Line data Source code
1 : /*
2 : * Unit tests for source4/auth/sam.c
3 : *
4 : * Copyright (C) Catalyst.NET Ltd 2021
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : *
19 : */
20 :
21 : /*
22 : * from cmocka.c:
23 : * These headers or their equivalents should be included prior to
24 : * including
25 : * this header file.
26 : *
27 : * #include <stdarg.h>
28 : * #include <stddef.h>
29 : * #include <setjmp.h>
30 : *
31 : * This allows test applications to use custom definitions of C standard
32 : * library functions and types.
33 : *
34 : */
35 :
36 : #include <time.h>
37 : #include <stdlib.h>
38 : #include <stdarg.h>
39 : #include <stddef.h>
40 : #include <setjmp.h>
41 : #include <stdint.h>
42 : #include <cmocka.h>
43 :
44 : #include "includes.h"
45 : #include "auth/sam.c"
46 : #include "ldb.h"
47 : #include "libcli/util/ntstatus.h"
48 : #include "librpc/gen_ndr/ndr_security.h"
49 :
50 : /*****************************************************************************
51 : * wrapped functions
52 : *
53 : *****************************************************************************/
54 : int __wrap_samdb_msg_add_int64(
55 : struct ldb_context *sam_ldb,
56 : TALLOC_CTX *mem_ctx,
57 : struct ldb_message *msg,
58 : const char *attr_name,
59 : int64_t v);
60 : int __real_samdb_msg_add_int64(
61 : struct ldb_context *sam_ldb,
62 : TALLOC_CTX *mem_ctx,
63 : struct ldb_message *msg,
64 : const char *attr_name,
65 : int64_t v);
66 15 : int __wrap_samdb_msg_add_int64(
67 : struct ldb_context *sam_ldb,
68 : TALLOC_CTX *mem_ctx,
69 : struct ldb_message *msg,
70 : const char *attr_name,
71 : int64_t v)
72 : {
73 :
74 15 : int ret;
75 15 : ret = (int)mock();
76 15 : if (ret != LDB_SUCCESS) {
77 : return ret;
78 : }
79 14 : return __real_samdb_msg_add_int64(sam_ldb, mem_ctx, msg, attr_name, v);
80 : }
81 : /*****************************************************************************
82 : * Mock implementations
83 : *****************************************************************************/
84 :
85 50 : static int check_dn(const LargestIntegralType left_value,
86 : const LargestIntegralType right_value)
87 : {
88 : /*
89 : * We have to cast away const so we can get the linearized form with
90 : * ldb_dn_get_extended_linearized().
91 : */
92 50 : struct ldb_dn *left_dn = (void *)left_value;
93 50 : struct ldb_dn *right_dn = (void *)right_value;
94 50 : char *left_dn_string = NULL;
95 50 : char *right_dn_string = NULL;
96 50 : bool ok;
97 :
98 50 : if (left_dn == NULL && right_dn == NULL) {
99 : return true;
100 : }
101 :
102 50 : if (left_dn != NULL) {
103 50 : left_dn_string = ldb_dn_get_extended_linearized(NULL, left_dn, 1);
104 50 : assert_non_null(left_dn_string);
105 : }
106 :
107 50 : if (right_dn != NULL) {
108 50 : right_dn_string = ldb_dn_get_extended_linearized(NULL, right_dn, 1);
109 50 : assert_non_null(right_dn_string);
110 : }
111 :
112 50 : if (left_dn_string == NULL || right_dn_string == NULL) {
113 0 : ok = false;
114 0 : print_error("\"%s\" != \"%s\"\n",
115 : left_dn_string != NULL ? left_dn_string : "<NULL>",
116 : right_dn_string != NULL ? right_dn_string : "<NULL>");
117 : } else {
118 50 : ok = (strcmp(left_dn_string, right_dn_string) == 0);
119 50 : if (!ok) {
120 0 : print_error("\"%s\" != \"%s\"\n",
121 : left_dn_string,
122 : right_dn_string);
123 : }
124 :
125 : }
126 :
127 50 : TALLOC_FREE(right_dn_string);
128 50 : TALLOC_FREE(left_dn_string);
129 :
130 50 : return ok;
131 : }
132 :
133 : int __wrap_dsdb_search_dn(struct ldb_context *ldb,
134 : TALLOC_CTX *mem_ctx,
135 : struct ldb_result **_result,
136 : struct ldb_dn *basedn,
137 : const char * const *attrs,
138 : uint32_t dsdb_flags);
139 50 : int __wrap_dsdb_search_dn(struct ldb_context *ldb,
140 : TALLOC_CTX *mem_ctx,
141 : struct ldb_result **_result,
142 : struct ldb_dn *basedn,
143 : const char * const *attrs,
144 : uint32_t dsdb_flags)
145 : {
146 50 : check_expected(basedn);
147 :
148 50 : *_result = talloc_steal(mem_ctx, mock_ptr_type(struct ldb_result *));
149 :
150 50 : return mock();
151 : }
152 :
153 : int ldb_transaction_start_ret = LDB_SUCCESS;
154 : bool in_transaction = false;
155 23 : int ldb_transaction_start(struct ldb_context *ldb) {
156 23 : assert_false(in_transaction);
157 23 : if (ldb_transaction_start_ret == LDB_SUCCESS) {
158 21 : in_transaction = true;
159 : }
160 23 : return ldb_transaction_start_ret;
161 : }
162 :
163 : int ldb_transaction_cancel_ret = LDB_SUCCESS;
164 : bool transaction_cancelled = false;
165 15 : int ldb_transaction_cancel(struct ldb_context *ldb) {
166 15 : assert_true(in_transaction);
167 15 : if (ldb_transaction_cancel_ret == LDB_SUCCESS) {
168 13 : in_transaction = false;
169 13 : transaction_cancelled = true;
170 : }
171 15 : return ldb_transaction_cancel_ret;
172 : }
173 :
174 : int ldb_transaction_commit_ret = LDB_SUCCESS;
175 : bool transaction_committed = false;
176 6 : int ldb_transaction_commit(struct ldb_context *ldb) {
177 6 : assert_true(in_transaction);
178 6 : if (ldb_transaction_commit_ret == LDB_SUCCESS) {
179 4 : in_transaction = false;
180 4 : transaction_committed = true;
181 : }
182 6 : return ldb_transaction_commit_ret;
183 : }
184 :
185 : NTSTATUS dsdb_update_bad_pwd_count_ret = NT_STATUS_OK;
186 : struct ldb_message *dsdb_update_bad_pwd_count_res = NULL;
187 8 : NTSTATUS dsdb_update_bad_pwd_count(TALLOC_CTX *mem_ctx,
188 : struct ldb_context *sam_ctx,
189 : struct ldb_message *user_msg,
190 : struct ldb_message *domain_msg,
191 : struct ldb_message *pso_msg,
192 : struct ldb_message **_mod_msg) {
193 :
194 8 : *_mod_msg = talloc_move(mem_ctx, &dsdb_update_bad_pwd_count_res);
195 8 : return dsdb_update_bad_pwd_count_ret;
196 : }
197 :
198 : int ldb_build_mod_req_ret = LDB_SUCCESS;
199 : struct ldb_request *ldb_build_mod_req_res = NULL;
200 11 : int ldb_build_mod_req(struct ldb_request **ret_req,
201 : struct ldb_context *ldb,
202 : TALLOC_CTX *mem_ctx,
203 : const struct ldb_message *message,
204 : struct ldb_control **controls,
205 : void *context,
206 : ldb_request_callback_t callback,
207 : struct ldb_request *parent)
208 : {
209 11 : *ret_req = talloc_move(mem_ctx, &ldb_build_mod_req_res);
210 11 : return ldb_build_mod_req_ret;
211 : }
212 :
213 : int ldb_request_add_control_ret = LDB_SUCCESS;
214 9 : int ldb_request_add_control(struct ldb_request *req,
215 : const char *oid,
216 : bool critical,
217 : void *data)
218 : {
219 9 : return ldb_request_add_control_ret;
220 : }
221 :
222 : int ldb_request_ret = LDB_SUCCESS;
223 7 : int ldb_request(struct ldb_context *ldb,
224 : struct ldb_request *req)
225 : {
226 7 : return ldb_request_ret;
227 : }
228 :
229 : int ldb_wait_ret = LDB_SUCCESS;
230 5 : int ldb_wait(struct ldb_handle *handle,
231 : enum ldb_wait_type type)
232 : {
233 5 : return ldb_wait_ret;
234 : }
235 : bool ldb_msg_new_fail = false;
236 60 : struct ldb_message *ldb_msg_new(TALLOC_CTX *mem_ctx)
237 : {
238 60 : if (ldb_msg_new_fail) {
239 : return NULL;
240 : } else {
241 59 : return talloc_zero(mem_ctx, struct ldb_message);
242 : }
243 : }
244 :
245 : int samdb_rodc_ret = LDB_SUCCESS;
246 : bool samdb_rodc_res = false;
247 :
248 12 : int samdb_rodc(
249 : struct ldb_context *sam_ctx,
250 : bool *am_rodc)
251 : {
252 :
253 12 : *am_rodc = samdb_rodc_res;
254 12 : return samdb_rodc_ret;
255 : }
256 :
257 : struct loadparm_context *ldb_get_opaque_ret = NULL;
258 26 : void *ldb_get_opaque(struct ldb_context *ldb, const char *name)
259 : {
260 26 : return ldb_get_opaque_ret;
261 : }
262 :
263 : struct db_context {};
264 : struct db_context *cluster_db_tmp_open_ret = NULL;
265 25 : struct db_context *cluster_db_tmp_open(
266 : TALLOC_CTX *mem_ctx,
267 : struct loadparm_context *lp_ctx,
268 : const char *dbbase,
269 : int flags)
270 : {
271 25 : return cluster_db_tmp_open_ret;
272 : }
273 :
274 : NTSTATUS dbwrap_store_ret = NT_STATUS_OK;
275 2 : NTSTATUS dbwrap_store(struct db_context *db, TDB_DATA key,
276 : TDB_DATA data, int flags)
277 : {
278 2 : return dbwrap_store_ret;
279 : }
280 : bool dbwrap_exists_ret = true;
281 :
282 12 : bool dbwrap_exists(struct db_context *db, TDB_DATA key)
283 : {
284 12 : return dbwrap_exists_ret;
285 : }
286 :
287 : NTSTATUS dbwrap_delete_ret = NT_STATUS_OK;
288 4 : NTSTATUS dbwrap_delete(struct db_context *db, TDB_DATA key)
289 : {
290 4 : return dbwrap_delete_ret;
291 : }
292 :
293 : /*
294 : * Set the globals used by the mocked functions to a known and consistent state
295 : *
296 : */
297 40 : static void init_mock_results(TALLOC_CTX *mem_ctx)
298 : {
299 40 : ldb_transaction_start_ret = LDB_SUCCESS;
300 40 : in_transaction = false;
301 :
302 40 : ldb_transaction_cancel_ret = LDB_SUCCESS;
303 40 : transaction_cancelled = false;
304 :
305 40 : ldb_transaction_commit_ret = LDB_SUCCESS;
306 40 : transaction_committed = false;
307 :
308 40 : dsdb_update_bad_pwd_count_ret = NT_STATUS_OK;
309 40 : dsdb_update_bad_pwd_count_res = NULL;
310 :
311 40 : ldb_build_mod_req_ret = LDB_SUCCESS;
312 40 : ldb_build_mod_req_res = NULL;
313 :
314 40 : ldb_request_add_control_ret = LDB_SUCCESS;
315 40 : ldb_request_ret = LDB_SUCCESS;
316 40 : ldb_wait_ret = LDB_SUCCESS;
317 :
318 40 : ldb_msg_new_fail = false;
319 :
320 40 : samdb_rodc_ret = LDB_SUCCESS;
321 40 : samdb_rodc_res = false;
322 :
323 40 : ldb_get_opaque_ret = loadparm_init(mem_ctx);
324 :
325 40 : cluster_db_tmp_open_ret = talloc_zero(mem_ctx, struct db_context);
326 :
327 40 : dbwrap_store_ret = NT_STATUS_OK;
328 :
329 40 : dbwrap_exists_ret = true;
330 :
331 40 : dbwrap_delete_ret = NT_STATUS_OK;
332 :
333 40 : }
334 :
335 : /*****************************************************************************
336 : * Unit test set up and tear down
337 : *****************************************************************************/
338 : struct context {
339 : };
340 :
341 40 : static int setup(void **state) {
342 40 : struct context *ctx = talloc_zero(NULL, struct context);
343 40 : init_mock_results(ctx);
344 :
345 40 : *state = ctx;
346 40 : return 0;
347 : }
348 :
349 40 : static int teardown(void **state) {
350 40 : struct context *ctx = *state;
351 40 : TALLOC_FREE(ctx);
352 40 : return 0;
353 : }
354 :
355 : /******************************************************************************
356 : * Helper functions
357 : ******************************************************************************/
358 :
359 : /*
360 : * Build the "Original" user details record, i.e. the user being
361 : * authenticated
362 : */
363 51 : static struct ldb_message *create_message(TALLOC_CTX *ctx)
364 : {
365 :
366 51 : int ret;
367 51 : struct timeval tv_now = timeval_current();
368 51 : NTTIME now = timeval_to_nttime(&tv_now);
369 :
370 51 : struct ldb_message *msg = ldb_msg_new(ctx);
371 :
372 51 : assert_non_null(msg);
373 51 : ret = samdb_msg_add_int(ctx, msg, msg, "badPwdCount", 10);
374 51 : assert_int_equal(LDB_SUCCESS, ret);
375 51 : ret = __real_samdb_msg_add_int64(ctx, msg, msg, "badPasswordTime", now);
376 51 : assert_int_equal(LDB_SUCCESS, ret);
377 51 : ret = __real_samdb_msg_add_int64(ctx, msg, msg, "lockoutTime", now);
378 51 : assert_int_equal(LDB_SUCCESS, ret);
379 51 : return msg;
380 : }
381 :
382 : /*
383 : * Add a binary objectSID from string form to the supplied message
384 : *
385 : *
386 : */
387 48 : static void add_sid(
388 : struct ldb_message *msg,
389 : const char *sid_str)
390 : {
391 48 : struct ldb_val v;
392 48 : enum ndr_err_code ndr_err;
393 48 : struct dom_sid *sid = NULL;
394 :
395 48 : sid = talloc_zero(msg, struct dom_sid);
396 48 : assert_non_null(sid);
397 48 : assert_true(string_to_sid(sid, sid_str));
398 48 : ndr_err = ndr_push_struct_blob(
399 : &v, msg, sid, (ndr_push_flags_fn_t)ndr_push_dom_sid);
400 48 : assert_true(NDR_ERR_CODE_IS_SUCCESS(ndr_err));
401 48 : assert_int_equal(0, ldb_msg_add_value(msg, "objectSID", &v, NULL));
402 48 : }
403 :
404 : /*
405 : * Build an ldb_result, for the re-reading of a user record
406 : *
407 : * if account_control < 0 then the msDS-User-Account-Control-Computed
408 : * element is not included
409 : * otherwise it is set to the value passed in account_control.
410 : *
411 : */
412 21 : static struct ldb_result *build_reread_result(
413 : struct ldb_context *ldb,
414 : TALLOC_CTX *ctx,
415 : int account_control)
416 : {
417 21 : struct ldb_message *msg = NULL;
418 21 : int ret;
419 :
420 21 : struct ldb_result *res = talloc_zero(ctx, struct ldb_result);
421 :
422 21 : assert_non_null(res);
423 21 : res->count = 1;
424 21 : res->msgs = talloc_array(res, struct ldb_message *, 1);
425 :
426 21 : msg = create_message(res);
427 21 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
428 21 : if (account_control >= 0) {
429 20 : ret = samdb_msg_add_int(
430 : ldb,
431 : msg,
432 : msg,
433 : "msDS-User-Account-Control-Computed",
434 : account_control);
435 20 : assert_int_equal(LDB_SUCCESS, ret);
436 : }
437 :
438 21 : res->msgs[0] = msg;
439 21 : return res;
440 : }
441 :
442 : /*
443 : * Build a mock domain pso ldb_result
444 : */
445 23 : static struct ldb_result *build_domain_pso_result(
446 : struct ldb_context *ldb,
447 : TALLOC_CTX *ctx)
448 : {
449 23 : struct ldb_message *msg = NULL;
450 23 : struct ldb_result *res = talloc_zero(ctx, struct ldb_result);
451 :
452 23 : assert_non_null(res);
453 23 : res->count = 1;
454 23 : res->msgs = talloc_array(res, struct ldb_message *, 1);
455 23 : assert_non_null(res->msgs);
456 23 : msg = talloc_zero(res, struct ldb_message);
457 23 : assert_non_null(msg);
458 23 : res->msgs[0] = msg;
459 23 : return res;
460 : }
461 :
462 : /*****************************************************************************
463 : * authsam_reread_user_logon_data unit tests
464 : *****************************************************************************/
465 : /*
466 : * authsam_reread_user_logon_data unable to re-read the user record.
467 : *
468 : */
469 1 : static void test_reread_read_failure(void **state) {
470 1 : struct ldb_context *ldb = NULL;
471 1 : struct ldb_message *msg = NULL;
472 1 : struct ldb_message *cur = NULL;
473 1 : TALLOC_CTX *ctx = NULL;
474 1 : size_t before = 0;
475 1 : size_t after = 0;
476 1 : NTSTATUS status;
477 :
478 1 : ctx = talloc_new(*state);
479 1 : assert_non_null(ctx);
480 :
481 1 : ldb = ldb_init(ctx, NULL);
482 1 : assert_non_null(ldb);
483 :
484 1 : msg = create_message(ctx);
485 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
486 :
487 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
488 1 : assert_non_null(msg->dn);
489 :
490 1 : before = talloc_total_size(ctx);
491 :
492 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
493 1 : will_return(__wrap_dsdb_search_dn, NULL);
494 1 : will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
495 :
496 1 : status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
497 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
498 :
499 : /*
500 : * Check that all allocated memory was freed
501 : */
502 1 : after = talloc_total_size(ctx);
503 1 : assert_int_equal(before, after);
504 :
505 : /*
506 : * Clean up
507 : */
508 1 : TALLOC_FREE(ctx);
509 1 : }
510 :
511 : /*
512 : * authsam_reread_user_logon_data account control flags missing from
513 : * re-read data
514 : *
515 : */
516 1 : static void test_reread_missing_account_control(void **state) {
517 1 : struct ldb_context *ldb = NULL;
518 1 : struct ldb_message *msg = NULL;
519 1 : struct ldb_message *cur = NULL;
520 1 : TALLOC_CTX *ctx = NULL;
521 1 : size_t before = 0;
522 1 : size_t after = 0;
523 1 : NTSTATUS status;
524 :
525 1 : ctx = talloc_new(*state);
526 1 : assert_non_null(ctx);
527 :
528 1 : ldb = ldb_init(ctx, NULL);
529 1 : assert_non_null(ldb);
530 :
531 1 : msg = create_message(ctx);
532 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
533 :
534 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
535 1 : assert_non_null(msg->dn);
536 :
537 1 : before = talloc_total_size(ctx);
538 :
539 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
540 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, -1));
541 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
542 :
543 1 : status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
544 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
545 :
546 : /*
547 : * Check that all allocated memory was freed
548 : */
549 1 : after = talloc_total_size(ctx);
550 1 : assert_int_equal(before, after);
551 :
552 : /*
553 : * Clean up
554 : */
555 1 : TALLOC_FREE(ctx);
556 1 : }
557 :
558 : /*
559 : * authsam_reread_user_logon_data account locked
560 : * re-read data
561 : *
562 : */
563 1 : static void test_reread_account_locked(void **state) {
564 1 : struct ldb_context *ldb = NULL;
565 1 : struct ldb_message *msg = NULL;
566 1 : struct ldb_message *cur = NULL;
567 1 : TALLOC_CTX *ctx = NULL;
568 1 : size_t before = 0;
569 1 : size_t after = 0;
570 1 : NTSTATUS status;
571 :
572 1 : ctx = talloc_new(*state);
573 1 : assert_non_null(ctx);
574 :
575 1 : ldb = ldb_init(ctx, NULL);
576 1 : assert_non_null(ldb);
577 :
578 1 : msg = create_message(ctx);
579 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
580 :
581 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
582 1 : assert_non_null(msg->dn);
583 :
584 1 : before = talloc_total_size(ctx);
585 :
586 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
587 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, UF_LOCKOUT));
588 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
589 :
590 1 : status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
591 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT));
592 :
593 : /*
594 : * Check that all allocated memory was freed
595 : */
596 1 : after = talloc_total_size(ctx);
597 1 : assert_int_equal(before, after);
598 :
599 : /*
600 : * Clean up
601 : */
602 1 : TALLOC_FREE(ctx);
603 1 : }
604 :
605 : /*
606 : * authsam_reread_user_logon_data account is not locked
607 : * re-read data
608 : *
609 : */
610 1 : static void test_reread_account_not_locked(void **state) {
611 1 : struct ldb_context *ldb = NULL;
612 1 : struct ldb_message *msg = NULL;
613 1 : struct ldb_message *cur = NULL;
614 1 : TALLOC_CTX *ctx = NULL;
615 1 : size_t before = 0;
616 1 : size_t after = 0;
617 1 : size_t result_size = 0;
618 1 : NTSTATUS status;
619 1 : struct ldb_result *res = NULL;
620 :
621 1 : ctx = talloc_new(*state);
622 1 : assert_non_null(ctx);
623 :
624 1 : ldb = ldb_init(ctx, NULL);
625 1 : assert_non_null(ldb);
626 :
627 1 : msg = create_message(ctx);
628 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
629 :
630 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
631 1 : assert_non_null(msg->dn);
632 :
633 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
634 : /*
635 : * authsam_reread_user_logon_data returns the ldb_message portion
636 : * of the ldb_result created by build_reread_result.
637 : * So the tests for memory leaks will need to adjust for that
638 : */
639 1 : res = build_reread_result(ldb, ctx, 0);
640 1 : will_return(__wrap_dsdb_search_dn, res);
641 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
642 :
643 1 : result_size = talloc_total_size(res) -
644 1 : talloc_total_size(res->msgs[0]);
645 1 : before = talloc_total_size(ctx) - result_size;
646 :
647 1 : status = authsam_reread_user_logon_data(ldb, ctx, msg, &cur);
648 1 : assert_true(NT_STATUS_IS_OK(status));
649 :
650 : /*
651 : * Check that all allocated memory was freed
652 : */
653 1 : after = talloc_total_size(ctx);
654 1 : assert_int_equal(before, after);
655 :
656 : /*
657 : * Clean up
658 : */
659 1 : TALLOC_FREE(ctx);
660 1 : }
661 :
662 :
663 : /*****************************************************************************
664 : * authsam_update_bad_pwd_count unit tests
665 : *****************************************************************************/
666 :
667 : /*
668 : * authsam_update_bad_pwd_account
669 : *
670 : * Unable to read the domain_dn record
671 : *
672 : */
673 1 : static void test_update_bad_domain_dn_search_failed(void **state) {
674 1 : struct ldb_context *ldb = NULL;
675 1 : struct ldb_message *msg = NULL;
676 1 : struct ldb_dn *domain_dn = NULL;
677 1 : TALLOC_CTX *ctx = NULL;
678 1 : size_t before = 0;
679 1 : size_t after = 0;
680 1 : NTSTATUS status;
681 :
682 1 : ctx = talloc_new(*state);
683 1 : assert_non_null(ctx);
684 :
685 1 : ldb = ldb_init(ctx, NULL);
686 1 : assert_non_null(ldb);
687 :
688 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
689 1 : assert_non_null(domain_dn);
690 :
691 1 : msg = talloc_zero(ctx, struct ldb_message);
692 1 : assert_non_null(msg);
693 :
694 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
695 1 : assert_non_null(msg->dn);
696 :
697 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
698 1 : will_return(__wrap_dsdb_search_dn, NULL);
699 1 : will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
700 :
701 1 : before = talloc_total_size(ctx);
702 :
703 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
704 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_DB_CORRUPTION));
705 :
706 : /*
707 : * Check that all allocated memory was freed
708 : */
709 1 : after = talloc_total_size(ctx);
710 1 : assert_int_equal(before, after);
711 :
712 : /*
713 : * Clean up
714 : */
715 1 : TALLOC_FREE(ctx);
716 1 : }
717 :
718 : /*
719 : * authsam_update_bad_pwd_account
720 : *
721 : * authsam_get_user_pso failure
722 : *
723 : */
724 1 : static void test_update_bad_get_pso_failed(void **state) {
725 1 : struct ldb_context *ldb = NULL;
726 1 : struct ldb_message *msg = NULL;
727 1 : struct ldb_dn *domain_dn = NULL;
728 1 : struct ldb_dn *pso_dn = NULL;
729 1 : const char *pso_dn_str = "CN=PSO";
730 1 : TALLOC_CTX *ctx = NULL;
731 1 : size_t before = 0;
732 1 : size_t after = 0;
733 1 : NTSTATUS status;
734 1 : int ret;
735 :
736 1 : ctx = talloc_new(*state);
737 1 : assert_non_null(ctx);
738 :
739 1 : ldb = ldb_init(ctx, NULL);
740 1 : assert_non_null(ldb);
741 :
742 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
743 1 : assert_non_null(domain_dn);
744 :
745 1 : pso_dn = ldb_dn_new(ctx, ldb, pso_dn_str);
746 1 : assert_non_null(pso_dn);
747 :
748 1 : msg = talloc_zero(ctx, struct ldb_message);
749 1 : assert_non_null(msg);
750 1 : ret = ldb_msg_add_string(msg, "msDS-ResultantPSO", pso_dn_str);
751 1 : assert_int_equal(LDB_SUCCESS, ret);
752 :
753 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
754 1 : assert_non_null(msg->dn);
755 :
756 1 : before = talloc_total_size(ctx);
757 :
758 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
759 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
760 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
761 :
762 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, pso_dn);
763 1 : will_return(__wrap_dsdb_search_dn, NULL);
764 1 : will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
765 :
766 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
767 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
768 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
769 :
770 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
771 1 : assert_true(NT_STATUS_IS_OK(status));
772 :
773 : /*
774 : * Check that all allocated memory was freed
775 : */
776 1 : after = talloc_total_size(ctx);
777 1 : assert_int_equal(before, after);
778 :
779 : /*
780 : * Clean up
781 : */
782 1 : TALLOC_FREE(ctx);
783 1 : }
784 :
785 :
786 : /*
787 : * authsam_update_bad_pwd_account
788 : *
789 : * start_transaction failure
790 : *
791 : */
792 1 : static void test_update_bad_start_txn_failed(void **state) {
793 1 : struct ldb_context *ldb = NULL;
794 1 : struct ldb_message *msg = NULL;
795 1 : struct ldb_dn *domain_dn = NULL;
796 1 : TALLOC_CTX *ctx = NULL;
797 1 : size_t before = 0;
798 1 : size_t after = 0;
799 1 : NTSTATUS status;
800 :
801 1 : ctx = talloc_new(*state);
802 1 : assert_non_null(ctx);
803 :
804 1 : ldb = ldb_init(ctx, NULL);
805 1 : assert_non_null(ldb);
806 :
807 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
808 1 : assert_non_null(domain_dn);
809 :
810 1 : msg = talloc_zero(ctx, struct ldb_message);
811 1 : assert_non_null(msg);
812 :
813 1 : before = talloc_total_size(ctx);
814 :
815 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
816 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
817 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
818 :
819 1 : ldb_transaction_start_ret = LDB_ERR_OPERATIONS_ERROR;
820 :
821 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
822 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
823 :
824 : /*
825 : * Check that all allocated memory was freed
826 : */
827 1 : after = talloc_total_size(ctx);
828 1 : assert_int_equal(before, after);
829 :
830 : /*
831 : * Clean up
832 : */
833 1 : TALLOC_FREE(ctx);
834 1 : }
835 :
836 : /*
837 : * authsam_update_bad_pwd_account
838 : *
839 : * User details re-read failed
840 : *
841 : */
842 1 : static void test_update_bad_reread_failed(void **state) {
843 1 : struct ldb_context *ldb = NULL;
844 1 : struct ldb_message *msg = NULL;
845 1 : struct ldb_dn *domain_dn = NULL;
846 1 : TALLOC_CTX *ctx = NULL;
847 1 : size_t before = 0;
848 1 : size_t after = 0;
849 1 : NTSTATUS status;
850 :
851 1 : ctx = talloc_new(*state);
852 1 : assert_non_null(ctx);
853 :
854 1 : ldb = ldb_init(ctx, NULL);
855 1 : assert_non_null(ldb);
856 :
857 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
858 1 : assert_non_null(domain_dn);
859 :
860 1 : msg = talloc_zero(ctx, struct ldb_message);
861 1 : assert_non_null(msg);
862 :
863 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
864 1 : assert_non_null(msg->dn);
865 :
866 1 : before = talloc_total_size(ctx);
867 :
868 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
869 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
870 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
871 :
872 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
873 1 : will_return(__wrap_dsdb_search_dn, NULL);
874 1 : will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
875 :
876 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
877 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
878 1 : assert_true(transaction_cancelled);
879 :
880 : /*
881 : * Check that all allocated memory was freed
882 : */
883 1 : after = talloc_total_size(ctx);
884 1 : assert_int_equal(before, after);
885 :
886 : /*
887 : * Clean up
888 : */
889 1 : TALLOC_FREE(ctx);
890 1 : }
891 :
892 : /*
893 : * authsam_update_bad_pwd_account
894 : *
895 : * User details re-read reported locked out.
896 : *
897 : */
898 1 : static void test_update_bad_reread_locked_out(void **state) {
899 1 : struct ldb_context *ldb = NULL;
900 1 : struct ldb_message *msg = NULL;
901 1 : struct ldb_dn *domain_dn = NULL;
902 1 : TALLOC_CTX *ctx = NULL;
903 1 : size_t before = 0;
904 1 : size_t after = 0;
905 1 : NTSTATUS status;
906 :
907 1 : ctx = talloc_new(*state);
908 1 : assert_non_null(ctx);
909 :
910 1 : ldb = ldb_init(ctx, NULL);
911 1 : assert_non_null(ldb);
912 :
913 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
914 1 : assert_non_null(domain_dn);
915 :
916 1 : msg = create_message(ctx);
917 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
918 :
919 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
920 1 : assert_non_null(msg->dn);
921 :
922 1 : before = talloc_total_size(ctx);
923 :
924 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
925 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
926 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
927 :
928 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
929 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, UF_LOCKOUT));
930 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
931 :
932 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
933 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_LOCKED_OUT));
934 1 : assert_false(transaction_cancelled);
935 1 : assert_true(transaction_committed);
936 :
937 : /*
938 : * Check that all allocated memory was freed
939 : */
940 1 : after = talloc_total_size(ctx);
941 1 : assert_int_equal(before, after);
942 :
943 : /*
944 : * Clean up
945 : */
946 1 : TALLOC_FREE(ctx);
947 1 : }
948 :
949 : /*
950 : * authsam_update_bad_pwd_account
951 : *
952 : * Transaction cancel failure
953 : */
954 1 : static void test_update_bad_txn_cancel_failed(void **state) {
955 1 : struct ldb_context *ldb = NULL;
956 1 : struct ldb_message *msg = NULL;
957 1 : struct ldb_dn *domain_dn = NULL;
958 1 : TALLOC_CTX *ctx = NULL;
959 1 : size_t before = 0;
960 1 : size_t after = 0;
961 1 : NTSTATUS status;
962 :
963 1 : ctx = talloc_new(*state);
964 1 : assert_non_null(ctx);
965 :
966 1 : ldb = ldb_init(ctx, NULL);
967 1 : assert_non_null(ldb);
968 :
969 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
970 1 : assert_non_null(domain_dn);
971 :
972 1 : msg = talloc_zero(ctx, struct ldb_message);
973 1 : assert_non_null(msg);
974 :
975 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
976 1 : assert_non_null(msg->dn);
977 :
978 1 : before = talloc_total_size(ctx);
979 :
980 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
981 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
982 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
983 :
984 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
985 1 : will_return(__wrap_dsdb_search_dn, NULL);
986 1 : will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
987 :
988 1 : ldb_transaction_cancel_ret = LDB_ERR_OPERATIONS_ERROR;
989 :
990 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
991 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
992 1 : assert_true(in_transaction);
993 1 : assert_false(transaction_cancelled);
994 1 : assert_false(transaction_committed);
995 :
996 : /*
997 : * Check that all allocated memory was freed
998 : */
999 1 : after = talloc_total_size(ctx);
1000 1 : assert_int_equal(before, after);
1001 :
1002 : /*
1003 : * Clean up
1004 : */
1005 1 : TALLOC_FREE(ctx);
1006 1 : }
1007 :
1008 : /*
1009 : * The following tests all expect the same setup, that is a normal
1010 : * good user object and empty domain object.
1011 : *
1012 : * returns the talloc size after result array setup for leak tests
1013 : */
1014 7 : static size_t setup_bad_password_search_results(TALLOC_CTX *ctx,
1015 : struct ldb_context *ldb,
1016 : struct ldb_dn *domain_dn,
1017 : struct ldb_dn *user_dn)
1018 : {
1019 7 : size_t before = 0;
1020 :
1021 7 : before = talloc_total_size(ctx);
1022 :
1023 7 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1024 7 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1025 7 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1026 :
1027 7 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, user_dn);
1028 7 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1029 7 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1030 :
1031 7 : return before;
1032 : }
1033 :
1034 :
1035 : /*
1036 : * authsam_update_bad_pwd_account
1037 : *
1038 : * dsdb_update_bad_pwd_count failure
1039 : *
1040 : */
1041 1 : static void test_update_bad_update_count_failed(void **state) {
1042 1 : struct ldb_context *ldb = NULL;
1043 1 : struct ldb_message *msg = NULL;
1044 1 : struct ldb_dn *domain_dn = NULL;
1045 1 : TALLOC_CTX *ctx = NULL;
1046 1 : size_t before = 0;
1047 1 : size_t after = 0;
1048 1 : NTSTATUS status;
1049 :
1050 1 : ctx = talloc_new(*state);
1051 1 : assert_non_null(ctx);
1052 :
1053 1 : ldb = ldb_init(ctx, NULL);
1054 1 : assert_non_null(ldb);
1055 :
1056 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1057 1 : assert_non_null(domain_dn);
1058 :
1059 1 : msg = create_message(ctx);
1060 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1061 :
1062 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1063 1 : assert_non_null(msg->dn);
1064 :
1065 1 : before = setup_bad_password_search_results(ctx, ldb,
1066 : domain_dn,
1067 : msg->dn);
1068 :
1069 1 : dsdb_update_bad_pwd_count_ret = NT_STATUS_INTERNAL_ERROR;
1070 :
1071 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
1072 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1073 1 : assert_true(transaction_cancelled);
1074 :
1075 : /*
1076 : * Check that all allocated memory was freed
1077 : */
1078 1 : after = talloc_total_size(ctx);
1079 1 : assert_int_equal(before, after);
1080 :
1081 : /*
1082 : * Clean up
1083 : */
1084 1 : TALLOC_FREE(ctx);
1085 1 : }
1086 :
1087 : /*
1088 : * authsam_update_bad_pwd_account
1089 : *
1090 : * No need to update the bad password stats
1091 : *
1092 : */
1093 1 : static void test_update_bad_no_update_required(void **state) {
1094 1 : struct ldb_context *ldb = NULL;
1095 1 : struct ldb_message *msg = NULL;
1096 1 : struct ldb_dn *domain_dn = NULL;
1097 1 : TALLOC_CTX *ctx = NULL;
1098 1 : size_t before = 0;
1099 1 : size_t after = 0;
1100 1 : NTSTATUS status;
1101 :
1102 1 : ctx = talloc_new(*state);
1103 1 : assert_non_null(ctx);
1104 :
1105 1 : ldb = ldb_init(ctx, NULL);
1106 1 : assert_non_null(ldb);
1107 :
1108 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1109 1 : assert_non_null(domain_dn);
1110 :
1111 1 : msg = create_message(ctx);
1112 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1113 :
1114 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1115 1 : assert_non_null(msg->dn);
1116 :
1117 1 : before = setup_bad_password_search_results(ctx, ldb,
1118 : domain_dn,
1119 : msg->dn);
1120 :
1121 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
1122 1 : assert_true(NT_STATUS_IS_OK(status));
1123 1 : assert_true(transaction_committed);
1124 :
1125 : /*
1126 : * Check that all allocated memory was freed
1127 : */
1128 1 : after = talloc_total_size(ctx);
1129 1 : assert_int_equal(before, after);
1130 :
1131 : /*
1132 : * Clean up
1133 : */
1134 1 : TALLOC_FREE(ctx);
1135 1 : }
1136 :
1137 : /*
1138 : * authsam_update_bad_pwd_account
1139 : *
1140 : * Transaction commit failure
1141 : *
1142 : */
1143 1 : static void test_update_bad_commit_failed(void **state) {
1144 1 : struct ldb_context *ldb = NULL;
1145 1 : struct ldb_message *msg = NULL;
1146 1 : struct ldb_dn *domain_dn = NULL;
1147 1 : TALLOC_CTX *ctx = NULL;
1148 1 : size_t before = 0;
1149 1 : size_t after = 0;
1150 1 : NTSTATUS status;
1151 :
1152 1 : ctx = talloc_new(*state);
1153 1 : assert_non_null(ctx);
1154 :
1155 1 : ldb = ldb_init(ctx, NULL);
1156 1 : assert_non_null(ldb);
1157 :
1158 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1159 1 : assert_non_null(domain_dn);
1160 :
1161 1 : msg = create_message(ctx);
1162 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1163 :
1164 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1165 1 : assert_non_null(msg->dn);
1166 :
1167 1 : before = setup_bad_password_search_results(ctx, ldb,
1168 : domain_dn,
1169 : msg->dn);
1170 :
1171 1 : ldb_transaction_commit_ret = LDB_ERR_OPERATIONS_ERROR;
1172 :
1173 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
1174 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1175 1 : assert_true(in_transaction);
1176 1 : assert_false(transaction_cancelled);
1177 1 : assert_false(transaction_committed);
1178 :
1179 : /*
1180 : * Check that all allocated memory was freed
1181 : */
1182 1 : after = talloc_total_size(ctx);
1183 1 : assert_int_equal(before, after);
1184 :
1185 : /*
1186 : * Clean up
1187 : */
1188 1 : TALLOC_FREE(ctx);
1189 1 : }
1190 :
1191 : /*
1192 : * authsam_update_bad_pwd_account
1193 : *
1194 : * ldb_build_mod_req failed building the user update details
1195 : *
1196 : */
1197 1 : static void test_update_bad_build_mod_request_failed(void **state) {
1198 1 : struct ldb_context *ldb = NULL;
1199 1 : struct ldb_message *msg = NULL;
1200 1 : struct ldb_dn *domain_dn = NULL;
1201 1 : TALLOC_CTX *ctx = NULL;
1202 1 : size_t before = 0;
1203 1 : size_t after = 0;
1204 1 : NTSTATUS status;
1205 :
1206 1 : ctx = talloc_new(*state);
1207 1 : assert_non_null(ctx);
1208 :
1209 1 : ldb = ldb_init(ctx, NULL);
1210 1 : assert_non_null(ldb);
1211 :
1212 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1213 1 : assert_non_null(domain_dn);
1214 :
1215 1 : msg = create_message(ctx);
1216 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1217 :
1218 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1219 1 : assert_non_null(msg->dn);
1220 :
1221 1 : before = setup_bad_password_search_results(ctx, ldb,
1222 : domain_dn,
1223 : msg->dn);
1224 :
1225 1 : dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
1226 1 : ldb_build_mod_req_ret = LDB_ERR_OPERATIONS_ERROR;
1227 :
1228 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
1229 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1230 1 : assert_true(transaction_cancelled);
1231 :
1232 : /*
1233 : * Check that all allocated memory was freed
1234 : */
1235 1 : after = talloc_total_size(ctx);
1236 1 : assert_int_equal(before, after);
1237 :
1238 : /*
1239 : * Clean up
1240 : */
1241 1 : TALLOC_FREE(ctx);
1242 1 : }
1243 :
1244 : /*
1245 : * authsam_update_bad_pwd_account
1246 : *
1247 : * ldb_request_add_control failed to add DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE
1248 : * to the user update record.
1249 : *
1250 : */
1251 1 : static void test_update_bad_add_control_failed(void **state) {
1252 1 : struct ldb_context *ldb = NULL;
1253 1 : struct ldb_message *msg = NULL;
1254 1 : struct ldb_dn *domain_dn = NULL;
1255 1 : TALLOC_CTX *ctx = NULL;
1256 1 : size_t before = 0;
1257 1 : size_t after = 0;
1258 1 : NTSTATUS status;
1259 :
1260 1 : ctx = talloc_new(*state);
1261 1 : assert_non_null(ctx);
1262 :
1263 1 : ldb = ldb_init(ctx, NULL);
1264 1 : assert_non_null(ldb);
1265 :
1266 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1267 1 : assert_non_null(domain_dn);
1268 :
1269 1 : msg = create_message(ctx);
1270 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1271 :
1272 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1273 1 : assert_non_null(msg->dn);
1274 :
1275 1 : before = setup_bad_password_search_results(ctx, ldb,
1276 : domain_dn,
1277 : msg->dn);
1278 :
1279 1 : dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
1280 1 : ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
1281 1 : ldb_request_add_control_ret = LDB_ERR_OPERATIONS_ERROR;
1282 :
1283 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
1284 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1285 1 : assert_true(transaction_cancelled);
1286 :
1287 : /*
1288 : * Check that all allocated memory was freed
1289 : */
1290 1 : after = talloc_total_size(ctx);
1291 1 : assert_int_equal(before, after);
1292 :
1293 : /*
1294 : * Clean up
1295 : */
1296 1 : TALLOC_FREE(ctx);
1297 1 : }
1298 :
1299 : /*
1300 : * authsam_update_bad_pwd_account
1301 : *
1302 : * call to ldb_request failed
1303 : *
1304 : */
1305 1 : static void test_update_bad_ldb_request_failed(void **state) {
1306 1 : struct ldb_context *ldb = NULL;
1307 1 : struct ldb_message *msg = NULL;
1308 1 : struct ldb_dn *domain_dn = NULL;
1309 1 : TALLOC_CTX *ctx = NULL;
1310 1 : size_t before = 0;
1311 1 : size_t after = 0;
1312 1 : NTSTATUS status;
1313 :
1314 1 : ctx = talloc_new(*state);
1315 1 : assert_non_null(ctx);
1316 :
1317 1 : ldb = ldb_init(ctx, NULL);
1318 1 : assert_non_null(ldb);
1319 :
1320 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1321 1 : assert_non_null(domain_dn);
1322 :
1323 1 : msg = create_message(ctx);
1324 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1325 :
1326 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1327 1 : assert_non_null(msg->dn);
1328 :
1329 1 : before = setup_bad_password_search_results(ctx, ldb,
1330 : domain_dn,
1331 : msg->dn);
1332 :
1333 1 : dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
1334 1 : ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
1335 1 : ldb_request_ret = LDB_ERR_OPERATIONS_ERROR;
1336 :
1337 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
1338 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1339 1 : assert_true(transaction_cancelled);
1340 :
1341 : /*
1342 : * Check that all allocated memory was freed
1343 : */
1344 1 : after = talloc_total_size(ctx);
1345 1 : assert_int_equal(before, after);
1346 :
1347 : /*
1348 : * Clean up
1349 : */
1350 1 : TALLOC_FREE(ctx);
1351 1 : }
1352 :
1353 : /*
1354 : * authsam_update_bad_pwd_account
1355 : *
1356 : * call to ldb_wait failed
1357 : *
1358 : */
1359 1 : static void test_update_bad_ldb_wait_failed(void **state) {
1360 1 : struct ldb_context *ldb = NULL;
1361 1 : struct ldb_message *msg = NULL;
1362 1 : struct ldb_dn *domain_dn = NULL;
1363 1 : TALLOC_CTX *ctx = NULL;
1364 1 : size_t before = 0;
1365 1 : size_t after = 0;
1366 1 : NTSTATUS status;
1367 :
1368 1 : ctx = talloc_new(*state);
1369 1 : assert_non_null(ctx);
1370 :
1371 1 : ldb = ldb_init(ctx, NULL);
1372 1 : assert_non_null(ldb);
1373 :
1374 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1375 1 : assert_non_null(domain_dn);
1376 :
1377 1 : msg = create_message(ctx);
1378 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1379 :
1380 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1381 1 : assert_non_null(msg->dn);
1382 :
1383 1 : before = setup_bad_password_search_results(ctx, ldb,
1384 : domain_dn,
1385 : msg->dn);
1386 :
1387 1 : dsdb_update_bad_pwd_count_res = talloc_zero(ctx, struct ldb_message);
1388 1 : ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
1389 1 : ldb_wait_ret = LDB_ERR_OPERATIONS_ERROR;
1390 :
1391 1 : status = authsam_update_bad_pwd_count(ldb, msg, domain_dn);
1392 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1393 1 : assert_true(transaction_cancelled);
1394 :
1395 : /*
1396 : * Check that all allocated memory was freed
1397 : */
1398 1 : after = talloc_total_size(ctx);
1399 1 : assert_int_equal(before, after);
1400 :
1401 : /*
1402 : * Clean up
1403 : */
1404 1 : TALLOC_FREE(ctx);
1405 1 : }
1406 :
1407 : /*****************************************************************************
1408 : * authsam_logon_success_accounting unit tests
1409 : *****************************************************************************/
1410 : /*
1411 : * authsam_logon_success_accounting
1412 : *
1413 : * start_transaction failure
1414 : *
1415 : */
1416 1 : static void test_success_accounting_start_txn_failed(void **state) {
1417 1 : struct ldb_context *ldb = NULL;
1418 1 : struct ldb_message *msg = NULL;
1419 1 : struct ldb_dn *domain_dn = NULL;
1420 1 : TALLOC_CTX *ctx = NULL;
1421 1 : size_t before = 0;
1422 1 : size_t after = 0;
1423 1 : NTSTATUS status;
1424 :
1425 1 : ctx = talloc_new(*state);
1426 1 : assert_non_null(ctx);
1427 :
1428 1 : ldb = ldb_init(ctx, NULL);
1429 1 : assert_non_null(ldb);
1430 :
1431 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1432 1 : assert_non_null(domain_dn);
1433 :
1434 1 : msg = create_message(ctx);
1435 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1436 :
1437 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1438 1 : assert_non_null(msg->dn);
1439 :
1440 1 : before = talloc_total_size(ctx);
1441 :
1442 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1443 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1444 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1445 :
1446 1 : ldb_transaction_start_ret = LDB_ERR_OPERATIONS_ERROR;
1447 :
1448 1 : status = authsam_logon_success_accounting(
1449 : ldb, msg, domain_dn, true, NULL, NULL);
1450 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1451 :
1452 : /*
1453 : * Check that all allocated memory was freed
1454 : */
1455 1 : after = talloc_total_size(ctx);
1456 1 : assert_int_equal(before, after);
1457 :
1458 : /*
1459 : * Clean up
1460 : */
1461 1 : TALLOC_FREE(ctx);
1462 1 : }
1463 :
1464 : /*
1465 : * authsam_logon_success_accounting
1466 : *
1467 : * User details re-read failed
1468 : *
1469 : */
1470 1 : static void test_success_accounting_reread_failed(void **state) {
1471 1 : struct ldb_context *ldb = NULL;
1472 1 : struct ldb_message *msg = NULL;
1473 1 : struct ldb_dn *domain_dn = NULL;
1474 1 : TALLOC_CTX *ctx = NULL;
1475 1 : size_t before = 0;
1476 1 : size_t after = 0;
1477 1 : NTSTATUS status;
1478 :
1479 1 : ctx = talloc_new(*state);
1480 1 : assert_non_null(ctx);
1481 :
1482 1 : ldb = ldb_init(ctx, NULL);
1483 1 : assert_non_null(ldb);
1484 :
1485 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1486 1 : assert_non_null(domain_dn);
1487 :
1488 1 : msg = create_message(ctx);
1489 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1490 :
1491 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1492 1 : assert_non_null(msg->dn);
1493 :
1494 1 : before = talloc_total_size(ctx);
1495 :
1496 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1497 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1498 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1499 :
1500 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1501 1 : will_return(__wrap_dsdb_search_dn, NULL);
1502 1 : will_return(__wrap_dsdb_search_dn, LDB_ERR_NO_SUCH_OBJECT);
1503 :
1504 1 : status = authsam_logon_success_accounting(
1505 : ldb, msg, domain_dn, true, NULL, NULL);
1506 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1507 1 : assert_true(transaction_cancelled);
1508 :
1509 : /*
1510 : * Check that all allocated memory was freed
1511 : */
1512 1 : after = talloc_total_size(ctx);
1513 1 : assert_int_equal(before, after);
1514 :
1515 : /*
1516 : * Clean up
1517 : */
1518 1 : TALLOC_FREE(ctx);
1519 1 : }
1520 :
1521 : /*
1522 : * authsam_logon_success_accounting
1523 : *
1524 : * ldb_msg_new failed
1525 : *
1526 : */
1527 1 : static void test_success_accounting_ldb_msg_new_failed(void **state) {
1528 1 : struct ldb_context *ldb = NULL;
1529 1 : struct ldb_message *msg = NULL;
1530 1 : struct ldb_dn *domain_dn = NULL;
1531 1 : TALLOC_CTX *ctx = NULL;
1532 1 : size_t before = 0;
1533 1 : size_t after = 0;
1534 1 : NTSTATUS status;
1535 :
1536 1 : ctx = talloc_new(*state);
1537 1 : assert_non_null(ctx);
1538 :
1539 1 : ldb = ldb_init(ctx, NULL);
1540 1 : assert_non_null(ldb);
1541 :
1542 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1543 1 : assert_non_null(domain_dn);
1544 :
1545 1 : msg = create_message(ctx);
1546 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1547 :
1548 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1549 1 : assert_non_null(msg->dn);
1550 :
1551 1 : before = talloc_total_size(ctx);
1552 :
1553 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1554 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1555 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1556 :
1557 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1558 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1559 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1560 :
1561 1 : ldb_msg_new_fail = true;
1562 :
1563 1 : status = authsam_logon_success_accounting(
1564 : ldb, msg, domain_dn, true, NULL, NULL);
1565 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY));
1566 1 : assert_true(transaction_cancelled);
1567 :
1568 : /*
1569 : * Check that all allocated memory was freed
1570 : */
1571 1 : after = talloc_total_size(ctx);
1572 1 : assert_int_equal(before, after);
1573 :
1574 : /*
1575 : * Clean up
1576 : */
1577 1 : TALLOC_FREE(ctx);
1578 1 : }
1579 :
1580 : /*
1581 : * authsam_logon_success_accounting
1582 : *
1583 : * samdb_rodc failed
1584 : *
1585 : */
1586 1 : static void test_success_accounting_samdb_rodc_failed(void **state) {
1587 1 : struct ldb_context *ldb = NULL;
1588 1 : struct ldb_message *msg = NULL;
1589 1 : struct ldb_dn *domain_dn = NULL;
1590 1 : TALLOC_CTX *ctx = NULL;
1591 1 : size_t before = 0;
1592 1 : size_t after = 0;
1593 1 : NTSTATUS status;
1594 :
1595 1 : ctx = talloc_new(*state);
1596 1 : assert_non_null(ctx);
1597 :
1598 1 : ldb = ldb_init(ctx, NULL);
1599 1 : assert_non_null(ldb);
1600 :
1601 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1602 1 : assert_non_null(domain_dn);
1603 :
1604 1 : msg = create_message(ctx);
1605 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1606 :
1607 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1608 1 : assert_non_null(msg->dn);
1609 :
1610 1 : before = talloc_total_size(ctx);
1611 :
1612 1 : samdb_rodc_ret = LDB_ERR_OPERATIONS_ERROR;
1613 :
1614 1 : status = authsam_logon_success_accounting(
1615 : ldb, msg, domain_dn, true, NULL, NULL);
1616 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1617 1 : assert_false(in_transaction);
1618 1 : assert_false(transaction_cancelled);
1619 1 : assert_false(transaction_committed);
1620 :
1621 : /*
1622 : * Check that all allocated memory was freed
1623 : */
1624 1 : after = talloc_total_size(ctx);
1625 1 : assert_int_equal(before, after);
1626 :
1627 : /*
1628 : * Clean up
1629 : */
1630 1 : TALLOC_FREE(ctx);
1631 1 : }
1632 :
1633 : /*
1634 : * authsam_logon_success_accounting
1635 : *
1636 : * authsam_update_lastlogon_timestamp failed
1637 : *
1638 : */
1639 1 : static void test_success_accounting_update_lastlogon_failed(void **state) {
1640 1 : struct ldb_context *ldb = NULL;
1641 1 : struct ldb_message *msg = NULL;
1642 1 : struct ldb_dn *domain_dn = NULL;
1643 1 : TALLOC_CTX *ctx = NULL;
1644 1 : size_t before = 0;
1645 1 : size_t after = 0;
1646 1 : NTSTATUS status;
1647 :
1648 1 : ctx = talloc_new(*state);
1649 1 : assert_non_null(ctx);
1650 :
1651 1 : ldb = ldb_init(ctx, NULL);
1652 1 : assert_non_null(ldb);
1653 :
1654 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1655 1 : assert_non_null(domain_dn);
1656 :
1657 1 : msg = create_message(ctx);
1658 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1659 :
1660 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1661 1 : assert_non_null(msg->dn);
1662 :
1663 1 : ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
1664 :
1665 1 : before = talloc_total_size(ctx);
1666 :
1667 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1668 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1669 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1670 :
1671 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1672 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1673 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1674 :
1675 1 : will_return(__wrap_samdb_msg_add_int64, LDB_ERR_OPERATIONS_ERROR);
1676 :
1677 1 : status = authsam_logon_success_accounting(
1678 : ldb, msg, domain_dn, true, NULL, NULL);
1679 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY));
1680 1 : assert_true(transaction_cancelled);
1681 :
1682 : /*
1683 : * Check that all allocated memory was freed
1684 : */
1685 1 : after = talloc_total_size(ctx);
1686 1 : assert_int_equal(before, after);
1687 :
1688 : /*
1689 : * Clean up
1690 : */
1691 1 : TALLOC_FREE(ctx);
1692 1 : }
1693 :
1694 : /*
1695 : * authsam_logon_success_accounting
1696 : *
1697 : * ldb_build_mod_req failed
1698 : *
1699 : */
1700 1 : static void test_success_accounting_build_mod_req_failed(void **state) {
1701 1 : struct ldb_context *ldb = NULL;
1702 1 : struct ldb_message *msg = NULL;
1703 1 : struct ldb_dn *domain_dn = NULL;
1704 1 : TALLOC_CTX *ctx = NULL;
1705 1 : size_t before = 0;
1706 1 : size_t after = 0;
1707 1 : NTSTATUS status;
1708 :
1709 1 : ctx = talloc_new(*state);
1710 1 : assert_non_null(ctx);
1711 :
1712 1 : ldb = ldb_init(ctx, NULL);
1713 1 : assert_non_null(ldb);
1714 :
1715 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1716 1 : assert_non_null(domain_dn);
1717 :
1718 1 : msg = create_message(ctx);
1719 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1720 :
1721 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1722 1 : assert_non_null(msg->dn);
1723 :
1724 1 : before = talloc_total_size(ctx);
1725 :
1726 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1727 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1728 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1729 :
1730 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1731 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1732 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1733 :
1734 1 : ldb_build_mod_req_ret = LDB_ERR_OPERATIONS_ERROR;
1735 :
1736 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1737 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1738 :
1739 1 : status = authsam_logon_success_accounting(
1740 : ldb, msg, domain_dn, true, NULL, NULL);
1741 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1742 1 : assert_true(transaction_cancelled);
1743 :
1744 : /*
1745 : * Check that all allocated memory was freed
1746 : */
1747 1 : after = talloc_total_size(ctx);
1748 1 : assert_int_equal(before, after);
1749 :
1750 : /*
1751 : * Clean up
1752 : */
1753 1 : TALLOC_FREE(ctx);
1754 1 : }
1755 :
1756 : /*
1757 : * authsam_logon_success_accounting
1758 : *
1759 : * ldb_request_add_control failed
1760 : *
1761 : */
1762 1 : static void test_success_accounting_add_control_failed(void **state) {
1763 1 : struct ldb_context *ldb = NULL;
1764 1 : struct ldb_message *msg = NULL;
1765 1 : struct ldb_dn *domain_dn = NULL;
1766 1 : TALLOC_CTX *ctx = NULL;
1767 1 : size_t before = 0;
1768 1 : size_t after = 0;
1769 1 : NTSTATUS status;
1770 :
1771 1 : ctx = talloc_new(*state);
1772 1 : assert_non_null(ctx);
1773 :
1774 1 : ldb = ldb_init(ctx, NULL);
1775 1 : assert_non_null(ldb);
1776 :
1777 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1778 1 : assert_non_null(domain_dn);
1779 :
1780 1 : msg = create_message(ctx);
1781 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1782 :
1783 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1784 1 : assert_non_null(msg->dn);
1785 :
1786 1 : before = talloc_total_size(ctx);
1787 :
1788 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1789 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1790 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1791 :
1792 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1793 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1794 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1795 :
1796 1 : ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
1797 1 : ldb_request_add_control_ret = LDB_ERR_OPERATIONS_ERROR;
1798 :
1799 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1800 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1801 :
1802 1 : status = authsam_logon_success_accounting(
1803 : ldb, msg, domain_dn, true, NULL, NULL);
1804 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1805 1 : assert_true(transaction_cancelled);
1806 :
1807 : /*
1808 : * Check that all allocated memory was freed
1809 : */
1810 1 : after = talloc_total_size(ctx);
1811 1 : assert_int_equal(before, after);
1812 :
1813 : /*
1814 : * Clean up
1815 : */
1816 1 : TALLOC_FREE(ctx);
1817 1 : }
1818 :
1819 : /*
1820 : * authsam_logon_success_accounting
1821 : *
1822 : * ldb_request failed
1823 : *
1824 : */
1825 1 : static void test_success_accounting_ldb_request_failed(void **state) {
1826 1 : struct ldb_context *ldb = NULL;
1827 1 : struct ldb_message *msg = NULL;
1828 1 : struct ldb_dn *domain_dn = NULL;
1829 1 : TALLOC_CTX *ctx = NULL;
1830 1 : size_t before = 0;
1831 1 : size_t after = 0;
1832 1 : NTSTATUS status;
1833 :
1834 1 : ctx = talloc_new(*state);
1835 1 : assert_non_null(ctx);
1836 :
1837 1 : ldb = ldb_init(ctx, NULL);
1838 1 : assert_non_null(ldb);
1839 :
1840 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1841 1 : assert_non_null(domain_dn);
1842 :
1843 1 : msg = create_message(ctx);
1844 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1845 :
1846 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1847 1 : assert_non_null(msg->dn);
1848 :
1849 1 : before = talloc_total_size(ctx);
1850 :
1851 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1852 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1853 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1854 :
1855 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1856 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1857 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1858 :
1859 1 : ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
1860 1 : ldb_request_ret = LDB_ERR_OPERATIONS_ERROR;
1861 :
1862 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1863 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1864 :
1865 1 : status = authsam_logon_success_accounting(
1866 : ldb, msg, domain_dn, true, NULL, NULL);
1867 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1868 1 : assert_true(transaction_cancelled);
1869 :
1870 : /*
1871 : * Check that all allocated memory was freed
1872 : */
1873 1 : after = talloc_total_size(ctx);
1874 1 : assert_int_equal(before, after);
1875 :
1876 : /*
1877 : * Clean up
1878 : */
1879 1 : TALLOC_FREE(ctx);
1880 1 : }
1881 :
1882 : /*
1883 : * authsam_logon_success_accounting
1884 : *
1885 : * ldb_wait failed
1886 : *
1887 : */
1888 1 : static void test_success_accounting_ldb_wait_failed(void **state) {
1889 1 : struct ldb_context *ldb = NULL;
1890 1 : struct ldb_message *msg = NULL;
1891 1 : struct ldb_dn *domain_dn = NULL;
1892 1 : TALLOC_CTX *ctx = NULL;
1893 1 : size_t before = 0;
1894 1 : size_t after = 0;
1895 1 : NTSTATUS status;
1896 :
1897 1 : ctx = talloc_new(*state);
1898 1 : assert_non_null(ctx);
1899 :
1900 1 : ldb = ldb_init(ctx, NULL);
1901 1 : assert_non_null(ldb);
1902 :
1903 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1904 1 : assert_non_null(domain_dn);
1905 :
1906 1 : msg = create_message(ctx);
1907 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1908 :
1909 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1910 1 : assert_non_null(msg->dn);
1911 :
1912 1 : before = talloc_total_size(ctx);
1913 :
1914 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1915 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1916 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1917 :
1918 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1919 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1920 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1921 :
1922 1 : ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
1923 1 : ldb_wait_ret = LDB_ERR_OPERATIONS_ERROR;
1924 :
1925 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1926 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1927 :
1928 1 : status = authsam_logon_success_accounting(
1929 : ldb, msg, domain_dn, true, NULL, NULL);
1930 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1931 1 : assert_true(transaction_cancelled);
1932 :
1933 : /*
1934 : * Check that all allocated memory was freed
1935 : */
1936 1 : after = talloc_total_size(ctx);
1937 1 : assert_int_equal(before, after);
1938 :
1939 : /*
1940 : * Clean up
1941 : */
1942 1 : TALLOC_FREE(ctx);
1943 1 : }
1944 :
1945 : /*
1946 : * authsam_logon_success_accounting
1947 : *
1948 : * ldb_transaction_commit failed
1949 : *
1950 : */
1951 1 : static void test_success_accounting_commit_failed(void **state) {
1952 1 : struct ldb_context *ldb = NULL;
1953 1 : struct ldb_message *msg = NULL;
1954 1 : struct ldb_dn *domain_dn = NULL;
1955 1 : TALLOC_CTX *ctx = NULL;
1956 1 : size_t before = 0;
1957 1 : size_t after = 0;
1958 1 : NTSTATUS status;
1959 :
1960 1 : ctx = talloc_new(*state);
1961 1 : assert_non_null(ctx);
1962 :
1963 1 : ldb = ldb_init(ctx, NULL);
1964 1 : assert_non_null(ldb);
1965 :
1966 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
1967 1 : assert_non_null(domain_dn);
1968 :
1969 1 : msg = create_message(ctx);
1970 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
1971 :
1972 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
1973 1 : assert_non_null(msg->dn);
1974 :
1975 1 : before = talloc_total_size(ctx);
1976 :
1977 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
1978 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
1979 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1980 :
1981 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
1982 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
1983 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
1984 :
1985 1 : ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
1986 1 : ldb_transaction_commit_ret = LDB_ERR_OPERATIONS_ERROR;
1987 :
1988 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1989 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
1990 :
1991 1 : status = authsam_logon_success_accounting(
1992 : ldb, msg, domain_dn, true, NULL, NULL);
1993 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
1994 1 : assert_true(in_transaction);
1995 1 : assert_false(transaction_cancelled);
1996 1 : assert_false(transaction_committed);
1997 :
1998 : /*
1999 : * Check that all allocated memory was freed
2000 : */
2001 1 : after = talloc_total_size(ctx);
2002 1 : assert_int_equal(before, after);
2003 :
2004 : /*
2005 : * Clean up
2006 : */
2007 1 : TALLOC_FREE(ctx);
2008 1 : }
2009 :
2010 : /*
2011 : * authsam_logon_success_accounting
2012 : *
2013 : * ldb_wait failed and then ldb_transaction_cancel failed
2014 : *
2015 : */
2016 1 : static void test_success_accounting_rollback_failed(void **state) {
2017 1 : struct ldb_context *ldb = NULL;
2018 1 : struct ldb_message *msg = NULL;
2019 1 : struct ldb_dn *domain_dn = NULL;
2020 1 : TALLOC_CTX *ctx = NULL;
2021 1 : size_t before = 0;
2022 1 : size_t after = 0;
2023 1 : NTSTATUS status;
2024 :
2025 1 : ctx = talloc_new(*state);
2026 1 : assert_non_null(ctx);
2027 :
2028 1 : ldb = ldb_init(ctx, NULL);
2029 1 : assert_non_null(ldb);
2030 :
2031 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
2032 1 : assert_non_null(domain_dn);
2033 :
2034 1 : msg = create_message(ctx);
2035 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
2036 :
2037 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
2038 1 : assert_non_null(msg->dn);
2039 :
2040 1 : before = talloc_total_size(ctx);
2041 :
2042 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
2043 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
2044 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
2045 :
2046 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
2047 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
2048 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
2049 :
2050 1 : ldb_build_mod_req_res = talloc_zero(ldb, struct ldb_request);
2051 1 : ldb_wait_ret = LDB_ERR_OPERATIONS_ERROR;
2052 1 : ldb_transaction_cancel_ret = LDB_ERR_OPERATIONS_ERROR;
2053 :
2054 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
2055 1 : will_return(__wrap_samdb_msg_add_int64, LDB_SUCCESS);
2056 :
2057 1 : status = authsam_logon_success_accounting(
2058 : ldb, msg, domain_dn, true, NULL, NULL);
2059 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_INTERNAL_ERROR));
2060 1 : assert_true(in_transaction);
2061 1 : assert_false(transaction_cancelled);
2062 1 : assert_false(transaction_committed);
2063 :
2064 : /*
2065 : * Check that all allocated memory was freed
2066 : */
2067 1 : after = talloc_total_size(ctx);
2068 1 : assert_int_equal(before, after);
2069 :
2070 : /*
2071 : * Clean up
2072 : */
2073 1 : TALLOC_FREE(ctx);
2074 1 : }
2075 :
2076 : /*
2077 : * authsam_logon_success_accounting
2078 : *
2079 : * The bad password indicator is set, but the account is not locked out.
2080 : *
2081 : */
2082 1 : static void test_success_accounting_spurious_bad_pwd_indicator(void **state) {
2083 1 : struct ldb_context *ldb = NULL;
2084 1 : struct ldb_message *msg = NULL;
2085 1 : struct ldb_dn *domain_dn = NULL;
2086 1 : TALLOC_CTX *ctx = NULL;
2087 1 : size_t before = 0;
2088 1 : size_t after = 0;
2089 1 : NTSTATUS status;
2090 :
2091 1 : ctx = talloc_new(*state);
2092 1 : assert_non_null(ctx);
2093 :
2094 1 : ldb = ldb_init(ctx, NULL);
2095 1 : assert_non_null(ldb);
2096 :
2097 1 : domain_dn = ldb_dn_new(ctx, ldb, "CN=Domain");
2098 1 : assert_non_null(domain_dn);
2099 :
2100 1 : msg = create_message(ctx);
2101 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1000");
2102 :
2103 1 : msg->dn = ldb_dn_new(ctx, ldb, "CN=User");
2104 1 : assert_non_null(msg->dn);
2105 :
2106 1 : before = talloc_total_size(ctx);
2107 :
2108 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, domain_dn);
2109 1 : will_return(__wrap_dsdb_search_dn, build_domain_pso_result(ldb, ctx));
2110 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
2111 :
2112 1 : expect_check(__wrap_dsdb_search_dn, basedn, check_dn, msg->dn);
2113 1 : will_return(__wrap_dsdb_search_dn, build_reread_result(ldb, ctx, 0));
2114 1 : will_return(__wrap_dsdb_search_dn, LDB_SUCCESS);
2115 :
2116 1 : will_return_count(__wrap_samdb_msg_add_int64, LDB_SUCCESS, 2);
2117 :
2118 : /*
2119 : * Set the bad password indicator.
2120 : */
2121 1 : status = authsam_set_bad_password_indicator(ldb, ctx, msg);
2122 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_OK, status));
2123 :
2124 1 : ldb_build_mod_req_res = talloc_zero(ctx, struct ldb_request);
2125 :
2126 1 : status = authsam_logon_success_accounting(
2127 : ldb, msg, domain_dn, true, NULL, NULL);
2128 1 : assert_true(NT_STATUS_EQUAL(status, NT_STATUS_OK));
2129 1 : assert_false(in_transaction);
2130 1 : assert_false(transaction_cancelled);
2131 1 : assert_true(transaction_committed);
2132 :
2133 : /*
2134 : * Check that all allocated memory was freed
2135 : */
2136 1 : after = talloc_total_size(ctx);
2137 1 : assert_int_equal(before, after);
2138 :
2139 : /*
2140 : * Clean up
2141 : */
2142 1 : TALLOC_FREE(ctx);
2143 1 : }
2144 :
2145 : /*
2146 : * get_bad_password_db
2147 : *
2148 : * ldb_get_opaque failure.
2149 : */
2150 1 : static void test_get_bad_password_get_opaque_failed(void **state) {
2151 1 : struct ldb_context *ldb = NULL;
2152 1 : TALLOC_CTX *ctx = NULL;
2153 1 : struct db_context *db = NULL;
2154 1 : size_t before = 0;
2155 1 : size_t after = 0;
2156 :
2157 1 : ctx = talloc_new(*state);
2158 1 : assert_non_null(ctx);
2159 :
2160 1 : ldb = ldb_init(ctx, NULL);
2161 1 : assert_non_null(ldb);
2162 :
2163 : /*
2164 : * clear the mock ldb_get_opaque return value, so that we get a null
2165 : * response.
2166 : */
2167 1 : TALLOC_FREE(ldb_get_opaque_ret);
2168 :
2169 1 : before = talloc_total_size(ctx);
2170 :
2171 1 : db = authsam_get_bad_password_db(ctx, ldb);
2172 1 : assert_null(db);
2173 :
2174 : /*
2175 : * Check that all allocated memory was freed
2176 : */
2177 1 : after = talloc_total_size(ctx);
2178 1 : assert_int_equal(before, after);
2179 :
2180 : /*
2181 : * Clean up
2182 : */
2183 1 : TALLOC_FREE(ctx);
2184 1 : }
2185 :
2186 : /*
2187 : * get_bad_password_db
2188 : *
2189 : * cluster_db_tmp_open failure.
2190 : */
2191 1 : static void test_get_bad_password_db_open_failed(void **state) {
2192 1 : struct ldb_context *ldb = NULL;
2193 1 : TALLOC_CTX *ctx = NULL;
2194 1 : struct db_context *db = NULL;
2195 1 : size_t before = 0;
2196 1 : size_t after = 0;
2197 :
2198 1 : ctx = talloc_new(*state);
2199 1 : assert_non_null(ctx);
2200 :
2201 1 : ldb = ldb_init(ctx, NULL);
2202 1 : assert_non_null(ldb);
2203 :
2204 : /*
2205 : * Clear the mock cluster_db_tmp_open return value so that
2206 : * it returns NULL
2207 : */
2208 1 : TALLOC_FREE(cluster_db_tmp_open_ret);
2209 1 : before = talloc_total_size(ctx);
2210 :
2211 1 : db = authsam_get_bad_password_db(ctx, ldb);
2212 1 : assert_null(db);
2213 :
2214 : /*
2215 : * Check that all allocated memory was freed
2216 : */
2217 1 : after = talloc_total_size(ctx);
2218 1 : assert_int_equal(before, after);
2219 :
2220 : /*
2221 : * Clean up
2222 : */
2223 1 : TALLOC_FREE(ctx);
2224 1 : }
2225 :
2226 : /*
2227 : * set_bad_password_indicator
2228 : *
2229 : * set_bad_password_indicator failure.
2230 : */
2231 1 : static void test_set_bad_password_indicator_get_db_failed(void **state) {
2232 1 : struct ldb_context *ldb = NULL;
2233 1 : TALLOC_CTX *ctx = NULL;
2234 1 : NTSTATUS status;
2235 1 : size_t before = 0;
2236 1 : size_t after = 0;
2237 :
2238 1 : ctx = talloc_new(*state);
2239 1 : assert_non_null(ctx);
2240 :
2241 1 : ldb = ldb_init(ctx, NULL);
2242 1 : assert_non_null(ldb);
2243 :
2244 : /*
2245 : * Clear the mock cluster_db_tmp_open return value so that
2246 : * it returns NULL
2247 : */
2248 1 : TALLOC_FREE(cluster_db_tmp_open_ret);
2249 1 : before = talloc_total_size(ctx);
2250 :
2251 1 : status = authsam_set_bad_password_indicator(ldb, ctx, NULL);
2252 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
2253 :
2254 : /*
2255 : * Check that all allocated memory was freed
2256 : */
2257 1 : after = talloc_total_size(ctx);
2258 1 : assert_int_equal(before, after);
2259 :
2260 : /*
2261 : * Clean up
2262 : */
2263 1 : TALLOC_FREE(ctx);
2264 1 : }
2265 :
2266 : /*
2267 : * set_bad_password_indicator
2268 : *
2269 : * get_object_sid_as_tdb_data failure.
2270 : */
2271 1 : static void test_set_bad_password_indicator_get_object_sid_failed(
2272 : void **state)
2273 : {
2274 1 : struct ldb_context *ldb = NULL;
2275 1 : struct ldb_message *msg = NULL;
2276 1 : TALLOC_CTX *ctx = NULL;
2277 1 : NTSTATUS status;
2278 1 : size_t before = 0;
2279 1 : size_t after = 0;
2280 :
2281 1 : ctx = talloc_new(*state);
2282 1 : assert_non_null(ctx);
2283 :
2284 1 : ldb = ldb_init(ctx, NULL);
2285 1 : assert_non_null(ldb);
2286 :
2287 : /*
2288 : * The created message does not contain an objectSid, so
2289 : * get_object_sid_as_tdb_data will fail.
2290 : */
2291 1 : msg = create_message(ctx);
2292 :
2293 1 : before = talloc_total_size(ctx);
2294 :
2295 1 : status = authsam_set_bad_password_indicator(ldb, ctx, msg);
2296 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
2297 :
2298 : /*
2299 : * Check that all allocated memory was freed
2300 : */
2301 1 : after = talloc_total_size(ctx);
2302 1 : assert_int_equal(before, after);
2303 :
2304 : /*
2305 : * Clean up
2306 : */
2307 1 : TALLOC_FREE(ctx);
2308 1 : }
2309 :
2310 : /*
2311 : * set_bad_password_indicator
2312 : *
2313 : * dbwrap_store failure.
2314 : */
2315 1 : static void test_set_bad_password_indicator_dbwrap_store_failed(
2316 : void **state)
2317 : {
2318 1 : struct ldb_context *ldb = NULL;
2319 1 : struct ldb_message *msg = NULL;
2320 1 : TALLOC_CTX *ctx = NULL;
2321 1 : NTSTATUS status;
2322 1 : size_t before = 0;
2323 1 : size_t after = 0;
2324 :
2325 1 : ctx = talloc_new(*state);
2326 1 : assert_non_null(ctx);
2327 :
2328 1 : ldb = ldb_init(ctx, NULL);
2329 1 : assert_non_null(ldb);
2330 :
2331 1 : msg = create_message(ctx);
2332 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1010");
2333 :
2334 1 : dbwrap_store_ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
2335 :
2336 1 : before = talloc_total_size(ctx);
2337 :
2338 1 : status = authsam_set_bad_password_indicator(ldb, ctx, msg);
2339 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_DB_CORRUPTION, status));
2340 :
2341 : /*
2342 : * Check that all allocated memory was freed
2343 : */
2344 1 : after = talloc_total_size(ctx);
2345 1 : assert_int_equal(before, after);
2346 :
2347 : /*
2348 : * Clean up
2349 : */
2350 1 : TALLOC_FREE(ctx);
2351 1 : }
2352 :
2353 : /*
2354 : * check_bad_password_indicator
2355 : *
2356 : * set_bad_password_indicator failure.
2357 : */
2358 1 : static void test_check_bad_password_indicator_get_db_failed(void **state) {
2359 1 : struct ldb_context *ldb = NULL;
2360 1 : TALLOC_CTX *ctx = NULL;
2361 1 : NTSTATUS status;
2362 1 : size_t before = 0;
2363 1 : size_t after = 0;
2364 1 : bool exists = false;
2365 :
2366 1 : ctx = talloc_new(*state);
2367 1 : assert_non_null(ctx);
2368 :
2369 1 : ldb = ldb_init(ctx, NULL);
2370 1 : assert_non_null(ldb);
2371 :
2372 : /*
2373 : * Clear the mock cluster_db_tmp_open return value so that
2374 : * it returns NULL
2375 : */
2376 1 : TALLOC_FREE(cluster_db_tmp_open_ret);
2377 1 : before = talloc_total_size(ctx);
2378 :
2379 1 : status = authsam_check_bad_password_indicator(ldb, ctx, &exists, NULL);
2380 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
2381 :
2382 : /*
2383 : * Check that all allocated memory was freed
2384 : */
2385 1 : after = talloc_total_size(ctx);
2386 1 : assert_int_equal(before, after);
2387 :
2388 : /*
2389 : * Clean up
2390 : */
2391 1 : TALLOC_FREE(ctx);
2392 1 : }
2393 :
2394 : /*
2395 : * check_bad_password_indicator
2396 : *
2397 : * get_object_sid_as_tdb_data failure.
2398 : */
2399 1 : static void test_check_bad_password_indicator_get_object_sid_failed(
2400 : void **state)
2401 : {
2402 1 : struct ldb_context *ldb = NULL;
2403 1 : struct ldb_message *msg = NULL;
2404 1 : TALLOC_CTX *ctx = NULL;
2405 1 : NTSTATUS status;
2406 1 : size_t before = 0;
2407 1 : size_t after = 0;
2408 1 : bool exists = false;
2409 :
2410 1 : ctx = talloc_new(*state);
2411 1 : assert_non_null(ctx);
2412 :
2413 1 : ldb = ldb_init(ctx, NULL);
2414 1 : assert_non_null(ldb);
2415 :
2416 : /*
2417 : * The created message does not contain an objectSid, so
2418 : * get_object_sid_as_tdb_data will fail.
2419 : */
2420 1 : msg = create_message(ctx);
2421 :
2422 1 : before = talloc_total_size(ctx);
2423 :
2424 1 : status = authsam_check_bad_password_indicator(ldb, ctx, &exists, msg);
2425 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
2426 :
2427 : /*
2428 : * Check that all allocated memory was freed
2429 : */
2430 1 : after = talloc_total_size(ctx);
2431 1 : assert_int_equal(before, after);
2432 :
2433 : /*
2434 : * Clean up
2435 : */
2436 1 : TALLOC_FREE(ctx);
2437 1 : }
2438 :
2439 : /*
2440 : * clear_bad_password_indicator
2441 : *
2442 : * set_bad_password_indicator failure.
2443 : */
2444 1 : static void test_clear_bad_password_indicator_get_db_failed(void **state) {
2445 1 : struct ldb_context *ldb = NULL;
2446 1 : TALLOC_CTX *ctx = NULL;
2447 1 : NTSTATUS status;
2448 1 : size_t before = 0;
2449 1 : size_t after = 0;
2450 :
2451 1 : ctx = talloc_new(*state);
2452 1 : assert_non_null(ctx);
2453 :
2454 1 : ldb = ldb_init(ctx, NULL);
2455 1 : assert_non_null(ldb);
2456 :
2457 : /*
2458 : * Clear the mock cluster_db_tmp_open return value so that
2459 : * it returns NULL
2460 : */
2461 1 : TALLOC_FREE(cluster_db_tmp_open_ret);
2462 1 : before = talloc_total_size(ctx);
2463 :
2464 1 : status = authsam_clear_bad_password_indicator(ldb, ctx, NULL);
2465 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
2466 :
2467 : /*
2468 : * Check that all allocated memory was freed
2469 : */
2470 1 : after = talloc_total_size(ctx);
2471 1 : assert_int_equal(before, after);
2472 :
2473 : /*
2474 : * Clean up
2475 : */
2476 1 : TALLOC_FREE(ctx);
2477 1 : }
2478 :
2479 : /*
2480 : * clear_bad_password_indicator
2481 : *
2482 : * get_object_sid_as_tdb_data failure.
2483 : */
2484 1 : static void test_clear_bad_password_indicator_get_object_sid_failed(
2485 : void **state)
2486 : {
2487 1 : struct ldb_context *ldb = NULL;
2488 1 : struct ldb_message *msg = NULL;
2489 1 : TALLOC_CTX *ctx = NULL;
2490 1 : NTSTATUS status;
2491 1 : size_t before = 0;
2492 1 : size_t after = 0;
2493 :
2494 1 : ctx = talloc_new(*state);
2495 1 : assert_non_null(ctx);
2496 :
2497 1 : ldb = ldb_init(ctx, NULL);
2498 1 : assert_non_null(ldb);
2499 :
2500 : /*
2501 : * The created message does not contain an objectSid, so
2502 : * get_object_sid_as_tdb_data will fail.
2503 : */
2504 1 : msg = create_message(ctx);
2505 :
2506 1 : before = talloc_total_size(ctx);
2507 :
2508 1 : status = authsam_clear_bad_password_indicator(ldb, ctx, msg);
2509 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_ERROR, status));
2510 :
2511 : /*
2512 : * Check that all allocated memory was freed
2513 : */
2514 1 : after = talloc_total_size(ctx);
2515 1 : assert_int_equal(before, after);
2516 :
2517 : /*
2518 : * Clean up
2519 : */
2520 1 : TALLOC_FREE(ctx);
2521 1 : }
2522 :
2523 : /*
2524 : * clear_bad_password_indicator
2525 : *
2526 : * dbwrap_delete failure.
2527 : */
2528 1 : static void test_clear_bad_password_indicator_dbwrap_store_failed(
2529 : void **state)
2530 : {
2531 1 : struct ldb_context *ldb = NULL;
2532 1 : struct ldb_message *msg = NULL;
2533 1 : TALLOC_CTX *ctx = NULL;
2534 1 : NTSTATUS status;
2535 1 : size_t before = 0;
2536 1 : size_t after = 0;
2537 :
2538 1 : ctx = talloc_new(*state);
2539 1 : assert_non_null(ctx);
2540 :
2541 1 : ldb = ldb_init(ctx, NULL);
2542 1 : assert_non_null(ldb);
2543 :
2544 1 : msg = create_message(ctx);
2545 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1010");
2546 :
2547 1 : dbwrap_delete_ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
2548 :
2549 1 : before = talloc_total_size(ctx);
2550 :
2551 1 : status = authsam_clear_bad_password_indicator(ldb, ctx, msg);
2552 1 : assert_true(NT_STATUS_EQUAL(NT_STATUS_INTERNAL_DB_CORRUPTION, status));
2553 :
2554 : /*
2555 : * Check that all allocated memory was freed
2556 : */
2557 1 : after = talloc_total_size(ctx);
2558 1 : assert_int_equal(before, after);
2559 :
2560 : /*
2561 : * Clean up
2562 : */
2563 1 : TALLOC_FREE(ctx);
2564 1 : }
2565 :
2566 : /*
2567 : * clear_bad_password_indicator
2568 : *
2569 : * dbwrap_delete returns NT_STATUS_NOT_FOUND.
2570 : */
2571 1 : static void test_clear_bad_pwd_indicator_dbwrap_store_not_found(
2572 : void **state)
2573 : {
2574 1 : struct ldb_context *ldb = NULL;
2575 1 : struct ldb_message *msg = NULL;
2576 1 : TALLOC_CTX *ctx = NULL;
2577 1 : NTSTATUS status;
2578 1 : size_t before = 0;
2579 1 : size_t after = 0;
2580 :
2581 1 : ctx = talloc_new(*state);
2582 1 : assert_non_null(ctx);
2583 :
2584 1 : ldb = ldb_init(ctx, NULL);
2585 1 : assert_non_null(ldb);
2586 :
2587 1 : msg = create_message(ctx);
2588 1 : add_sid(msg, "S-1-5-21-2470180966-3899876309-2637894779-1010");
2589 :
2590 1 : dbwrap_delete_ret = NT_STATUS_NOT_FOUND;
2591 :
2592 1 : before = talloc_total_size(ctx);
2593 :
2594 1 : status = authsam_clear_bad_password_indicator(ldb, ctx, msg);
2595 1 : assert_true(NT_STATUS_IS_OK(status));
2596 :
2597 : /*
2598 : * Check that all allocated memory was freed
2599 : */
2600 1 : after = talloc_total_size(ctx);
2601 1 : assert_int_equal(before, after);
2602 :
2603 : /*
2604 : * Clean up
2605 : */
2606 1 : TALLOC_FREE(ctx);
2607 1 : }
2608 :
2609 1 : int main(int argc, const char **argv)
2610 : {
2611 1 : const struct CMUnitTest tests[] = {
2612 : cmocka_unit_test_setup_teardown(
2613 : test_reread_read_failure, setup, teardown),
2614 : cmocka_unit_test_setup_teardown(
2615 : test_reread_missing_account_control, setup, teardown),
2616 : cmocka_unit_test_setup_teardown(
2617 : test_reread_account_locked, setup, teardown),
2618 : cmocka_unit_test_setup_teardown(
2619 : test_reread_account_not_locked, setup, teardown),
2620 : cmocka_unit_test_setup_teardown(
2621 : test_update_bad_domain_dn_search_failed,
2622 : setup,
2623 : teardown),
2624 : cmocka_unit_test_setup_teardown(
2625 : test_update_bad_get_pso_failed, setup, teardown),
2626 : cmocka_unit_test_setup_teardown(
2627 : test_update_bad_start_txn_failed, setup, teardown),
2628 : cmocka_unit_test_setup_teardown(
2629 : test_update_bad_reread_failed, setup, teardown),
2630 : cmocka_unit_test_setup_teardown(
2631 : test_update_bad_reread_locked_out, setup, teardown),
2632 : cmocka_unit_test_setup_teardown(
2633 : test_update_bad_update_count_failed, setup, teardown),
2634 : cmocka_unit_test_setup_teardown(
2635 : test_update_bad_no_update_required, setup, teardown),
2636 : cmocka_unit_test_setup_teardown(
2637 : test_update_bad_build_mod_request_failed,
2638 : setup,
2639 : teardown),
2640 : cmocka_unit_test_setup_teardown(
2641 : test_update_bad_add_control_failed, setup, teardown),
2642 : cmocka_unit_test_setup_teardown(
2643 : test_update_bad_ldb_request_failed, setup, teardown),
2644 : cmocka_unit_test_setup_teardown(
2645 : test_update_bad_ldb_wait_failed, setup, teardown),
2646 : cmocka_unit_test_setup_teardown(
2647 : test_update_bad_txn_cancel_failed, setup, teardown),
2648 : cmocka_unit_test_setup_teardown(
2649 : test_update_bad_commit_failed, setup, teardown),
2650 : cmocka_unit_test_setup_teardown(
2651 : test_success_accounting_start_txn_failed,
2652 : setup,
2653 : teardown),
2654 : cmocka_unit_test_setup_teardown(
2655 : test_success_accounting_reread_failed,
2656 : setup,
2657 : teardown),
2658 : cmocka_unit_test_setup_teardown(
2659 : test_success_accounting_ldb_msg_new_failed,
2660 : setup,
2661 : teardown),
2662 : cmocka_unit_test_setup_teardown(
2663 : test_success_accounting_samdb_rodc_failed,
2664 : setup,
2665 : teardown),
2666 : cmocka_unit_test_setup_teardown(
2667 : test_success_accounting_update_lastlogon_failed,
2668 : setup,
2669 : teardown),
2670 : cmocka_unit_test_setup_teardown(
2671 : test_success_accounting_build_mod_req_failed,
2672 : setup,
2673 : teardown),
2674 : cmocka_unit_test_setup_teardown(
2675 : test_success_accounting_add_control_failed,
2676 : setup,
2677 : teardown),
2678 : cmocka_unit_test_setup_teardown(
2679 : test_success_accounting_ldb_request_failed,
2680 : setup,
2681 : teardown),
2682 : cmocka_unit_test_setup_teardown(
2683 : test_success_accounting_ldb_wait_failed,
2684 : setup,
2685 : teardown),
2686 : cmocka_unit_test_setup_teardown(
2687 : test_success_accounting_commit_failed,
2688 : setup,
2689 : teardown),
2690 : cmocka_unit_test_setup_teardown(
2691 : test_success_accounting_rollback_failed,
2692 : setup,
2693 : teardown),
2694 : cmocka_unit_test_setup_teardown(
2695 : test_success_accounting_spurious_bad_pwd_indicator,
2696 : setup,
2697 : teardown),
2698 : cmocka_unit_test_setup_teardown(
2699 : test_get_bad_password_get_opaque_failed,
2700 : setup,
2701 : teardown),
2702 : cmocka_unit_test_setup_teardown(
2703 : test_get_bad_password_db_open_failed,
2704 : setup,
2705 : teardown),
2706 : cmocka_unit_test_setup_teardown(
2707 : test_set_bad_password_indicator_get_db_failed,
2708 : setup,
2709 : teardown),
2710 : cmocka_unit_test_setup_teardown(
2711 : test_set_bad_password_indicator_get_object_sid_failed,
2712 : setup,
2713 : teardown),
2714 : cmocka_unit_test_setup_teardown(
2715 : test_set_bad_password_indicator_dbwrap_store_failed,
2716 : setup,
2717 : teardown),
2718 : cmocka_unit_test_setup_teardown(
2719 : test_check_bad_password_indicator_get_db_failed,
2720 : setup,
2721 : teardown),
2722 : cmocka_unit_test_setup_teardown(
2723 : test_check_bad_password_indicator_get_object_sid_failed,
2724 : setup,
2725 : teardown),
2726 : cmocka_unit_test_setup_teardown(
2727 : test_clear_bad_password_indicator_get_db_failed,
2728 : setup,
2729 : teardown),
2730 : cmocka_unit_test_setup_teardown(
2731 : test_clear_bad_password_indicator_get_object_sid_failed,
2732 : setup,
2733 : teardown),
2734 : cmocka_unit_test_setup_teardown(
2735 : test_clear_bad_password_indicator_dbwrap_store_failed,
2736 : setup,
2737 : teardown),
2738 : cmocka_unit_test_setup_teardown(
2739 : test_clear_bad_pwd_indicator_dbwrap_store_not_found,
2740 : setup,
2741 : teardown),
2742 : };
2743 :
2744 1 : cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
2745 1 : return cmocka_run_group_tests(tests, NULL, NULL);
2746 : }
|
