2 Unix SMB/CIFS implementation.
4 local testing of the nss wrapper
6 Copyright (C) Guenther Deschner 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "torture/torture.h"
24 #include "lib/replace/system/passwd.h"
25 #include "lib/nss_wrapper/nss_wrapper.h"
27 static bool copy_passwd(struct torture_context *tctx,
28 const struct passwd *pwd,
31 p->pw_name = talloc_strdup(tctx, pwd->pw_name);
32 p->pw_passwd = talloc_strdup(tctx, pwd->pw_passwd);
33 p->pw_uid = pwd->pw_uid;
34 p->pw_gid = pwd->pw_gid;
35 p->pw_gecos = talloc_strdup(tctx, pwd->pw_gecos);
36 p->pw_dir = talloc_strdup(tctx, pwd->pw_dir);
37 p->pw_shell = talloc_strdup(tctx, pwd->pw_shell);
42 static void print_passwd(struct passwd *pwd)
44 printf("%s:%s:%lu:%lu:%s:%s:%s\n",
47 (unsigned long)pwd->pw_uid,
48 (unsigned long)pwd->pw_gid,
55 static bool test_nwrap_getpwnam(struct torture_context *tctx,
61 torture_comment(tctx, "Testing getpwnam: %s\n", name);
69 copy_passwd(tctx, pwd, pwd_p);
72 return pwd ? true : false;
75 static bool test_nwrap_getpwnam_r(struct torture_context *tctx,
79 struct passwd pwd, *pwdp;
83 torture_comment(tctx, "Testing getpwnam_r: %s\n", name);
85 ret = getpwnam_r(name, &pwd, buffer, sizeof(buffer), &pwdp);
88 torture_comment(tctx, "got %d return code\n", ret);
96 copy_passwd(tctx, &pwd, pwd_p);
102 static bool test_nwrap_getpwuid(struct torture_context *tctx,
104 struct passwd *pwd_p)
108 torture_comment(tctx, "Testing getpwuid: %lu\n", (unsigned long)uid);
116 copy_passwd(tctx, pwd, pwd_p);
119 return pwd ? true : false;
122 static bool test_nwrap_getpwuid_r(struct torture_context *tctx,
124 struct passwd *pwd_p)
126 struct passwd pwd, *pwdp;
130 torture_comment(tctx, "Testing getpwuid_r: %lu\n", (unsigned long)uid);
132 ret = getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &pwdp);
135 torture_comment(tctx, "got %d return code\n", ret);
143 copy_passwd(tctx, &pwd, pwd_p);
150 static bool copy_group(struct torture_context *tctx,
151 const struct group *grp,
156 g->gr_name = talloc_strdup(tctx, grp->gr_name);
157 g->gr_passwd = talloc_strdup(tctx, grp->gr_passwd);
158 g->gr_gid = grp->gr_gid;
161 for (i=0; grp->gr_mem && grp->gr_mem[i]; i++) {
162 g->gr_mem = talloc_realloc(tctx, g->gr_mem, char *, i + 2);
163 g->gr_mem[i] = talloc_strdup(g->gr_mem, grp->gr_mem[i]);
164 g->gr_mem[i+1] = NULL;
170 static void print_group(struct group *grp)
176 (unsigned long)grp->gr_gid);
178 if (!grp->gr_mem[0]) {
183 for (i=0; grp->gr_mem[i+1]; i++) {
184 printf("%s,", grp->gr_mem[i]);
186 printf("%s\n", grp->gr_mem[i]);
189 static bool test_nwrap_getgrnam(struct torture_context *tctx,
195 torture_comment(tctx, "Testing getgrnam: %s\n", name);
197 grp = getgrnam(name);
203 copy_group(tctx, grp, grp_p);
206 return grp ? true : false;
209 static bool test_nwrap_getgrnam_r(struct torture_context *tctx,
213 struct group grp, *grpp;
217 torture_comment(tctx, "Testing getgrnam_r: %s\n", name);
219 ret = getgrnam_r(name, &grp, buffer, sizeof(buffer), &grpp);
222 torture_comment(tctx, "got %d return code\n", ret);
230 copy_group(tctx, &grp, grp_p);
237 static bool test_nwrap_getgrgid(struct torture_context *tctx,
243 torture_comment(tctx, "Testing getgrgid: %lu\n", (unsigned long)gid);
251 copy_group(tctx, grp, grp_p);
254 return grp ? true : false;
257 static bool test_nwrap_getgrgid_r(struct torture_context *tctx,
261 struct group grp, *grpp;
265 torture_comment(tctx, "Testing getgrgid_r: %lu\n", (unsigned long)gid);
267 ret = getgrgid_r(gid, &grp, buffer, sizeof(buffer), &grpp);
270 torture_comment(tctx, "got %d return code\n", ret);
278 copy_group(tctx, &grp, grp_p);
284 static bool test_nwrap_enum_passwd(struct torture_context *tctx,
285 struct passwd **pwd_array_p,
289 struct passwd *pwd_array = NULL;
292 torture_comment(tctx, "Testing setpwent\n");
295 while ((pwd = getpwent()) != NULL) {
296 torture_comment(tctx, "Testing getpwent\n");
299 if (pwd_array_p && num_pwd_p) {
300 pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
301 torture_assert(tctx, pwd_array, "out of memory");
302 copy_passwd(tctx, pwd, &pwd_array[num_pwd]);
307 torture_comment(tctx, "Testing endpwent\n");
311 *pwd_array_p = pwd_array;
314 *num_pwd_p = num_pwd;
320 static bool test_nwrap_enum_r_passwd(struct torture_context *tctx,
321 struct passwd **pwd_array_p,
324 struct passwd pwd, *pwdp;
325 struct passwd *pwd_array = NULL;
330 torture_comment(tctx, "Testing setpwent\n");
334 torture_comment(tctx, "Testing getpwent_r\n");
336 ret = getpwent_r(&pwd, buffer, sizeof(buffer), &pwdp);
339 torture_comment(tctx, "got %d return code\n", ret);
344 if (pwd_array_p && num_pwd_p) {
345 pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
346 torture_assert(tctx, pwd_array, "out of memory");
347 copy_passwd(tctx, &pwd, &pwd_array[num_pwd]);
352 torture_comment(tctx, "Testing endpwent\n");
356 *pwd_array_p = pwd_array;
359 *num_pwd_p = num_pwd;
365 static bool torture_assert_passwd_equal(struct torture_context *tctx,
366 const struct passwd *p1,
367 const struct passwd *p2,
370 torture_assert_str_equal(tctx, p1->pw_name, p2->pw_name, comment);
371 torture_assert_str_equal(tctx, p1->pw_passwd, p2->pw_passwd, comment);
372 torture_assert_int_equal(tctx, p1->pw_uid, p2->pw_uid, comment);
373 torture_assert_int_equal(tctx, p1->pw_gid, p2->pw_gid, comment);
374 torture_assert_str_equal(tctx, p1->pw_gecos, p2->pw_gecos, comment);
375 torture_assert_str_equal(tctx, p1->pw_dir, p2->pw_dir, comment);
376 torture_assert_str_equal(tctx, p1->pw_shell, p2->pw_shell, comment);
381 static bool test_nwrap_passwd(struct torture_context *tctx)
384 struct passwd *pwd, pwd1, pwd2;
387 torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
388 "failed to enumerate passwd");
390 for (i=0; i < num_pwd; i++) {
391 torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd1),
392 "failed to call getpwnam for enumerated user");
393 torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
394 "getpwent and getpwnam gave different results");
395 torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
396 "failed to call getpwuid for enumerated user");
397 torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
398 "getpwent and getpwuid gave different results");
399 torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
400 "getpwnam and getpwuid gave different results");
406 static bool test_nwrap_passwd_r(struct torture_context *tctx)
409 struct passwd *pwd, pwd1, pwd2;
412 torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
413 "failed to enumerate passwd");
415 for (i=0; i < num_pwd; i++) {
416 torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
417 "failed to call getpwnam_r for enumerated user");
418 torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
419 "getpwent_r and getpwnam_r gave different results");
420 torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
421 "failed to call getpwuid_r for enumerated user");
422 torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
423 "getpwent_r and getpwuid_r gave different results");
424 torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
425 "getpwnam_r and getpwuid_r gave different results");
431 static bool test_nwrap_passwd_r_cross(struct torture_context *tctx)
434 struct passwd *pwd, pwd1, pwd2, pwd3, pwd4;
437 torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
438 "failed to enumerate passwd");
440 for (i=0; i < num_pwd; i++) {
441 torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
442 "failed to call getpwnam_r for enumerated user");
443 torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
444 "getpwent_r and getpwnam_r gave different results");
445 torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
446 "failed to call getpwuid_r for enumerated user");
447 torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
448 "getpwent_r and getpwuid_r gave different results");
449 torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
450 "getpwnam_r and getpwuid_r gave different results");
451 torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd3),
452 "failed to call getpwnam for enumerated user");
453 torture_assert_passwd_equal(tctx, &pwd[i], &pwd3,
454 "getpwent_r and getpwnam gave different results");
455 torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd4),
456 "failed to call getpwuid for enumerated user");
457 torture_assert_passwd_equal(tctx, &pwd[i], &pwd4,
458 "getpwent_r and getpwuid gave different results");
459 torture_assert_passwd_equal(tctx, &pwd3, &pwd4,
460 "getpwnam and getpwuid gave different results");
466 static bool test_nwrap_enum_group(struct torture_context *tctx,
467 struct group **grp_array_p,
471 struct group *grp_array = NULL;
474 torture_comment(tctx, "Testing setgrent\n");
477 while ((grp = getgrent()) != NULL) {
478 torture_comment(tctx, "Testing getgrent\n");
481 if (grp_array_p && num_grp_p) {
482 grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
483 torture_assert(tctx, grp_array, "out of memory");
484 copy_group(tctx, grp, &grp_array[num_grp]);
489 torture_comment(tctx, "Testing endgrent\n");
493 *grp_array_p = grp_array;
496 *num_grp_p = num_grp;
502 static bool test_nwrap_enum_r_group(struct torture_context *tctx,
503 struct group **grp_array_p,
506 struct group grp, *grpp;
507 struct group *grp_array = NULL;
512 torture_comment(tctx, "Testing setgrent\n");
516 torture_comment(tctx, "Testing getgrent_r\n");
518 ret = getgrent_r(&grp, buffer, sizeof(buffer), &grpp);
521 torture_comment(tctx, "got %d return code\n", ret);
526 if (grp_array_p && num_grp_p) {
527 grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
528 torture_assert(tctx, grp_array, "out of memory");
529 copy_group(tctx, &grp, &grp_array[num_grp]);
534 torture_comment(tctx, "Testing endgrent\n");
538 *grp_array_p = grp_array;
541 *num_grp_p = num_grp;
547 static bool torture_assert_group_equal(struct torture_context *tctx,
548 const struct group *g1,
549 const struct group *g2,
553 torture_assert_str_equal(tctx, g1->gr_name, g2->gr_name, comment);
554 torture_assert_str_equal(tctx, g1->gr_passwd, g2->gr_passwd, comment);
555 torture_assert_int_equal(tctx, g1->gr_gid, g2->gr_gid, comment);
556 if (g1->gr_mem && !g2->gr_mem) {
559 if (!g1->gr_mem && g2->gr_mem) {
562 if (!g1->gr_mem && !g2->gr_mem) {
565 for (i=0; g1->gr_mem[i] && g2->gr_mem[i]; i++) {
566 torture_assert_str_equal(tctx, g1->gr_mem[i], g2->gr_mem[i], comment);
572 static bool test_nwrap_group(struct torture_context *tctx)
575 struct group *grp, grp1, grp2;
578 torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
579 "failed to enumerate group");
581 for (i=0; i < num_grp; i++) {
582 torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp1),
583 "failed to call getgrnam for enumerated user");
584 torture_assert_group_equal(tctx, &grp[i], &grp1,
585 "getgrent and getgrnam gave different results");
586 torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp2),
587 "failed to call getgrgid for enumerated user");
588 torture_assert_group_equal(tctx, &grp[i], &grp2,
589 "getgrent and getgrgid gave different results");
590 torture_assert_group_equal(tctx, &grp1, &grp2,
591 "getgrnam and getgrgid gave different results");
597 static bool test_nwrap_group_r(struct torture_context *tctx)
600 struct group *grp, grp1, grp2;
603 torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
604 "failed to enumerate group");
606 for (i=0; i < num_grp; i++) {
607 torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
608 "failed to call getgrnam_r for enumerated user");
609 torture_assert_group_equal(tctx, &grp[i], &grp1,
610 "getgrent_r and getgrnam_r gave different results");
611 torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
612 "failed to call getgrgid_r for enumerated user");
613 torture_assert_group_equal(tctx, &grp[i], &grp2,
614 "getgrent_r and getgrgid_r gave different results");
615 torture_assert_group_equal(tctx, &grp1, &grp2,
616 "getgrnam_r and getgrgid_r gave different results");
622 static bool test_nwrap_group_r_cross(struct torture_context *tctx)
625 struct group *grp, grp1, grp2, grp3, grp4;
628 torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
629 "failed to enumerate group");
631 for (i=0; i < num_grp; i++) {
632 torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
633 "failed to call getgrnam_r for enumerated user");
634 torture_assert_group_equal(tctx, &grp[i], &grp1,
635 "getgrent_r and getgrnam_r gave different results");
636 torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
637 "failed to call getgrgid_r for enumerated user");
638 torture_assert_group_equal(tctx, &grp[i], &grp2,
639 "getgrent_r and getgrgid_r gave different results");
640 torture_assert_group_equal(tctx, &grp1, &grp2,
641 "getgrnam_r and getgrgid_r gave different results");
642 torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp3),
643 "failed to call getgrnam for enumerated user");
644 torture_assert_group_equal(tctx, &grp[i], &grp3,
645 "getgrent_r and getgrnam gave different results");
646 torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp4),
647 "failed to call getgrgid for enumerated user");
648 torture_assert_group_equal(tctx, &grp[i], &grp4,
649 "getgrent_r and getgrgid gave different results");
650 torture_assert_group_equal(tctx, &grp3, &grp4,
651 "getgrnam and getgrgid gave different results");
657 static bool test_nwrap_getgrouplist(struct torture_context *tctx,
665 gid_t *groups = NULL;
667 torture_comment(tctx, "Testing getgrouplist: %s\n", user);
669 ret = getgrouplist(user, gid, NULL, &num_groups);
670 if (ret == -1 || num_groups != 0) {
672 groups = talloc_array(tctx, gid_t, num_groups);
673 torture_assert(tctx, groups, "out of memory\n");
675 ret = getgrouplist(user, gid, groups, &num_groups);
678 torture_assert(tctx, (ret != -1), "failed to call getgrouplist");
680 torture_comment(tctx, "%s is member in %d groups\n", user, num_groups);
686 *num_gids_p = num_groups;
692 static bool test_nwrap_user_in_group(struct torture_context *tctx,
693 const struct passwd *pwd,
694 const struct group *grp)
698 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
699 if (strequal(grp->gr_mem[i], pwd->pw_name)) {
707 static bool test_nwrap_membership_user(struct torture_context *tctx,
708 const struct passwd *pwd,
709 struct group *grp_array,
712 int num_user_groups = 0;
713 int num_user_groups_from_enum = 0;
714 gid_t *user_groups = NULL;
716 bool primary_group_had_user_member = false;
718 torture_assert(tctx, test_nwrap_getgrouplist(tctx,
723 "failed to test getgrouplist");
725 for (g=0; g < num_user_groups; g++) {
726 torture_assert(tctx, test_nwrap_getgrgid(tctx, user_groups[g], NULL),
727 "failed to find the group the user is a member of");
731 for (i=0; i < num_grp; i++) {
733 struct group grp = grp_array[i];
735 if (test_nwrap_user_in_group(tctx, pwd, &grp)) {
737 struct group current_grp;
738 num_user_groups_from_enum++;
740 torture_assert(tctx, test_nwrap_getgrnam(tctx, grp.gr_name, ¤t_grp),
741 "failed to find the group the user is a member of");
743 if (current_grp.gr_gid == pwd->pw_gid) {
744 torture_comment(tctx, "primary group %s of user %s lists user as member\n",
747 primary_group_had_user_member = true;
754 if (!primary_group_had_user_member) {
755 num_user_groups_from_enum++;
758 torture_assert_int_equal(tctx, num_user_groups, num_user_groups_from_enum,
759 "getgrouplist and real inspection of grouplist gave different results\n");
764 static bool test_nwrap_membership(struct torture_context *tctx)
766 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
767 const char *old_group = getenv("NSS_WRAPPER_GROUP");
774 if (!old_pwd || !old_group) {
775 torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
776 torture_skip(tctx, "nothing to test\n");
779 torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
780 "failed to enumerate passwd");
781 torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
782 "failed to enumerate group");
784 for (i=0; i < num_pwd; i++) {
786 torture_assert(tctx, test_nwrap_membership_user(tctx, &pwd[i], grp, num_grp),
787 "failed to test membership for user");
794 static bool test_nwrap_enumeration(struct torture_context *tctx)
796 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
797 const char *old_group = getenv("NSS_WRAPPER_GROUP");
799 if (!old_pwd || !old_group) {
800 torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
801 torture_skip(tctx, "nothing to test\n");
804 torture_assert(tctx, test_nwrap_passwd(tctx),
805 "failed to test users");
806 torture_assert(tctx, test_nwrap_group(tctx),
807 "failed to test groups");
812 static bool test_nwrap_reentrant_enumeration(struct torture_context *tctx)
814 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
815 const char *old_group = getenv("NSS_WRAPPER_GROUP");
817 if (!old_pwd || !old_group) {
818 torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
819 torture_skip(tctx, "nothing to test\n");
822 torture_comment(tctx, "Testing re-entrant calls\n");
824 torture_assert(tctx, test_nwrap_passwd_r(tctx),
825 "failed to test users");
826 torture_assert(tctx, test_nwrap_group_r(tctx),
827 "failed to test groups");
832 static bool test_nwrap_reentrant_enumeration_crosschecks(struct torture_context *tctx)
834 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
835 const char *old_group = getenv("NSS_WRAPPER_GROUP");
837 if (!old_pwd || !old_group) {
838 torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
839 torture_skip(tctx, "nothing to test\n");
842 torture_comment(tctx, "Testing re-entrant calls with cross checks\n");
844 torture_assert(tctx, test_nwrap_passwd_r_cross(tctx),
845 "failed to test users");
846 torture_assert(tctx, test_nwrap_group_r_cross(tctx),
847 "failed to test groups");
852 struct torture_suite *torture_local_nss_wrapper(TALLOC_CTX *mem_ctx)
854 struct torture_suite *suite = torture_suite_create(mem_ctx, "NSS-WRAPPER");
856 torture_suite_add_simple_test(suite, "enumeration", test_nwrap_enumeration);
857 torture_suite_add_simple_test(suite, "reentrant enumeration", test_nwrap_reentrant_enumeration);
858 torture_suite_add_simple_test(suite, "reentrant enumeration crosschecks", test_nwrap_reentrant_enumeration_crosschecks);
859 torture_suite_add_simple_test(suite, "membership", test_nwrap_membership);
git.samba.org / ira / wip.git / blob