From 2fca2f1b77c0e9ae82e1a24bbf89fbc3115a5e24 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 6 Sep 2017 16:42:20 +0200
Subject: [PATCH 193/194] IPA: fix handling of certmap_ctx
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch fixes a use-after-free in the AD provider part and
initializes the certmap_ctx with data from the cache at startup.
Related to https://pagure.io/SSSD/sssd/issue/3508
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit f2e70ec742cd7aab82b74d7e4b424ba3258da7aa)
---
Makefile.am | 20 +++
src/providers/ipa/ipa_init.c | 7 +
src/providers/ipa/ipa_subdomains.c | 53 +------
src/providers/ipa/ipa_subdomains_server.c | 4 +-
src/providers/ldap/ldap_common.h | 5 +
src/providers/ldap/ldap_id.c | 5 +-
src/providers/ldap/sdap.h | 4 +-
src/providers/ldap/sdap_certmap.c | 152 +++++++++++++++++++
src/tests/cmocka/test_sdap_certmap.c | 244 ++++++++++++++++++++++++++++++
9 files changed, 441 insertions(+), 53 deletions(-)
create mode 100644 src/providers/ldap/sdap_certmap.c
create mode 100644 src/tests/cmocka/test_sdap_certmap.c
diff --git a/Makefile.am b/Makefile.am
index 503c8cfd795b503f566431c08a56a56147180322..907c3256a154ebe2aae5a1667744e1dfbe8abaae 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -257,6 +257,7 @@ if HAVE_CMOCKA
test_search_bases \
test_ldap_auth \
test_sdap_access \
+ test_sdap_certmap \
sdap-tests \
test_sysdb_ts_cache \
test_sysdb_views \
@@ -2662,6 +2663,24 @@ test_sdap_access_LDADD = \
libdlopen_test_providers.la \
$(NULL)
+test_sdap_certmap_SOURCES = \
+ src/tests/cmocka/test_sdap_certmap.c \
+ src/providers/ldap/sdap_certmap.c \
+ $(NULL)
+test_sdap_certmap_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(TALLOC_CFLAGS) \
+ $(POPT_CFLAGS) \
+ $(NULL)
+test_sdap_certmap_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(TALLOC_LIBS) \
+ $(POPT_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la \
+ libsss_certmap.la \
+ $(NULL)
+
ad_access_filter_tests_SOURCES = \
src/tests/cmocka/test_ad_access_filter.c
ad_access_filter_tests_LDADD = \
@@ -3706,6 +3725,7 @@ libsss_ldap_common_la_SOURCES = \
src/providers/ldap/sdap_child_helpers.c \
src/providers/ldap/sdap_fd_events.c \
src/providers/ldap/sdap_id_op.c \
+ src/providers/ldap/sdap_certmap.c \
src/providers/ldap/sdap_idmap.c \
src/providers/ldap/sdap_idmap.h \
src/providers/ldap/sdap_range.c \
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 7dec4d1fb8541a48470d4e44f10838e5bea67ad5..2b58b1341463f8947d51dee2076dbe92e3093558 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -649,6 +649,13 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx,
return ENOMEM;
}
+ ret = sdap_init_certmap(sdap_id_ctx, sdap_id_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to initialized certificate mapping.\n");
+ return ret;
+ }
+
return EOK;
}
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index ef348adf4a36e870f44387bd700f5c2beea3bfd6..6f0ff50bde234f72d62f43635d9a787316c78430 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -311,25 +311,6 @@ struct priv_sss_debug {
int level;
};
-void ext_debug(void *private, const char *file, long line, const char *function,
- const char *format, ...)
-{
- va_list ap;
- struct priv_sss_debug *data = private;
- int level = SSSDBG_OP_FAILURE;
-
- if (data != NULL) {
- level = data->level;
- }
-
- if (DEBUG_IS_SET(level)) {
- va_start(ap, format);
- sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED,
- format, ap);
- va_end(ap);
- }
-}
-
static errno_t ipa_certmap_parse_results(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct sdap_options *sdap_opts,
@@ -344,7 +325,6 @@ static errno_t ipa_certmap_parse_results(TALLOC_CTX *mem_ctx,
size_t c;
size_t lc = 0;
int ret;
- struct sss_certmap_ctx *certmap_ctx = NULL;
const char **ocs = NULL;
bool user_name_hint = false;
@@ -444,50 +424,29 @@ static errno_t ipa_certmap_parse_results(TALLOC_CTX *mem_ctx,
certmap_list[lc] = NULL;
- ret = sss_certmap_init(mem_ctx, ext_debug, NULL, &certmap_ctx);
- if (ret != 0) {
- DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_init failed.\n");
+ ret = sdap_setup_certmap(sdap_opts->sdap_certmap_ctx, certmap_list);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_setup_certmap failed.\n");
goto done;
}
- for (c = 0; certmap_list[c] != NULL; c++) {
- DEBUG(SSSDBG_TRACE_ALL, "Trying to add rule [%s][%d][%s][%s].\n",
- certmap_list[c]->name,
- certmap_list[c]->priority,
- certmap_list[c]->match_rule,
- certmap_list[c]->map_rule);
-
- ret = sss_certmap_add_rule(certmap_ctx, certmap_list[c]->priority,
- certmap_list[c]->match_rule,
- certmap_list[c]->map_rule,
- certmap_list[c]->domains);
- if (ret != 0) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_certmap_add_rule failed for rule [%s], skipping. "
- "Please check for typos and if rule syntax is supported.\n",
- certmap_list[c]->name);
- goto done;
- }
- }
-
ret = sysdb_update_certmap(domain->sysdb, certmap_list, user_name_hint);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_certmap failed");
goto done;
}
- sss_certmap_free_ctx(sdap_opts->certmap_ctx);
- sdap_opts->certmap_ctx = talloc_steal(sdap_opts, certmap_ctx);
-
if (_certmap_list != NULL) {
*_certmap_list = certmap_list;
+ } else {
+ talloc_free(certmap_list);
}
+
ret = EOK;
done:
talloc_free(ocs);
if (ret != EOK) {
- sss_certmap_free_ctx(certmap_ctx);
talloc_free(certmap_list);
}
diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c
index 443d83824f329b9d8c3d8e820113e1029f832240..56470ac824feaa59eecbd9f442682220237c2412 100644
--- a/src/providers/ipa/ipa_subdomains_server.c
+++ b/src/providers/ipa/ipa_subdomains_server.c
@@ -361,8 +361,8 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
id_ctx->sdap_id_ctx->opts->idmap_ctx;
/* Set up the certificate mapping context */
- ad_id_ctx->sdap_id_ctx->opts->certmap_ctx =
- id_ctx->sdap_id_ctx->opts->certmap_ctx;
+ ad_id_ctx->sdap_id_ctx->opts->sdap_certmap_ctx =
+ id_ctx->sdap_id_ctx->opts->sdap_certmap_ctx;
*_ad_id_ctx = ad_id_ctx;
return EOK;
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index 1acda4147576503b18f61e0bb56f8efd2263fd44..0510b7d5ab5121bd96f699e8e59520a2a18a604f 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -362,4 +362,9 @@ sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
errno_t sdap_refresh_init(struct be_refresh_ctx *refresh_ctx,
struct sdap_id_ctx *id_ctx);
+errno_t sdap_init_certmap(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx);
+
+errno_t sdap_setup_certmap(struct sdap_certmap_ctx *sdap_certmap_ctx,
+ struct certmap_info **certmap_list);
+struct sss_certmap_ctx *sdap_get_sss_certmap(struct sdap_certmap_ctx *ctx);
#endif /* _LDAP_COMMON_H_ */
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 557712e8dc2b2bde664b4054fa2f8eb39df84d73..93204d35ea3782c9aa5d622a962c295869472631 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -252,9 +252,8 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
}
ret = sss_cert_derb64_to_ldap_filter(state, filter_value, attr_name,
- ctx->opts->certmap_ctx,
- state->domain,
- &user_filter);
+ sdap_get_sss_certmap(ctx->opts->sdap_certmap_ctx),
+ state->domain, &user_filter);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
"sss_cert_derb64_to_ldap_filter failed.\n");
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index afdc01948eefe9dda943c8c7ad01a42dd76a1da8..c85fbe9e78e5eefa7e33ea8055730118b0871a4c 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -446,6 +446,8 @@ struct sdap_ext_member_ctx {
ext_member_recv_fn_t ext_member_resolve_recv;
};
+struct sdap_certmap_ctx;
+
struct sdap_options {
struct dp_option *basic;
struct sdap_attr_map *gen_map;
@@ -481,7 +483,7 @@ struct sdap_options {
enum dc_functional_level dc_functional_level;
/* Certificate mapping support */
- struct sss_certmap_ctx *certmap_ctx;
+ struct sdap_certmap_ctx *sdap_certmap_ctx;
};
struct sdap_server_opts {
diff --git a/src/providers/ldap/sdap_certmap.c b/src/providers/ldap/sdap_certmap.c
new file mode 100644
index 0000000000000000000000000000000000000000..fcf88a9c69482c8668d486cd2ab0ba37c847e46d
--- /dev/null
+++ b/src/providers/ldap/sdap_certmap.c
@@ -0,0 +1,152 @@
+
+/*
+ SSSD
+
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2017 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "util/util.h"
+#include "lib/certmap/sss_certmap.h"
+#include "providers/ldap/ldap_common.h"
+
+struct sdap_certmap_ctx {
+ struct sss_certmap_ctx *certmap_ctx;
+};
+
+struct priv_sss_debug {
+ int level;
+};
+
+static void ext_debug(void *private, const char *file, long line,
+ const char *function, const char *format, ...)
+{
+ va_list ap;
+ struct priv_sss_debug *data = private;
+ int level = SSSDBG_OP_FAILURE;
+
+ if (data != NULL) {
+ level = data->level;
+ }
+
+ if (DEBUG_IS_SET(level)) {
+ va_start(ap, format);
+ sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED,
+ format, ap);
+ va_end(ap);
+ }
+}
+
+struct sss_certmap_ctx *sdap_get_sss_certmap(struct sdap_certmap_ctx *ctx)
+{
+ return ctx == NULL ? NULL : ctx->certmap_ctx;
+}
+
+errno_t sdap_setup_certmap(struct sdap_certmap_ctx *sdap_certmap_ctx,
+ struct certmap_info **certmap_list)
+{
+ int ret;
+ struct sss_certmap_ctx *sss_certmap_ctx = NULL;
+ size_t c;
+
+ if (sdap_certmap_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing sdap_certmap_ctx.\n");
+ return EINVAL;
+ }
+
+ if (certmap_list == NULL || *certmap_list == NULL) {
+ DEBUG(SSSDBG_TRACE_ALL, "No certmap data, nothing to do.\n");
+ ret = EOK;
+ goto done;
+ }
+
+ ret = sss_certmap_init(sdap_certmap_ctx, ext_debug, NULL, &sss_certmap_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_init failed.\n");
+ goto done;
+ }
+
+ for (c = 0; certmap_list[c] != NULL; c++) {
+ DEBUG(SSSDBG_TRACE_ALL, "Trying to add rule [%s][%d][%s][%s].\n",
+ certmap_list[c]->name,
+ certmap_list[c]->priority,
+ certmap_list[c]->match_rule,
+ certmap_list[c]->map_rule);
+
+ ret = sss_certmap_add_rule(sss_certmap_ctx, certmap_list[c]->priority,
+ certmap_list[c]->match_rule,
+ certmap_list[c]->map_rule,
+ certmap_list[c]->domains);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "sss_certmap_add_rule failed for rule [%s] "
+ "with error [%d][%s], skipping. "
+ "Please check for typos and if rule syntax is supported.\n",
+ certmap_list[c]->name, ret, sss_strerror(ret));
+ continue;
+ }
+ }
+
+ ret = EOK;
+
+done:
+ if (ret == EOK) {
+ sss_certmap_free_ctx(sdap_certmap_ctx->certmap_ctx);
+ sdap_certmap_ctx->certmap_ctx = sss_certmap_ctx;
+ } else {
+ sss_certmap_free_ctx(sss_certmap_ctx);
+ }
+
+ return ret;
+}
+
+errno_t sdap_init_certmap(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx)
+{
+ int ret;
+ bool hint;
+ struct certmap_info **certmap_list = NULL;
+
+ if (id_ctx->opts->sdap_certmap_ctx == NULL) {
+ id_ctx->opts->sdap_certmap_ctx = talloc_zero(mem_ctx,
+ struct sdap_certmap_ctx);
+ if (id_ctx->opts->sdap_certmap_ctx == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
+ return ENOMEM;
+ }
+ }
+
+ ret = sysdb_get_certmap(mem_ctx, id_ctx->be->domain->sysdb,
+ &certmap_list, &hint);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_certmap failed.\n");
+ goto done;
+ }
+
+ ret = sdap_setup_certmap(id_ctx->opts->sdap_certmap_ctx, certmap_list);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_setup_certmap failed.\n");
+ goto done;
+ }
+
+ ret = EOK;
+
+done:
+ talloc_free(certmap_list);
+
+ return ret;
+}
diff --git a/src/tests/cmocka/test_sdap_certmap.c b/src/tests/cmocka/test_sdap_certmap.c
new file mode 100644
index 0000000000000000000000000000000000000000..9df5666844c8582a3fdb5b086720f1f2819f53f3
--- /dev/null
+++ b/src/tests/cmocka/test_sdap_certmap.c
@@ -0,0 +1,244 @@
+/*
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2017 Red Hat
+
+ SSSD tests - sdap certmap
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdarg.h>
+#include <stdbool.h>
+#include <setjmp.h>
+#include <unistd.h>
+#include <cmocka.h>
+#include <popt.h>
+
+#include "providers/ldap/ldap_common.h"
+#include "tests/common.h"
+#include "db/sysdb.h"
+
+#define TESTS_PATH "certmap_" BASE_FILE_STEM
+#define TEST_CONF_DB "test_sysdb_certmap.ldb"
+#define TEST_ID_PROVIDER "ldap"
+#define TEST_DOM_NAME "certmap_test"
+
+struct certmap_info map_a = { discard_const("map_a"), 11,
+ NULL, discard_const("(abc=def)"),
+ NULL };
+struct certmap_info map_b = { discard_const("map_b"), UINT_MAX,
+ NULL, NULL, NULL };
+struct certmap_info *certmap[] = { &map_a, &map_b, NULL };
+
+struct certmap_test_ctx {
+ struct sss_test_ctx *tctx;
+ struct sdap_id_ctx *id_ctx;
+};
+
+static int test_sysdb_setup(void **state)
+{
+ int ret;
+ struct certmap_test_ctx *test_ctx;
+ struct sss_test_conf_param params[] = {
+ { NULL, NULL }, /* Sentinel */
+ };
+
+ assert_true(leak_check_setup());
+
+ test_ctx = talloc_zero(global_talloc_context,
+ struct certmap_test_ctx);
+ assert_non_null(test_ctx);
+ check_leaks_push(test_ctx);
+
+ test_dom_suite_setup(TESTS_PATH);
+
+ test_ctx->tctx = create_dom_test_ctx(test_ctx, TESTS_PATH,
+ TEST_CONF_DB, TEST_DOM_NAME,
+ TEST_ID_PROVIDER, params);
+ assert_non_null(test_ctx->tctx);
+
+ ret = sysdb_update_certmap(test_ctx->tctx->sysdb, certmap, false);
+ assert_int_equal(ret, EOK);
+
+ test_ctx->id_ctx = talloc_zero(test_ctx->tctx, struct sdap_id_ctx);
+ assert_non_null(test_ctx->id_ctx);
+
+ test_ctx->id_ctx->opts = talloc_zero(test_ctx->tctx, struct sdap_options);
+ assert_non_null(test_ctx->id_ctx->opts);
+
+ test_ctx->id_ctx->be = talloc_zero(test_ctx->tctx, struct be_ctx);
+ assert_non_null(test_ctx->id_ctx->be);
+ test_ctx->id_ctx->be->domain = test_ctx->tctx->dom;
+
+ *state = test_ctx;
+ return 0;
+}
+
+static int test_sysdb_teardown(void **state)
+{
+ struct certmap_test_ctx *test_ctx =
+ talloc_get_type(*state, struct certmap_test_ctx);
+
+ test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME);
+ talloc_free(test_ctx->tctx);
+ assert_true(check_leaks_pop(test_ctx));
+ talloc_free(test_ctx);
+ assert_true(leak_check_teardown());
+ return 0;
+}
+
+static void test_sdap_certmap_init(void **state)
+{
+ int ret;
+ struct certmap_test_ctx *test_ctx = talloc_get_type(*state,
+ struct certmap_test_ctx);
+
+ ret = sdap_init_certmap(test_ctx, test_ctx->id_ctx);
+ assert_int_equal(ret, EOK);
+
+ talloc_free(test_ctx->id_ctx->opts->sdap_certmap_ctx);
+}
+
+static void test_sdap_get_sss_certmap(void **state)
+{
+ int ret;
+ struct certmap_test_ctx *test_ctx = talloc_get_type(*state,
+ struct certmap_test_ctx);
+ struct sss_certmap_ctx *sss_certmap_ctx;
+
+ sss_certmap_ctx = sdap_get_sss_certmap(NULL);
+ assert_null(sss_certmap_ctx);
+
+ ret = sdap_init_certmap(test_ctx, test_ctx->id_ctx);
+ assert_int_equal(ret, EOK);
+
+ sss_certmap_ctx = sdap_get_sss_certmap(
+ test_ctx->id_ctx->opts->sdap_certmap_ctx);
+ assert_non_null(sss_certmap_ctx);
+
+ talloc_free(test_ctx->id_ctx->opts->sdap_certmap_ctx);
+}
+
+static void test_sdap_certmap_init_twice(void **state)
+{
+ int ret;
+ struct certmap_test_ctx *test_ctx = talloc_get_type(*state,
+ struct certmap_test_ctx);
+ struct sdap_certmap_ctx *sdap_certmap_ref;
+ struct sss_certmap_ctx *sss_certmap_ref;
+
+ ret = sdap_init_certmap(test_ctx, test_ctx->id_ctx);
+ assert_int_equal(ret, EOK);
+
+ sdap_certmap_ref = test_ctx->id_ctx->opts->sdap_certmap_ctx;
+ sss_certmap_ref = sdap_get_sss_certmap(sdap_certmap_ref);
+
+ ret = sdap_init_certmap(test_ctx, test_ctx->id_ctx);
+ assert_int_equal(ret, EOK);
+
+ assert_ptr_equal(sdap_certmap_ref,
+ test_ctx->id_ctx->opts->sdap_certmap_ctx);
+ assert_ptr_not_equal(sss_certmap_ref,
+ sdap_get_sss_certmap(sdap_certmap_ref));
+
+ talloc_free(test_ctx->id_ctx->opts->sdap_certmap_ctx);
+}
+
+
+static void test_sdap_setup_certmap(void **state)
+{
+ int ret;
+ struct certmap_test_ctx *test_ctx = talloc_get_type(*state,
+ struct certmap_test_ctx);
+ struct sdap_certmap_ctx *sdap_certmap_ref;
+ struct sss_certmap_ctx *sss_certmap_ref;
+
+ ret = sdap_init_certmap(test_ctx, test_ctx->id_ctx);
+ assert_int_equal(ret, EOK);
+
+ sdap_certmap_ref = test_ctx->id_ctx->opts->sdap_certmap_ctx;
+ sss_certmap_ref = sdap_get_sss_certmap(sdap_certmap_ref);
+
+ ret = sdap_setup_certmap(NULL, NULL);
+ assert_int_equal(ret, EINVAL);
+ assert_ptr_equal(sdap_certmap_ref,
+ test_ctx->id_ctx->opts->sdap_certmap_ctx);
+ assert_ptr_equal(sss_certmap_ref, sdap_get_sss_certmap(sdap_certmap_ref));
+
+ ret = sdap_setup_certmap(NULL, certmap);
+ assert_int_equal(ret, EINVAL);
+ assert_ptr_equal(sdap_certmap_ref,
+ test_ctx->id_ctx->opts->sdap_certmap_ctx);
+ assert_ptr_equal(sss_certmap_ref, sdap_get_sss_certmap(sdap_certmap_ref));
+
+ ret = sdap_setup_certmap(sdap_certmap_ref, certmap);
+ assert_int_equal(ret, EOK);
+ assert_ptr_equal(sdap_certmap_ref,
+ test_ctx->id_ctx->opts->sdap_certmap_ctx);
+ assert_ptr_not_equal(sss_certmap_ref,
+ sdap_get_sss_certmap(sdap_certmap_ref));
+
+ talloc_free(test_ctx->id_ctx->opts->sdap_certmap_ctx);
+}
+
+int main(int argc, const char *argv[])
+{
+ int rv;
+ poptContext pc;
+ int opt;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ SSSD_DEBUG_OPTS
+ POPT_TABLEEND
+ };
+
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(test_sdap_certmap_init,
+ test_sysdb_setup,
+ test_sysdb_teardown),
+ cmocka_unit_test_setup_teardown(test_sdap_get_sss_certmap,
+ test_sysdb_setup,
+ test_sysdb_teardown),
+ cmocka_unit_test_setup_teardown(test_sdap_certmap_init_twice,
+ test_sysdb_setup,
+ test_sysdb_teardown),
+ cmocka_unit_test_setup_teardown(test_sdap_setup_certmap,
+ test_sysdb_setup,
+ test_sysdb_teardown),
+ };
+
+ /* Set debug level to invalid value so we can deside if -d 0 was used. */
+ debug_level = SSSDBG_INVALID;
+
+ pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch(opt) {
+ default:
+ fprintf(stderr, "\nInvalid option %s: %s\n\n",
+ poptBadOption(pc, 0), poptStrerror(opt));
+ poptPrintUsage(pc, stderr, 0);
+ return 1;
+ }
+ }
+ poptFreeContext(pc);
+
+ DEBUG_CLI_INIT(debug_level);
+
+ tests_set_cwd();
+ rv = cmocka_run_group_tests(tests, NULL, NULL);
+
+ return rv;
+}
--
2.13.5