1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/auth/credentials/tests/test_creds.c
Alexander Bokovoy 00f4262ed0 cli_credentials: add a helper to parse user or group names
cli_credentials_parse_string() parses a string specified for -U option
in command line tools. It has a side-effect that '%' character is always
considered to be a separator after which a password is specified.

Active Directory does allow to create user or group objects with '%' in
the name. It means cli_credentials_parse_string() will not be able to
properly parse such name.

Introduce cli_credentials_parse_name() for the cases when a password is
not expected in the name and call to cli_credentials_parse_name() from
cli_credentials_parse_string().

Test cli_credentials_parse_name() with its intended use in lookup_name()
refactoring.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-11-04 14:59:34 +00:00

278 lines
7.7 KiB
C

/*
* Unix SMB/CIFS implementation.
*
* Copyright (C) 2018-2019 Andreas Schneider <asn@samba.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdarg.h>
#include <stddef.h>
#include <stdint.h>
#include <setjmp.h>
#include <cmocka.h>
#include "lib/replace/replace.h"
#include "auth/credentials/credentials.c"
static int setup_talloc_context(void **state)
{
TALLOC_CTX *frame = talloc_stackframe();
*state = frame;
return 0;
}
static int teardown_talloc_context(void **state)
{
TALLOC_CTX *frame = *state;
TALLOC_FREE(frame);
return 0;
}
static void torture_creds_init(void **state)
{
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
const char *username = NULL;
const char *domain = NULL;
const char *password = NULL;
bool ok;
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
assert_null(creds->username);
assert_int_equal(creds->username_obtained, CRED_UNINITIALISED);
domain = cli_credentials_get_domain(creds);
assert_null(domain);
ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED);
assert_true(ok);
assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
domain = cli_credentials_get_domain(creds);
assert_string_equal(domain, "WURST");
username = cli_credentials_get_username(creds);
assert_null(username);
ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
assert_true(ok);
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
username = cli_credentials_get_username(creds);
assert_string_equal(username, "brot");
password = cli_credentials_get_password(creds);
assert_null(password);
ok = cli_credentials_set_password(creds, "SECRET", CRED_SPECIFIED);
assert_true(ok);
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
password = cli_credentials_get_password(creds);
assert_string_equal(password, "SECRET");
}
static void torture_creds_init_anonymous(void **state)
{
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
creds = cli_credentials_init_anon(mem_ctx);
assert_non_null(creds);
assert_string_equal(creds->domain, "");
assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
assert_string_equal(creds->username, "");
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
assert_null(creds->password);
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
}
static void torture_creds_guess(void **state)
{
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
const char *env_user = getenv("USER");
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
setenv("PASSWD", "SECRET", 1);
cli_credentials_guess(creds, NULL);
assert_string_equal(creds->username, env_user);
assert_int_equal(creds->username_obtained, CRED_GUESS_ENV);
assert_string_equal(creds->password, "SECRET");
assert_int_equal(creds->password_obtained, CRED_GUESS_ENV);
unsetenv("PASSWD");
}
static void torture_creds_anon_guess(void **state)
{
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
creds = cli_credentials_init_anon(mem_ctx);
assert_non_null(creds);
setenv("PASSWD", "SECRET", 1);
cli_credentials_guess(creds, NULL);
assert_string_equal(creds->username, "");
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
assert_null(creds->password);
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
unsetenv("PASSWD");
}
static void torture_creds_parse_string(void **state)
{
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
/* Anonymous */
cli_credentials_parse_string(creds, "%", CRED_SPECIFIED);
assert_string_equal(creds->domain, "");
assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
assert_string_equal(creds->username, "");
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
assert_null(creds->password);
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
/* Username + password */
cli_credentials_parse_string(creds, "wurst%BROT", CRED_SPECIFIED);
assert_string_equal(creds->domain, "");
assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
assert_string_equal(creds->username, "wurst");
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
assert_string_equal(creds->password, "BROT");
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
/* Domain + username + password */
cli_credentials_parse_string(creds, "XXL\\wurst%BROT", CRED_SPECIFIED);
assert_string_equal(creds->domain, "XXL");
assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
assert_string_equal(creds->username, "wurst");
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
assert_string_equal(creds->password, "BROT");
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
/* Principal */
cli_credentials_parse_string(creds, "wurst@brot.realm", CRED_SPECIFIED);
assert_string_equal(creds->domain, "");
assert_int_equal(creds->domain_obtained, CRED_SPECIFIED);
assert_string_equal(creds->username, "wurst");
assert_int_equal(creds->username_obtained, CRED_SPECIFIED);
assert_string_equal(creds->principal, "wurst@brot.realm");
assert_int_equal(creds->principal_obtained, CRED_SPECIFIED);
assert_string_equal(creds->password, "BROT");
assert_int_equal(creds->password_obtained, CRED_SPECIFIED);
}
static void _parse_name_as_lookup_name(TALLOC_CTX *mem_ctx,
const char *full_name,
const char *expected_name,
const char *expected_domain,
const char *expected_realm)
{
struct cli_credentials *creds = NULL;
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
cli_credentials_parse_name(creds, full_name, CRED_SPECIFIED);
if (expected_name == NULL) {
assert_null(cli_credentials_get_username(creds));
} else {
assert_string_equal(cli_credentials_get_username(creds), expected_name);
}
if (expected_domain == NULL) {
assert_null(cli_credentials_get_domain(creds));
} else {
assert_string_equal(cli_credentials_get_domain(creds), expected_domain);
}
if (expected_realm == NULL) {
assert_null(cli_credentials_get_realm(creds));
} else {
assert_string_equal(cli_credentials_get_realm(creds), expected_realm);
}
TALLOC_FREE(creds);
}
static void torture_creds_parse_name(void **state)
{
TALLOC_CTX *mem_ctx = *state;
_parse_name_as_lookup_name(mem_ctx, "XXL\\",
"", "XXL", NULL);
_parse_name_as_lookup_name(mem_ctx, "XXL\\wurst",
"wurst", "XXL", NULL);
_parse_name_as_lookup_name(mem_ctx, "wurst@brot.realm",
"wurst", "", "BROT.REALM");
_parse_name_as_lookup_name(mem_ctx, "wur%t",
"wur%t", NULL, NULL);
_parse_name_as_lookup_name(mem_ctx, "wurst",
"wurst", NULL, NULL);
}
int main(int argc, char *argv[])
{
int rc;
const struct CMUnitTest tests[] = {
cmocka_unit_test(torture_creds_init),
cmocka_unit_test(torture_creds_init_anonymous),
cmocka_unit_test(torture_creds_guess),
cmocka_unit_test(torture_creds_anon_guess),
cmocka_unit_test(torture_creds_parse_string),
cmocka_unit_test(torture_creds_parse_name),
};
if (argc == 2) {
cmocka_set_test_filter(argv[1]);
}
cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
rc = cmocka_run_group_tests(tests,
setup_talloc_context,
teardown_talloc_context);
return rc;
}