From 84946be361a17bbb593f246849bd1357aa2f79da Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 20 Oct 2016 11:48:22 +0200 Subject: [PATCH 15/39] PAM: add a test for filter_responses() Reviewed-by: Jakub Hrozek (cherry picked from commit c8fe1d922b254aa92e74f428135ada3c8bde87a1) (cherry picked from commit 0157678081e299660105c753f2d2ac2081960bca) --- src/responder/pam/pamsrv.h | 3 +++ src/responder/pam/pamsrv_cmd.c | 4 ++-- src/tests/cmocka/test_pam_srv.c | 52 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 2 deletions(-) diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h index e686d03a4..8437d082e 100644 --- a/src/responder/pam/pamsrv.h +++ b/src/responder/pam/pamsrv.h @@ -99,4 +99,7 @@ errno_t pam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain, const char *username, uint64_t value); + +errno_t filter_responses(struct confdb_ctx *cdb, + struct response_data *resp_list); #endif /* __PAMSRV_H__ */ diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index e52fc7642..b3690d763 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -470,8 +470,8 @@ fail: return ret; } -static errno_t filter_responses(struct confdb_ctx *cdb, - struct response_data *resp_list) +errno_t filter_responses(struct confdb_ctx *cdb, + struct response_data *resp_list) { int ret; struct response_data *resp; diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index 4b2dea4be..41d177233 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -31,6 +31,7 @@ #include "responder/pam/pam_helpers.h" #include "sss_client/pam_message.h" #include "sss_client/sss_cli.h" +#include "confdb/confdb.h" #include "util/crypto/sss_crypto.h" #ifdef HAVE_NSS @@ -1759,6 +1760,54 @@ void test_pam_cert_auth(void **state) assert_int_equal(ret, EOK); } +void test_filter_response(void **state) +{ + int ret; + struct pam_data *pd; + uint8_t offline_auth_data[(sizeof(uint32_t) + sizeof(int64_t))]; + uint32_t info_type; + + struct sss_test_conf_param pam_params[] = { + { CONFDB_PAM_VERBOSITY, "1" }, + { NULL, NULL }, /* Sentinel */ + }; + + ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb); + assert_int_equal(ret, EOK); + + pd = talloc_zero(pam_test_ctx, struct pam_data); + assert_non_null(pd); + + info_type = SSS_PAM_USER_INFO_OFFLINE_AUTH; + memset(offline_auth_data, 0, sizeof(offline_auth_data)); + memcpy(offline_auth_data, &info_type, sizeof(uint32_t)); + ret = pam_add_response(pd, SSS_PAM_USER_INFO, + sizeof(offline_auth_data), offline_auth_data); + assert_int_equal(ret, EOK); + + ret = filter_responses(pam_test_ctx->rctx->cdb, pd->resp_list); + assert_int_equal(ret, EOK); + assert_true(pd->resp_list->do_not_send_to_client); + + pam_params[0].value = "0"; + ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb); + assert_int_equal(ret, EOK); + + ret = filter_responses(pam_test_ctx->rctx->cdb, pd->resp_list); + assert_int_equal(ret, EOK); + assert_true(pd->resp_list->do_not_send_to_client); + + /* SSS_PAM_USER_INFO_OFFLINE_AUTH message will only be shown with + * pam_verbosity 2 or above if cache password never expires. */ + pam_params[0].value = "2"; + ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb); + assert_int_equal(ret, EOK); + + ret = filter_responses(pam_test_ctx->rctx->cdb, pd->resp_list); + assert_int_equal(ret, EOK); + assert_false(pd->resp_list->do_not_send_to_client); +} + int main(int argc, const char *argv[]) { int rv; @@ -1870,6 +1919,9 @@ int main(int argc, const char *argv[]) pam_test_setup_no_verification, pam_test_teardown), #endif /* HAVE_NSS */ + + cmocka_unit_test_setup_teardown(test_filter_response, + pam_test_setup, pam_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ -- 2.11.0