On 08/12/2016 04:05 PM, Petr Cech wrote:
On 08/12/2016 03:36 PM, Jakub Hrozek wrote:
On Fri, Aug 12, 2016 at 02:51:21PM +0200, Petr Cech wrote:
On 08/12/2016 11:27 AM, Jakub Hrozek wrote:
On Wed, Aug 10, 2016 at 08:54:25AM +0200, Petr Cech wrote:
Sorry, I experienced some issue with mailing list.
So I send it again.
-------- Forwarded Message --------
Subject: Re: [SSSD] Re: [PATCH SET] AD_PROVIDER: ad_enabled_domains
Date: Tue, 9 Aug 2016 17:29:38 +0200
From: Petr Cech <pc...@redhat.com>
To: sssd-devel@lists.fedorahosted.org
On 08/09/2016 11:07 AM, Jakub Hrozek wrote:
On Mon, Jul 25, 2016 at 06:18:28PM +0200, Petr Cech wrote:
Hello,
there is fixed patch set attached.
Segmentation fault was caused by wrong pointer :-(, sorry.
This new patch set has new debug message. I am open to dissccus the
debug_level and content of message. Any improving idea?
I hit one issue during testing -- sometimes if I am connected to
subdomain
and I enable only sibling subdomain (the master is added
automaticaly) and
forest root is not enabled -- I see only master and sibling not.
But if I
added sleep for cycle (for using dbg) to function
ad_subdomains_init()
everythink is OK.
Any idea?
Can you test that case with valgrind? This sounds like some
uninitilized
variable condition.
I didn't run valgrind but I have new information.
If you clear the cache and reset sssd, first attempt to obtain
information
about user from sibling domain fails. The second and the other
attempts runs
correctly.
I see that the sibling domain is enabled. But if I look more
carefully there
is message in log (gamma.domain.bootes is sibling domain):
[sssd[be[beta.domain.bootes]]] [dp_req_new] (0x0020): Unknown domain:
gamma.domain.bootes
First attempt should works too but you should wait nearly exactly 6
seconds
after restart sssd.
New patch set is attached.
I can't start SSSD with these patches:
(Fri Aug 12 11:25:38 2016) [sssd[be[win.trust.test]]]
[dp_target_run_constructor] (0x0010): Target [subdomains]
constructor failed [22]: Invalid argument
(Fri Aug 12 11:25:38 2016) [sssd[be[win.trust.test]]]
[dp_load_targets] (0x0020): Unable to load target [subdomains] [22]:
Invalid argument.
(Fri Aug 12 11:25:38 2016) [sssd[be[win.trust.test]]] [dp_init]
(0x0020): Unable to initialize DP targets [1432158209]: Internal Error
(Fri Aug 12 11:25:38 2016) [sssd[be[win.trust.test]]]
[dp_terminate_active_requests] (0x0400): Terminating active data
provider requests
I have:
$ git log --oneline origin/master..HEAD
3b2f910 TESTS: Adding tests for ad_enabled_domains option
7ac9517 AD_PROVIDER: ad_enabled_domains - other then master
fdbbd30 AD_PROVIDER: ad_enabled_domains - only master
ebaa14d AD_PROVIDER: Initializing of ad_enabled_domains
38989af AD_PROVIDER: Add ad_enabled_domains option
$ git rev-list origin/master..HEAD
3b2f9106c2c5bea1681cf1f752fc5f3256a04300
7ac9517f78dc4dcde4c4c613ec450a3f3fc8f644
fdbbd30adf9da7a3c2510029c2e8c3789a3083a0
ebaa14dd1dd0e4f55a2bc4e647ce848e36970dd2
38989afa14bfc89712808867b80e667d34e068b3
Hello Jakub,
I wasn't able to reproduce your bug. Is it true that I use F23 for
testing
this patch for historical reasons. I should try it with F24 too.
I sent whole patch set to CI,
http://sssd-ci.duckdns.org/logs/job/51/45/summary.html
but I think it is not conclusive because out tests don't contain AD
server.
I will look at it again. But now I would like finish tests for
netgroups.
I don't think it has to do with Fedora version. Maybe my sssd.conf would
help:
[domain/win.trust.test]
ad_domain = win.trust.test
krb5_realm = WIN.TRUST.TEST
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
ad_enable_gc = false
debug_level = 10
access_provider = simple
#ad_enabled_domains = win.trust.test, siblingdom.win.trust.test
#debug_level = 7
dyndns_update = false
Thanks,
I see now where's the problem. I didn't try to comment
ad_enabled_domains in config for long time. If this option missing it
will crash.
[dp_target_run_constructor] (0x0010): Target [subdomains] constructor
failed [22]: Invalid argument
I hope it will be easy to fix it.
Hello,
I fixed little bug (wrong return code for missing option)
in ad_get_enabled_domains().
New patch set is attached.
There is still one strange behaviour:
If you clear the cache and reset sssd, first attempt to obtain
information about user from sibling domain fails. The second and the
other attempts runs correctly.
I see that the sibling domain is enabled. But if I look more
carefully there is message in log (gamma.domain.bootes is sibling
domain):
[sssd[be[beta.domain.bootes]]] [dp_req_new] (0x0020): Unknown domain:
gamma.domain.bootes
First attempt should works too but you should wait nearly exactly 6
seconds after restart sssd.
I think it is connected to mechanism which obtain information about
domains. Is it right?
Regards
--
Petr^4 Čech
>From 24d32d0eb12ddc433e64ffd6411e9e13f0067b35 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Fri, 13 May 2016 05:21:07 -0400
Subject: [PATCH 1/5] AD_PROVIDER: Add ad_enabled_domains option
Resolves:
https://fedorahosted.org/sssd/ticket/2828
---
src/config/SSSDConfig/__init__.py.in | 1 +
src/config/cfg_rules.ini | 1 +
src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
src/man/sssd-ad.5.xml | 22 ++++++++++++++++++++++
src/providers/ad/ad_common.h | 1 +
src/providers/ad/ad_opts.c | 1 +
6 files changed, 27 insertions(+)
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index ac538788b9878dc2613cb48b7483d392cca41d47..1718a9babf390b95710ec356f25f09ea679bdd73 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -192,6 +192,7 @@ option_strings = {
# [provider/ad]
'ad_domain' : _('Active Directory domain'),
+ 'ad_enabled_domains' : _('Enabled Active Directory domains'),
'ad_server' : _('Active Directory server address'),
'ad_backup_server' : _('Active Directory backup server address'),
'ad_hostname' : _('Active Directory client hostname'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index bd0116f334e2605e7671a208225761421511a75a..ef6435b08aee416e377fe854e6768f3fa4fd9650 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -335,6 +335,7 @@ option = ad_access_filter
option = ad_backup_server
option = ad_domain
option = ad_enable_dns_sites
+option = ad_enabled_domains
option = ad_enable_gc
option = ad_gpo_access_control
option = ad_gpo_cache_timeout
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index 87a74f4af0770874c71baaea02d2313721db78bf..8d97a416c8c97bff096042b0b70a3b2c18183710 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -1,5 +1,6 @@
[provider/ad]
ad_domain = str, None, false
+ad_enabled_domains = str, None, false
ad_server = str, None, false
ad_backup_server = str, None, false
ad_hostname = str, None, false
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index ef27976dd62e164cfb91359efc69bd54e1aa9711..1e3309fe0b9719adb7451e5491cca3366df3531b 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -114,6 +114,28 @@ ldap_id_mapping = False
</varlistentry>
<varlistentry>
+ <term>ad_enabled_domains (string)</term>
+ <listitem>
+ <para>
+ The comma-separated list of the enabled Active
+ Directory domains. This is optional. If provided,
+ SSSD will not contact domains not listed in this
+ option. If not provided, all domains from AD forest
+ are enabled.
+ </para>
+ <para>
+ For proper operation, this option should be
+ specified as the lower-case version of the long
+ version of the Active Directory domain.
+ </para>
+ <para>
+ The short domain name (also known as the NetBIOS
+ or the flat name) is autodetected by the SSSD.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ad_server, ad_backup_server (string)</term>
<listitem>
<para>
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index 7e86faf1142d7be49eef01e1ddd7bfafea2fcedc..23351e328968918aa9ca9009c052e670a7d55258 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -42,6 +42,7 @@ struct ad_options;
enum ad_basic_opt {
AD_DOMAIN = 0,
+ AD_ENABLED_DOMAINS,
AD_SERVER,
AD_BACKUP_SERVER,
AD_HOSTNAME,
diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
index 829f9d9556bc3fa74a95eb76db0e31b19befe8fe..fc1dc67337845754eba8c879c78e08c1777a4abc 100644
--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -28,6 +28,7 @@
struct dp_option ad_basic_opts[] = {
{ "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "ad_enabled_domains", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING },
--
2.7.4
>From 7b2bc798e6a553e84f7185c975bbaa046a6fddad Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Tue, 21 Jun 2016 08:34:15 +0200
Subject: [PATCH 2/5] AD_PROVIDER: Initializing of ad_enabled_domains
We add ad_enabled_domains into ad_subdomains_ctx.
Resolves:
https://fedorahosted.org/sssd/ticket/2828
---
src/providers/ad/ad_subdomains.c | 82 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 82 insertions(+)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index e9da04e384e598927f9c8c203a751bcccd29e895..c3781b8608624ec3d0f2b927447975d7946dc59c 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -57,6 +57,79 @@
/* do not refresh more often than every 5 seconds for now */
#define AD_SUBDOMAIN_REFRESH_LIMIT 5
+static errno_t ad_get_enabled_domains(TALLOC_CTX *mem_ctx,
+ struct ad_id_ctx *ad_id_ctx,
+ const char *ad_domain,
+ const char ***_ad_enabled_domains)
+{
+ int ret;
+ const char *str;
+ const char *option_name;
+ const char **domains = NULL;
+ int count;
+ bool is_ad_in_domains;
+ TALLOC_CTX *tmp_ctx = NULL;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ str = dp_opt_get_cstring(ad_id_ctx->ad_options->basic, AD_ENABLED_DOMAINS);
+ if (str == NULL) {
+ *_ad_enabled_domains = NULL;
+ ret = EOK;
+ goto done;
+ }
+
+ count = 0;
+ ret = split_on_separator(tmp_ctx, str, ',', true, true,
+ discard_const_p(char **, &domains), &count);
+ if (ret != EOK) {
+ option_name = ad_id_ctx->ad_options->basic[AD_ENABLED_DOMAINS].opt_name;
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse option [%s], [%i] [%s]!\n",
+ option_name, ret, sss_strerror(ret));
+ ret = EINVAL;
+ goto done;
+ }
+
+ is_ad_in_domains = false;
+ for (int i = 0; i < count; i++) {
+ is_ad_in_domains += strcmp(ad_domain, domains[i]) == 0 ? true : false;
+ }
+
+ if (is_ad_in_domains == false) {
+ domains = talloc_realloc(tmp_ctx, domains, const char*, count + 2);
+ if (domains == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ domains[count] = talloc_strdup(domains, ad_domain);
+ if (domains[count] == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ domains[count + 1] = NULL;
+ } else {
+ domains = talloc_realloc(tmp_ctx, domains, const char*, count + 1);
+ if (domains == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ domains[count] = NULL;
+ }
+
+ *_ad_enabled_domains = talloc_steal(mem_ctx, domains);
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
static errno_t
ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
struct ad_id_ctx *id_ctx,
@@ -164,6 +237,7 @@ struct ad_subdomains_ctx {
struct sdap_domain *sdom;
char *domain_name;
+ const char **ad_enabled_domains;
time_t last_refreshed;
};
@@ -1350,6 +1424,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
{
struct ad_subdomains_ctx *sd_ctx;
const char *ad_domain;
+ char **ad_enabled_domains = NULL;
time_t period;
errno_t ret;
@@ -1361,6 +1436,12 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
+ ret = ad_get_enabled_domains(sd_ctx, ad_id_ctx, ad_domain,
+ &ad_enabled_domains);
+ if (ret != EOK) {
+ return EINVAL;
+ }
+
sd_ctx->be_ctx = be_ctx;
sd_ctx->sdom = ad_id_ctx->sdap_id_ctx->opts->sdom;
sd_ctx->sdap_id_ctx = ad_id_ctx->sdap_id_ctx;
@@ -1369,6 +1450,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
return ENOMEM;
}
+ sd_ctx->ad_enabled_domains = ad_enabled_domains;
sd_ctx->ad_id_ctx = ad_id_ctx;
dp_set_method(dp_methods, DPM_DOMAINS_HANDLER,
--
2.7.4
>From a91e003a70b15b88c3003fd2c213c1cb17d827e2 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Tue, 21 Jun 2016 09:48:52 +0200
Subject: [PATCH 3/5] AD_PROVIDER: ad_enabled_domains - only master
We can skip looking up other domains if option ad_enabled_domains
contains only master domain.
Resolves:
https://fedorahosted.org/sssd/ticket/2828
---
src/providers/ad/ad_subdomains.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index c3781b8608624ec3d0f2b927447975d7946dc59c..01ca08a343f2c3ebca12311b79b964a4947a63aa 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -1163,6 +1163,7 @@ static void ad_subdomains_refresh_connect_done(struct tevent_req *subreq)
return;
}
+ /* connect to the DC we are a member of */
subreq = ad_master_domain_send(state, state->ev, state->id_ctx->conn,
state->sdap_op, state->sd_ctx->domain_name);
if (subreq == NULL) {
@@ -1211,6 +1212,21 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq)
goto done;
}
+ /*
+ * If ad_enabled_domains contains only master domain
+ * we shouldn't lookup other domains.
+ */
+ if (state->sd_ctx->ad_enabled_domains != NULL) {
+ if (talloc_array_length(state->sd_ctx->ad_enabled_domains) == 2) {
+ if (strcasecmp(state->sd_ctx->ad_enabled_domains[0],
+ state->be_ctx->domain->name) == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "No other enabled domain than master.\n");
+ goto done;
+ }
+ }
+ }
+
subreq = ad_get_root_domain_send(state, state->ev, forest,
sdap_id_op_handle(state->sdap_op),
state->sd_ctx);
--
2.7.4
>From 807401f380d6f23e4b4594d32ecd45223e602d10 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Mon, 27 Jun 2016 11:51:30 +0200
Subject: [PATCH 4/5] AD_PROVIDER: ad_enabled_domains - other then master
We can skip looking up other domains if
option ad_enabled_domains doesn't contain them.
Resolves:
https://fedorahosted.org/sssd/ticket/2828
---
src/providers/ad/ad_subdomains.c | 42 ++++++++++++++++++++++++++++++++++++----
1 file changed, 38 insertions(+), 4 deletions(-)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 01ca08a343f2c3ebca12311b79b964a4947a63aa..9174a01e7931f9eb201584e0c1487a354a21f7c3 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -130,6 +130,16 @@ done:
return ret;
}
+static bool is_domain_enabled(const char *domain,
+ const char **enabled_doms)
+{
+ if (enabled_doms == NULL) {
+ return true;
+ }
+
+ return string_in_list(domain, discard_const_p(char *, enabled_doms), false);
+}
+
static errno_t
ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
struct ad_id_ctx *id_ctx,
@@ -485,6 +495,7 @@ done:
static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
+ const char **enabled_domains_list,
size_t nsd, struct sysdb_attrs **sd,
struct sysdb_attrs *root,
size_t *_nsd_out,
@@ -493,9 +504,10 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
size_t i, sdi;
struct sysdb_attrs **sd_out;
const char *sd_name;
+ const char *root_name;
errno_t ret;
- if (root == NULL) {
+ if (root == NULL && (enabled_domains_list == NULL)) {
/* We are connected directly to the root domain. The 'sd'
* list is complete and we can just use it
*/
@@ -522,6 +534,13 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
goto fail;
}
+ if (is_domain_enabled(sd_name, enabled_domains_list) == false) {
+ DEBUG(SSSDBG_TRACE_FUNC, "Disabling subdomain %s\n", sd_name);
+ continue;
+ } else {
+ DEBUG(SSSDBG_TRACE_FUNC, "Enabling subdomain %s\n", sd_name);
+ }
+
if (strcasecmp(sd_name, domain->name) == 0) {
DEBUG(SSSDBG_TRACE_INTERNAL,
"Not including primary domain %s in the subdomain list\n",
@@ -534,9 +553,23 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
}
/* Now include the root */
- sd_out[sdi] = talloc_steal(sd_out, root);
+ if (root != NULL) {
+ ret = sysdb_attrs_get_string(root, AD_AT_TRUST_PARTNER, &root_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
+ goto fail;
+ }
- *_nsd_out = sdi+1;
+ if (is_domain_enabled(root_name, enabled_domains_list) == true) {
+ sd_out[sdi] = talloc_steal(sd_out, root);
+ sdi++;
+ } else {
+ DEBUG(SSSDBG_TRACE_FUNC, "Disabling forest root domain %s\n",
+ root_name);
+ }
+ }
+
+ *_nsd_out = sdi;
*_sd_out = sd_out;
return EOK;
@@ -782,6 +815,7 @@ static void ad_get_slave_domain_done(struct tevent_req *subreq)
* subdomains.
*/
ret = ad_subdomains_process(state, state->be_ctx->domain,
+ state->sd_ctx->ad_enabled_domains,
reply_count, reply, state->root_attrs,
&nsubdoms, &subdoms);
if (ret != EOK) {
@@ -1440,7 +1474,7 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
{
struct ad_subdomains_ctx *sd_ctx;
const char *ad_domain;
- char **ad_enabled_domains = NULL;
+ const char **ad_enabled_domains = NULL;
time_t period;
errno_t ret;
--
2.7.4
>From b1bbe384618438bb2ba78011e5d4078b0c6277f5 Mon Sep 17 00:00:00 2001
From: Petr Cech <pc...@redhat.com>
Date: Mon, 27 Jun 2016 11:53:19 +0200
Subject: [PATCH 5/5] TESTS: Adding tests for ad_enabled_domains option
There is special logic around ad_enabled_domains option:
* option is disabled by default
* master domain is always added to enabled domains
Resolves:
https://fedorahosted.org/sssd/ticket/2828
---
Makefile.am | 23 +++
src/tests/cmocka/test_ad_subdomains.c | 328 ++++++++++++++++++++++++++++++++++
2 files changed, 351 insertions(+)
create mode 100644 src/tests/cmocka/test_ad_subdomains.c
diff --git a/Makefile.am b/Makefile.am
index 5d1d671096f986d9387e6199112c017e9bf30e1b..59f69f8d242dad9268ef3341647c0c20aa5d8cc0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -257,6 +257,7 @@ if HAVE_CMOCKA
test_sbus_opath \
test_fo_srv \
pam-srv-tests \
+ test_ad_subdom \
test_ipa_subdom_util \
test_tools_colondb \
test_krb5_wait_queue \
@@ -2797,6 +2798,28 @@ test_fo_srv_LDADD = \
libsss_test_common.la \
$(NULL)
+test_ad_subdom_SOURCES = \
+ src/tests/cmocka/test_ad_subdomains.c \
+ $(NULL)
+test_ad_subdom_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(NDR_NBT_CFLAGS) \
+ $(NDR_KRB5PAC_CFLAGS) \
+ $(NULL)
+test_ad_subdom_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(POPT_LIBS) \
+ $(TALLOC_LIBS) \
+ $(LDB_LIBS) \
+ $(NDR_NBT_LIBS) \
+ $(NDR_KRB5PAC_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_ldap_common.la \
+ libsss_ad_tests.la \
+ libsss_test_common.la \
+ libdlopen_test_providers.la \
+ $(NULL)
+
test_ipa_subdom_util_SOURCES = \
src/tests/cmocka/test_ipa_subdomains_utils.c \
src/providers/ipa/ipa_subdomains_utils.c \
diff --git a/src/tests/cmocka/test_ad_subdomains.c b/src/tests/cmocka/test_ad_subdomains.c
new file mode 100644
index 0000000000000000000000000000000000000000..99908b5f8f0b89c2cc391b5496e24a247bfd7448
--- /dev/null
+++ b/src/tests/cmocka/test_ad_subdomains.c
@@ -0,0 +1,328 @@
+/*
+ Authors:
+ Petr Äech <pc...@redhat.com>
+
+ Copyright (C) 2016 Red Hat
+
+ SSSD tests: AD subdomain tests
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+
+#include <talloc.h>
+#include <tevent.h>
+#include <errno.h>
+#include <popt.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/types.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
+#include "tests/cmocka/common_mock.h"
+#include "tests/cmocka/common_mock_resp.h"
+#include "providers/ad/ad_common.h"
+
+#include "providers/ad/ad_subdomains.c"
+#include "providers/ad/ad_opts.c"
+
+#define AD_DOMAIN "ad_domain.domain.test"
+#define DOMAIN_1 "one.domain.test"
+#define DOMAIN_2 "two.domain.test"
+
+struct test_ad_subdom_ctx {
+ struct ad_id_ctx *ad_id_ctx;
+};
+
+static struct ad_id_ctx *
+test_ad_subdom_init_ad_id_ctx(TALLOC_CTX *mem_ctx)
+{
+ struct ad_id_ctx *ad_id_ctx;
+ struct ad_options *ad_options;
+ errno_t ret;
+
+ ad_id_ctx = talloc_zero(mem_ctx, struct ad_id_ctx);
+ assert_non_null(ad_id_ctx);
+
+ ad_options = talloc_zero(ad_id_ctx, struct ad_options);
+ assert_non_null(ad_options);
+
+ ret = dp_copy_defaults(ad_options,
+ ad_basic_opts,
+ AD_OPTS_BASIC,
+ &ad_options->basic);
+ assert_int_equal(ret, EOK);
+
+ ad_id_ctx->ad_options = ad_options;
+
+ return ad_id_ctx;
+}
+
+static int test_ad_subdom_setup(void **state)
+{
+ struct test_ad_subdom_ctx *test_ctx;
+
+ assert_true(leak_check_setup());
+
+ test_ctx = talloc_zero(global_talloc_context, struct test_ad_subdom_ctx);
+ assert_non_null(test_ctx);
+
+ test_ctx->ad_id_ctx = NULL;
+
+ check_leaks_push(test_ctx);
+ *state = test_ctx;
+ return 0;
+}
+
+static int test_ad_subdom_teardown(void **state)
+{
+ struct test_ad_subdom_ctx *test_ctx;
+
+ test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx);
+ assert_non_null(test_ctx);
+
+ assert_true(check_leaks_pop(test_ctx) == true);
+ talloc_free(test_ctx);
+ assert_true(leak_check_teardown());
+ return 0;
+}
+
+static void test_ad_subdom_default(void **state)
+{
+ struct test_ad_subdom_ctx *test_ctx;
+ const char **ad_enabled_domains = NULL;
+ errno_t ret;
+
+ test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx);
+ test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx);
+ assert_non_null(test_ctx->ad_id_ctx);
+
+ ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx,
+ AD_DOMAIN,
+ &ad_enabled_domains);
+ assert_int_equal(ret, EOK);
+ assert_null(ad_enabled_domains);
+
+ talloc_zfree(test_ctx->ad_id_ctx);
+}
+
+static void test_ad_subdom_add_one(void **state)
+{
+ struct test_ad_subdom_ctx *test_ctx;
+ const char **ad_enabled_domains = NULL;
+ int enabled_domains_count;
+ int domain_count = 2;
+ const char *domains[domain_count];
+ errno_t ret;
+
+ test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx);
+ test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx);
+ assert_non_null(test_ctx->ad_id_ctx);
+
+ ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic,
+ AD_ENABLED_DOMAINS, DOMAIN_1);
+ assert_int_equal(ret, EOK);
+
+ ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx,
+ AD_DOMAIN,
+ &ad_enabled_domains);
+ assert_int_equal(ret, EOK);
+ assert_non_null(ad_enabled_domains);
+
+ for (enabled_domains_count = 0;
+ ad_enabled_domains[enabled_domains_count] != NULL;
+ enabled_domains_count++) {
+ }
+ assert_int_equal(domain_count, enabled_domains_count);
+
+ domains[0] = AD_DOMAIN;
+ domains[1] = DOMAIN_1;
+ assert_true(are_values_in_array(domains, domain_count,
+ ad_enabled_domains, enabled_domains_count));
+
+ talloc_zfree(test_ctx->ad_id_ctx);
+ talloc_zfree(ad_enabled_domains);
+}
+
+static void test_ad_subdom_add_two(void **state)
+{
+ struct test_ad_subdom_ctx *test_ctx;
+ const char **ad_enabled_domains = NULL;
+ int enabled_domains_count;
+ int domain_count = 3;
+ const char *domains[domain_count];
+ errno_t ret;
+
+ test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx);
+ test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx);
+ assert_non_null(test_ctx->ad_id_ctx);
+
+ ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic,
+ AD_ENABLED_DOMAINS, DOMAIN_1","DOMAIN_2);
+ assert_int_equal(ret, EOK);
+
+ ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx,
+ AD_DOMAIN,
+ &ad_enabled_domains);
+ assert_int_equal(ret, EOK);
+ assert_non_null(ad_enabled_domains);
+
+ for (enabled_domains_count = 0;
+ ad_enabled_domains[enabled_domains_count] != NULL;
+ enabled_domains_count++) {
+ }
+ assert_int_equal(domain_count, enabled_domains_count);
+
+ domains[0] = AD_DOMAIN;
+ domains[1] = DOMAIN_1;
+ domains[2] = DOMAIN_2;
+ assert_true(are_values_in_array(domains, domain_count,
+ ad_enabled_domains, enabled_domains_count));
+
+ talloc_zfree(test_ctx->ad_id_ctx);
+ talloc_zfree(ad_enabled_domains);
+}
+
+static void test_ad_subdom_add_master(void **state)
+{
+ struct test_ad_subdom_ctx *test_ctx;
+ const char **ad_enabled_domains = NULL;
+ int enabled_domains_count;
+ int domain_count = 1;
+ const char *domains[domain_count];
+ errno_t ret;
+
+ test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx);
+ test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx);
+ assert_non_null(test_ctx->ad_id_ctx);
+
+ ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic,
+ AD_ENABLED_DOMAINS, AD_DOMAIN);
+ assert_int_equal(ret, EOK);
+
+ ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx,
+ AD_DOMAIN,
+ &ad_enabled_domains);
+ assert_int_equal(ret, EOK);
+ assert_non_null(ad_enabled_domains);
+
+ for (enabled_domains_count = 0;
+ ad_enabled_domains[enabled_domains_count] != NULL;
+ enabled_domains_count++) {
+ }
+ assert_int_equal(domain_count, enabled_domains_count);
+
+ domains[0] = AD_DOMAIN;
+ assert_true(are_values_in_array(domains, domain_count,
+ ad_enabled_domains, enabled_domains_count));
+
+ talloc_zfree(test_ctx->ad_id_ctx);
+ talloc_zfree(ad_enabled_domains);
+}
+
+static void test_ad_subdom_add_two_with_master(void **state)
+{
+ struct test_ad_subdom_ctx *test_ctx;
+ const char **ad_enabled_domains = NULL;
+ int enabled_domains_count;
+ int domain_count = 3;
+ const char *domains[domain_count];
+ errno_t ret;
+
+ test_ctx = talloc_get_type(*state, struct test_ad_subdom_ctx);
+ test_ctx->ad_id_ctx = test_ad_subdom_init_ad_id_ctx(test_ctx);
+ assert_non_null(test_ctx->ad_id_ctx);
+
+ ret = dp_opt_set_string(test_ctx->ad_id_ctx->ad_options->basic,
+ AD_ENABLED_DOMAINS,
+ DOMAIN_1","AD_DOMAIN","DOMAIN_2);
+ assert_int_equal(ret, EOK);
+
+ ret = ad_get_enabled_domains(test_ctx, test_ctx->ad_id_ctx,
+ AD_DOMAIN,
+ &ad_enabled_domains);
+ assert_int_equal(ret, EOK);
+ assert_non_null(ad_enabled_domains);
+
+ for (enabled_domains_count = 0;
+ ad_enabled_domains[enabled_domains_count] != NULL;
+ enabled_domains_count++) {
+ }
+ assert_int_equal(domain_count, enabled_domains_count);
+
+ domains[0] = AD_DOMAIN;
+ domains[1] = DOMAIN_1;
+ domains[2] = DOMAIN_2;
+ assert_true(are_values_in_array(domains, domain_count,
+ ad_enabled_domains, enabled_domains_count));
+
+ talloc_zfree(test_ctx->ad_id_ctx);
+ talloc_zfree(ad_enabled_domains);
+}
+
+int main(int argc, const char *argv[])
+{
+ int rv;
+ poptContext pc;
+ int opt;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ SSSD_DEBUG_OPTS
+ POPT_TABLEEND
+ };
+
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(test_ad_subdom_default,
+ test_ad_subdom_setup,
+ test_ad_subdom_teardown),
+ cmocka_unit_test_setup_teardown(test_ad_subdom_add_one,
+ test_ad_subdom_setup,
+ test_ad_subdom_teardown),
+ cmocka_unit_test_setup_teardown(test_ad_subdom_add_two,
+ test_ad_subdom_setup,
+ test_ad_subdom_teardown),
+ cmocka_unit_test_setup_teardown(test_ad_subdom_add_master,
+ test_ad_subdom_setup,
+ test_ad_subdom_teardown),
+ cmocka_unit_test_setup_teardown(test_ad_subdom_add_two_with_master,
+ test_ad_subdom_setup,
+ test_ad_subdom_teardown),
+ };
+
+ /* Set debug level to invalid value so we can deside if -d 0 was used. */
+ debug_level = SSSDBG_INVALID;
+
+ pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch(opt) {
+ default:
+ fprintf(stderr, "\nInvalid option %s: %s\n\n",
+ poptBadOption(pc, 0), poptStrerror(opt));
+ poptPrintUsage(pc, stderr, 0);
+ return 1;
+ }
+ }
+ poptFreeContext(pc);
+
+ DEBUG_CLI_INIT(debug_level);
+
+ /* Even though normally the tests should clean up after themselves
+ * they might not after a failed run. Remove the old db to be sure */
+ tests_set_cwd();
+
+ rv = cmocka_run_group_tests(tests, NULL, NULL);
+ return rv;
+}
--
2.7.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org