Add test coverage for gss_export_name

Exercise gss_export_name and importing of exported name tokens in
t_gssapi.py.

3 files changed, 191 insertions, 5 deletions

diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in
index 92386004ee..e093de4d59 100644
--- a/src/tests/gssapi/Makefile.in
+++ b/src/tests/gssapi/Makefile.in
@@ -6,17 +6,18 @@ PROG_RPATH=$(KRB5_LIBDIR)
 
 SRCS=	$(srcdir)/t_accname.c $(srcdir)/t_ccselect.c $(srcdir)/t_imp_cred.c \
 	$(srcdir)/t_imp_name.c $(srcdir)/t_s4u.c $(srcdir)/t_s4u2proxy_krb5.c \
-	$(srcdir)/t_namingexts.c $(srcdir)/t_gssexts.c $(srcdir)/t_saslname.c
+	$(srcdir)/t_namingexts.c $(srcdir)/t_gssexts.c $(srcdir)/t_saslname.c \
+	$(srcdir)/t_credstore.c $(srcdir)/export_name.c
 
 OBJS=	t_accname.o t_ccselect.o t_imp_cred.o t_imp_name.o t_s4u.o \
 	t_s4u2proxy_krb5.o t_namingexts.o t_gssexts.o t_spnego.o t_saslname.o \
-	t_credstore.o
+	t_credstore.o t_export_name.o
 
 all:: t_accname t_ccselect t_imp_cred t_imp_name t_s4u t_s4u2proxy_krb5 \
-	t_namingexts t_gssexts t_spnego t_saslname t_credstore
+	t_namingexts t_gssexts t_spnego t_saslname t_credstore t_export_name
 
 check-pytests:: t_accname t_ccselect t_imp_cred t_inq_cred t_spnego \
-	t_s4u2proxy_krb5 t_s4u ccinit ccrefresh
+	t_s4u2proxy_krb5 t_s4u t_export_name ccinit ccrefresh
 	$(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_s4u.py $(PYTESTFLAGS)
@@ -50,8 +51,10 @@ t_saslname: t_saslname.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o t_saslname t_saslname.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
 t_credstore: t_credstore.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o t_credstore t_credstore.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+t_export_name: t_export_name.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_export_name.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
 
 clean::
 	$(RM) t_accname t_ccselect t_imp_cred t_imp_name t_inq_cred t_s4u \
 		t_s4u2proxy_krb5 t_namingexts t_gssexts t_spnego \
-		t_saslname t_credstore
+		t_saslname t_credstore t_export_name
diff --git a/src/tests/gssapi/t_export_name.c b/src/tests/gssapi/t_export_name.c
new file mode 100644
index 0000000000..e3a76df6b4
--- /dev/null
+++ b/src/tests/gssapi/t_export_name.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_export_name.c - Test program for gss_export_name behavior */
+/*
+ * Copyright 2012 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test program for gss_export_name, intended to be run from a Python test
+ * script.  Imports a name, canonicalizes it to a mech, exports it,
+ * re-imports/exports it to compare results, and then prints the hex form of
+ * the exported name followed by a newline.
+ *
+ * Usage: ./t_export_name [-k|-s] user:username|krb5:princ|host:service@host
+ *
+ * The name is imported as a username, krb5 principal, or hostbased name.
+ * By default or with -k, the name is canonicalized to the krb5 mech; -s
+ * indicates SPNEGO instead.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <gssapi/gssapi_krb5.h>
+
+static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
+
+static void
+display_status_1(const char *m, OM_uint32 code, int type)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        maj_stat = gss_display_status(&min_stat, code,
+                                      type, GSS_C_NULL_OID,
+                                      &msg_ctx, &msg);
+        fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
+        (void) gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
+}
+
+static void
+gsserr(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
+{
+    display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
+    display_status_1(msg, min_stat, GSS_C_MECH_CODE);
+    exit(1);
+}
+
+static void
+print_hex(FILE *fp, gss_buffer_t buf)
+{
+    size_t i;
+    const unsigned char *bytes = buf->value;
+
+    for (i = 0; i < buf->length; i++)
+        printf("%02X", bytes[i]);
+    printf("\n");
+}
+
+static void
+usage(const char *progname)
+{
+    fprintf(stderr,
+            "Usage: %s [-k|-s] user:username|krb5:princ|gss:service@host\n",
+            progname);
+    exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_OID mech = (gss_OID)gss_mech_krb5, nametype;
+    gss_name_t name, mechname, impname;
+    gss_buffer_desc buf, buf2;
+    const char *name_arg, *progname = argv[0];
+    char opt;
+
+    while (argc > 1 && argv[1][0] == '-') {
+        opt = argv[1][1];
+        argc--, argv++;
+        if (opt == 'k')
+            mech = (gss_OID)gss_mech_krb5;
+        else if (opt == 's')
+            mech = &spnego_mech;
+        else
+            usage(progname);
+    }
+    if (argc != 2)
+        usage(progname);
+    name_arg = argv[1];
+
+    /* Import the name. */
+    if (strncmp(name_arg, "user:", 5) == 0) {
+        nametype = GSS_C_NT_USER_NAME;
+        name_arg += 5;
+    } else if (strncmp(name_arg, "krb5:", 5) == 0) {
+        nametype = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
+        name_arg += 5;
+    } else if (strncmp(name_arg, "host:", 5) == 0) {
+        nametype = GSS_C_NT_HOSTBASED_SERVICE;
+        name_arg += 5;
+    } else {
+        usage(progname);
+    }
+    buf.value = (char *)name_arg;
+    buf.length = strlen(name_arg);
+    major = gss_import_name(&minor, &buf, nametype, &name);
+    if (GSS_ERROR(major))
+        gsserr("gss_import_name", major, minor);
+
+    /* Canonicalize and export the name. */
+    major = gss_canonicalize_name(&minor, name, mech, &mechname);
+    if (GSS_ERROR(major))
+        gsserr("gss_canonicalize_name", major, minor);
+    major = gss_export_name(&minor, mechname, &buf);
+    if (GSS_ERROR(major))
+        gsserr("gss_export_name", major, minor);
+
+    /* Import and re-export the name, and compare the results. */
+    major = gss_import_name(&minor, &buf, GSS_C_NT_EXPORT_NAME, &impname);
+    if (GSS_ERROR(major))
+        gsserr("gss_export_name", major, minor);
+    major = gss_export_name(&minor, impname, &buf2);
+    if (GSS_ERROR(major))
+        gsserr("gss_export_name", major, minor);
+    if (buf.length != buf2.length ||
+        memcmp(buf.value, buf2.value, buf.length) != 0) {
+        fprintf(stderr, "Mismatched results:\n");
+        print_hex(stderr, &buf);
+        print_hex(stderr, &buf2);
+        return 1;
+    }
+
+    print_hex(stdout, &buf);
+
+    (void)gss_release_name(&minor, &name);
+    (void)gss_release_name(&minor, &mechname);
+    (void)gss_release_buffer(&minor, &buf);
+    (void)gss_release_buffer(&minor, &buf2);
+    return 0;
+}
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
index 4900bd6c56..d3dd881bc5 100755
--- a/src/tests/gssapi/t_gssapi.py
+++ b/src/tests/gssapi/t_gssapi.py
@@ -156,4 +156,18 @@ output = realm.run_as_client(['./t_inq_cred', '-k', '-b'])
 if realm.host_princ not in output:
     fail('Expected %s in t_inq_cred output' % realm.host_princ)
 
+# Test gss_export_name behavior.
+out = realm.run_as_client(['./t_export_name', 'user:x'])
+if out != '0401000B06092A864886F7120102020000000D78404B5242544553542E434F4D\n':
+    fail('Unexpected output from t_export_name (krb5 username)')
+output = realm.run_as_client(['./t_export_name', '-s', 'user:xyz'])
+if output != '0401000806062B06010505020000000378797A\n':
+    fail('Unexpected output from t_export_name (SPNEGO username)')
+output = realm.run_as_client(['./t_export_name', 'krb5:a@b'])
+if output != '0401000B06092A864886F71201020200000003614062\n':
+    fail('Unexpected output from t_export_name (krb5 principal)')
+output = realm.run_as_client(['./t_export_name', '-s', 'krb5:a@b'])
+if output != '0401000806062B060105050200000003614062\n':
+    fail('Unexpected output from t_export_name (SPNEGO krb5 principal)')
+
 success('GSSAPI tests')