2 Unix SMB/CIFS implementation.
4 local testing of the nss wrapper
6 Copyright (C) Guenther Deschner 2009
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "torture/torture.h"
24 #include "lib/replace/system/passwd.h"
25 #include "lib/nss_wrapper/nss_wrapper.h"
27 static bool copy_passwd(struct torture_context *tctx,
28 const struct passwd *pwd,
31 p->pw_name = talloc_strdup(tctx, pwd->pw_name);
32 p->pw_passwd = talloc_strdup(tctx, pwd->pw_passwd);
33 p->pw_uid = pwd->pw_uid;
34 p->pw_gid = pwd->pw_gid;
35 p->pw_gecos = talloc_strdup(tctx, pwd->pw_gecos);
36 p->pw_dir = talloc_strdup(tctx, pwd->pw_dir);
37 p->pw_shell = talloc_strdup(tctx, pwd->pw_shell);
42 static void print_passwd(struct passwd *pwd)
44 printf("%s:%s:%lu:%lu:%s:%s:%s\n",
47 (unsigned long)pwd->pw_uid,
48 (unsigned long)pwd->pw_gid,
55 static bool test_nwrap_getpwnam(struct torture_context *tctx,
61 torture_comment(tctx, "Testing getpwnam: %s\n", name);
69 copy_passwd(tctx, pwd, pwd_p);
72 return pwd ? true : false;
75 static bool test_nwrap_getpwnam_r(struct torture_context *tctx,
79 struct passwd pwd, *pwdp;
83 torture_comment(tctx, "Testing getpwnam_r: %s\n", name);
85 ret = getpwnam_r(name, &pwd, buffer, sizeof(buffer), &pwdp);
88 torture_comment(tctx, "got %d return code\n", ret);
96 copy_passwd(tctx, &pwd, pwd_p);
102 static bool test_nwrap_getpwuid(struct torture_context *tctx,
104 struct passwd *pwd_p)
108 torture_comment(tctx, "Testing getpwuid: %lu\n", (unsigned long)uid);
116 copy_passwd(tctx, pwd, pwd_p);
119 return pwd ? true : false;
122 static bool test_nwrap_getpwuid_r(struct torture_context *tctx,
124 struct passwd *pwd_p)
126 struct passwd pwd, *pwdp;
130 torture_comment(tctx, "Testing getpwuid_r: %lu\n", (unsigned long)uid);
132 ret = getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &pwdp);
135 torture_comment(tctx, "got %d return code\n", ret);
143 copy_passwd(tctx, &pwd, pwd_p);
150 static bool copy_group(struct torture_context *tctx,
151 const struct group *grp,
156 g->gr_name = talloc_strdup(tctx, grp->gr_name);
157 g->gr_passwd = talloc_strdup(tctx, grp->gr_passwd);
158 g->gr_gid = grp->gr_gid;
161 for (i=0; grp->gr_mem && grp->gr_mem[i]; i++) {
162 g->gr_mem = talloc_realloc(tctx, g->gr_mem, char *, i + 2);
163 g->gr_mem[i] = talloc_strdup(g->gr_mem, grp->gr_mem[i]);
164 g->gr_mem[i+1] = NULL;
170 static void print_group(struct group *grp)
176 (unsigned long)grp->gr_gid);
178 if (!grp->gr_mem[0]) {
183 for (i=0; grp->gr_mem[i+1]; i++) {
184 printf("%s,", grp->gr_mem[i]);
186 printf("%s\n", grp->gr_mem[i]);
189 static bool test_nwrap_getgrnam(struct torture_context *tctx,
195 torture_comment(tctx, "Testing getgrnam: %s\n", name);
197 grp = getgrnam(name);
203 copy_group(tctx, grp, grp_p);
206 return grp ? true : false;
209 static bool test_nwrap_getgrgid(struct torture_context *tctx,
215 torture_comment(tctx, "Testing getgrgid: %lu\n", (unsigned long)gid);
223 copy_group(tctx, grp, grp_p);
226 return grp ? true : false;
229 static bool test_nwrap_enum_passwd(struct torture_context *tctx,
230 struct passwd **pwd_array_p,
234 struct passwd *pwd_array = NULL;
237 torture_comment(tctx, "Testing setpwent\n");
240 while ((pwd = getpwent()) != NULL) {
241 torture_comment(tctx, "Testing getpwent\n");
244 if (pwd_array_p && num_pwd_p) {
245 pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
246 torture_assert(tctx, pwd_array, "out of memory");
247 copy_passwd(tctx, pwd, &pwd_array[num_pwd]);
252 torture_comment(tctx, "Testing endpwent\n");
256 *pwd_array_p = pwd_array;
259 *num_pwd_p = num_pwd;
265 static bool test_nwrap_enum_r_passwd(struct torture_context *tctx,
266 struct passwd **pwd_array_p,
269 struct passwd pwd, *pwdp;
270 struct passwd *pwd_array = NULL;
275 torture_comment(tctx, "Testing setpwent\n");
279 torture_comment(tctx, "Testing getpwent_r\n");
281 ret = getpwent_r(&pwd, buffer, sizeof(buffer), &pwdp);
284 torture_comment(tctx, "got %d return code\n", ret);
289 if (pwd_array_p && num_pwd_p) {
290 pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
291 torture_assert(tctx, pwd_array, "out of memory");
292 copy_passwd(tctx, &pwd, &pwd_array[num_pwd]);
297 torture_comment(tctx, "Testing endpwent\n");
301 *pwd_array_p = pwd_array;
304 *num_pwd_p = num_pwd;
310 static bool torture_assert_passwd_equal(struct torture_context *tctx,
311 const struct passwd *p1,
312 const struct passwd *p2,
315 torture_assert_str_equal(tctx, p1->pw_name, p2->pw_name, comment);
316 torture_assert_str_equal(tctx, p1->pw_passwd, p2->pw_passwd, comment);
317 torture_assert_int_equal(tctx, p1->pw_uid, p2->pw_uid, comment);
318 torture_assert_int_equal(tctx, p1->pw_gid, p2->pw_gid, comment);
319 torture_assert_str_equal(tctx, p1->pw_gecos, p2->pw_gecos, comment);
320 torture_assert_str_equal(tctx, p1->pw_dir, p2->pw_dir, comment);
321 torture_assert_str_equal(tctx, p1->pw_shell, p2->pw_shell, comment);
326 static bool test_nwrap_passwd(struct torture_context *tctx)
329 struct passwd *pwd, pwd1, pwd2;
332 torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
333 "failed to enumerate passwd");
335 for (i=0; i < num_pwd; i++) {
336 torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd1),
337 "failed to call getpwnam for enumerated user");
338 torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
339 "getpwent and getpwnam gave different results");
340 torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
341 "failed to call getpwuid for enumerated user");
342 torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
343 "getpwent and getpwuid gave different results");
344 torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
345 "getpwnam and getpwuid gave different results");
351 static bool test_nwrap_passwd_r(struct torture_context *tctx)
354 struct passwd *pwd, pwd1, pwd2;
357 torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
358 "failed to enumerate passwd");
360 for (i=0; i < num_pwd; i++) {
361 torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
362 "failed to call getpwnam_r for enumerated user");
363 torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
364 "failed to call getpwuid_r for enumerated user");
365 torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
366 "getpwnam_r and getpwuid_r gave different results");
372 static bool test_nwrap_enum_group(struct torture_context *tctx,
373 struct group **grp_array_p,
377 struct group *grp_array = NULL;
380 torture_comment(tctx, "Testing setgrent\n");
383 while ((grp = getgrent()) != NULL) {
384 torture_comment(tctx, "Testing getgrent\n");
387 if (grp_array_p && num_grp_p) {
388 grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
389 torture_assert(tctx, grp_array, "out of memory");
390 copy_group(tctx, grp, &grp_array[num_grp]);
395 torture_comment(tctx, "Testing endgrent\n");
399 *grp_array_p = grp_array;
402 *num_grp_p = num_grp;
408 static bool torture_assert_group_equal(struct torture_context *tctx,
409 const struct group *g1,
410 const struct group *g2,
414 torture_assert_str_equal(tctx, g1->gr_name, g2->gr_name, comment);
415 torture_assert_str_equal(tctx, g1->gr_passwd, g2->gr_passwd, comment);
416 torture_assert_int_equal(tctx, g1->gr_gid, g2->gr_gid, comment);
417 if (g1->gr_mem && !g2->gr_mem) {
420 if (!g1->gr_mem && g2->gr_mem) {
423 if (!g1->gr_mem && !g2->gr_mem) {
426 for (i=0; g1->gr_mem[i] && g2->gr_mem[i]; i++) {
427 torture_assert_str_equal(tctx, g1->gr_mem[i], g2->gr_mem[i], comment);
433 static bool test_nwrap_group(struct torture_context *tctx)
436 struct group *grp, grp1, grp2;
439 torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
440 "failed to enumerate group");
442 for (i=0; i < num_grp; i++) {
443 torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp1),
444 "failed to call getgrnam for enumerated user");
445 torture_assert_group_equal(tctx, &grp[i], &grp1,
446 "getgrent and getgrnam gave different results");
447 torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp2),
448 "failed to call getgrgid for enumerated user");
449 torture_assert_group_equal(tctx, &grp[i], &grp2,
450 "getgrent and getgruid gave different results");
451 torture_assert_group_equal(tctx, &grp1, &grp2,
452 "getgrnam and getgrgid gave different results");
458 static bool test_nwrap_getgrouplist(struct torture_context *tctx,
466 gid_t *groups = NULL;
468 torture_comment(tctx, "Testing getgrouplist: %s\n", user);
470 ret = getgrouplist(user, gid, NULL, &num_groups);
471 if (ret == -1 || num_groups != 0) {
473 groups = talloc_array(tctx, gid_t, num_groups);
474 torture_assert(tctx, groups, "out of memory\n");
476 ret = getgrouplist(user, gid, groups, &num_groups);
479 torture_assert(tctx, (ret != -1), "failed to call getgrouplist");
481 torture_comment(tctx, "%s is member in %d groups\n", user, num_groups);
487 *num_gids_p = num_groups;
493 static bool test_nwrap_user_in_group(struct torture_context *tctx,
494 const struct passwd *pwd,
495 const struct group *grp)
499 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
500 if (strequal(grp->gr_mem[i], pwd->pw_name)) {
508 static bool test_nwrap_membership_user(struct torture_context *tctx,
509 const struct passwd *pwd,
510 struct group *grp_array,
513 int num_user_groups = 0;
514 int num_user_groups_from_enum = 0;
515 gid_t *user_groups = NULL;
517 bool primary_group_had_user_member = false;
519 torture_assert(tctx, test_nwrap_getgrouplist(tctx,
524 "failed to test getgrouplist");
526 for (g=0; g < num_user_groups; g++) {
527 torture_assert(tctx, test_nwrap_getgrgid(tctx, user_groups[g], NULL),
528 "failed to find the group the user is a member of");
532 for (i=0; i < num_grp; i++) {
534 struct group grp = grp_array[i];
536 if (test_nwrap_user_in_group(tctx, pwd, &grp)) {
538 struct group current_grp;
539 num_user_groups_from_enum++;
541 torture_assert(tctx, test_nwrap_getgrnam(tctx, grp.gr_name, ¤t_grp),
542 "failed to find the group the user is a member of");
544 if (current_grp.gr_gid == pwd->pw_gid) {
545 torture_comment(tctx, "primary group %s of user %s lists user as member\n",
548 primary_group_had_user_member = true;
555 if (!primary_group_had_user_member) {
556 num_user_groups_from_enum++;
559 torture_assert_int_equal(tctx, num_user_groups, num_user_groups_from_enum,
560 "getgrouplist and real inspection of grouplist gave different results\n");
565 static bool test_nwrap_membership(struct torture_context *tctx)
567 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
568 const char *old_group = getenv("NSS_WRAPPER_GROUP");
575 if (!old_pwd || !old_group) {
576 torture_skip(tctx, "nothing to test\n");
580 torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
581 "failed to enumerate passwd");
582 torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
583 "failed to enumerate group");
585 for (i=0; i < num_pwd; i++) {
587 torture_assert(tctx, test_nwrap_membership_user(tctx, &pwd[i], grp, num_grp),
588 "failed to test membership for user");
595 static bool test_nwrap_enumeration(struct torture_context *tctx)
597 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
598 const char *old_group = getenv("NSS_WRAPPER_GROUP");
600 if (!old_pwd || !old_group) {
601 torture_skip(tctx, "nothing to test\n");
605 torture_assert(tctx, test_nwrap_passwd(tctx),
606 "failed to test users");
607 torture_assert(tctx, test_nwrap_group(tctx),
608 "failed to test groups");
613 static bool test_nwrap_reentrant_enumeration(struct torture_context *tctx)
615 const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
616 const char *old_group = getenv("NSS_WRAPPER_GROUP");
618 if (!old_pwd || !old_group) {
619 torture_skip(tctx, "nothing to test\n");
623 torture_comment(tctx, "Testing re-entrant calls\n");
625 torture_assert(tctx, test_nwrap_passwd_r(tctx),
626 "failed to test users");
632 struct torture_suite *torture_local_nss_wrapper(TALLOC_CTX *mem_ctx)
634 struct torture_suite *suite = torture_suite_create(mem_ctx, "NSS-WRAPPER");
636 torture_suite_add_simple_test(suite, "enumeration", test_nwrap_enumeration);
637 torture_suite_add_simple_test(suite, "reentrant enumeration", test_nwrap_reentrant_enumeration);
638 torture_suite_add_simple_test(suite, "membership", test_nwrap_membership);