Line data Source code
1 : #include <time.h>
2 : #include <stdlib.h>
3 : #include <stdarg.h>
4 : #include <stddef.h>
5 : #include <setjmp.h>
6 : #include <stdint.h>
7 : #include <cmocka.h>
8 :
9 : #include "includes.h"
10 : #include "system/kerberos.h"
11 : #include "auth/kerberos/kerberos.h"
12 : #include "auth/credentials/credentials.h"
13 : #include "auth/credentials/credentials_krb5.h"
14 : #include "auth/kerberos/kerberos_credentials.h"
15 : #include "auth/kerberos/kerberos_util.h"
16 :
17 2 : static void internal_obsolete_keytab_test(int num_principals, int num_kvnos,
18 : krb5_kvno kvno, const char *kt_name)
19 : {
20 2 : krb5_context krb5_ctx;
21 2 : krb5_keytab keytab;
22 2 : krb5_keytab_entry kt_entry;
23 2 : krb5_kt_cursor cursor;
24 2 : krb5_error_code code;
25 :
26 2 : int i,j;
27 2 : char princ_name[] = "user0";
28 2 : char expect_princ_name[] = "user0@samba.example.com";
29 2 : bool found_previous;
30 2 : const char *error_str;
31 :
32 2 : TALLOC_CTX *tmp_ctx = talloc_new(NULL);
33 2 : krb5_principal *principals = talloc_zero_array(tmp_ctx,
34 : krb5_principal,
35 : num_principals);
36 2 : krb5_init_context(&krb5_ctx);
37 2 : krb5_kt_resolve(krb5_ctx, kt_name, &keytab);
38 2 : ZERO_STRUCT(kt_entry);
39 :
40 10 : for(i=0; i<num_principals; i++) {
41 6 : princ_name[4] = (char)i+48;
42 6 : smb_krb5_make_principal(krb5_ctx, &(principals[i]),
43 : "samba.example.com", princ_name, NULL);
44 6 : kt_entry.principal = principals[i];
45 28 : for (j=0; j<num_kvnos; j++) {
46 22 : kt_entry.vno = j+1;
47 22 : krb5_kt_add_entry(krb5_ctx, keytab, &kt_entry);
48 : }
49 : }
50 :
51 2 : code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
52 2 : assert_int_equal(code, 0);
53 : #ifdef SAMBA4_USES_HEIMDAL
54 10 : for (i=0; i<num_principals; i++) {
55 6 : expect_princ_name[4] = (char)i+48;
56 28 : for (j=0; j<num_kvnos; j++) {
57 22 : char *unparsed_name;
58 22 : code = krb5_kt_next_entry(krb5_ctx, keytab,
59 : &kt_entry, &cursor);
60 22 : assert_int_equal(code, 0);
61 22 : assert_int_equal(kt_entry.vno, j+1);
62 : #else
63 : /* MIT - For MEMORY type keytabs, krb5_kt_add_entry() adds an
64 : * entry to the beginning of the keytab table, not the end */
65 : for (i=num_principals-1; i>=0; i--) {
66 : expect_princ_name[4] = (char)i+48;
67 : for (j=num_kvnos; j>0; j--) {
68 : char *unparsed_name;
69 : code = krb5_kt_next_entry(krb5_ctx, keytab,
70 : &kt_entry, &cursor);
71 : assert_int_equal(code, 0);
72 : assert_int_equal(kt_entry.vno, j);
73 : #endif
74 22 : krb5_unparse_name(krb5_ctx, kt_entry.principal,
75 : &unparsed_name);
76 22 : assert_string_equal(expect_princ_name, unparsed_name);
77 : }
78 : }
79 :
80 2 : smb_krb5_remove_obsolete_keytab_entries(tmp_ctx, krb5_ctx, keytab,
81 : num_principals, principals,
82 : kvno, &found_previous,
83 : &error_str);
84 :
85 2 : code = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
86 2 : assert_int_equal(code, 0);
87 : #ifdef SAMBA4_USES_HEIMDAL
88 10 : for (i=0; i<num_principals; i++) {
89 : #else /* MIT - reverse iterate through entries */
90 : for (i=num_principals-1; i>=0; i--) {
91 : #endif
92 6 : char *unparsed_name;
93 6 : expect_princ_name[4] = (char)i+48;
94 6 : code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);
95 6 : assert_int_equal(code, 0);
96 6 : assert_int_equal(kt_entry.vno, kvno-1);
97 6 : krb5_unparse_name(krb5_ctx, kt_entry.principal, &unparsed_name);
98 6 : assert_string_equal(expect_princ_name, unparsed_name);
99 : }
100 2 : code = krb5_kt_next_entry(krb5_ctx, keytab, &kt_entry, &cursor);
101 2 : assert_int_not_equal(code, 0);
102 2 : }
103 :
104 1 : static void test_krb5_remove_obsolete_keytab_entries_many(void **state)
105 : {
106 1 : internal_obsolete_keytab_test(5, 4, (krb5_kvno)5, "MEMORY:LOL2");
107 1 : }
108 :
109 1 : static void test_krb5_remove_obsolete_keytab_entries_one(void **state)
110 : {
111 1 : internal_obsolete_keytab_test(1, 2, (krb5_kvno)3, "MEMORY:LOL");
112 1 : }
113 :
114 1 : int main(int argc, const char **argv)
115 : {
116 1 : const struct CMUnitTest tests[] = {
117 : cmocka_unit_test(test_krb5_remove_obsolete_keytab_entries_one),
118 : cmocka_unit_test(test_krb5_remove_obsolete_keytab_entries_many),
119 : };
120 :
121 1 : cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
122 1 : return cmocka_run_group_tests(tests, NULL, NULL);
123 : }
|
