From da14596f0eface1f3672176ad33c684bdfca222b Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Tue, 29 Nov 2011 23:54:40 -0600 Subject: [PATCH] Add a test for aname2lname --- lib/krb5/test_alname.c | 59 +++++++++++++-- tests/bin/setup-env.in | 3 +- tests/kdc/Makefile.am | 14 ++++ tests/kdc/an2ln-db.txt | 141 +++++++++++++++++++++++++++++++++++ tests/kdc/check-an2ln.in | 104 ++++++++++++++++++++++++++ tests/kdc/krb5-an2ln.conf.in | 26 +++++++ 6 files changed, 339 insertions(+), 8 deletions(-) create mode 100644 tests/kdc/an2ln-db.txt create mode 100644 tests/kdc/check-an2ln.in create mode 100644 tests/kdc/krb5-an2ln.conf.in diff --git a/lib/krb5/test_alname.c b/lib/krb5/test_alname.c index 21e4bff8d..79f8ef273 100644 --- a/lib/krb5/test_alname.c +++ b/lib/krb5/test_alname.c @@ -54,12 +54,14 @@ test_alname(krb5_context context, krb5_const_realm realm, ret = krb5_aname_to_localname(context, p, sizeof(localname), localname); krb5_free_principal(context, p); - free(princ); if (ret) { - if (!ok) + if (!ok) { + free(princ); return; + } krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", princ, localuser); + free(princ); } if (strcmp(localname, localuser) != 0) { @@ -74,10 +76,16 @@ test_alname(krb5_context context, krb5_const_realm realm, } +static int simple_flag = 0; +static int verbose_flag = 0; static int version_flag = 0; static int help_flag = 0; static struct getargs args[] = { + {"simple", 0, arg_flag, &simple_flag, /* Used for scripting */ + "map the given principal and print the resulting localname", NULL }, + {"verbose", 0, arg_flag, &verbose_flag, + "print the actual principal name as well as the localname", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL }, {"help", 0, arg_flag, &help_flag, @@ -119,15 +127,52 @@ main(int argc, char **argv) argc -= optidx; argv += optidx; - if (argc != 1) - errx(1, "first argument should be a local user that in root .k5login"); - - user = argv[0]; - ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); + if (simple_flag) { + krb5_principal princ; + char localname[1024]; + char *unparsed; + krb5_error_code ret; + + /* Map then print the result and exit */ + if (argc != 1) + errx(1, "One argument is required and it must be a principal name"); + + ret = krb5_parse_name(context, argv[0], &princ); + if (ret) + krb5_err(context, 1, ret, "krb5_build_principal"); + + ret = krb5_unparse_name(context, princ, &unparsed); + if (ret) + krb5_err(context, 1, ret, "krb5_unparse_name"); + + ret = krb5_aname_to_localname(context, princ, sizeof(localname), + localname); + if (ret == KRB5_NO_LOCALNAME) { + if (verbose_flag) + fprintf(stderr, "No mapping obtained for %s\n", unparsed); + exit(1); + } + if (ret == KRB5_PLUGIN_NO_HANDLE) { + fprintf(stderr, "Error: KRB5_PLUGIN_NO_HANDLE leaked!\n"); + exit(2); + } + if (verbose_flag) + printf("%s ", unparsed); + free(unparsed); + krb5_free_principal(context, princ); + printf("%s\n", localname); + exit(0); + } + + if (argc != 1) + errx(1, "first argument should be a local user that is in root .k5login"); + + user = argv[0]; + ret = krb5_get_default_realm(context, &realm); if (ret) krb5_err(context, 1, ret, "krb5_get_default_realm"); diff --git a/tests/bin/setup-env.in b/tests/bin/setup-env.in index 72c287df9..ef4b01d93 100644 --- a/tests/bin/setup-env.in +++ b/tests/bin/setup-env.in @@ -31,7 +31,6 @@ kpasswdd="${TESTS_ENVIRONMENT} ${top_builddir}/kpasswd/kpasswdd" kswitch="${TESTS_ENVIRONMENT} ${top_builddir}/kuser/kcc kswitch" ktutil="${TESTS_ENVIRONMENT} ${top_builddir}/admin/ktutil" gsstool="${TESTS_ENVIRONMENT} ${top_builddir}/lib/gssapi/gsstool" -test_set_kvno0="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_set_kvno0" # regression test tools test_ap_req="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_ap-req" @@ -41,6 +40,8 @@ test_renew="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_renew" test_ntlm="${TESTS_ENVIRONMENT} ${top_builddir}/lib/gssapi/test_ntlm" test_context="${TESTS_ENVIRONMENT} ${top_builddir}/lib/gssapi/test_context" rkpty="${TESTS_ENVIRONMENT} ${top_builddir}/lib/roken/rkpty" +test_set_kvno0="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_set_kvno0" +test_alname="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_alname" # misc apps have_db="${top_builddir}/tests/db/have-db" diff --git a/tests/kdc/Makefile.am b/tests/kdc/Makefile.am index 4eeda1ebf..ee7ba1cd1 100644 --- a/tests/kdc/Makefile.am +++ b/tests/kdc/Makefile.am @@ -3,6 +3,7 @@ include $(top_srcdir)/Makefile.am.common noinst_DATA = \ kdc-tester4.json \ krb5.conf \ + krb5-an2ln.conf \ krb5-canon.conf \ krb5-canon2.conf \ krb5-hdb-mitdb.conf \ @@ -14,6 +15,7 @@ noinst_DATA = \ check_SCRIPTS = $(SCRIPT_TESTS) SCRIPT_TESTS = \ + check-an2ln \ check-canon \ check-cc \ check-delegation \ @@ -57,6 +59,11 @@ do_subst = sed $(do_dlopen) \ LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken) +check-an2ln: check-an2ln.in Makefile krb5-an2ln.conf + $(do_subst) < $(srcdir)/check-an2ln.in > check-an2ln.tmp + chmod +x check-an2ln.tmp + mv check-an2ln.tmp check-an2ln + check-canon: check-canon.in Makefile krb5-canon.conf krb5-canon2.conf $(do_subst) < $(srcdir)/check-canon.in > check-canon.tmp chmod +x check-canon.tmp @@ -153,6 +160,10 @@ krb5.conf: krb5.conf.in Makefile -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp mv krb5.conf.tmp krb5.conf +krb5-an2ln.conf: krb5-an2ln.conf.in Makefile + $(do_subst) < $(srcdir)/krb5-an2ln.conf.in > krb5-an2ln.conf.tmp + mv krb5-an2ln.conf.tmp krb5-an2ln.conf + krb5-canon.conf: krb5-canon.conf.in Makefile $(do_subst) \ -e 's,[@]WEAK[@],false,g' \ @@ -211,6 +222,7 @@ CLEANFILES= \ foopassword \ kdc-tester4.json \ krb5.conf \ + krb5-an2ln.conf \ krb5-canon.conf \ krb5-canon2.conf \ krb5-weak.conf \ @@ -247,6 +259,7 @@ CLEANFILES= \ EXTRA_DIST = \ NTMakefile \ + check-an2ln.in \ check-canon.in \ check-cc.in \ check-delegation.in \ @@ -272,6 +285,7 @@ EXTRA_DIST = \ kdc-tester4.json.in \ krb5-pkinit.conf.in \ krb5.conf.in \ + krb5-an2ln.conf.in \ krb5-canon.conf.in \ krb5-canon2.conf.in \ krb5-hdb-mitdb.conf.in \ diff --git a/tests/kdc/an2ln-db.txt b/tests/kdc/an2ln-db.txt new file mode 100644 index 000000000..511d957e6 --- /dev/null +++ b/tests/kdc/an2ln-db.txt @@ -0,0 +1,141 @@ +0575ee035f72dfb1 junk +074897aaa3c4eace junk +0c0015d1cb0edf2e junk +15c02bb64902a207 junk +1730cb4567c1bfce junk +17c6e78171587710 junk +21bef891f06af28e junk +2358b67cdd649987 junk +2b334ee5d32eb55b junk +2f4cd4424e58822d junk +4758f671c662b7e2 junk +4bf0af25dd5211bd junk +4d7f715b271ddb10 junk +4f701fa5a4055c00 junk +4f7634440d7bef3a junk +5593a6bc03a68a3d junk +5652948873ae4a9b junk +5ababa9c833ce592 junk +5c2fb83355b59cf1 junk +5cf29f522abbcbe1 junk +5d184a0f45bdaf61 junk +70a01e2a09ba4b40 junk +75bdfdb4c9c9b26b junk +787aa58456e66463 junk +788fa38b04026ca9 junk +79ad9f69fb354592 junk +7a686ba61c736eb1 junk +807644c5c50f29d5 junk +826de82aa81c3f8a junk +85316d269114d787 junk +86b7d20af35cffba junk +895ca88e162d398f junk +9008213d189aac2b junk +98a51d5c9a172691 junk +9af7d4a596944dcf junk +a094067ad439189c junk +a86904ae8f55df9e junk +aa3ae6e252f65711 junk +b19ffc6336a23be3 junk +b4e37e4d23c4d7be junk +b5c8b14d1e8ae7cb junk +b9365f7ec3b0d52c junk +bar/mapped1@TEST2.H5L.SE foobar +bar/mapped2@TEST2.H5L.SE foobaz +c118fb30610b8011 junk +c19ffa62f50ad8f7 junk +c9fce89738e25054 junk +cb4555bb49891436 junk +ccfb9930466fe627 junk +cd2e8bc1fd014a86 junk +d0d8dfeddf1b1eaa junk +d22ff9ea01dfe15f junk +d2bce251fcf6d5a3 junk +d377b118646db95d junk +d42fd3b12935a24a junk +d948845a3b0068ac junk +dbb143ecf6019b50 junk +dbe41b5888e50c9c junk +dd7a0a53ed569e21 junk +dd82f76178ff0315 junk +e1d62414205aa5a1 junk +e3156ded04399027 junk +e6bccd04c18fbd2e junk +e9cb04e892e8f072 junk +ebb5773344e4ade4 junk +ef08d2dc9fef4f05 junk +f59975170a04e071 junk +f75338796ea735f0 junk +f8cd2e85efa891af junk +fd6e5e417b8296a7 junk +foo/mapped1@TEST2.H5L.SE foo_mapped +mapped1@TEST2.H5L.SE m1 +mapped2@TEST2.H5L.SE m2 +z008213d189aac2b junk +z07644c5c50f29d5 junk +z094067ad439189c junk +z0a01e2a09ba4b40 junk +z0d8dfeddf1b1eaa junk +z118fb30610b8011 junk +z19ffa62f50ad8f7 junk +z19ffc6336a23be3 junk +z1bef891f06af28e junk +z1d62414205aa5a1 junk +z22ff9ea01dfe15f junk +z26de82aa81c3f8a junk +z2bce251fcf6d5a3 junk +z3156ded04399027 junk +z358b67cdd649987 junk +z377b118646db95d junk +z42fd3b12935a24a junk +z4e37e4d23c4d7be junk +z5316d269114d787 junk +z575ee035f72dfb1 junk +z593a6bc03a68a3d junk +z59975170a04e071 junk +z5bdfdb4c9c9b26b junk +z5c02bb64902a207 junk +z5c8b14d1e8ae7cb junk +z652948873ae4a9b junk +z6b7d20af35cffba junk +z6bccd04c18fbd2e junk +z730cb4567c1bfce junk +z74897aaa3c4eace junk +z75338796ea735f0 junk +z758f671c662b7e2 junk +z7c6e78171587710 junk +z86904ae8f55df9e junk +z87aa58456e66463 junk +z88fa38b04026ca9 junk +z8a51d5c9a172691 junk +z8cd2e85efa891af junk +z9365f7ec3b0d52c junk +z948845a3b0068ac junk +z95ca88e162d398f junk +z9ad9f69fb354592 junk +z9cb04e892e8f072 junk +z9fce89738e25054 junk +za3ae6e252f65711 junk +za686ba61c736eb1 junk +zababa9c833ce592 junk +zaf7d4a596944dcf junk +zb334ee5d32eb55b junk +zb4555bb49891436 junk +zbb143ecf6019b50 junk +zbb5773344e4ade4 junk +zbe41b5888e50c9c junk +zbf0af25dd5211bd junk +zc0015d1cb0edf2e junk +zc2fb83355b59cf1 junk +zcf29f522abbcbe1 junk +zcfb9930466fe627 junk +zd184a0f45bdaf61 junk +zd2e8bc1fd014a86 junk +zd6e5e417b8296a7 junk +zd7a0a53ed569e21 junk +zd7f715b271ddb10 junk +zd82f76178ff0315 junk +zf08d2dc9fef4f05 junk +zf4cd4424e58822d junk +zf701fa5a4055c00 junk +zf7634440d7bef3a junk diff --git a/tests/kdc/check-an2ln.in b/tests/kdc/check-an2ln.in new file mode 100644 index 000000000..d4a6bc295 --- /dev/null +++ b/tests/kdc/check-an2ln.in @@ -0,0 +1,104 @@ +#!/bin/sh +# +# Copyright (c) 2007 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +top_builddir="@top_builddir@" +env_setup="@env_setup@" +objdir="." + +. ${env_setup} + +srcdir="${top_srcdir}/tests/kdc" +test_alname="${test_alname} --simple" + +rm -f localname + +check_localname() { + ${test_alname} "$1" > localname + status=$? + if test $status -ne "$2"; then + echo "Unexpected exit code from test_alname: $status" + exit 1 + fi + if test $status -ne 0; then + return 0 + fi + read lname < localname + if test "X$lname" != "X$3"; then + echo "Unexpected mapping of $1: $lname" + exit 1 + fi + return 0 +} + +R=TEST.H5L.SE +R2=TEST2.H5L.SE +R3=TEST3.H5L.SE +R4=TEST4.H5L.SE + +KRB5_CONFIG="${objdir}/krb5-an2ln.conf" +export KRB5_CONFIG + +echo "Checking 1-component principal names in default realms" +check_localname mapped1@${R} 0 foo +check_localname mapped2@${R} 0 bar +check_localname mapped1@${R2} 0 m1 +check_localname mapped2@${R2} 0 m2 +check_localname mapped1@${R3} 0 mapped1 +check_localname mapped2@${R3} 0 mapped2 +check_localname notmapped1@${R} 1 +check_localname notmapped1@${R2} 1 +check_localname notmapped1@${R3} 0 notmapped1 + +echo "Checking 1-component principal names in non-default realm" +check_localname mapped1@${R4} 1 +check_localname notmapped1@${R4} 1 + +echo "Checking 2-component principal names" +check_localname foo/mapped1@${R} 0 foo +check_localname foo/mapped2@${R} 0 bar +check_localname bar/mapped1@${R2} 0 foobar +check_localname bar/mapped2@${R2} 0 foobaz +check_localname foo/mapped1@${R3} 1 +check_localname bar/mapped1@${R3} 1 +check_localname foo/notmapped1@${R} 1 +check_localname bar/notmapped1@${R2} 1 + +echo "Checking 2-component principal names in non-default realm" +check_localname foo/mapped1@${R4} 1 +check_localname bar/mapped1@${R4} 1 +check_localname foo/notmapped1@${R4} 1 +check_localname bar/notmapped1@${R4} 1 + +rm -f messages.log + +exit 0 diff --git a/tests/kdc/krb5-an2ln.conf.in b/tests/kdc/krb5-an2ln.conf.in new file mode 100644 index 000000000..51e706ce5 --- /dev/null +++ b/tests/kdc/krb5-an2ln.conf.in @@ -0,0 +1,26 @@ +[libdefaults] + default_realm = TEST.H5L.SE TEST2.H5L.SE TEST3.H5L.SE + no-addresses = TRUE + +[appdefaults] + +[realms] + TEST.H5L.SE = { + auth_to_local_names = { + foo/mapped1 = foo + foo/mapped2 = bar + mapped1 = foo + mapped2 = bar + } + auth_to_local = NONE + } + TEST2.H5L.SE = { + auth_to_local = DB:@objdir@/an2ln-db.txt + } + TEST3.H5L.SE = { + auth_to_local = DEFAULT + } + +[logging] + default = 0-/FILE:@objdir@/messages.log +