From: Arseniy Kostevich Date: Thu, 4 Jun 2026 09:30:45 +0000 (+0300) Subject: test: add NSS alias coverage for user and group records X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0fb924e37918c384952b2d04265de5b38d3ba4aa;p=thirdparty%2Fsystemd.git test: add NSS alias coverage for user and group records Add separate NSS conversion tests for user and group records covering canonicalized lookup aliases, invalid alias rejection, user-side alias no-op cases, group alias@realm matching, and alias-aware fuzzy matching. --- diff --git a/src/test/meson.build b/src/test/meson.build index 21b1f435f46..6520a395a95 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -115,6 +115,7 @@ simple_tests += files( 'test-fstab-util.c', 'test-glob-util.c', 'test-gpt.c', + 'test-group-record-nss.c', 'test-gunicode.c', 'test-hash-funcs.c', 'test-hexdecoct.c', @@ -222,6 +223,7 @@ simple_tests += files( 'test-unaligned.c', 'test-unit-file.c', 'test-user-record.c', + 'test-user-record-nss.c', 'test-user-util.c', 'test-utf8.c', 'test-verbs.c', diff --git a/src/test/test-group-record-nss.c b/src/test/test-group-record-nss.c new file mode 100644 index 00000000000..2eb5eed53dd --- /dev/null +++ b/src/test/test-group-record-nss.c @@ -0,0 +1,93 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include +#include + +#include "sd-json.h" +#include "group-record.h" +#include "strv.h" +#include "tests.h" +#include "user-record-nss.h" + +TEST(nss_group_alias) { + static const struct group grp = { + .gr_name = (char*) "domain users", + .gr_gid = 1000, + }; + _cleanup_(group_record_unrefp) GroupRecord *g = NULL; + sd_json_variant *aliases; + + ASSERT_OK(nss_group_to_group_record(&grp, NULL, "domain users@example.test", &g)); + ASSERT_TRUE(group_record_matches_group_name(g, "domain users@example.test")); + ASSERT_TRUE(strv_contains(g->aliases, "domain users@example.test")); + + aliases = ASSERT_NOT_NULL(sd_json_variant_by_key(g->json, "aliases")); + ASSERT_STREQ(sd_json_variant_string(sd_json_variant_by_index(aliases, 0)), "domain users@example.test"); +} + +TEST(nss_group_invalid_alias) { + static const struct group grp = { + .gr_name = (char*) "domain users", + .gr_gid = 1000, + }; + _cleanup_(group_record_unrefp) GroupRecord *g = NULL; + + ASSERT_OK(nss_group_to_group_record(&grp, NULL, "domain/users", &g)); + ASSERT_FALSE(group_record_matches_group_name(g, "domain/users")); + ASSERT_TRUE(strv_isempty(g->aliases)); + ASSERT_NULL(sd_json_variant_by_key(g->json, "aliases")); +} + +TEST(nss_group_alias_realm) { + static const struct group grp = { + .gr_name = (char*) "domain users", + .gr_gid = 1000, + }; + _cleanup_(group_record_unrefp) GroupRecord *g = NULL; + + ASSERT_OK(nss_group_to_group_record(&grp, NULL, "domain-users", &g)); + g->realm = ASSERT_NOT_NULL(strdup("example.test")); + + ASSERT_TRUE(group_record_matches_group_name(g, "domain-users@example.test")); +} + +TEST(nss_group_alias_same_as_canonical_noop) { + static const struct group grp = { + .gr_name = (char*) "domain users", + .gr_gid = 1000, + }; + _cleanup_(group_record_unrefp) GroupRecord *g = NULL; + + ASSERT_OK(nss_group_to_group_record(&grp, NULL, "domain users", &g)); + ASSERT_TRUE(strv_isempty(g->aliases)); + ASSERT_NULL(sd_json_variant_by_key(g->json, "aliases")); +} + +TEST(nss_group_null_alias_noop) { + static const struct group grp = { + .gr_name = (char*) "domain users", + .gr_gid = 1000, + }; + _cleanup_(group_record_unrefp) GroupRecord *g = NULL; + + ASSERT_OK(nss_group_to_group_record(&grp, NULL, NULL, &g)); + ASSERT_TRUE(strv_isempty(g->aliases)); + ASSERT_NULL(sd_json_variant_by_key(g->json, "aliases")); +} + +TEST(nss_group_alias_fuzzy_match) { + static const struct group grp = { + .gr_name = (char*) "canonical group", + .gr_gid = 1000, + }; + _cleanup_(group_record_unrefp) GroupRecord *g = NULL; + UserDBMatch match = USERDB_MATCH_NULL; + + ASSERT_OK(nss_group_to_group_record(&grp, NULL, "external-group", &g)); + match.fuzzy_names = ASSERT_NOT_NULL(strv_new("ternal")); + + ASSERT_TRUE(group_record_match(g, &match)); + userdb_match_done(&match); +} + +DEFINE_TEST_MAIN(LOG_INFO); diff --git a/src/test/test-user-record-nss.c b/src/test/test-user-record-nss.c new file mode 100644 index 00000000000..22a055f57cf --- /dev/null +++ b/src/test/test-user-record-nss.c @@ -0,0 +1,117 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include +#include + +#include "sd-json.h" +#include "strv.h" +#include "tests.h" +#include "user-record.h" +#include "user-record-nss.h" + +TEST(nss_user_alias) { + static const struct passwd pwd = { + .pw_name = (char*) "testuser", + .pw_uid = 1000, + .pw_gid = 1000, + .pw_gecos = (char*) "testuser", + .pw_dir = (char*) "/home/testuser", + .pw_shell = (char*) "/bin/bash", + }; + _cleanup_(user_record_unrefp) UserRecord *u = NULL; + sd_json_variant *aliases; + + ASSERT_OK(nss_passwd_to_user_record(&pwd, NULL, "testuser@example.test", &u)); + ASSERT_TRUE(user_record_matches_user_name(u, "testuser@example.test")); + ASSERT_TRUE(strv_contains(u->aliases, "testuser@example.test")); + + aliases = ASSERT_NOT_NULL(sd_json_variant_by_key(u->json, "aliases")); + ASSERT_STREQ(sd_json_variant_string(sd_json_variant_by_index(aliases, 0)), "testuser@example.test"); +} + +TEST(nss_user_invalid_alias) { + static const struct passwd pwd = { + .pw_name = (char*) "testuser", + .pw_uid = 1000, + .pw_gid = 1000, + .pw_gecos = (char*) "testuser", + .pw_dir = (char*) "/home/testuser", + .pw_shell = (char*) "/bin/bash", + }; + _cleanup_(user_record_unrefp) UserRecord *u = NULL; + + ASSERT_OK(nss_passwd_to_user_record(&pwd, NULL, "testuser/bad", &u)); + ASSERT_FALSE(user_record_matches_user_name(u, "testuser/bad")); + ASSERT_TRUE(strv_isempty(u->aliases)); + ASSERT_NULL(sd_json_variant_by_key(u->json, "aliases")); +} + +TEST(nss_user_alias_realm) { + static const struct passwd pwd = { + .pw_name = (char*) "testuser", + .pw_uid = 1000, + .pw_gid = 1000, + .pw_gecos = (char*) "testuser", + .pw_dir = (char*) "/home/testuser", + .pw_shell = (char*) "/bin/bash", + }; + _cleanup_(user_record_unrefp) UserRecord *u = NULL; + + ASSERT_OK(nss_passwd_to_user_record(&pwd, NULL, "testuser-short", &u)); + u->realm = ASSERT_NOT_NULL(strdup("example.test")); + + ASSERT_TRUE(user_record_matches_user_name(u, "testuser-short@example.test")); +} + +TEST(nss_user_alias_same_as_canonical_noop) { + static const struct passwd pwd = { + .pw_name = (char*) "testuser", + .pw_uid = 1000, + .pw_gid = 1000, + .pw_gecos = (char*) "testuser", + .pw_dir = (char*) "/home/testuser", + .pw_shell = (char*) "/bin/bash", + }; + _cleanup_(user_record_unrefp) UserRecord *u = NULL; + + ASSERT_OK(nss_passwd_to_user_record(&pwd, NULL, "testuser", &u)); + ASSERT_TRUE(strv_isempty(u->aliases)); + ASSERT_NULL(sd_json_variant_by_key(u->json, "aliases")); +} + +TEST(nss_user_null_alias_noop) { + static const struct passwd pwd = { + .pw_name = (char*) "testuser", + .pw_uid = 1000, + .pw_gid = 1000, + .pw_gecos = (char*) "testuser", + .pw_dir = (char*) "/home/testuser", + .pw_shell = (char*) "/bin/bash", + }; + _cleanup_(user_record_unrefp) UserRecord *u = NULL; + + ASSERT_OK(nss_passwd_to_user_record(&pwd, NULL, NULL, &u)); + ASSERT_TRUE(strv_isempty(u->aliases)); + ASSERT_NULL(sd_json_variant_by_key(u->json, "aliases")); +} + +TEST(nss_user_alias_fuzzy_match) { + static const struct passwd pwd = { + .pw_name = (char*) "canonical", + .pw_uid = 1000, + .pw_gid = 1000, + .pw_gecos = (char*) "canonical", + .pw_dir = (char*) "/home/canonical", + .pw_shell = (char*) "/bin/bash", + }; + _cleanup_(user_record_unrefp) UserRecord *u = NULL; + UserDBMatch match = USERDB_MATCH_NULL; + + ASSERT_OK(nss_passwd_to_user_record(&pwd, NULL, "external-login", &u)); + match.fuzzy_names = ASSERT_NOT_NULL(strv_new("ternal")); + + ASSERT_TRUE(user_record_match(u, &match)); + userdb_match_done(&match); +} + +DEFINE_TEST_MAIN(LOG_INFO);