more documentation and test for sssd.conf

- add a hint to the man page about permissions on sssd.conf - add a test if a symbolic link can be opened
author: Sumit Bose <sbose@redhat.com> 2009-10-05 09:10:32 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2009-10-05 10:34:47 -0400
commit: 266f5d8c836c7e625a17566a1eb53c51076f0400 (patch)
tree: d8a127e2ad1cdd5326994df5e049a702d67ef0cb /server
parent: b8dede30141cf87fb62aca918d04e411fac82946 (diff)
download: sssd-266f5d8c836c7e625a17566a1eb53c51076f0400.tar.gz
sssd-266f5d8c836c7e625a17566a1eb53c51076f0400.tar.bz2
sssd-266f5d8c836c7e625a17566a1eb53c51076f0400.zip
2 files changed, 34 insertions, 0 deletions
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 62d0c2b4..59f249de 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -47,6 +47,11 @@
             <replaceable>description</replaceable> parameter. Its function
             is only as a label for the section.
         </para>
+
+        <para>
+            <filename>sssd.conf</filename> must be a regular file, owned by
+            root and only root may read from or write to the file.
+        </para>
     </refsect1>
 
     <refsect1 id='special-sections'>
diff --git a/server/tests/check_and_open-tests.c b/server/tests/check_and_open-tests.c
index 2045085e..ce5ebe19 100644
--- a/server/tests/check_and_open-tests.c
+++ b/server/tests/check_and_open-tests.c
@@ -30,6 +30,8 @@
 
 #include "util/util.h"
 
+#define SUFFIX ".symlink"
+
 char filename[] = "check_and_open-tests-XXXXXX";
 uid_t uid;
 gid_t gid;
@@ -75,6 +77,32 @@ START_TEST(test_wrong_filename)
 }
 END_TEST
 
+START_TEST(test_symlink)
+{
+    int ret;
+    char *newpath;
+    size_t newpath_length;
+
+    newpath_length = strlen(filename) + strlen(SUFFIX) + 1;
+    newpath = malloc((newpath_length) * sizeof(char));
+    fail_unless(newpath != NULL, "malloc failed");
+
+    ret = snprintf(newpath, newpath_length, "%s%s", filename, SUFFIX);
+    fail_unless(ret == newpath_length - 1,
+                "snprintf failed: expected [%d] got [%d]", newpath_length -1,
+                                                           ret);
+
+    ret = symlink(filename, newpath);
+    fail_unless(ret == 0, "symlink failed [%d][%s]", ret, strerror(ret));
+
+    ret = check_and_open_readonly(newpath, &fd, uid, gid, mode);
+    unlink(newpath);
+    fail_unless(ret == EINVAL,
+                "check_and_open_readonly succeeded on symlink");
+    fail_unless(fd == -1, "check_and_open_readonly file descriptor not -1");
+}
+END_TEST
+
 START_TEST(test_not_regular_file)
 {
     int ret;
@@ -161,6 +189,7 @@ Suite *check_and_open_suite (void)
                                teardown_check_and_open);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_filename);
     tcase_add_test (tc_check_and_open_readonly, test_not_regular_file);
+    tcase_add_test (tc_check_and_open_readonly, test_symlink);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_uid);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_gid);
     tcase_add_test (tc_check_and_open_readonly, test_wrong_permission);
author	Sumit Bose <sbose@redhat.com>	2009-10-05 09:10:32 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2009-10-05 10:34:47 -0400
commit	266f5d8c836c7e625a17566a1eb53c51076f0400 (patch)
tree	d8a127e2ad1cdd5326994df5e049a702d67ef0cb /server
parent	b8dede30141cf87fb62aca918d04e411fac82946 (diff)
download	sssd-266f5d8c836c7e625a17566a1eb53c51076f0400.tar.gz sssd-266f5d8c836c7e625a17566a1eb53c51076f0400.tar.bz2 sssd-266f5d8c836c7e625a17566a1eb53c51076f0400.zip