture_comment(tctx, "Testing re-entrant calls\n");
754 torture_assert(tctx, test_nwrap_passwd_r(tctx),
755 "failed to test users");
756 torture_assert(tctx, test_nwrap_group_r(tctx),
757 "failed to test groups");
763 struct torture_suite *torture_local_nss_wrapper(TALLOC_CTX *mem_ctx)
765 struct torture_suite *suite = torture_suite_create(mem_ctx, "NSS-WRAPPER");
767 torture_suite_add_simple_test(suite, "enumeration", test_nwrap_enumeration);
768 torture_suite_add_simple_test(suite, "reentrant enumeration", test_nwrap_reentrant_enumeration);
769 torture_suite_add_simple_test(suite, "membership", test_nwrap_membership);