Add a test for aname2lname

lib/krb5/test_alname.c

@@ -54,12 +54,14 @@ test_alname(krb5_context context, krb5_const_realm realm,
 
     ret = krb5_aname_to_localname(context, p, sizeof(localname), localname);
     krb5_free_principal(context, p);
-    free(princ);
     if (ret) {
-	if (!ok)
+	if (!ok) {
+	    free(princ);
 	    return;
+	}
 	krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s",
 		 princ, localuser);
+	free(princ);
     }
 
     if (strcmp(localname, localuser) != 0) {
@@ -74,10 +76,16 @@ test_alname(krb5_context context, krb5_const_realm realm,
 
 }
 
+static int simple_flag = 0;
+static int verbose_flag = 0;
 static int version_flag = 0;
 static int help_flag	= 0;
 
 static struct getargs args[] = {
+    {"simple",	0,	arg_flag,	&simple_flag, /* Used for scripting */
+     "map the given principal and print the resulting localname", NULL },
+    {"verbose",	0,	arg_flag,	&verbose_flag,
+     "print the actual principal name as well as the localname", NULL },
     {"version",	0,	arg_flag,	&version_flag,
      "print version", NULL },
     {"help",	0,	arg_flag,	&help_flag,
@@ -119,15 +127,52 @@ main(int argc, char **argv)
     argc -= optidx;
     argv += optidx;
 
-    if (argc != 1)
-	errx(1, "first argument should be a local user that in root .k5login");
-
-    user = argv[0];
-
     ret = krb5_init_context(&context);
     if (ret)
 	errx (1, "krb5_init_context failed: %d", ret);
 
+    if (simple_flag) {
+	krb5_principal princ;
+	char localname[1024];
+	char *unparsed;
+	krb5_error_code ret;
+
+	/* Map then print the result and exit */
+	if (argc != 1)
+	    errx(1, "One argument is required and it must be a principal name");
+
+	ret = krb5_parse_name(context, argv[0], &princ);
+	if (ret)
+	    krb5_err(context, 1, ret, "krb5_build_principal");
+
+	ret = krb5_unparse_name(context, princ, &unparsed);
+	if (ret)
+	    krb5_err(context, 1, ret, "krb5_unparse_name");
+
+	ret = krb5_aname_to_localname(context, princ, sizeof(localname),
+				      localname);
+	if (ret == KRB5_NO_LOCALNAME) {
+	    if (verbose_flag)
+		fprintf(stderr, "No mapping obtained for %s\n", unparsed);
+	    exit(1);
+	}
+	if (ret == KRB5_PLUGIN_NO_HANDLE) {
+	    fprintf(stderr, "Error: KRB5_PLUGIN_NO_HANDLE leaked!\n");
+	    exit(2);
+	}
+	if (verbose_flag)
+	    printf("%s ", unparsed);
+	free(unparsed);
+	krb5_free_principal(context, princ);
+	printf("%s\n", localname);
+	exit(0);
+    }
+
+    if (argc != 1)
+	errx(1, "first argument should be a local user that is in root .k5login");
+
+    user = argv[0];
+
     ret = krb5_get_default_realm(context, &realm);
     if (ret)
 	krb5_err(context, 1, ret, "krb5_get_default_realm");

tests/bin/setup-env.in

@@ -31,7 +31,6 @@ kpasswdd="${TESTS_ENVIRONMENT} ${top_builddir}/kpasswd/kpasswdd"
 kswitch="${TESTS_ENVIRONMENT} ${top_builddir}/kuser/kcc kswitch"
 ktutil="${TESTS_ENVIRONMENT} ${top_builddir}/admin/ktutil"
 gsstool="${TESTS_ENVIRONMENT} ${top_builddir}/lib/gssapi/gsstool"
-test_set_kvno0="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_set_kvno0"
 
 # regression test tools
 test_ap_req="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_ap-req"
@@ -41,6 +40,8 @@ test_renew="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_renew"
 test_ntlm="${TESTS_ENVIRONMENT} ${top_builddir}/lib/gssapi/test_ntlm"
 test_context="${TESTS_ENVIRONMENT} ${top_builddir}/lib/gssapi/test_context"
 rkpty="${TESTS_ENVIRONMENT} ${top_builddir}/lib/roken/rkpty"
+test_set_kvno0="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_set_kvno0"
+test_alname="${TESTS_ENVIRONMENT} ${top_builddir}/lib/krb5/test_alname"
 
 # misc apps
 have_db="${top_builddir}/tests/db/have-db"

tests/kdc/Makefile.am

@@ -3,6 +3,7 @@ include $(top_srcdir)/Makefile.am.common
 noinst_DATA = \
 	kdc-tester4.json \
 	krb5.conf \
+	krb5-an2ln.conf \
 	krb5-canon.conf \
 	krb5-canon2.conf \
 	krb5-hdb-mitdb.conf \
@@ -14,6 +15,7 @@ noinst_DATA = \
 check_SCRIPTS = $(SCRIPT_TESTS) 
 
 SCRIPT_TESTS = \
+	check-an2ln \
 	check-canon \
 	check-cc \
 	check-delegation \
@@ -57,6 +59,11 @@ do_subst = sed $(do_dlopen) \
 
 LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
 
+check-an2ln: check-an2ln.in Makefile krb5-an2ln.conf
+	$(do_subst) < $(srcdir)/check-an2ln.in > check-an2ln.tmp
+	chmod +x check-an2ln.tmp
+	mv check-an2ln.tmp check-an2ln
+
 check-canon: check-canon.in Makefile krb5-canon.conf krb5-canon2.conf
 	$(do_subst) < $(srcdir)/check-canon.in > check-canon.tmp
 	chmod +x check-canon.tmp
@@ -153,6 +160,10 @@ krb5.conf: krb5.conf.in Makefile
 	   -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp
 	mv krb5.conf.tmp krb5.conf
 
+krb5-an2ln.conf: krb5-an2ln.conf.in Makefile
+	$(do_subst) < $(srcdir)/krb5-an2ln.conf.in > krb5-an2ln.conf.tmp
+	mv krb5-an2ln.conf.tmp krb5-an2ln.conf
+
 krb5-canon.conf: krb5-canon.conf.in Makefile
 	$(do_subst) \
 	   -e 's,[@]WEAK[@],false,g' \
@@ -211,6 +222,7 @@ CLEANFILES= \
 	foopassword \
 	kdc-tester4.json \
 	krb5.conf \
+	krb5-an2ln.conf \
 	krb5-canon.conf \
 	krb5-canon2.conf \
 	krb5-weak.conf \
@@ -247,6 +259,7 @@ CLEANFILES= \
 
 EXTRA_DIST = \
 	NTMakefile \
+	check-an2ln.in \
 	check-canon.in \
 	check-cc.in \
 	check-delegation.in \
@@ -272,6 +285,7 @@ EXTRA_DIST = \
 	kdc-tester4.json.in \
 	krb5-pkinit.conf.in \
 	krb5.conf.in \
+	krb5-an2ln.conf.in \
 	krb5-canon.conf.in \
 	krb5-canon2.conf.in \
 	krb5-hdb-mitdb.conf.in \

tests/kdc/an2ln-db.txt

@@ -0,0 +1,141 @@
+0575ee035f72dfb1 junk
+074897aaa3c4eace junk
+0c0015d1cb0edf2e junk
+15c02bb64902a207 junk
+1730cb4567c1bfce junk
+17c6e78171587710 junk
+21bef891f06af28e junk
+2358b67cdd649987 junk
+2b334ee5d32eb55b junk
+2f4cd4424e58822d junk
+4758f671c662b7e2 junk
+4bf0af25dd5211bd junk
+4d7f715b271ddb10 junk
+4f701fa5a4055c00 junk
+4f7634440d7bef3a junk
+5593a6bc03a68a3d junk
+5652948873ae4a9b junk
+5ababa9c833ce592 junk
+5c2fb83355b59cf1 junk
+5cf29f522abbcbe1 junk
+5d184a0f45bdaf61 junk
+70a01e2a09ba4b40 junk
+75bdfdb4c9c9b26b junk
+787aa58456e66463 junk
+788fa38b04026ca9 junk
+79ad9f69fb354592 junk
+7a686ba61c736eb1 junk
+807644c5c50f29d5 junk
+826de82aa81c3f8a junk
+85316d269114d787 junk
+86b7d20af35cffba junk
+895ca88e162d398f junk
+9008213d189aac2b junk
+98a51d5c9a172691 junk
+9af7d4a596944dcf junk
+a094067ad439189c junk
+a86904ae8f55df9e junk
+aa3ae6e252f65711 junk
+b19ffc6336a23be3 junk
+b4e37e4d23c4d7be junk
+b5c8b14d1e8ae7cb junk
+b9365f7ec3b0d52c junk
+bar/mapped1@TEST2.H5L.SE foobar
+bar/mapped2@TEST2.H5L.SE foobaz
+c118fb30610b8011 junk
+c19ffa62f50ad8f7 junk
+c9fce89738e25054 junk
+cb4555bb49891436 junk
+ccfb9930466fe627 junk
+cd2e8bc1fd014a86 junk
+d0d8dfeddf1b1eaa junk
+d22ff9ea01dfe15f junk
+d2bce251fcf6d5a3 junk
+d377b118646db95d junk
+d42fd3b12935a24a junk
+d948845a3b0068ac junk
+dbb143ecf6019b50 junk
+dbe41b5888e50c9c junk
+dd7a0a53ed569e21 junk
+dd82f76178ff0315 junk
+e1d62414205aa5a1 junk
+e3156ded04399027 junk
+e6bccd04c18fbd2e junk
+e9cb04e892e8f072 junk
+ebb5773344e4ade4 junk
+ef08d2dc9fef4f05 junk
+f59975170a04e071 junk
+f75338796ea735f0 junk
+f8cd2e85efa891af junk
+fd6e5e417b8296a7 junk
+foo/mapped1@TEST2.H5L.SE foo_mapped
+mapped1@TEST2.H5L.SE m1
+mapped2@TEST2.H5L.SE m2
+z008213d189aac2b junk
+z07644c5c50f29d5 junk
+z094067ad439189c junk
+z0a01e2a09ba4b40 junk
+z0d8dfeddf1b1eaa junk
+z118fb30610b8011 junk
+z19ffa62f50ad8f7 junk
+z19ffc6336a23be3 junk
+z1bef891f06af28e junk
+z1d62414205aa5a1 junk
+z22ff9ea01dfe15f junk
+z26de82aa81c3f8a junk
+z2bce251fcf6d5a3 junk
+z3156ded04399027 junk
+z358b67cdd649987 junk
+z377b118646db95d junk
+z42fd3b12935a24a junk
+z4e37e4d23c4d7be junk
+z5316d269114d787 junk
+z575ee035f72dfb1 junk
+z593a6bc03a68a3d junk
+z59975170a04e071 junk
+z5bdfdb4c9c9b26b junk
+z5c02bb64902a207 junk
+z5c8b14d1e8ae7cb junk
+z652948873ae4a9b junk
+z6b7d20af35cffba junk
+z6bccd04c18fbd2e junk
+z730cb4567c1bfce junk
+z74897aaa3c4eace junk
+z75338796ea735f0 junk
+z758f671c662b7e2 junk
+z7c6e78171587710 junk
+z86904ae8f55df9e junk
+z87aa58456e66463 junk
+z88fa38b04026ca9 junk
+z8a51d5c9a172691 junk
+z8cd2e85efa891af junk
+z9365f7ec3b0d52c junk
+z948845a3b0068ac junk
+z95ca88e162d398f junk
+z9ad9f69fb354592 junk
+z9cb04e892e8f072 junk
+z9fce89738e25054 junk
+za3ae6e252f65711 junk
+za686ba61c736eb1 junk
+zababa9c833ce592 junk
+zaf7d4a596944dcf junk
+zb334ee5d32eb55b junk
+zb4555bb49891436 junk
+zbb143ecf6019b50 junk
+zbb5773344e4ade4 junk
+zbe41b5888e50c9c junk
+zbf0af25dd5211bd junk
+zc0015d1cb0edf2e junk
+zc2fb83355b59cf1 junk
+zcf29f522abbcbe1 junk
+zcfb9930466fe627 junk
+zd184a0f45bdaf61 junk
+zd2e8bc1fd014a86 junk
+zd6e5e417b8296a7 junk
+zd7a0a53ed569e21 junk
+zd7f715b271ddb10 junk
+zd82f76178ff0315 junk
+zf08d2dc9fef4f05 junk
+zf4cd4424e58822d junk
+zf701fa5a4055c00 junk
+zf7634440d7bef3a junk

tests/kdc/check-an2ln.in

@@ -0,0 +1,104 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden). 
+# All rights reserved. 
+#
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions 
+# are met: 
+#
+# 1. Redistributions of source code must retain the above copyright 
+#    notice, this list of conditions and the following disclaimer. 
+#
+# 2. Redistributions in binary form must reproduce the above copyright 
+#    notice, this list of conditions and the following disclaimer in the 
+#    documentation and/or other materials provided with the distribution. 
+#
+# 3. Neither the name of the Institute nor the names of its contributors 
+#    may be used to endorse or promote products derived from this software 
+#    without specific prior written permission. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+# SUCH DAMAGE. 
+
+top_builddir="@top_builddir@"
+env_setup="@env_setup@"
+objdir="."
+
+. ${env_setup}
+
+srcdir="${top_srcdir}/tests/kdc"
+test_alname="${test_alname} --simple"
+
+rm -f localname
+
+check_localname() {
+    ${test_alname} "$1" > localname
+    status=$?
+    if test $status -ne "$2"; then
+	echo "Unexpected exit code from test_alname: $status"
+	exit 1
+    fi
+    if test $status -ne 0; then
+	return 0
+    fi
+    read lname < localname
+    if test "X$lname" != "X$3"; then
+	echo "Unexpected mapping of $1: $lname"
+	exit 1
+    fi
+    return 0
+}
+
+R=TEST.H5L.SE
+R2=TEST2.H5L.SE
+R3=TEST3.H5L.SE
+R4=TEST4.H5L.SE
+
+KRB5_CONFIG="${objdir}/krb5-an2ln.conf"
+export KRB5_CONFIG
+
+echo "Checking 1-component principal names in default realms"
+check_localname mapped1@${R} 0 foo
+check_localname mapped2@${R} 0 bar
+check_localname mapped1@${R2} 0 m1
+check_localname mapped2@${R2} 0 m2
+check_localname mapped1@${R3} 0 mapped1
+check_localname mapped2@${R3} 0 mapped2
+check_localname notmapped1@${R} 1
+check_localname notmapped1@${R2} 1
+check_localname notmapped1@${R3} 0 notmapped1
+
+echo "Checking 1-component principal names in non-default realm"
+check_localname mapped1@${R4} 1
+check_localname notmapped1@${R4} 1
+
+echo "Checking 2-component principal names"
+check_localname foo/mapped1@${R} 0 foo
+check_localname foo/mapped2@${R} 0 bar
+check_localname bar/mapped1@${R2} 0 foobar
+check_localname bar/mapped2@${R2} 0 foobaz
+check_localname foo/mapped1@${R3} 1
+check_localname bar/mapped1@${R3} 1
+check_localname foo/notmapped1@${R} 1
+check_localname bar/notmapped1@${R2} 1
+
+echo "Checking 2-component principal names in non-default realm"
+check_localname foo/mapped1@${R4} 1
+check_localname bar/mapped1@${R4} 1
+check_localname foo/notmapped1@${R4} 1
+check_localname bar/notmapped1@${R4} 1
+
+rm -f messages.log
+
+exit 0

tests/kdc/krb5-an2ln.conf.in

@@ -0,0 +1,26 @@
+[libdefaults]
+	default_realm = TEST.H5L.SE TEST2.H5L.SE TEST3.H5L.SE
+	no-addresses = TRUE
+
+[appdefaults]
+
+[realms]
+	TEST.H5L.SE = {
+	    auth_to_local_names = {
+		foo/mapped1 = foo
+		foo/mapped2 = bar
+		mapped1 = foo
+		mapped2 = bar
+	    }
+	    auth_to_local = NONE
+	}
+	TEST2.H5L.SE = {
+	    auth_to_local = DB:@objdir@/an2ln-db.txt
+	}
+	TEST3.H5L.SE = {
+	    auth_to_local = DEFAULT
+	}
+
+[logging]
+	default = 0-/FILE:@objdir@/messages.log
+