X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=main_test.go;h=ab5e9b7111399a5d999d1b794712d8e05a31e4c0;hb=1b9065b13eeeb40ecf6759bb065f0a039d2a9996;hp=563f683ab5fb6a3e7d443baa8906b66303bec082;hpb=3ab8d3737f51fdd328c972b94e687c161c915f8e;p=nsscash%2Fnsscash.git diff --git a/main_test.go b/main_test.go index 563f683..ab5e9b7 100644 --- a/main_test.go +++ b/main_test.go @@ -191,13 +191,28 @@ func TestMainFetch(t *testing.T) { fetchPasswdInvalid, fetchPasswdLimits, fetchPasswd, - // Tests for plain + // Tests for plain and group fetchPlainEmpty, fetchPlain, + fetchGroupEmpty, + fetchGroupInvalid, + fetchGroupLimits, + fetchGroup, // Special tests fetchNoConfig, + fetchStateCannotRead, + fetchStateInvalid, + fetchStateCannotWrite, + fetchCannotDeploy, + fetchSecondFetchFails, } + for _, f := range tests { + runMainTest(t, f) + } +} + +func runMainTest(t *testing.T, f func(args)) { cleanup := []string{ configPath, statePath, @@ -206,7 +221,6 @@ func TestMainFetch(t *testing.T) { groupPath, } - for _, f := range tests { // NOTE: This is not guaranteed to work according to reflect's // documentation but seems to work reliable for normal // functions. @@ -227,9 +241,10 @@ func TestMainFetch(t *testing.T) { } var handler func(http.ResponseWriter, *http.Request) - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - handler(w, r) - })) + ts := httptest.NewServer(http.HandlerFunc( + func(w http.ResponseWriter, r *http.Request) { + handler(w, r) + })) defer ts.Close() f(args{ @@ -238,7 +253,6 @@ func TestMainFetch(t *testing.T) { handler: &handler, }) }) - } } func fetchPasswdCacheFileDoesNotExist(a args) { @@ -499,6 +513,97 @@ path = "%[3]s" // Remaining functionality already tested in fetchPasswd() } +func fetchGroupEmpty(a args) { + t := a.t + mustWriteGroupConfig(t, a.url) + mustCreate(t, groupPath) + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + // Empty response + } + + err := mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "refusing to use empty group file") + + mustNotExist(t, statePath, passwdPath, plainPath) + mustBeOld(t, groupPath) +} + +func fetchGroupInvalid(a args) { + t := a.t + mustWriteGroupConfig(t, a.url) + mustCreate(t, groupPath) + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != "/group" { + return + } + + fmt.Fprintln(w, "root:x::") + } + + err := mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "invalid gid in line") + + mustNotExist(t, statePath, passwdPath, plainPath) + mustBeOld(t, groupPath) +} + +func fetchGroupLimits(a args) { + t := a.t + mustWriteGroupConfig(t, a.url) + mustCreate(t, groupPath) + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != "/group" { + return + } + + fmt.Fprint(w, "root:x:0:") + for i := 0; i < 65536; i++ { + fmt.Fprint(w, "x") + } + fmt.Fprint(w, "\n") + } + + err := mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "group too large to serialize") + + mustNotExist(t, statePath, passwdPath, plainPath) + mustBeOld(t, groupPath) +} + +func fetchGroup(a args) { + t := a.t + mustWriteGroupConfig(t, a.url) + mustCreate(t, groupPath) + mustHaveHash(t, groupPath, "da39a3ee5e6b4b0d3255bfef95601890afd80709") + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != "/group" { + return + } + + fmt.Fprintln(w, "root:x:0:") + fmt.Fprintln(w, "daemon:x:1:andariel,duriel,mephisto,diablo,baal") + } + + err := mainFetch(configPath) + if err != nil { + t.Error(err) + } + + mustNotExist(t, passwdPath, plainPath) + mustBeNew(t, groupPath, statePath) + // The actual content of groupPath is verified by the NSS tests + mustHaveHash(t, groupPath, "8c27a8403278ba2e392b86d98d4dff1fdefcafdd") + + // Remaining functionality already tested in fetchPasswd() +} + func fetchNoConfig(a args) { t := a.t @@ -508,3 +613,127 @@ func fetchNoConfig(a args) { mustNotExist(t, configPath, statePath, passwdPath, plainPath, groupPath) } + +func fetchStateCannotRead(a args) { + t := a.t + mustWritePasswdConfig(t, a.url) + + mustCreate(t, statePath) + err := os.Chmod(statePath, 0000) + if err != nil { + t.Fatal(err) + } + + err = mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + statePath+": permission denied") + + mustNotExist(t, passwdPath, plainPath, groupPath) +} + +func fetchStateInvalid(a args) { + t := a.t + mustWriteGroupConfig(t, a.url) + mustCreate(t, statePath) + + err := mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "unexpected end of JSON input") + + mustNotExist(t, groupPath, passwdPath, plainPath) + mustBeOld(t, statePath) +} + +func fetchStateCannotWrite(a args) { + t := a.t + mustWriteGroupConfig(t, a.url) + mustCreate(t, groupPath) + mustHaveHash(t, groupPath, "da39a3ee5e6b4b0d3255bfef95601890afd80709") + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + // To prevent mainFetch() from trying to update groupPath + // which will also fail + w.WriteHeader(http.StatusNotModified) + } + + err := os.Chmod("testdata", 0500) + if err != nil { + t.Fatal(err) + } + defer os.Chmod("testdata", 0755) + + err = mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "permission denied") + + mustNotExist(t, statePath, passwdPath, plainPath) + mustBeOld(t, groupPath) +} + +func fetchCannotDeploy(a args) { + t := a.t + mustWriteGroupConfig(t, a.url) + mustCreate(t, groupPath) + mustHaveHash(t, groupPath, "da39a3ee5e6b4b0d3255bfef95601890afd80709") + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != "/group" { + return + } + + fmt.Fprintln(w, "root:x:0:") + fmt.Fprintln(w, "daemon:x:1:andariel,duriel,mephisto,diablo,baal") + } + + err := os.Chmod("testdata", 0500) + if err != nil { + t.Fatal(err) + } + defer os.Chmod("testdata", 0755) + + err = mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "permission denied") + + mustNotExist(t, statePath, passwdPath, plainPath) + mustBeOld(t, groupPath) +} + +func fetchSecondFetchFails(a args) { + t := a.t + mustWriteConfig(t, fmt.Sprintf(` +statepath = "%[1]s" + +[[file]] +type = "passwd" +url = "%[2]s/passwd" +path = "%[3]s" + +[[file]] +type = "group" +url = "%[2]s/group" +path = "%[4]s" +`, statePath, a.url, passwdPath, groupPath)) + mustCreate(t, passwdPath) + mustCreate(t, groupPath) + mustHaveHash(t, passwdPath, "da39a3ee5e6b4b0d3255bfef95601890afd80709") + mustHaveHash(t, groupPath, "da39a3ee5e6b4b0d3255bfef95601890afd80709") + + *a.handler = func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == "/passwd" { + fmt.Fprintln(w, "root:x:0:0:root:/root:/bin/bash") + } + if r.URL.Path == "/group" { + w.WriteHeader(http.StatusNotFound) + } + } + + err := mainFetch(configPath) + mustBeErrorWithSubstring(t, err, + "status code 404") + + mustNotExist(t, statePath, plainPath) + // Even though passwd was successfully fetched, no files were modified + // because the second fetch failed + mustBeOld(t, passwdPath, groupPath) +}