krb5 commit: Add basic test for credstore extentions
Greg Hudson
ghudson at MIT.EDU
Fri Jul 20 15:36:31 EDT 2012
https://github.com/krb5/krb5/commit/33b85d66d873c651525f70289d2cd74f0e45f64c
commit 33b85d66d873c651525f70289d2cd74f0e45f64c
Author: Simo Sorce <simo at redhat.com>
Date: Tue Mar 6 12:17:09 2012 -0500
Add basic test for credstore extentions
src/tests/gssapi/Makefile.in | 10 ++-
src/tests/gssapi/t_credstore.c | 154 ++++++++++++++++++++++++++++++++++++++++
src/tests/gssapi/t_gssapi.py | 14 ++++
3 files changed, 175 insertions(+), 3 deletions(-)
diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in
index 4ddd9c9..32cf7d5 100644
--- a/src/tests/gssapi/Makefile.in
+++ b/src/tests/gssapi/Makefile.in
@@ -9,10 +9,11 @@ SRCS= $(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_imp_cred.c \
$(srcdir)/t_namingexts.c $(srcdir)/t_gssexts.c $(srcdir)/t_saslname.c
OBJS= t_accname.o t_ccselect.o t_imp_cred.o t_imp_name.o t_s4u.o \
- t_s4u2proxy_krb5.o t_namingexts.o t_gssexts.o t_spnego.o t_saslname.o
+ t_s4u2proxy_krb5.o t_namingexts.o t_gssexts.o t_spnego.o t_saslname.o \
+ t_credstore.o
all:: t_accname t_ccselect t_imp_cred t_imp_name t_s4u t_s4u2proxy_krb5 \
- t_namingexts t_gssexts t_spnego t_saslname
+ t_namingexts t_gssexts t_spnego t_saslname t_credstore
check-pytests:: t_accname t_ccselect t_imp_cred t_spnego t_s4u2proxy_krb5 \
t_s4u ccinit ccrefresh
@@ -45,7 +46,10 @@ t_spnego: t_spnego.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_spnego t_spnego.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
t_saslname: t_saslname.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_saslname t_saslname.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+t_credstore: t_credstore.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o t_credstore t_credstore.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
clean::
$(RM) t_accname t_ccselect t_imp_cred t_imp_name t_s4u \
- t_s4u2proxy_krb5 t_namingexts t_gssexts t_spnego t_saslname
+ t_s4u2proxy_krb5 t_namingexts t_gssexts t_spnego \
+ t_saslname t_credstore
diff --git a/src/tests/gssapi/t_credstore.c b/src/tests/gssapi/t_credstore.c
new file mode 100644
index 0000000..73c11f8
--- /dev/null
+++ b/src/tests/gssapi/t_credstore.c
@@ -0,0 +1,154 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <gssapi/gssapi_ext.h>
+#include <gssapi/gssapi_krb5.h>
+
+static void
+print_gss_status(int type, OM_uint32 code)
+{
+ OM_uint32 major, minor;
+ gss_buffer_desc msg;
+ OM_uint32 msg_ctx = 0;
+
+ do {
+ major = gss_display_status(&minor, code, type,
+ GSS_C_NULL_OID, &msg_ctx, &msg);
+ if (major == 0) {
+ fprintf(stdout, "%s. ", (char *)msg.value);
+ major = gss_release_buffer(&minor, &msg);
+ }
+ } while (msg_ctx);
+}
+
+static void
+print_status(char *msg, OM_uint32 major, OM_uint32 minor)
+{
+ fprintf(stdout, "%s: ", msg);
+ print_gss_status(GSS_C_GSS_CODE, major);
+ print_gss_status(GSS_C_MECH_CODE, minor);
+ fprintf(stdout, "\n");
+}
+
+static void
+usage(const char *name)
+{
+ fprintf(stderr,
+ "Usage: %s <principal> [--cred_store {<key> <value>} ...]\n",
+ name);
+}
+
+int
+main(int argc, char *argv[])
+{
+ OM_uint32 minor, major;
+ gss_key_value_set_desc store;
+ gss_buffer_desc buf;
+ gss_name_t service = GSS_C_NO_NAME;
+ gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+ int i, e;
+
+ if (argc < 2 || ((argc - 3) % 2)) {
+ usage(argv[0]);
+ exit(1);
+ }
+
+ store.count = (argc - 3) / 2;
+ store.elements = calloc(store.count,
+ sizeof(struct gss_key_value_element_struct));
+ if (!store.elements) {
+ fprintf(stderr, "OOM\n");
+ exit(1);
+ }
+
+ if (argc > 2) {
+ if (strcmp(argv[2], "--cred_store") != 0) {
+ usage(argv[0]);
+ exit(1);
+ }
+
+ for (i = 3, e = 0; i < argc; i += 2, e++) {
+ store.elements[e].key = argv[i];
+ store.elements[e].value = argv[i + 1];
+ continue;
+ }
+ }
+
+ /* First acquire default creds and try to store them in the cred store. */
+
+ major = gss_acquire_cred(&minor, GSS_C_NO_NAME, 0, GSS_C_NO_OID_SET,
+ GSS_C_INITIATE, &cred, NULL, NULL);
+ if (major) {
+ print_status("gss_acquire_cred(default user creds) failed",
+ major, minor);
+ goto out;
+ }
+
+ major = gss_store_cred_into(&minor, cred, GSS_C_INITIATE,
+ GSS_C_NO_OID, 1, 0, &store, NULL, NULL);
+ if (major) {
+ print_status("gss_store_cred_in_store(default user creds) failed",
+ major, minor);
+ goto out;
+ }
+
+ gss_release_cred(&minor, &cred);
+
+ /* Then try to acquire creds from store. */
+
+ buf.value = argv[1];
+ buf.length = strlen(argv[1]);
+
+ major = gss_import_name(&minor, &buf,
+ (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
+ &service);
+ if (major) {
+ print_status("gss_import_name(principal) failed", major, minor);
+ goto out;
+ }
+
+ major = gss_acquire_cred_from(&minor, service,
+ 0, GSS_C_NO_OID_SET, GSS_C_BOTH,
+ &store, &cred, NULL, NULL);
+ if (major) {
+ print_status("gss_acquire_cred_from_store(principal) failed",
+ major, minor);
+ goto out;
+ }
+
+ fprintf(stdout, "Cred Store Success\n");
+
+ major = 0;
+
+out:
+ gss_release_name(&minor, &service);
+ gss_release_cred(&minor, &cred);
+ free(store.elements);
+ return major;
+}
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
old mode 100644
new mode 100755
index 18123b3..005d2d2
--- a/src/tests/gssapi/t_gssapi.py
+++ b/src/tests/gssapi/t_gssapi.py
@@ -78,6 +78,20 @@ output = realm.run_as_client(['./t_imp_cred', 'service2/dwight'],
if 'Wrong principal in request' not in output:
fail('Expected error message not seen in t_imp_cred output')
+# Test credential store extension.
+tmpccname = 'FILE:' + os.path.join(realm.testdir, 'def_cache')
+realm.env_client['KRB5CCNAME'] = tmpccname
+storagecache = 'FILE:' + os.path.join(realm.testdir, 'user_store')
+servicekeytab = os.path.join(realm.testdir, 'kt')
+service_cs = 'service/cs@%s' % realm.realm
+realm.addprinc(service_cs)
+realm.extract_keytab(service_cs, servicekeytab)
+realm.kinit(service_cs, None, ['-k', '-t', servicekeytab])
+output = realm.run_as_client(['./t_credstore', service_cs, '--cred_store',
+ 'ccache', storagecache, 'keytab', servicekeytab])
+if 'Cred Store Success' not in output:
+ fail('Expected test to succeed')
+
# Verify that we can't acquire acceptor creds without a keytab.
os.remove(realm.keytab)
output = realm.run_as_client(['./t_accname', 'abc'], expected_code=1)
More information about the cvs-krb5
mailing list