On 07/12/2016 10:31 AM, Pavel Březina wrote:
On 07/11/2016 05:12 PM, Petr Cech wrote:On 07/05/2016 08:44 AM, Jakub Hrozek wrote:On Mon, Jun 27, 2016 at 03:37:25PM +0200, Petr Cech wrote:...+static errno_t ad_get_enabled_domains(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_id_ctx, + const char *ad_domain, + const char ***_ad_enabled_domains) +{ + int ret; + const char *str; + const char *option_name; + char **domains = NULL; + const char **list = NULL; + int count; + bool is_ad_in_domains; + TALLOC_CTX *tmp_ctx = NULL; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + str = dp_opt_get_cstring(ad_id_ctx->ad_options->basic, AD_ENABLED_DOMAINS); + if (str == NULL) { + _ad_enabled_domains = NULL; + ret = EOK; + goto done; + } + + count = 0; + ret = split_on_separator(tmp_ctx, str, ',', true, true, &domains, &count); + if (ret != EOK) { + option_name = ad_id_ctx->ad_options->basic[AD_ENABLED_DOMAINS].opt_name; + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse option [%s], [%i] [%s]!\n", + option_name, ret, sss_strerror(ret)); + ret = EINVAL; + goto done; + } + + list = talloc_array_size(tmp_ctx, sizeof(char*), count); + if (list == NULL) { + ret = ENOMEM; + goto done; + } + + is_ad_in_domains = false; + for (int i = 0; i < count; i++) { + list[i] = talloc_strdup(list, domains[i]);Do we need to duplicate the string here, wouldn't it be enough to steal it?This is my attempt to satisfy the needs. I am trying to make: # const char** from char** I would like to return const char** because it is option. But the function split_on_separator() expects char**. Does anybody know better solution?You can use discard_const for this case.
Hi list, I addressed all comments, new patch set is attached. Thanks for review and for help with discard_const(_p). I am afraid that my patch set is not fully compatible with dp_refactor.It is not unfortunately fully tested yet. I have 'test manual' which I would like to pass before I can say work is done.
I hit issue with my local test environment (LTE) after pulling to recent master. My LTE consists of:
A (forest root)
|
|-- S1 (SSSD client)
|
|-- B (AD client)
|
|-- S2 (SSSD client)
S2 box is fine but S1 box has troubles... I make new S1 with new domain
name, connect to A with 'sudo real join s1.domain' and I start SSSD. It
crash very quickly.
Attachment data.tar.bz2 contains log and sssd.conf Could you help me, please? Regards... -- Petr^4 Čech
>From c9ac6648ad57398ef9c8312485955a43f356b998 Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Fri, 13 May 2016 05:21:07 -0400 Subject: [PATCH 1/5] AD_PROVIDER: Add ad_enabled_domains option Resolves: https://fedorahosted.org/sssd/ticket/2828 --- src/config/SSSDConfig/__init__.py.in | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + src/man/sssd-ad.5.xml | 22 ++++++++++++++++++++++ src/providers/ad/ad_common.h | 1 + src/providers/ad/ad_opts.c | 1 + 6 files changed, 27 insertions(+) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index b5e078d0118a15c10b43fbe050176943ec90e0ee..bb477fef4159914ef5902edbb65af5a530348c7f 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -190,6 +190,7 @@ option_strings = { # [provider/ad] 'ad_domain' : _('Active Directory domain'), + 'ad_enabled_domains' : _('Enabled Active Directory domains'), 'ad_server' : _('Active Directory server address'), 'ad_backup_server' : _('Active Directory backup server address'), 'ad_hostname' : _('Active Directory client hostname'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 85a15be3493cf4b8c5a612b0f66ae4c86d39b1ab..2c7eec35d7e48030eace8e26e28b9d7e383bf97e 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -325,6 +325,7 @@ option = ad_access_filter option = ad_backup_server option = ad_domain option = ad_enable_dns_sites +option = ad_enabled_domains option = ad_enable_gc option = ad_gpo_access_control option = ad_gpo_cache_timeout diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index 23006d26ca6fe7ca2b912ef091b4c73d5d23bee1..0d16387aafbd4f1f9f46654d31f403ad465f8422 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -1,5 +1,6 @@ [provider/ad] ad_domain = str, None, false +ad_enabled_domains = str, None, false ad_server = str, None, false ad_backup_server = str, None, false ad_hostname = str, None, false diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index ef27976dd62e164cfb91359efc69bd54e1aa9711..1e3309fe0b9719adb7451e5491cca3366df3531b 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -114,6 +114,28 @@ ldap_id_mapping = False </varlistentry> <varlistentry> + <term>ad_enabled_domains (string)</term> + <listitem> + <para> + The comma-separated list of the enabled Active + Directory domains. This is optional. If provided, + SSSD will not contact domains not listed in this + option. If not provided, all domains from AD forest + are enabled. + </para> + <para> + For proper operation, this option should be + specified as the lower-case version of the long + version of the Active Directory domain. + </para> + <para> + The short domain name (also known as the NetBIOS + or the flat name) is autodetected by the SSSD. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ad_server, ad_backup_server (string)</term> <listitem> <para> diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index ce363c5a4122aa5e48ca83b0b2bdf63ff4372d91..5eea9e477038913a94b4a61b6d1a211abb951bfe 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -42,6 +42,7 @@ struct ad_options; enum ad_basic_opt { AD_DOMAIN = 0, + AD_ENABLED_DOMAINS, AD_SERVER, AD_BACKUP_SERVER, AD_HOSTNAME, diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c index 57dfcca6b998083c7cf9ac0bcb142ff7736cc8b9..8e02fbeb4d580ac31775917ed787e5d7ff3c9271 100644 --- a/src/providers/ad/ad_opts.c +++ b/src/providers/ad/ad_opts.c @@ -28,6 +28,7 @@ struct dp_option ad_basic_opts[] = { { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ad_enabled_domains", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING }, -- 2.7.4
>From c6d6ef4f0418aadef7aba5bba3bdbec00da7ba6d Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Tue, 21 Jun 2016 08:34:15 +0200 Subject: [PATCH 2/5] AD_PROVIDER: Initializing of ad_enabled_domains We add ad_enabled_domains into ad_subdomains_ctx. Resolves: https://fedorahosted.org/sssd/ticket/2828 --- src/providers/ad/ad_subdomains.c | 82 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 05dfc3085fb14a87b5703518d784056b71bf5de0..4e923fc435611354f57ce9d793ee1be29a7b79b8 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -57,6 +57,79 @@ /* do not refresh more often than every 5 seconds for now */ #define AD_SUBDOMAIN_REFRESH_LIMIT 5 +static errno_t ad_get_enabled_domains(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_id_ctx, + const char *ad_domain, + const char ***_ad_enabled_domains) +{ + int ret; + const char *str; + const char *option_name; + const char **domains = NULL; + int count; + bool is_ad_in_domains; + TALLOC_CTX *tmp_ctx = NULL; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + str = dp_opt_get_cstring(ad_id_ctx->ad_options->basic, AD_ENABLED_DOMAINS); + if (str == NULL) { + _ad_enabled_domains = NULL; + ret = EOK; + goto done; + } + + count = 0; + ret = split_on_separator(tmp_ctx, str, ',', true, true, + discard_const_p(char **, &domains), &count); + if (ret != EOK) { + option_name = ad_id_ctx->ad_options->basic[AD_ENABLED_DOMAINS].opt_name; + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse option [%s], [%i] [%s]!\n", + option_name, ret, sss_strerror(ret)); + ret = EINVAL; + goto done; + } + + is_ad_in_domains = false; + for (int i = 0; i < count; i++) { + is_ad_in_domains += strcmp(ad_domain, domains[i]) == 0 ? true : false; + } + + if (is_ad_in_domains == false) { + domains = talloc_realloc(tmp_ctx, domains, const char*, count + 2); + if (domains == NULL) { + ret = ENOMEM; + goto done; + } + + domains[count] = talloc_strdup(domains, ad_domain); + if (domains[count] == NULL) { + ret = ENOMEM; + goto done; + } + + domains[count + 1] = NULL; + } else { + domains = talloc_realloc(tmp_ctx, domains, const char*, count + 1); + if (domains == NULL) { + ret = ENOMEM; + goto done; + } + + domains[count] = NULL; + } + + *_ad_enabled_domains = talloc_steal(mem_ctx, domains); + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + static errno_t ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, @@ -164,6 +237,7 @@ struct ad_subdomains_ctx { struct sdap_domain *sdom; char *domain_name; + const char **ad_enabled_domains; time_t last_refreshed; }; @@ -1351,6 +1425,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx, { struct ad_subdomains_ctx *sd_ctx; const char *ad_domain; + char **ad_enabled_domains = NULL; time_t period; errno_t ret; @@ -1362,6 +1437,12 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx, return ENOMEM; } + ret = ad_get_enabled_domains(sd_ctx, ad_id_ctx, ad_domain, + &ad_enabled_domains); + if (ret != EOK) { + return EINVAL; + } + sd_ctx->be_ctx = be_ctx; sd_ctx->sdom = ad_id_ctx->sdap_id_ctx->opts->sdom; sd_ctx->sdap_id_ctx = ad_id_ctx->sdap_id_ctx; @@ -1370,6 +1451,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); return ENOMEM; } + sd_ctx->ad_enabled_domains = ad_enabled_domains; sd_ctx->ad_id_ctx = ad_id_ctx; dp_set_method(dp_methods, DPM_DOMAINS_HANDLER, -- 2.7.4
>From af301fe2919e674f2b5fcc13bbf943a50ca63c18 Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Tue, 21 Jun 2016 09:48:52 +0200 Subject: [PATCH 3/5] AD_PROVIDER: ad_enabled_domains - only master We can skip looking up other domains if option ad_enabled_domains contains only master domain. Resolves: https://fedorahosted.org/sssd/ticket/2828 --- src/providers/ad/ad_subdomains.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 4e923fc435611354f57ce9d793ee1be29a7b79b8..7e35ecd2c67cd033e3cdef3d14aaee6c00a50964 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -1163,6 +1163,7 @@ static void ad_subdomains_refresh_connect_done(struct tevent_req *subreq) return; } + /* connect to the DC we are a member of */ subreq = ad_master_domain_send(state, state->ev, state->id_ctx->conn, state->sdap_op, state->sd_ctx->domain_name); if (subreq == NULL) { @@ -1212,6 +1213,21 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq) goto done; } + /* + * If ad_enabled_domains contains only master domain + * we shouldn't lookup other domains. + */ + if (state->sd_ctx->ad_enabled_domains != NULL) { + if (talloc_array_length(state->sd_ctx->ad_enabled_domains) == 2) { + if (strcmp(state->sd_ctx->ad_enabled_domains[0], + state->be_ctx->domain->name) == 0) { + DEBUG(SSSDBG_TRACE_FUNC, + "No other enabled domain than master.\n"); + goto done; + } + } + } + subreq = ad_get_root_domain_send(state, state->ev, forest, sdap_id_op_handle(state->sdap_op), state->sd_ctx); -- 2.7.4
>From 2e1a494e21317062898722861e1f03f32a2e8909 Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Mon, 27 Jun 2016 11:51:30 +0200 Subject: [PATCH 4/5] AD_PROVIDER: ad_enabled_domains - other then master We can skip looking up other domains if option ad_enabled_domains doesn't contain them. Resolves: https://fedorahosted.org/sssd/ticket/2828 --- src/providers/ad/ad_subdomains.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 7e35ecd2c67cd033e3cdef3d14aaee6c00a50964..ceb60a2b8be0eb8bb35d1b9f078c026a73515a92 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -485,6 +485,7 @@ done: static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, + const char **enabled_domains_list, size_t nsd, struct sysdb_attrs **sd, struct sysdb_attrs *root, size_t *_nsd_out, @@ -493,9 +494,10 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, size_t i, sdi; struct sysdb_attrs **sd_out; const char *sd_name; + const bool is_sd_filtered = (enabled_domains_list == NULL) ? false : true; errno_t ret; - if (root == NULL) { + if (root == NULL && is_sd_filtered == false) { /* We are connected directly to the root domain. The 'sd' * list is complete and we can just use it */ @@ -522,6 +524,14 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, goto fail; } + if (is_sd_filtered == true) { + if (string_in_list(sd_name, + discard_const_p(char *, &enabled_domains_list), + true) == false) { + continue; + } + } + if (strcasecmp(sd_name, domain->name) == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, "Not including primary domain %s in the subdomain list\n", @@ -534,9 +544,12 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, } /* Now include the root */ - sd_out[sdi] = talloc_steal(sd_out, root); + if (root != NULL) { + sd_out[sdi] = talloc_steal(sd_out, root); + sdi++; + } - *_nsd_out = sdi+1; + *_nsd_out = sdi; *_sd_out = sd_out; return EOK; @@ -782,6 +795,7 @@ static void ad_get_slave_domain_done(struct tevent_req *subreq) * subdomains. */ ret = ad_subdomains_process(state, state->be_ctx->domain, + state->sd_ctx->ad_enabled_domains, reply_count, reply, state->root_attrs, &nsubdoms, &subdoms); if (ret != EOK) { @@ -1441,7 +1455,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx, { struct ad_subdomains_ctx *sd_ctx; const char *ad_domain; - char **ad_enabled_domains = NULL; + const char **ad_enabled_domains = NULL; time_t period; errno_t ret; -- 2.7.4
>From 40fc8a7fb7a7abb052b43991dbc6ec211a8bea6a Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Mon, 27 Jun 2016 11:53:19 +0200 Subject: [PATCH 5/5] TESTS: Adding tests for ad_enabled_domains option There is special logic around ad_enabled_domains option: * option is disabled by default * master domain is always added to enabled domains Resolves: https://fedorahosted.org/sssd/ticket/2828 --- Makefile.am | 23 +++ src/tests/cmocka/test_ad_subdomains.c | 328 ++++++++++++++++++++++++++++++++++ 2 files changed, 351 insertions(+) create mode 100644 src/tests/cmocka/test_ad_subdomains.c diff --git a/Makefile.am b/Makefile.am index 706b60d6a065e0a983f5a1cfbc26a78331c67d58..16526906bcce2a9dfb3b6e4f2ca73e505ef37480 100644 --- a/Makefile.am +++ b/Makefile.am @@ -257,6 +257,7 @@ if HAVE_CMOCKA test_sbus_opath \ test_fo_srv \ pam-srv-tests \ + test_ad_subdom \ test_ipa_subdom_util \ test_tools_colondb \ test_krb5_wait_queue \ @@ -2795,6 +2796,28 @@ test_fo_srv_LDADD = \ libsss_test_common.la \ $(NULL) +test_ad_subdom_SOURCES = \ + src/tests/cmocka/test_ad_subdomains.c \ + $(NULL) +test_ad_subdom_CFLAGS = \ + $(AM_CFLAGS) \ + $(NDR_NBT_CFLAGS) \ + $(NDR_KRB5PAC_CFLAGS) \ + $(NULL) +test_ad_subdom_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(LDB_LIBS) \ + $(NDR_NBT_LIBS) \ + $(NDR_KRB5PAC_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_ldap_common.la \ + libsss_ad_tests.la \ + libsss_test_common.la \ + libdlopen_test_providers.la \ + $(NULL) + test_ipa_subdom_util_SOURCES = \ src/tests/cmocka/test_ipa_subdomains_utils.c \ src/providers/ipa/ipa_subdomains_utils.c \ diff --git a/src/tests/cmocka/test_ad_subdomains.c b/src/tests/cmocka/test_ad_subdomains.c new file mode 100644 index 0000000000000000000000000000000000000000..99908b5f8f0b89c2cc391b5496e24a247bfd7448 --- /dev/null +++ b/src/tests/cmocka/test_ad_subdomains.c @@ -0,0 +1,328 @@ +/* + Authors: + Petr Äech <pc...@redhat.com> + + Copyright (C) 2016 Red Hat + + SSSD tests: AD subdomain tests + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + + + +#include <talloc.h> +#include <tevent.h> +#include <errno.h> +#include <popt.h> +#include <arpa/inet.h> +#include <netinet/in.h> +#include <sys/types.h> +#include <stdarg.h> +#include <stdlib.h> + +#include "tests/cmocka/common_mock.h" +#include "tests/cmocka/common_mock_resp.h" +#include "providers/ad/ad_common.h" + +#include "providers/ad/ad_subdomains.c" +#include "providers/ad/ad_opts.c" + +#define AD_DOMAIN "ad_domain.domain.test" +#define DOMAIN_1 "one.domain.test" +#define DOMAIN_2 "two.domain.test" + +struct test_ad_subdom_ctx { + struct ad_id_ctx *ad_id_ctx; +}; + +static struct ad_id_ctx * +test_ad_subdom_init_ad_id_ctx(TALLOC_CTX *mem_ctx) +{ + struct ad_id_ctx *ad_id_ctx; + struct ad_options *ad_options; + errno_t ret; + + ad_id_ctx = talloc_zero(mem_ctx, struct ad_id_ctx); + assert_non_null(ad_id_ctx); + + ad_options = talloc_zero(ad_id_ctx, struct ad_options); + assert_non_null(ad_options); + + ret = dp_copy_defaults(ad_options, + ad_basic_opts, + AD_OPTS_BASIC, + &ad_options->basic); + assert_int_equal(ret, EOK); + + ad_id_ctx->ad_options = ad_options; + + return ad_id_ctx; +} + +static int test_ad_subdom_setup(void **state) +{ + struct test_ad_subdom_ctx *test_ctx; + + assert_true(leak_check_setup()); + + test_ctx = talloc_zero(global_talloc_context, struct test_ad_subdom_ctx); + assert_non_null(test_ctx); + + test_ctx->ad_id_ctx = NULL; + + check_leaks_push(test_ctx); + *state = test_ctx; + return 0; +} + +static int test_ad_subdom_teardown(void **state) +{ + struct test_ad_subdom_ctx *test_ctx; + + test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx); + assert_non_null(test_ctx); + + assert_true(check_leaks_pop(test_ctx) == true); + talloc_free(test_ctx); + assert_true(leak_check_teardown()); + return 0; +} + +static void test_ad_subdom_default(void **state) +{ + struct test_ad_subdom_ctx *test_ctx; + const char **ad_enabled_domains = NULL; + errno_t ret; + + test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx); + test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx); + assert_non_null(test_ctx->ad_id_ctx); + + ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx, + AD_DOMAIN, + &ad_enabled_domains); + assert_int_equal(ret, EOK); + assert_null(ad_enabled_domains); + + talloc_zfree(test_ctx->ad_id_ctx); +} + +static void test_ad_subdom_add_one(void **state) +{ + struct test_ad_subdom_ctx *test_ctx; + const char **ad_enabled_domains = NULL; + int enabled_domains_count; + int domain_count = 2; + const char *domains[domain_count]; + errno_t ret; + + test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx); + test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx); + assert_non_null(test_ctx->ad_id_ctx); + + ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic, + AD_ENABLED_DOMAINS, DOMAIN_1); + assert_int_equal(ret, EOK); + + ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx, + AD_DOMAIN, + &ad_enabled_domains); + assert_int_equal(ret, EOK); + assert_non_null(ad_enabled_domains); + + for (enabled_domains_count = 0; + ad_enabled_domains[enabled_domains_count] != NULL; + enabled_domains_count++) { + } + assert_int_equal(domain_count, enabled_domains_count); + + domains[0] = AD_DOMAIN; + domains[1] = DOMAIN_1; + assert_true(are_values_in_array(domains, domain_count, + ad_enabled_domains, enabled_domains_count)); + + talloc_zfree(test_ctx->ad_id_ctx); + talloc_zfree(ad_enabled_domains); +} + +static void test_ad_subdom_add_two(void **state) +{ + struct test_ad_subdom_ctx *test_ctx; + const char **ad_enabled_domains = NULL; + int enabled_domains_count; + int domain_count = 3; + const char *domains[domain_count]; + errno_t ret; + + test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx); + test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx); + assert_non_null(test_ctx->ad_id_ctx); + + ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic, + AD_ENABLED_DOMAINS, DOMAIN_1","DOMAIN_2); + assert_int_equal(ret, EOK); + + ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx, + AD_DOMAIN, + &ad_enabled_domains); + assert_int_equal(ret, EOK); + assert_non_null(ad_enabled_domains); + + for (enabled_domains_count = 0; + ad_enabled_domains[enabled_domains_count] != NULL; + enabled_domains_count++) { + } + assert_int_equal(domain_count, enabled_domains_count); + + domains[0] = AD_DOMAIN; + domains[1] = DOMAIN_1; + domains[2] = DOMAIN_2; + assert_true(are_values_in_array(domains, domain_count, + ad_enabled_domains, enabled_domains_count)); + + talloc_zfree(test_ctx->ad_id_ctx); + talloc_zfree(ad_enabled_domains); +} + +static void test_ad_subdom_add_master(void **state) +{ + struct test_ad_subdom_ctx *test_ctx; + const char **ad_enabled_domains = NULL; + int enabled_domains_count; + int domain_count = 1; + const char *domains[domain_count]; + errno_t ret; + + test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx); + test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx); + assert_non_null(test_ctx->ad_id_ctx); + + ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic, + AD_ENABLED_DOMAINS, AD_DOMAIN); + assert_int_equal(ret, EOK); + + ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx, + AD_DOMAIN, + &ad_enabled_domains); + assert_int_equal(ret, EOK); + assert_non_null(ad_enabled_domains); + + for (enabled_domains_count = 0; + ad_enabled_domains[enabled_domains_count] != NULL; + enabled_domains_count++) { + } + assert_int_equal(domain_count, enabled_domains_count); + + domains[0] = AD_DOMAIN; + assert_true(are_values_in_array(domains, domain_count, + ad_enabled_domains, enabled_domains_count)); + + talloc_zfree(test_ctx->ad_id_ctx); + talloc_zfree(ad_enabled_domains); +} + +static void test_ad_subdom_add_two_with_master(void **state) +{ + struct test_ad_subdom_ctx *test_ctx; + const char **ad_enabled_domains = NULL; + int enabled_domains_count; + int domain_count = 3; + const char *domains[domain_count]; + errno_t ret; + + test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx); + test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx); + assert_non_null(test_ctx->ad_id_ctx); + + ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic, + AD_ENABLED_DOMAINS, + DOMAIN_1","AD_DOMAIN","DOMAIN_2); + assert_int_equal(ret, EOK); + + ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx, + AD_DOMAIN, + &ad_enabled_domains); + assert_int_equal(ret, EOK); + assert_non_null(ad_enabled_domains); + + for (enabled_domains_count = 0; + ad_enabled_domains[enabled_domains_count] != NULL; + enabled_domains_count++) { + } + assert_int_equal(domain_count, enabled_domains_count); + + domains[0] = AD_DOMAIN; + domains[1] = DOMAIN_1; + domains[2] = DOMAIN_2; + assert_true(are_values_in_array(domains, domain_count, + ad_enabled_domains, enabled_domains_count)); + + talloc_zfree(test_ctx->ad_id_ctx); + talloc_zfree(ad_enabled_domains); +} + +int main(int argc, const char *argv[]) +{ + int rv; + poptContext pc; + int opt; + struct poptOption long_options[] = { + POPT_AUTOHELP + SSSD_DEBUG_OPTS + POPT_TABLEEND + }; + + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(test_ad_subdom_default, + test_ad_subdom_setup, + test_ad_subdom_teardown), + cmocka_unit_test_setup_teardown(test_ad_subdom_add_one, + test_ad_subdom_setup, + test_ad_subdom_teardown), + cmocka_unit_test_setup_teardown(test_ad_subdom_add_two, + test_ad_subdom_setup, + test_ad_subdom_teardown), + cmocka_unit_test_setup_teardown(test_ad_subdom_add_master, + test_ad_subdom_setup, + test_ad_subdom_teardown), + cmocka_unit_test_setup_teardown(test_ad_subdom_add_two_with_master, + test_ad_subdom_setup, + test_ad_subdom_teardown), + }; + + /* Set debug level to invalid value so we can deside if -d 0 was used. */ + debug_level = SSSDBG_INVALID; + + pc = poptGetContext(argv[0], argc, argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + default: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); + return 1; + } + } + poptFreeContext(pc); + + DEBUG_CLI_INIT(debug_level); + + /* Even though normally the tests should clean up after themselves + * they might not after a failed run. Remove the old db to be sure */ + tests_set_cwd(); + + rv = cmocka_run_group_tests(tests, NULL, NULL); + return rv; +} -- 2.7.4
data.tar.bz2
Description: application/bzip
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
