krb5 commit: Add ccache marshalling tests

Greg Hudson ghudson at MIT.EDU
Sat May 17 19:54:29 EDT 2014


https://github.com/krb5/krb5/commit/a4e5127bec346fbc199e3624dc973c4b5d78df71
commit a4e5127bec346fbc199e3624dc973c4b5d78df71
Author: Greg Hudson <ghudson at mit.edu>
Date:   Tue May 6 14:05:53 2014 -0400

    Add ccache marshalling tests
    
    Add a new ccache test program t_marshal.c which verifies the new
    marshalling functions and also the FILE ccache type against the
    expected representations of the ccache header, default principal, and
    credentials.

 .gitignore                      |    2 +
 src/lib/krb5/ccache/Makefile.in |   12 +-
 src/lib/krb5/ccache/t_marshal.c |  399 +++++++++++++++++++++++++++++++++++++++
 src/lib/krb5/libkrb5.exports    |    4 +
 4 files changed, 415 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 45a3e15..49f4367 100644
--- a/.gitignore
+++ b/.gitignore
@@ -188,6 +188,8 @@ testlog
 
 /src/lib/krb5/ccache/t_cc
 /src/lib/krb5/ccache/t_cccursor
+/src/lib/krb5/ccache/t_marshal
+/src/lib/krb5/ccache/testcache
 
 /src/lib/krb5/error_tables/*_err.[ch]
 
diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in
index 19a8dc9..13b0f76 100644
--- a/src/lib/krb5/ccache/Makefile.in
+++ b/src/lib/krb5/ccache/Makefile.in
@@ -70,7 +70,8 @@ SRCS=	$(srcdir)/ccbase.c \
 EXTRADEPSRCS= \
 	$(srcdir)/t_cc.c \
 	$(srcdir)/t_cccol.c \
-	$(srcdir)/t_cccursor.c
+	$(srcdir)/t_cccursor.c \
+	$(srcdir)/t_marshal.c
 
 ##DOS##OBJS=$(OBJS) $(OUTPRE)ccfns.$(OBJEXT)
 
@@ -115,15 +116,22 @@ T_CCCURSOR_OBJS = t_cccursor.o
 t_cccursor: $(T_CCCURSOR_OBJS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o $@ $(T_CCCURSOR_OBJS) $(KRB5_BASE_LIBS)
 
-check-unix:: t_cc
+T_MARSHAL_OBJS = t_marshal.o
+t_marshal: $(T_MARSHAL_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(T_MARSHAL_OBJS) $(KRB5_BASE_LIBS)
+
+check-unix:: t_cc t_marshal
 	KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
 	$(RUN_SETUP) $(VALGRIND) ./t_cc
+	KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
+	$(RUN_SETUP) $(VALGRIND) ./t_marshal testcache
 
 check-pytests:: t_cccursor t_cccol
 	$(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS)
 
 clean-unix::
 	$(RM) t_cc t_cc.o t_cccursor t_cccursor.o t_cccol t_cccol.o
+	$(RM) t_marshal t_marshal.o testcache
 
 ##WIN32## $(OUTPRE)cc_mslsa.$(OBJEXT): cc_mslsa.c $(top_srcdir)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS)
 
diff --git a/src/lib/krb5/ccache/t_marshal.c b/src/lib/krb5/ccache/t_marshal.c
new file mode 100644
index 0000000..07685d6
--- /dev/null
+++ b/src/lib/krb5/ccache/t_marshal.c
@@ -0,0 +1,399 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/t_marshal.c - test program for cred marshalling */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "cc-int.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <arpa/inet.h>
+#include <fcntl.h>
+
+/* Each test contains the expected binary representation of a credential cache
+ * divided into the header, the default principal, and two credentials. */
+const struct test {
+    size_t headerlen;
+    const unsigned char header[256];
+    size_t princlen;
+    const unsigned char princ[256];
+    size_t cred1len;
+    const unsigned char cred1[256];
+    size_t cred2len;
+    const unsigned char cred2[256];
+} tests[4] = {
+    {
+        /* Version 1 header */
+        2,
+        "\x05\x01",
+        /* Version 1 principal */
+        33,
+        "\x02\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54\x45\x53\x54\x2E"
+        "\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63\x6C\x69\x65\x6E"
+        "\x74",
+        /* Version 1 cred 1 */
+        165,
+        "\x02\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54\x45\x53\x54\x2E"
+        "\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63\x6C\x69\x65\x6E"
+        "\x74\x03\x00\x00\x00\x0B\x00\x00\x00\x45\x58\x41\x4D\x50\x4C\x45"
+        "\x2E\x43\x4F\x4D\x04\x00\x00\x00\x74\x65\x73\x74\x04\x00\x00\x00"
+        "\x68\x6F\x73\x74\x11\x00\x10\x00\x00\x00\x00\x01\x02\x03\x04\x05"
+        "\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x0B\x00\x00\x00\xDE\x00"
+        "\x00\x00\x05\x0D\x00\x00\x00\xCA\x9A\x3B\x00\x00\x00\x80\x40\x01"
+        "\x00\x00\x00\x02\x00\x04\x00\x00\x00\x0A\x00\x00\x01\x02\x00\x00"
+        "\x00\x00\x02\x0A\x00\x00\x00\x73\x69\x67\x6E\x74\x69\x63\x6B\x65"
+        "\x74\x9C\xFF\x00\x00\x00\x00\x06\x00\x00\x00\x74\x69\x63\x6B\x65"
+        "\x74\x00\x00\x00\x00",
+        /* Version 1 cred 2 */
+        113,
+        "\x02\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54\x45\x53\x54\x2E"
+        "\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63\x6C\x69\x65\x6E"
+        "\x74\x01\x00\x00\x00\x00\x00\x00\x00\x17\x00\x10\x00\x00\x00\x0F"
+        "\x0E\x0D\x0C\x0B\x0A\x09\x08\x07\x06\x05\x04\x03\x02\x01\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00"
+        "\x74\x69\x63\x6B\x65\x74\x07\x00\x00\x00\x32\x74\x69\x63\x6B\x65"
+        "\x74"
+    },
+    {
+        /* Version 2 header */
+        2,
+        "\x05\x02",
+        /* Version 2 principal */
+        37,
+        "\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74",
+        /* Version 2 cred 1 */
+        173,
+        "\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x01\x00\x00\x00\x02\x00\x00\x00\x0B\x00\x00"
+        "\x00\x45\x58\x41\x4D\x50\x4C\x45\x2E\x43\x4F\x4D\x04\x00\x00\x00"
+        "\x74\x65\x73\x74\x04\x00\x00\x00\x68\x6F\x73\x74\x11\x00\x10\x00"
+        "\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D"
+        "\x0E\x0F\x0B\x00\x00\x00\xDE\x00\x00\x00\x05\x0D\x00\x00\x00\xCA"
+        "\x9A\x3B\x00\x00\x00\x80\x40\x01\x00\x00\x00\x02\x00\x04\x00\x00"
+        "\x00\x0A\x00\x00\x01\x02\x00\x00\x00\x00\x02\x0A\x00\x00\x00\x73"
+        "\x69\x67\x6E\x74\x69\x63\x6B\x65\x74\x9C\xFF\x00\x00\x00\x00\x06"
+        "\x00\x00\x00\x74\x69\x63\x6B\x65\x74\x00\x00\x00\x00",
+        /* Version 2 cred 2 */
+        121,
+        "\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x17\x00\x10\x00\x00\x00\x0F\x0E\x0D\x0C\x0B\x0A\x09\x08\x07"
+        "\x06\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x06\x00\x00\x00\x74\x69\x63\x6B\x65\x74\x07\x00"
+        "\x00\x00\x32\x74\x69\x63\x6B\x65\x74"
+    },
+    {
+        /* Version 3 header */
+        2,
+        "\x05\x03",
+        /* Version 3 principal */
+        37,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74",
+        /* Version 3 cred 1 */
+        175,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00"
+        "\x0B\x45\x58\x41\x4D\x50\x4C\x45\x2E\x43\x4F\x4D\x00\x00\x00\x04"
+        "\x74\x65\x73\x74\x00\x00\x00\x04\x68\x6F\x73\x74\x00\x11\x00\x11"
+        "\x00\x00\x00\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B"
+        "\x0C\x0D\x0E\x0F\x00\x00\x00\x0B\x00\x00\x00\xDE\x00\x00\x0D\x05"
+        "\x3B\x9A\xCA\x00\x00\x40\x80\x00\x00\x00\x00\x00\x01\x00\x02\x00"
+        "\x00\x00\x04\x0A\x00\x00\x01\x00\x00\x00\x02\x02\x00\x00\x00\x00"
+        "\x0A\x73\x69\x67\x6E\x74\x69\x63\x6B\x65\x74\xFF\x9C\x00\x00\x00"
+        "\x00\x00\x00\x00\x06\x74\x69\x63\x6B\x65\x74\x00\x00\x00\x00",
+        /* Version 3 cred 2 */
+        123,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x17\x00\x17\x00\x00\x00\x10\x0F\x0E\x0D\x0C\x0B\x0A\x09"
+        "\x08\x07\x06\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x74\x69\x63\x6B\x65\x74"
+        "\x00\x00\x00\x07\x32\x74\x69\x63\x6B\x65\x74"
+    },
+    {
+        /* Version 4 header */
+        16,
+        "\x05\x04\x00\x0C\x00\x01\x00\x08\x00\x00\x01\x2C\x00\x00\xD4\x31",
+        /* Verion 4 principal */
+        37,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74",
+        /* Version 4 cred 1 */
+        173,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00"
+        "\x0B\x45\x58\x41\x4D\x50\x4C\x45\x2E\x43\x4F\x4D\x00\x00\x00\x04"
+        "\x74\x65\x73\x74\x00\x00\x00\x04\x68\x6F\x73\x74\x00\x11\x00\x00"
+        "\x00\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D"
+        "\x0E\x0F\x00\x00\x00\x0B\x00\x00\x00\xDE\x00\x00\x0D\x05\x3B\x9A"
+        "\xCA\x00\x00\x40\x80\x00\x00\x00\x00\x00\x01\x00\x02\x00\x00\x00"
+        "\x04\x0A\x00\x00\x01\x00\x00\x00\x02\x02\x00\x00\x00\x00\x0A\x73"
+        "\x69\x67\x6E\x74\x69\x63\x6B\x65\x74\xFF\x9C\x00\x00\x00\x00\x00"
+        "\x00\x00\x06\x74\x69\x63\x6B\x65\x74\x00\x00\x00\x00",
+        /* Version 4 cred 2 */
+        121,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x17\x00\x00\x00\x10\x0F\x0E\x0D\x0C\x0B\x0A\x09\x08\x07"
+        "\x06\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x06\x74\x69\x63\x6B\x65\x74\x00\x00"
+        "\x00\x07\x32\x74\x69\x63\x6B\x65\x74"
+    }
+};
+
+static void
+verify_princ(krb5_principal p)
+{
+    assert(p->length == 1);
+    assert(data_eq_string(p->realm, "KRBTEST.COM"));
+    assert(data_eq_string(p->data[0], "testclient"));
+}
+
+static void
+verify_cred1(const krb5_creds *c)
+{
+    uint32_t ipaddr = ntohl(0x0A000001);
+
+    verify_princ(c->client);
+    assert(c->server->length == 2);
+    assert(data_eq_string(c->server->realm, "EXAMPLE.COM"));
+    assert(data_eq_string(c->server->data[0], "test"));
+    assert(data_eq_string(c->server->data[1], "host"));
+    assert(c->keyblock.enctype == ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+    assert(c->keyblock.length == 16);
+    assert(memcmp(c->keyblock.contents,
+                  "\x0\x1\x2\x3\x4\x5\x6\x7\x8\x9\xA\xB\xC\xD\xE\xF",
+                  16) == 0);
+    assert(c->times.authtime == 11);
+    assert(c->times.starttime == 222);
+    assert(c->times.endtime == 3333);
+    assert(c->times.renew_till == 1000000000);
+    assert(c->is_skey == FALSE);
+    assert(c->ticket_flags == (TKT_FLG_FORWARDABLE | TKT_FLG_RENEWABLE));
+    assert(c->addresses != NULL && c->addresses[0] != NULL);
+    assert(c->addresses[0]->addrtype == ADDRTYPE_INET);
+    assert(c->addresses[0]->length == 4);
+    assert(memcmp(c->addresses[0]->contents, &ipaddr, 4) == 0);
+    assert(c->addresses[1] == NULL);
+    assert(c->authdata != NULL && c->authdata[0] != NULL);
+    assert(c->authdata[0]->ad_type == KRB5_AUTHDATA_SIGNTICKET);
+    assert(c->authdata[0]->length == 10);
+    assert(memcmp(c->authdata[0]->contents, "signticket", 10) == 0);
+    assert(c->authdata[1] != NULL);
+    assert(c->authdata[1]->ad_type == -100);
+    assert(c->authdata[1]->length == 0);
+    assert(c->authdata[2] == NULL);
+    assert(data_eq_string(c->ticket, "ticket"));
+    assert(c->second_ticket.length == 0);
+}
+
+static void
+verify_cred2(const krb5_creds *c)
+{
+    verify_princ(c->client);
+    assert(c->server->length == 0);
+    assert(c->server->realm.length == 0);
+    assert(c->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC);
+    assert(c->keyblock.length == 16);
+    assert(memcmp(c->keyblock.contents,
+                  "\xF\xE\xD\xC\xB\xA\x9\x8\x7\x6\x5\x4\x3\x2\x1\x0",
+                  16) == 0);
+    assert(c->times.authtime == 0);
+    assert(c->times.starttime == 0);
+    assert(c->times.endtime == 0);
+    assert(c->times.renew_till == 0);
+    assert(c->is_skey == TRUE);
+    assert(c->ticket_flags == 0);
+    assert(c->addresses == NULL || c->addresses[0] == NULL);
+    assert(c->authdata == NULL || c->authdata[0] == NULL);
+    assert(data_eq_string(c->ticket, "ticket"));
+    assert(data_eq_string(c->second_ticket, "2ticket"));
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_ccache cache;
+    krb5_principal princ;
+    krb5_creds cred1, cred2;
+    krb5_cc_cursor cursor;
+    const char *filename;
+    char *ccname, buf[256];
+    int version, fd;
+    const struct test *t;
+    unsigned char *bytes;
+    size_t len;
+
+    if (argc != 2)
+        abort();
+    filename = argv[1];
+    if (asprintf(&ccname, "FILE:%s", filename) == -1)
+        abort();
+
+    if (krb5_init_context(&context) != 0)
+        abort();
+
+    for (version = 1; version <= 4; version++) {
+        t = &tests[version - 1];
+#ifdef K5_BE
+        /* The version 1 and 2 test data use little-endian integers. */
+        if (version == 0 || version == 1)
+            continue;
+#endif
+
+        /* Test principal unmarshalling and marshalling. */
+        if (k5_unmarshal_princ(t->princ, t->princlen, version, &princ) != 0)
+            abort();
+        verify_princ(princ);
+        if (k5_marshal_princ(princ, version, &bytes, &len) != 0)
+            abort();
+        assert(len == t->princlen);
+        assert(memcmp(t->princ, bytes, len) == 0);
+        free(bytes);
+
+        /* Test cred1 unmarshalling and marshalling. */
+        if (k5_unmarshal_cred(t->cred1, t->cred1len, version, &cred1) != 0)
+            abort();
+        verify_cred1(&cred1);
+        if (k5_marshal_cred(&cred1, version, &bytes, &len) != 0)
+            abort();
+        assert(len == t->cred1len);
+        assert(memcmp(t->cred1, bytes, len) == 0);
+        free(bytes);
+
+        /* Test cred2 unmarshalling and marshalling. */
+        if (k5_unmarshal_cred(t->cred2, t->cred2len, version, &cred2) != 0)
+            abort();
+        verify_cred2(&cred2);
+        if (k5_marshal_cred(&cred2, version, &bytes, &len) != 0)
+            abort();
+        assert(len == t->cred2len);
+        assert(memcmp(t->cred2, bytes, len) == 0);
+        free(bytes);
+
+        /* Write a ccache containing the principal and creds.  Use the same
+         * time offset as the version 4 test data used. */
+        context->fcc_default_format = 0x0500 + version;
+        context->os_context.time_offset = 300;
+        context->os_context.usec_offset = 54321;
+        context->os_context.os_flags = KRB5_OS_TOFFSET_VALID;
+        if (krb5_cc_resolve(context, ccname, &cache) != 0)
+            abort();
+        if (krb5_cc_initialize(context, cache, princ) != 0)
+            abort();
+        if (krb5_cc_store_cred(context, cache, &cred1) != 0)
+            abort();
+        if (krb5_cc_store_cred(context, cache, &cred2) != 0)
+            abort();
+        if (krb5_cc_close(context, cache) != 0)
+            abort();
+
+        /* Verify the cache representation against the test data. */
+        fd = open(filename, O_RDONLY);
+        if (fd == -1)
+            abort();
+        if (read(fd, buf, t->headerlen) != (ssize_t)t->headerlen)
+            abort();
+        assert(memcmp(buf, t->header, t->headerlen) == 0);
+        if (read(fd, buf, t->princlen) != (ssize_t)t->princlen)
+            abort();
+        assert(memcmp(buf, t->princ, t->princlen) == 0);
+        if (read(fd, buf, t->cred1len) != (ssize_t)t->cred1len)
+            abort();
+        assert(memcmp(buf, t->cred1, t->cred1len) == 0);
+        if (read(fd, buf, t->cred2len) != (ssize_t)t->cred2len)
+            abort();
+        assert(memcmp(buf, t->cred2, t->cred2len) == 0);
+        close(fd);
+
+        krb5_free_principal(context, princ);
+        krb5_free_cred_contents(context, &cred1);
+        krb5_free_cred_contents(context, &cred2);
+
+        /* Write a cache containing the test data. */
+        fd = open(filename, O_CREAT|O_TRUNC|O_RDWR, 0700);
+        if (fd == -1)
+            abort();
+        if (write(fd, t->header, t->headerlen) != (ssize_t)t->headerlen)
+            abort();
+        if (write(fd, t->princ, t->princlen) != (ssize_t)t->princlen)
+            abort();
+        if (write(fd, t->cred1, t->cred1len) != (ssize_t)t->cred1len)
+            abort();
+        if (write(fd, t->cred2, t->cred2len) != (ssize_t)t->cred2len)
+            abort();
+        close(fd);
+
+        /* Read the cache and verify that it matches. */
+        if (krb5_cc_resolve(context, ccname, &cache) != 0)
+            abort();
+        if (krb5_cc_get_principal(context, cache, &princ) != 0)
+            abort();
+        /* Not every version stores the time offset, but at least it shouldn't
+         * have changed from when we set it before. */
+        assert(context->os_context.time_offset == 300);
+        assert(context->os_context.usec_offset == 54321);
+        verify_princ(princ);
+        if (krb5_cc_start_seq_get(context, cache, &cursor) != 0)
+            abort();
+        if (krb5_cc_next_cred(context, cache, &cursor, &cred1) != 0)
+            abort();
+        verify_cred1(&cred1);
+        if (krb5_cc_next_cred(context, cache, &cursor, &cred2) != 0)
+            abort();
+        verify_cred2(&cred2);
+        if (krb5_cc_next_cred(context, cache, &cursor, &cred2) != KRB5_CC_END)
+            abort();
+        if (krb5_cc_end_seq_get(context, cache, &cursor) != 0)
+            abort();
+        if (krb5_cc_close(context, cache) != 0)
+            abort();
+    }
+
+    (void)unlink(filename);
+    free(ccname);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 06ca9fc..863ec02 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -121,6 +121,8 @@ k5_init_trace
 k5_kt_get_principal
 k5_localauth_free_context
 k5_locate_kdc
+k5_marshal_cred
+k5_marshal_princ
 k5_os_free_context
 k5_os_init_context
 k5_plugin_free_modules
@@ -128,6 +130,8 @@ k5_plugin_load
 k5_plugin_load_all
 k5_plugin_register
 k5_plugin_register_dyn
+k5_unmarshal_cred
+k5_unmarshal_princ
 krb524_convert_creds_kdc
 krb524_init_ets
 krb5_425_conv_principal


More information about the cvs-krb5 mailing list