ubuntu · denisonbarbosa · Sep 5, 2022 · Aug 31, 2022 · Aug 31, 2022 · Aug 31, 2022
@@ -4,6 +4,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strconv"
+	"strings"
 
 	"github.com/ubuntu/aad-auth/internal/cache"
 	"github.com/ubuntu/aad-auth/internal/logger"
@@ -18,6 +20,17 @@ type Group struct {
 	members []string /* Members of the group */
 }
 
+// String creates a string with Group values.
+func (g Group) String() string {
+	v := []string{
+		g.name,
+		g.passwd,
+		strconv.FormatUint(uint64(g.gid), 10),
+	}
+	v = append(v, g.members...)
+	return strings.Join(v, ":")
+}
+
 // NewByName returns a passwd entry from a name.
 func NewByName(ctx context.Context, name string, cacheOpts ...cache.Option) (g Group, err error) {
 	defer func() {

@@ -248,6 +248,14 @@ func TestRestartIterationWithoutEndingPreviousOne(t *testing.T) {
 	require.Equal(t, want, got, "Should list all groups from the start")
 }
 
+func TestString(t *testing.T) {
+	g := group.NewTestGroup(2)
+
+	got := g.String()
+	want := testutils.LoadAndUpdateFromGolden(t, got)
+	require.Equal(t, want, got, "Group strings must match")
+}
+
 func TestMain(m *testing.M) {
 	testutils.InstallUpdateFlag()
 	flag.Parse()

@@ -0,0 +1 @@
+testusername@domain.com:x:2345:testusername@domain.com:testusername-1@domain.com
@@ -4,6 +4,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strconv"
+	"strings"
 
 	"github.com/ubuntu/aad-auth/internal/cache"
 	"github.com/ubuntu/aad-auth/internal/logger"
@@ -21,6 +23,21 @@ type Passwd struct {
 	shell  string /* shell program */
 }
 
+// String creates a string with Passwd values.
+func (p Passwd) String() string {
+	v := []string{
+		p.name,
+		p.passwd,
+		strconv.FormatUint(uint64(p.uid), 10),
+		strconv.FormatUint(uint64(p.gid), 10),
+		p.gecos,
+		p.dir,
+		p.shell,
+	}
+
+	return strings.Join(v, ":")
+}
+
 // NewByName returns a passwd entry from a name.
 func NewByName(ctx context.Context, name string, cacheOpts ...cache.Option) (p Passwd, err error) {
 	defer func() {

@@ -247,6 +247,14 @@ func TestRestartIterationWithoutEndingPreviousOne(t *testing.T) {
 	require.Equal(t, want, got, "Should list all users from the start")
 }
 
+func TestString(t *testing.T) {
+	p := passwd.NewTestPasswd()
+
+	got := p.String()
+	want := testutils.LoadAndUpdateFromGolden(t, got)
+	require.Equal(t, want, got, "Passwd strings must match")
+}
+
 func TestMain(m *testing.M) {
 	testutils.InstallUpdateFlag()
 	flag.Parse()

@@ -0,0 +1 @@
+testusername@domain.com:x:1234:2345::/home/testusername@domain.com:/bin/bash
@@ -4,6 +4,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strconv"
+	"strings"
 
 	"github.com/ubuntu/aad-auth/internal/cache"
 	"github.com/ubuntu/aad-auth/internal/logger"
@@ -22,6 +24,21 @@ type Shadow struct {
 	expire int    /* Number of days since 1970-01-01 until account expires.  */
 }
 
+// String creates a string with Shadow values.
+func (s Shadow) String() string {
+	v := []string{
+		s.name,
+		s.passwd,
+		strconv.Itoa(s.lstchg),
+		strconv.Itoa(s.min),
+		strconv.Itoa(s.max),
+		strconv.Itoa(s.warn),
+		strconv.Itoa(s.inact),
+		strconv.Itoa(s.expire),
+	}
+	return strings.Join(v, ":")
+}
+
 // NewByName returns a passwd entry from a name.
 func NewByName(ctx context.Context, name string, cacheOpts ...cache.Option) (s Shadow, err error) {
 	defer func() {

@@ -202,6 +202,14 @@ func TestRestartIterationWithoutEndingPreviousOne(t *testing.T) {
 	require.Equal(t, want, got, "Should list all users from the start")
 }
 
+func TestString(t *testing.T) {
+	s := shadow.NewTestShadow()
+
+	got := s.String()
+	want := testutils.LoadAndUpdateFromGolden(t, got)
+	require.Equal(t, want, got, "Shadow strings must match")
+}
+
 func TestMain(m *testing.M) {
 	testutils.InstallUpdateFlag()
 	flag.Parse()

@@ -0,0 +1 @@
+testusername@domain.com:*:-1:-1:-1:-1:-1:-1
@@ -0,0 +1,125 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/ubuntu/aad-auth/internal/cache"
+	"github.com/ubuntu/aad-auth/internal/testutils"
+)
+
+func TestGetEnt(t *testing.T) {
+	noShadow := 0
+	tests := map[string]struct {
+		db         string
+		key        string
+		cacheDB    string
+		rootUID    int
+		shadowMode *int
+
+		wantErr bool
+	}{
+		// List entry by name
+		"list entry from passwd by name":                                 {db: "passwd", key: "myuser@domain.com"},
+		"list entry from group by name":                                  {db: "group", key: "myuser@domain.com"},
+		"list entry from shadow by name":                                 {db: "shadow", key: "myuser@domain.com"},
+		"try to list entry from shadow by name without access to shadow": {db: "shadow", key: "myuser@domain.com", shadowMode: &noShadow},
+
+		// List entry by UID/GID
+		"list entry from passwd by uid":        {db: "passwd", key: "165119649"},
+		"list entry from group by gid":         {db: "group", key: "165119649"},
+		"try to list entry from shadow by uid": {db: "shadow", key: "165119649"},
+
+		// List entries
+		"list entries in passwd": {db: "passwd"},
+		"list entries in group":  {db: "group"},
+		"list entries in shadow": {db: "shadow"},
+
+		// List entries without access to shadow
+		"list entries in passwd without access to shadow": {db: "passwd", shadowMode: &noShadow},
+		"list entries in group without access to shadow":  {db: "group", shadowMode: &noShadow},
+		"try to list shadow without access to shadow":     {db: "shadow", shadowMode: &noShadow},
+
+		// Try to list non-existent entry
+		"try to list non-existent entry in passwd": {db: "passwd", key: "doesnotexist@domain.com"},
+		"try to list non-existent entry in group":  {db: "group", key: "doesnotexist@domain.com"},
+		"try to list non-existent entry in shadow": {db: "shadow", key: "doesnotexist@domain.com"},
+
+		// Try to list without cache
+		"try to list passwd without any cache": {db: "passwd", cacheDB: "nocache"},
+		"try to list group without any cache":  {db: "group", cacheDB: "nocache"},
+		"try to list shadow without any cache": {db: "shadow", cacheDB: "nocache"},
+
+		// Try to list with empty cache
+		"try to list passwd with empty cache": {db: "passwd", cacheDB: "empty"},
+		"try to list group with empty cache":  {db: "group", cacheDB: "empty"},
+		"try to list shadow with empty cache": {db: "shadow", cacheDB: "empty"},
+
+		// List local entry without cache
+		"list local passwd entry without cache": {db: "passwd", cacheDB: "nocache", key: "0"},
+		"list local group entry without cache":  {db: "group", cacheDB: "nocache", key: "0"},
+		"list local shadow entry without cache": {db: "shadow", cacheDB: "nocache", key: "root"},
+
+		// Cleans up old entries
+		"old entries in passwd are cleaned": {db: "passwd", cacheDB: "db_with_old_users"},
+		"old entries in group are cleaned":  {db: "group", cacheDB: "db_with_old_users"},
+		"old entries in shadow are cleaned": {db: "shadow", cacheDB: "db_with_old_users"},
+
+		// Try to list without permission on cache
+		"try to list passwd without permission on cache": {db: "passwd", rootUID: 4242},
+		"try to list group without permission on cache":  {db: "group", rootUID: 4242},
+		"try to list shadow without permission on cache": {db: "shadow", rootUID: 4242},
+
+		// Error when trying to list from unsupported database
+		"error trying to list entry by name from unsupported db": {db: "unsupported", key: "myuser@domain.com", wantErr: true},
+		"error trying to list unsupported db":                    {db: "unsupported", wantErr: true},
+	}
+
+	for name, tc := range tests {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			uid, gid := testutils.GetCurrentUIDGID(t)
+			if tc.rootUID != 0 {
+				uid = tc.rootUID
+			}
+
+			cacheDir := t.TempDir()
+			switch tc.cacheDB {
+			case "":
+				testutils.PrepareDBsForTests(t, cacheDir, "users_in_db")
+			case "db_with_old_users":
+				testutils.PrepareDBsForTests(t, cacheDir, tc.cacheDB)
+			case "empty":
+				testutils.NewCacheForTests(t, cacheDir)
+			case "nocache":
+				break
+			default:
+				t.Fatalf("Unexpected value used for cacheDB: %q", tc.cacheDB)
+			}
+
+			opts := []cache.Option{cache.WithCacheDir(cacheDir), cache.WithRootUID(uid), cache.WithRootGID(gid), cache.WithShadowGID(gid)}
+
+			if tc.shadowMode != nil {
+				opts = append(opts, cache.WithShadowMode(*tc.shadowMode))
+			}
+
+			got, err := Getent(context.Background(), tc.db, tc.key, opts...)
+			if tc.wantErr {
+				require.Error(t, err, "Expected an error but got none.")
+				return
+			}
+			require.NoError(t, err, "Expected no error but got one.")
+
+			want := testutils.LoadAndUpdateFromGolden(t, got)
+			require.Equal(t, want, got, "Output must match")
+		})
+	}
+}
+
+func TestMain(m *testing.M) {
+	testutils.InstallUpdateFlag()
+	flag.Parse()
+	m.Run()
+}
@@ -0,0 +1,51 @@
+package main
+
+/*
+#include <errno.h>
+#include <nss.h>
+
+typedef enum nss_status nss_status;
+*/
+import "C"
+import (
+	"context"
+	"errors"
+
+	"github.com/ubuntu/aad-auth/internal/logger"
+	"github.com/ubuntu/aad-auth/internal/nss"
+)
+
+// errToCStatus converts our Go errors to corresponding nss status returned code and errno.
+// If err is nil, it returns a success.
+func errToCStatus(ctx context.Context, err error) (nssStatus, errno int) {
+	nssStatus = C.NSS_STATUS_SUCCESS
+
+	switch {
+	case errors.Is(err, nss.ErrTryAgainEAgain):
+		nssStatus = C.NSS_STATUS_TRYAGAIN
+		errno = C.EAGAIN
+	case errors.Is(err, nss.ErrTryAgainERange):
+		nssStatus = C.NSS_STATUS_TRYAGAIN
+		errno = C.ERANGE
+	case errors.Is(err, nss.ErrUnavailableENoEnt):
+		nssStatus = C.NSS_STATUS_UNAVAIL
+		errno = C.ENOENT
+	case errors.Is(err, nss.ErrNotFoundENoEnt):
+		nssStatus = C.NSS_STATUS_NOTFOUND
+		errno = C.ENOENT
+	case errors.Is(err, nss.ErrNotFoundSuccess):
+		nssStatus = C.NSS_STATUS_SUCCESS
+		errno = C.ENOENT
+	case err != nil: // Unexpected returned error
+		nssStatus = C.NSS_STATUS_SUCCESS
+		errno = C.EINVAL
+	}
+
+	if err != nil {
+		logger.Debug(ctx, "Returning to NSS error: %d with errno: %d", nssStatus, errno)
+	} else {
+		logger.Debug(ctx, "Returning NSS STATUS SUCCESS (%d) with errno: %d", nssStatus, errno)
+	}
+
+	return nssStatus, errno
+}