Line data Source code
1 : /*
2 : * Unit tests for conditional ACE SDDL.
3 : *
4 : * Copyright (C) Catalyst.NET Ltd 2023
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : *
19 : */
20 :
21 : #include <stdarg.h>
22 : #include <stddef.h>
23 : #include <setjmp.h>
24 : #include "cmocka.h"
25 :
26 : #include "lib/util/attr.h"
27 : #include "includes.h"
28 : #include "librpc/gen_ndr/ndr_security.h"
29 : #include "libcli/security/security.h"
30 : #include "libcli/security/conditional_ace.h"
31 : #include "librpc/gen_ndr/conditional_ace.h"
32 : #include "libcli/security/claims-conversions.h"
33 : #include "librpc/gen_ndr/ndr_claims.h"
34 :
35 : #define debug_message(...) print_message(__VA_ARGS__)
36 :
37 : #define debug_fail(x, ...) print_message("\033[1;31m" x "\033[0m", __VA_ARGS__)
38 : #define debug_ok(x, ...) print_message("\033[1;32m" x "\033[0m", __VA_ARGS__)
39 :
40 : #define assert_ntstatus_equal(got, expected, comment) \
41 : do { NTSTATUS __got = got, __expected = expected; \
42 : if (!NT_STATUS_EQUAL(__got, __expected)) { \
43 : print_message(": "#got" was %s, expected %s: %s", \
44 : nt_errstr(__got), \
45 : nt_errstr(__expected), comment); \
46 : fail(); \
47 : } \
48 : } while(0)
49 :
50 :
51 :
52 6 : static DATA_BLOB datablob_from_file(TALLOC_CTX *mem_ctx,
53 : const char *filename)
54 : {
55 6 : DATA_BLOB b = {0};
56 6 : FILE *fh = fopen(filename, "rb");
57 6 : int ret;
58 6 : struct stat s;
59 6 : size_t len;
60 6 : if (fh == NULL) {
61 0 : debug_message("could not open '%s'\n", filename);
62 0 : return b;
63 : }
64 6 : ret = fstat(fileno(fh), &s);
65 6 : if (ret != 0) {
66 0 : fclose(fh);
67 0 : return b;
68 : }
69 6 : b.data = talloc_array(mem_ctx, uint8_t, s.st_size);
70 6 : if (b.data == NULL) {
71 0 : fclose(fh);
72 0 : return b;
73 : }
74 6 : len = fread(b.data, 1, s.st_size, fh);
75 6 : if (ferror(fh) || len != s.st_size) {
76 0 : TALLOC_FREE(b.data);
77 : } else {
78 : b.length = len;
79 : }
80 6 : fclose(fh);
81 6 : return b;
82 : }
83 :
84 :
85 6 : static void _test_one_ndr_dump(void **state, const char *name)
86 : {
87 6 : TALLOC_CTX *tmp_ctx = talloc_new(NULL);
88 6 : struct CLAIMS_SET claims_set;
89 6 : DATA_BLOB blob;
90 6 : NTSTATUS status;
91 6 : struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *out_claims = NULL;
92 6 : uint32_t out_n_claims = 0;
93 6 : enum ndr_err_code ndr_err;
94 6 : char filename[200];
95 6 : snprintf(filename, sizeof(filename),
96 : "libcli/security/tests/data/ndr_dumps/%s", name);
97 :
98 6 : blob = datablob_from_file(tmp_ctx, filename);
99 6 : ndr_err = ndr_pull_struct_blob(
100 : &blob, tmp_ctx, &claims_set,
101 : (ndr_pull_flags_fn_t)ndr_pull_CLAIMS_SET);
102 6 : assert_int_equal(ndr_err, NDR_ERR_SUCCESS);
103 :
104 6 : status = token_claims_to_claims_v1(tmp_ctx,
105 : &claims_set,
106 : &out_claims,
107 : &out_n_claims);
108 6 : assert_ntstatus_equal(status, NT_STATUS_OK, "sigh\n");
109 6 : }
110 :
111 :
112 :
113 1 : static void test_fileb5iJt4(void **state)
114 : {
115 1 : _test_one_ndr_dump(state, "fileb5iJt4");
116 1 : }
117 :
118 1 : static void test_fileb8cNVS(void **state)
119 : {
120 1 : _test_one_ndr_dump(state, "fileb8cNVS");
121 1 : }
122 :
123 1 : static void test_filebI7h5H(void **state)
124 : {
125 1 : _test_one_ndr_dump(state, "filebI7h5H");
126 1 : }
127 :
128 1 : static void test_filebNdBgt(void **state)
129 : {
130 1 : _test_one_ndr_dump(state, "filebNdBgt");
131 1 : }
132 :
133 1 : static void test_filebOjK4H(void **state)
134 : {
135 1 : _test_one_ndr_dump(state, "filebOjK4H");
136 1 : }
137 :
138 1 : static void test_filebzCPTH(void **state)
139 : {
140 1 : _test_one_ndr_dump(state, "filebzCPTH");
141 1 : }
142 :
143 :
144 :
145 :
146 1 : int main(_UNUSED_ int argc, _UNUSED_ const char **argv)
147 : {
148 1 : const struct CMUnitTest tests[] = {
149 : cmocka_unit_test(test_fileb5iJt4),
150 : cmocka_unit_test(test_fileb8cNVS),
151 : cmocka_unit_test(test_filebI7h5H),
152 : cmocka_unit_test(test_filebNdBgt),
153 : cmocka_unit_test(test_filebOjK4H),
154 : cmocka_unit_test(test_filebzCPTH),
155 : };
156 1 : if (isatty(1)) {
157 : /*
158 : * interactive testers can set debug level
159 : * -- just give it a number.
160 : */
161 0 : int debug_level = DBGLVL_WARNING;
162 0 : if (argc > 1) {
163 0 : debug_level = atoi(argv[1]);
164 : }
165 0 : debuglevel_set(debug_level);
166 :
167 : } else {
168 1 : cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
169 : }
170 1 : return cmocka_run_group_tests(tests, NULL, NULL);
171 : }
|
