Add basic test for credstore extentions

3 files changed, 175 insertions, 3 deletions

diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in
index 4ddd9c91d4..32cf7d5bef 100644
--- a/src/tests/gssapi/Makefile.in
+++ b/src/tests/gssapi/Makefile.in
@@ -9,10 +9,11 @@ SRCS=	$(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_imp_cred.c \
 	$(srcdir)/t_namingexts.c $(srcdir)/t_gssexts.c $(srcdir)/t_saslname.c
 
 OBJS=	t_accname.o t_ccselect.o t_imp_cred.o t_imp_name.o t_s4u.o \
-	t_s4u2proxy_krb5.o t_namingexts.o t_gssexts.o t_spnego.o t_saslname.o
+	t_s4u2proxy_krb5.o t_namingexts.o t_gssexts.o t_spnego.o t_saslname.o \
+	t_credstore.o
 
 all:: t_accname t_ccselect t_imp_cred t_imp_name t_s4u t_s4u2proxy_krb5 \
-	t_namingexts t_gssexts t_spnego t_saslname
+	t_namingexts t_gssexts t_spnego t_saslname t_credstore
 
 check-pytests:: t_accname t_ccselect t_imp_cred t_spnego t_s4u2proxy_krb5 \
 	t_s4u ccinit ccrefresh
@@ -45,7 +46,10 @@ t_spnego: t_spnego.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o t_spnego t_spnego.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
 t_saslname: t_saslname.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o t_saslname t_saslname.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+t_credstore: t_credstore.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_credstore t_credstore.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
 
 clean::
 	$(RM) t_accname t_ccselect t_imp_cred t_imp_name t_s4u \
-		t_s4u2proxy_krb5 t_namingexts t_gssexts t_spnego t_saslname
+		t_s4u2proxy_krb5 t_namingexts t_gssexts t_spnego \
+		t_saslname t_credstore
diff --git a/src/tests/gssapi/t_credstore.c b/src/tests/gssapi/t_credstore.c
new file mode 100644
index 0000000000..73c11f8b51
--- /dev/null
+++ b/src/tests/gssapi/t_credstore.c
@@ -0,0 +1,154 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <gssapi/gssapi_ext.h>
+#include <gssapi/gssapi_krb5.h>
+
+static void
+print_gss_status(int type, OM_uint32 code)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx = 0;
+
+    do {
+        major = gss_display_status(&minor, code, type,
+                                   GSS_C_NULL_OID, &msg_ctx, &msg);
+        if (major == 0) {
+            fprintf(stdout, "%s. ", (char *)msg.value);
+            major = gss_release_buffer(&minor, &msg);
+        }
+    } while (msg_ctx);
+}
+
+static void
+print_status(char *msg, OM_uint32 major, OM_uint32 minor)
+{
+    fprintf(stdout, "%s: ", msg);
+    print_gss_status(GSS_C_GSS_CODE, major);
+    print_gss_status(GSS_C_MECH_CODE, minor);
+    fprintf(stdout, "\n");
+}
+
+static void
+usage(const char *name)
+{
+    fprintf(stderr,
+            "Usage: %s <principal> [--cred_store {<key> <value>} ...]\n",
+            name);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_key_value_set_desc store;
+    gss_buffer_desc buf;
+    gss_name_t service = GSS_C_NO_NAME;
+    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+    int i, e;
+
+    if (argc < 2 || ((argc - 3) % 2)) {
+        usage(argv[0]);
+        exit(1);
+    }
+
+    store.count = (argc - 3) / 2;
+    store.elements = calloc(store.count,
+                            sizeof(struct gss_key_value_element_struct));
+    if (!store.elements) {
+        fprintf(stderr, "OOM\n");
+        exit(1);
+    }
+
+    if (argc > 2) {
+        if (strcmp(argv[2], "--cred_store") != 0) {
+            usage(argv[0]);
+            exit(1);
+        }
+
+        for (i = 3, e = 0; i < argc; i += 2, e++) {
+            store.elements[e].key = argv[i];
+            store.elements[e].value = argv[i + 1];
+            continue;
+        }
+    }
+
+    /* First acquire default creds and try to store them in the cred store. */
+
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, 0, GSS_C_NO_OID_SET,
+                             GSS_C_INITIATE, &cred, NULL, NULL);
+    if (major) {
+        print_status("gss_acquire_cred(default user creds) failed",
+                     major, minor);
+        goto out;
+    }
+
+    major = gss_store_cred_into(&minor, cred, GSS_C_INITIATE,
+                                GSS_C_NO_OID, 1, 0, &store, NULL, NULL);
+    if (major) {
+        print_status("gss_store_cred_in_store(default user creds) failed",
+                     major, minor);
+        goto out;
+    }
+
+    gss_release_cred(&minor, &cred);
+
+    /* Then try to acquire creds from store. */
+
+    buf.value = argv[1];
+    buf.length = strlen(argv[1]);
+
+    major = gss_import_name(&minor, &buf,
+                            (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME,
+                            &service);
+    if (major) {
+        print_status("gss_import_name(principal) failed", major, minor);
+        goto out;
+    }
+
+    major = gss_acquire_cred_from(&minor, service,
+                                  0, GSS_C_NO_OID_SET, GSS_C_BOTH,
+                                  &store, &cred, NULL, NULL);
+    if (major) {
+        print_status("gss_acquire_cred_from_store(principal) failed",
+                     major, minor);
+        goto out;
+    }
+
+    fprintf(stdout, "Cred Store Success\n");
+
+    major = 0;
+
+out:
+    gss_release_name(&minor, &service);
+    gss_release_cred(&minor, &cred);
+    free(store.elements);
+    return major;
+}
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
index 18123b392c..005d2d2c54 100644..100755
--- a/src/tests/gssapi/t_gssapi.py
+++ b/src/tests/gssapi/t_gssapi.py
@@ -78,6 +78,20 @@ output = realm.run_as_client(['./t_imp_cred', 'service2/dwight'],
 if 'Wrong principal in request' not in output:
     fail('Expected error message not seen in t_imp_cred output')
 
+# Test credential store extension.
+tmpccname = 'FILE:' + os.path.join(realm.testdir, 'def_cache')
+realm.env_client['KRB5CCNAME'] = tmpccname
+storagecache = 'FILE:' + os.path.join(realm.testdir, 'user_store')
+servicekeytab = os.path.join(realm.testdir, 'kt')
+service_cs = 'service/cs@%s' % realm.realm
+realm.addprinc(service_cs)
+realm.extract_keytab(service_cs, servicekeytab)
+realm.kinit(service_cs, None, ['-k', '-t', servicekeytab])
+output = realm.run_as_client(['./t_credstore', service_cs, '--cred_store',
+                              'ccache', storagecache, 'keytab', servicekeytab])
+if 'Cred Store Success' not in output:
+    fail('Expected test to succeed')
+
 # Verify that we can't acquire acceptor creds without a keytab.
 os.remove(realm.keytab)
 output = realm.run_as_client(['./t_accname', 'abc'], expected_code=1)