diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-08-11 18:18:51 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-08-11 18:20:51 -0400 |
commit | 0ec5f1e52713439d298a6a0deb45d2e5a389c46f (patch) | |
tree | 6378f0953ba3a32d32793c94fcd92f15452f1e30 /src/tests/gssapi | |
parent | 44df71234a77df6400704b3356767f98aa3dc15b (diff) | |
download | krb5-0ec5f1e52713439d298a6a0deb45d2e5a389c46f.tar.gz krb5-0ec5f1e52713439d298a6a0deb45d2e5a389c46f.tar.xz krb5-0ec5f1e52713439d298a6a0deb45d2e5a389c46f.zip |
Add test coverage for gss_export_name
Exercise gss_export_name and importing of exported name tokens in
t_gssapi.py.
Diffstat (limited to 'src/tests/gssapi')
-rw-r--r-- | src/tests/gssapi/Makefile.in | 13 | ||||
-rw-r--r-- | src/tests/gssapi/t_export_name.c | 169 | ||||
-rwxr-xr-x | src/tests/gssapi/t_gssapi.py | 14 |
3 files changed, 191 insertions, 5 deletions
diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in index 92386004ee..e093de4d59 100644 --- a/src/tests/gssapi/Makefile.in +++ b/src/tests/gssapi/Makefile.in @@ -6,17 +6,18 @@ PROG_RPATH=$(KRB5_LIBDIR) SRCS= $(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_imp_cred.c \ $(srcdir)/t_imp_name.c $(srcdir)/t_s4u.c $(srcdir)/t_s4u2proxy_krb5.c \ - $(srcdir)/t_namingexts.c $(srcdir)/t_gssexts.c $(srcdir)/t_saslname.c + $(srcdir)/t_namingexts.c $(srcdir)/t_gssexts.c $(srcdir)/t_saslname.c \ + $(srcdir)/t_credstore.c $(srcdir)/export_name.c OBJS= t_accname.o t_ccselect.o t_imp_cred.o t_imp_name.o t_s4u.o \ t_s4u2proxy_krb5.o t_namingexts.o t_gssexts.o t_spnego.o t_saslname.o \ - t_credstore.o + t_credstore.o t_export_name.o all:: t_accname t_ccselect t_imp_cred t_imp_name t_s4u t_s4u2proxy_krb5 \ - t_namingexts t_gssexts t_spnego t_saslname t_credstore + t_namingexts t_gssexts t_spnego t_saslname t_credstore t_export_name check-pytests:: t_accname t_ccselect t_imp_cred t_inq_cred t_spnego \ - t_s4u2proxy_krb5 t_s4u ccinit ccrefresh + t_s4u2proxy_krb5 t_s4u t_export_name ccinit ccrefresh $(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_s4u.py $(PYTESTFLAGS) @@ -50,8 +51,10 @@ t_saslname: t_saslname.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_saslname t_saslname.o $(GSS_LIBS) $(KRB5_BASE_LIBS) t_credstore: t_credstore.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_credstore t_credstore.o $(GSS_LIBS) $(KRB5_BASE_LIBS) +t_export_name: t_export_name.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ t_export_name.o $(GSS_LIBS) $(KRB5_BASE_LIBS) clean:: $(RM) t_accname t_ccselect t_imp_cred t_imp_name t_inq_cred t_s4u \ t_s4u2proxy_krb5 t_namingexts t_gssexts t_spnego \ - t_saslname t_credstore + t_saslname t_credstore t_export_name diff --git a/src/tests/gssapi/t_export_name.c b/src/tests/gssapi/t_export_name.c new file mode 100644 index 0000000000..e3a76df6b4 --- /dev/null +++ b/src/tests/gssapi/t_export_name.c @@ -0,0 +1,169 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* tests/gssapi/t_export_name.c - Test program for gss_export_name behavior */ +/* + * Copyright 2012 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Test program for gss_export_name, intended to be run from a Python test + * script. Imports a name, canonicalizes it to a mech, exports it, + * re-imports/exports it to compare results, and then prints the hex form of + * the exported name followed by a newline. + * + * Usage: ./t_export_name [-k|-s] user:username|krb5:princ|host:service@host + * + * The name is imported as a username, krb5 principal, or hostbased name. + * By default or with -k, the name is canonicalized to the krb5 mech; -s + * indicates SPNEGO instead. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <gssapi/gssapi_krb5.h> + +static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" }; + +static void +display_status_1(const char *m, OM_uint32 code, int type) +{ + OM_uint32 maj_stat, min_stat; + gss_buffer_desc msg; + OM_uint32 msg_ctx; + + msg_ctx = 0; + while (1) { + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, + &msg_ctx, &msg); + fprintf(stderr, "%s: %s\n", m, (char *)msg.value); + (void) gss_release_buffer(&min_stat, &msg); + + if (!msg_ctx) + break; + } +} + +static void +gsserr(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat) +{ + display_status_1(msg, maj_stat, GSS_C_GSS_CODE); + display_status_1(msg, min_stat, GSS_C_MECH_CODE); + exit(1); +} + +static void +print_hex(FILE *fp, gss_buffer_t buf) +{ + size_t i; + const unsigned char *bytes = buf->value; + + for (i = 0; i < buf->length; i++) + printf("%02X", bytes[i]); + printf("\n"); +} + +static void +usage(const char *progname) +{ + fprintf(stderr, + "Usage: %s [-k|-s] user:username|krb5:princ|gss:service@host\n", + progname); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + OM_uint32 minor, major; + gss_OID mech = (gss_OID)gss_mech_krb5, nametype; + gss_name_t name, mechname, impname; + gss_buffer_desc buf, buf2; + const char *name_arg, *progname = argv[0]; + char opt; + + while (argc > 1 && argv[1][0] == '-') { + opt = argv[1][1]; + argc--, argv++; + if (opt == 'k') + mech = (gss_OID)gss_mech_krb5; + else if (opt == 's') + mech = &spnego_mech; + else + usage(progname); + } + if (argc != 2) + usage(progname); + name_arg = argv[1]; + + /* Import the name. */ + if (strncmp(name_arg, "user:", 5) == 0) { + nametype = GSS_C_NT_USER_NAME; + name_arg += 5; + } else if (strncmp(name_arg, "krb5:", 5) == 0) { + nametype = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME; + name_arg += 5; + } else if (strncmp(name_arg, "host:", 5) == 0) { + nametype = GSS_C_NT_HOSTBASED_SERVICE; + name_arg += 5; + } else { + usage(progname); + } + buf.value = (char *)name_arg; + buf.length = strlen(name_arg); + major = gss_import_name(&minor, &buf, nametype, &name); + if (GSS_ERROR(major)) + gsserr("gss_import_name", major, minor); + + /* Canonicalize and export the name. */ + major = gss_canonicalize_name(&minor, name, mech, &mechname); + if (GSS_ERROR(major)) + gsserr("gss_canonicalize_name", major, minor); + major = gss_export_name(&minor, mechname, &buf); + if (GSS_ERROR(major)) + gsserr("gss_export_name", major, minor); + + /* Import and re-export the name, and compare the results. */ + major = gss_import_name(&minor, &buf, GSS_C_NT_EXPORT_NAME, &impname); + if (GSS_ERROR(major)) + gsserr("gss_export_name", major, minor); + major = gss_export_name(&minor, impname, &buf2); + if (GSS_ERROR(major)) + gsserr("gss_export_name", major, minor); + if (buf.length != buf2.length || + memcmp(buf.value, buf2.value, buf.length) != 0) { + fprintf(stderr, "Mismatched results:\n"); + print_hex(stderr, &buf); + print_hex(stderr, &buf2); + return 1; + } + + print_hex(stdout, &buf); + + (void)gss_release_name(&minor, &name); + (void)gss_release_name(&minor, &mechname); + (void)gss_release_buffer(&minor, &buf); + (void)gss_release_buffer(&minor, &buf2); + return 0; +} diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py index 4900bd6c56..d3dd881bc5 100755 --- a/src/tests/gssapi/t_gssapi.py +++ b/src/tests/gssapi/t_gssapi.py @@ -156,4 +156,18 @@ output = realm.run_as_client(['./t_inq_cred', '-k', '-b']) if realm.host_princ not in output: fail('Expected %s in t_inq_cred output' % realm.host_princ) +# Test gss_export_name behavior. +out = realm.run_as_client(['./t_export_name', 'user:x']) +if out != '0401000B06092A864886F7120102020000000D78404B5242544553542E434F4D\n': + fail('Unexpected output from t_export_name (krb5 username)') +output = realm.run_as_client(['./t_export_name', '-s', 'user:xyz']) +if output != '0401000806062B06010505020000000378797A\n': + fail('Unexpected output from t_export_name (SPNEGO username)') +output = realm.run_as_client(['./t_export_name', 'krb5:a@b']) +if output != '0401000B06092A864886F71201020200000003614062\n': + fail('Unexpected output from t_export_name (krb5 principal)') +output = realm.run_as_client(['./t_export_name', '-s', 'krb5:a@b']) +if output != '0401000806062B060105050200000003614062\n': + fail('Unexpected output from t_export_name (SPNEGO krb5 principal)') + success('GSSAPI tests') |