static void test_pam_session(void **state)
{
enum pamtest_err perr;
const char *v;
struct pam_testcase tests[] = {
pam_test(PAMTEST_OPEN_SESSION, PAM_SUCCESS),
pam_test(PAMTEST_GETENVLIST, PAM_SUCCESS),
pam_test(PAMTEST_CLOSE_SESSION, PAM_SUCCESS),
pam_test(PAMTEST_GETENVLIST, PAM_SUCCESS),
};
(void) state; /* unused */
perr = run_pamtest("matrix", "trinity", NULL, tests);
assert_int_equal(perr, PAMTEST_ERR_OK);
v = string_in_list(tests[1].case_out.envlist, "HOMEDIR");
assert_non_null(v);
assert_string_equal(v, "/home/trinity");
pamtest_free_env(tests[1].case_out.envlist);
/* environment is cleared after session close */
assert_non_null(tests[3].case_out.envlist);
#ifdef HAVE_OPENPAM
v = string_in_list(tests[3].case_out.envlist, "HOMEDIR");
assert_non_null(v);
assert_string_equal(v, "");
#else
assert_null(tests[3].case_out.envlist[0]);
#endif
pamtest_free_env(tests[3].case_out.envlist);
}
/**
* Returns true if and only if:
* all groups containing the selector link do not contain anything
* from the link_array contained in the rule. Uses exact string matching.
*/
static bool
apply_contains_none(PP_data *pp_data, Linkage sublinkage, pp_rule *rule)
{
size_t d;
for (d=0; d<pp_data->N_domains; d++)
{
DTreeLeaf * dtl;
for (dtl = pp_data->domain_array[d].child;
dtl != NULL &&
!post_process_match(rule->selector,
sublinkage->link_array[dtl->link].link_name);
dtl = dtl->next) {}
if (dtl != NULL)
{
/* selector link of rule appears in this domain */
for (dtl = pp_data->domain_array[d].child; dtl != NULL; dtl = dtl->next)
{
if (string_in_list(sublinkage->link_array[dtl->link].link_name,
rule->link_array))
return false;
}
}
}
return true;
}
/**
* returns true if and only if all groups containing the specified link
* contain at least one from the required list. (as determined by exact
* string matching)
*/
static bool
apply_contains_one(Postprocessor *pp, Linkage sublinkage, pp_rule *rule)
{
DTreeLeaf * dtl;
size_t d, count;
for (d=0; d<pp->pp_data.N_domains; d++)
{
for (dtl = pp->pp_data.domain_array[d].child;
dtl != NULL &&
!post_process_match(rule->selector,
sublinkage->link_array[dtl->link].link_name);
dtl = dtl->next) {}
if (dtl != NULL)
{
/* selector link of rule appears in this domain */
count=0;
for (dtl = pp->pp_data.domain_array[d].child; dtl != NULL; dtl = dtl->next)
{
if (string_in_list(sublinkage->link_array[dtl->link].link_name,
rule->link_array))
{
count=1;
break;
}
}
if (count == 0) return false;
}
}
return true;
}
static void test_pam_setcred(void **state)
{
enum pamtest_err perr;
const char *v;
struct pam_testcase tests[] = {
pam_test(PAMTEST_GETENVLIST, PAM_SUCCESS),
pam_test(PAMTEST_SETCRED, PAM_SUCCESS),
pam_test(PAMTEST_GETENVLIST, PAM_SUCCESS),
};
(void) state; /* unused */
perr = run_pamtest("matrix", "trinity", NULL, tests);
assert_int_equal(perr, PAMTEST_ERR_OK);
/* environment is clean before setcred */
assert_non_null(tests[0].case_out.envlist);
assert_null(tests[0].case_out.envlist[0]);
pamtest_free_env(tests[0].case_out.envlist);
/* and has an item after setcred */
v = string_in_list(tests[2].case_out.envlist, "CRED");
assert_non_null(v);
assert_string_equal(v, "/tmp/trinity");
pamtest_free_env(tests[2].case_out.envlist);
}
static int
apply_contains_one_globally(Postprocessor *pp,Sublinkage *sublinkage,pp_rule *rule)
{
/* returns TRUE if and only if
(1) the sentence doesn't contain the selector link for the rule, or
(2) it does, and it also contains one or more from the rule's link set */
int i,j,count;
for (i=0; i<sublinkage->num_links; i++) {
if (sublinkage->link[i]->l == -1) continue;
if (post_process_match(rule->selector,sublinkage->link[i]->name)) break;
}
if (i==sublinkage->num_links) return TRUE;
/* selector link of rule appears in sentence */
count=0;
for (j=0; j<sublinkage->num_links && count==0; j++) {
if (sublinkage->link[j]->l == -1) continue;
if (string_in_list(sublinkage->link[j]->name, rule->link_array))
{
count=1;
break;
}
}
if (count==0) return FALSE; else return TRUE;
}
static int
apply_contains_none(Postprocessor *pp,Sublinkage *sublinkage,pp_rule *rule)
{
/* returns TRUE if and only if:
all groups containing the selector link do not contain anything
from the link_array contained in the rule. Uses exact string matching. */
DTreeLeaf * dtl;
int d;
for (d=0; d<pp->pp_data.N_domains; d++)
{
for (dtl = pp->pp_data.domain_array[d].child;
dtl != NULL &&
!post_process_match(rule->selector,
sublinkage->link[dtl->link]->name);
dtl = dtl->next);
if (dtl != NULL)
{
/* selector link of rule appears in this domain */
for (dtl = pp->pp_data.domain_array[d].child; dtl != NULL; dtl = dtl->next)
if (string_in_list(sublinkage->link[dtl->link]->name,
rule->link_array))
return FALSE;
}
}
return TRUE;
}
static int
apply_contains_one(Postprocessor *pp, Sublinkage *sublinkage, pp_rule *rule)
{
/* returns TRUE if and only if all groups containing the specified link
contain at least one from the required list. (as determined by exact
string matching) */
DTreeLeaf * dtl;
int d, count;
for (d=0; d<pp->pp_data.N_domains; d++)
{
for (dtl = pp->pp_data.domain_array[d].child;
dtl != NULL &&
!post_process_match(rule->selector,
sublinkage->link[dtl->link]->name);
dtl = dtl->next);
if (dtl != NULL)
{
/* selector link of rule appears in this domain */
count=0;
for (dtl = pp->pp_data.domain_array[d].child; dtl != NULL; dtl = dtl->next)
if (string_in_list(sublinkage->link[dtl->link]->name,
rule->link_array))
{
count=1;
break;
}
if (count == 0) return FALSE;
}
}
return TRUE;
}
static void test_get_set(void **state)
{
#ifndef HAVE_OPENPAM
const char *svc;
#endif
enum pamtest_err perr;
struct pam_testcase tests[] = {
pam_test(PAMTEST_OPEN_SESSION, PAM_SUCCESS),
pam_test(PAMTEST_GETENVLIST, PAM_SUCCESS),
};
(void) state; /* unused */
#ifndef HAVE_OPENPAM
test_setenv("PAM_SERVICE");
#endif
test_setenv("PAM_USER");
test_setenv("PAM_USER_PROMPT");
test_setenv("PAM_TTY");
test_setenv("PAM_RUSER");
test_setenv("PAM_RHOST");
test_setenv("PAM_AUTHTOK");
test_setenv("PAM_OLDAUTHTOK");
#ifdef PAM_XDISPLAY
test_setenv("PAM_XDISPLAY");
#endif
#ifdef PAM_AUTHTOK_TYPE
test_setenv("PAM_AUTHTOK_TYPE");
#endif
perr = run_pamtest("pwrap_get_set", "trinity", NULL, tests);
assert_int_equal(perr, PAMTEST_ERR_OK);
/* PAM_SERVICE is a special case, Linux's libpam lowercases it.
* OpenPAM only allows PAM_SERVICE to be set by pam_start()
*/
#ifndef HAVE_OPENPAM
svc = string_in_list(tests[1].case_out.envlist, "PAM_SERVICE");
assert_non_null(svc);
assert_string_equal(svc, "test_pam_service");
#endif
test_getenv(tests[1].case_out.envlist, "PAM_USER");
test_getenv(tests[1].case_out.envlist, "PAM_USER_PROMPT");
test_getenv(tests[1].case_out.envlist, "PAM_TTY");
test_getenv(tests[1].case_out.envlist, "PAM_RUSER");
test_getenv(tests[1].case_out.envlist, "PAM_RHOST");
test_getenv(tests[1].case_out.envlist, "PAM_AUTHTOK");
test_getenv(tests[1].case_out.envlist, "PAM_OLDAUTHTOK");
#ifdef PAM_XDISPLAY
test_getenv(tests[1].case_out.envlist, "PAM_XDISPLAY");
#endif
#ifdef PAM_AUTHTOK_TYPE
test_getenv(tests[1].case_out.envlist, "PAM_AUTHTOK_TYPE");
#endif
pamtest_free_env(tests[1].case_out.envlist);
}
/*
* Given a handler's cgroup data, return the struct hierarchy for the
* controller @c, or NULL if there is none.
*/
struct hierarchy *get_hierarchy(const char *c)
{
int i;
if (!hierarchies)
return NULL;
for (i = 0; hierarchies[i]; i++) {
if (string_in_list(hierarchies[i]->controllers, c))
return hierarchies[i];
}
return NULL;
}
/*
* append an entry to the clist. Do not fail.
* *clist must be NULL the first time we are called.
*
* We also handle named subsystems here. Any controller which is not a
* kernel subsystem, we prefix 'name='. Any which is both a kernel and
* named subsystem, we refuse to use because we're not sure which we
* have here. (TODO - we could work around this in some cases by just
* remounting to be unambiguous, or by comparing mountpoint contents
* with current cgroup)
*
* The last entry will always be NULL.
*/
static void must_append_controller(char **klist, char **nlist, char ***clist, char *entry)
{
int newentry;
char *copy;
if (string_in_list(klist, entry) && string_in_list(nlist, entry)) {
ERROR("Refusing to use ambiguous controller '%s'", entry);
ERROR("It is both a named and kernel subsystem");
return;
}
newentry = append_null_to_list((void ***)clist);
if (strncmp(entry, "name=", 5) == 0)
copy = must_copy_string(entry);
else if (string_in_list(klist, entry))
copy = must_copy_string(entry);
else
copy = must_prefix_named(entry);
(*clist)[newentry] = copy;
}
END_TEST
START_TEST(test_string_in_list)
{
bool is_in;
char *empty_list[] = {NULL};
char *list[] = {discard_const("ABC"),
discard_const("DEF"),
discard_const("GHI"),
NULL};
is_in = string_in_list(NULL, NULL, false);
fail_unless(!is_in, "NULL string is in NULL list.");
is_in = string_in_list(NULL, empty_list, false);
fail_unless(!is_in, "NULL string is in empty list.");
is_in = string_in_list(NULL, list, false);
fail_unless(!is_in, "NULL string is in list.");
is_in = string_in_list("ABC", NULL, false);
fail_unless(!is_in, "String is in NULL list.");
is_in = string_in_list("ABC", empty_list, false);
fail_unless(!is_in, "String is in empty list.");
is_in = string_in_list("ABC", list, false);
fail_unless(is_in, "String is not list.");
is_in = string_in_list("abc", list, false);
fail_unless(is_in, "String is not case in-sensitive list.");
is_in = string_in_list("abc", list, true);
fail_unless(!is_in, "Wrong string found in case sensitive list.");
is_in = string_in_list("123", list, false);
fail_unless(!is_in, "Wrong string found in list.");
}
/* Return true if rfc2307 schema is used and all autofs options use
* defaults. Should be removed in future, see
* https://fedorahosted.org/sssd/ticket/2858
*/
static bool ldap_rfc2307_autofs_defaults(struct confdb_ctx *cdb,
const char *conf_path)
{
char **services = NULL;
errno_t ret;
bool has_autofs_defaults = false;
const char *attrs[] = {
rfc2307_autofs_entry_map[SDAP_OC_AUTOFS_ENTRY].opt_name,
/* SDAP_AT_AUTOFS_ENTRY_KEY missing on purpose, its value was
* the same between the wrong and correct schema
*/
rfc2307_autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_VALUE].opt_name,
rfc2307_autofs_mobject_map[SDAP_OC_AUTOFS_MAP].opt_name,
rfc2307_autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].opt_name,
NULL,
};
ret = confdb_get_string_as_list(cdb, cdb,
CONFDB_MONITOR_CONF_ENTRY,
CONFDB_MONITOR_ACTIVE_SERVICES, &services);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Unable to read from confdb [%d]: %s\n",
ret, sss_strerror(ret));
goto done;
}
if (string_in_list("autofs", services, true) == false) {
goto done;
}
has_autofs_defaults = has_defaults(cdb, conf_path, attrs);
done:
talloc_free(services);
return has_autofs_defaults;
}
/**
* Returns true if and only if
* (1) the sentence doesn't contain the selector link for the rule, or
* (2) it does, and it also contains one or more from the rule's link set
*/
static bool
apply_contains_one_globally(PP_data *pp_data, Linkage sublinkage, pp_rule *rule)
{
size_t i, j, count;
for (i = 0; i < sublinkage->num_links; i++)
{
assert(sublinkage->link_array[i].lw != SIZE_MAX);
if (post_process_match(rule->selector, sublinkage->link_array[i].link_name)) break;
}
if (i == sublinkage->num_links) return true;
/* selector link of rule appears in sentence */
count = 0;
for (j = 0; j < sublinkage->num_links && count == 0; j++)
{
assert(sublinkage->link_array[j].lw != SIZE_MAX);
if (string_in_list(sublinkage->link_array[j].link_name, rule->link_array))
{
count = 1;
break;
}
}
if (count == 0) return false; else return true;
}
t_linked_list *resolve_line(t_linked_list *line, t_linked_list *declared_functions,
t_linked_list **splitted_strings_line, t_linked_list *builtin_keywords)
{
int i;
t_linked_list *resolved_line;
char *to_add;
char *tmp_string;
t_linked_list *new_line_strings;
new_line_strings = new_list();
resolved_line = new_list();
i = 0;
while (i < line->len && (*((char*)line->elts[i]) == TAB || *((char*)line->elts[i]) == SPACE))
{
if (!(to_add = (char*)malloc(sizeof(char))))
malloc_error();
*to_add = *((char*)line->elts[i]);
add_to_list(resolved_line, to_add);
add_to_list(new_line_strings, ft_strdup("\t"));
i++;
}
while (i < line->len)
{
if (!(to_add = (char*)malloc(sizeof(char))))
malloc_error();
*to_add = *((char*)line->elts[i]);
tmp_string = ((char*)(*splitted_strings_line)->elts[i]);
if (*((char*)line->elts[i]) == NAME)
{
if (i > 0 && *((char*)line->elts[i]) == FUNCTION_DECL)
*to_add = FUNCTION_NAME;
else if (string_in_list((*splitted_strings_line)->elts[i], declared_functions))
*to_add = FUNCTION_NAME;
else if (string_in_list((*splitted_strings_line)->elts[i], builtin_keywords))
*to_add = KEYWORD;
else if (string_is_string((*splitted_strings_line)->elts[i]))
*to_add = STRING_DEF;
else if (string_is_character((*splitted_strings_line)->elts[i]))
*to_add = CHARACTER_DEF;
else if (string_is_integer((*splitted_strings_line)->elts[i]))
*to_add = INTEGER_DEF;
else if (string_is_float((*splitted_strings_line)->elts[i]))
*to_add = FLOAT_DEF;
else
*to_add = VAR_NAME;
}
else if (*((char*)line->elts[i]) == EQUAL && i + 1 < line->len && *((char*)line->elts[i + 1]) == EQUAL)
{
*to_add = EQUALITY_CHECK;
tmp_string = ft_strdup("==");
i++;
}
else if (*((char*)line->elts[i]) == COLON && i + 2 < line->len && *((char*)line->elts[i + 1]) == COLON
&& *((char*)line->elts[i + 2]) == EQUAL)
{
*to_add = DEEPCOPY_EQUAL;
tmp_string = ft_strdup("::=");
i += 2;
}
else if (*((char*)line->elts[i]) == COLON && i + 1 < line->len && *((char*)line->elts[i + 1]) == EQUAL)
{
*to_add = COPY_EQUAL;
tmp_string = ft_strdup(":=");
i++;
}
else if (*((char*)line->elts[i]) == COLON && i + 1 < line->len && *((char*)line->elts[i + 1]) == COLON)
{
*to_add = DEEPCOPY;
tmp_string = ft_strdup("::");
i++;
}
else if (*((char*)line->elts[i]) == COLON && i + 1 < line->len)
{
*to_add = COPY;
tmp_string = ft_strdup(":");
}
add_to_list(resolved_line, to_add);
add_to_list(new_line_strings, tmp_string);
i++;
}
*splitted_strings_line = new_line_strings;
return (resolved_line);
}
