diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-10-07 09:51:56 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-10-14 23:32:05 -0400 |
commit | 48dd01f29b893a958a64dcf6eb0b734e8463425b (patch) | |
tree | d640110f683fb152d3e5ca6290b68ad7f486f8b9 /src/tests/gssapi | |
parent | 69c190ed9189273a79fdb8e8d95ce970d21118b3 (diff) | |
download | krb5-48dd01f29b893a958a64dcf6eb0b734e8463425b.tar.gz krb5-48dd01f29b893a958a64dcf6eb0b734e8463425b.tar.xz krb5-48dd01f29b893a958a64dcf6eb0b734e8463425b.zip |
Fix GSSAPI krb5 cred ccache import
json_to_ccache was incorrectly indexing the JSON array when restoring
a memory ccache. Fix it.
Add test coverage for a multi-cred ccache by exporting/importing the
synthesized S4U2Proxy delegated cred in t_s4u2proxy_krb5.c; move
export_import_cred from t_export_cred.c to common.c to facilitate
this. Make a note in t_export_cred.py that this case is covered in
t_s4u.py.
ticket: 7706
target_version: 1.11.4
Diffstat (limited to 'src/tests/gssapi')
-rw-r--r-- | src/tests/gssapi/common.c | 14 | ||||
-rw-r--r-- | src/tests/gssapi/common.h | 4 | ||||
-rw-r--r-- | src/tests/gssapi/t_export_cred.c | 16 | ||||
-rw-r--r-- | src/tests/gssapi/t_export_cred.py | 5 | ||||
-rw-r--r-- | src/tests/gssapi/t_s4u2proxy_krb5.c | 4 |
5 files changed, 26 insertions, 17 deletions
diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c index 19a781a5e9..231f44af29 100644 --- a/src/tests/gssapi/common.c +++ b/src/tests/gssapi/common.c @@ -149,6 +149,20 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, } void +export_import_cred(gss_cred_id_t *cred) +{ + OM_uint32 major, minor; + gss_buffer_desc buf; + + major = gss_export_cred(&minor, *cred, &buf); + check_gsserr("gss_export_cred", major, minor); + (void)gss_release_cred(&minor, cred); + major = gss_import_cred(&minor, &buf, cred); + check_gsserr("gss_import_cred", major, minor); + (void)gss_release_buffer(&minor, &buf); +} + +void display_canon_name(const char *tag, gss_name_t name, gss_OID mech) { gss_name_t canon; diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h index 54c0d36b53..ae11b51d41 100644 --- a/src/tests/gssapi/common.h +++ b/src/tests/gssapi/common.h @@ -62,6 +62,10 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_name_t *src_name, gss_OID *amech, gss_cred_id_t *deleg_cred); +/* Export *cred to a token, then release *cred and replace it by re-importing + * the token. */ +void export_import_cred(gss_cred_id_t *cred); + /* Display name as canonicalized to mech, preceded by tag. */ void display_canon_name(const char *tag, gss_name_t name, gss_OID mech); diff --git a/src/tests/gssapi/t_export_cred.c b/src/tests/gssapi/t_export_cred.c index 5214cd5104..4d7c028e6d 100644 --- a/src/tests/gssapi/t_export_cred.c +++ b/src/tests/gssapi/t_export_cred.c @@ -37,22 +37,6 @@ usage(void) exit(1); } -/* Export *cred to a token, then release *cred and replace it by re-importing - * the token. */ -static void -export_import_cred(gss_cred_id_t *cred) -{ - OM_uint32 major, minor; - gss_buffer_desc buf; - - major = gss_export_cred(&minor, *cred, &buf); - check_gsserr("gss_export_cred", major, minor); - (void)gss_release_cred(&minor, cred); - major = gss_import_cred(&minor, &buf, cred); - check_gsserr("gss_import_cred", major, minor); - (void)gss_release_buffer(&minor, &buf); -} - int main(int argc, char *argv[]) { diff --git a/src/tests/gssapi/t_export_cred.py b/src/tests/gssapi/t_export_cred.py index 53dd13c910..6988359289 100644 --- a/src/tests/gssapi/t_export_cred.py +++ b/src/tests/gssapi/t_export_cred.py @@ -1,7 +1,10 @@ #!/usr/bin/python from k5test import * -# Test gss_export_cred and gss_import_cred. +# Test gss_export_cred and gss_import_cred for initiator creds, +# acceptor creds, and traditional delegated creds. t_s4u.py tests +# exporting and importing a synthesized S4U2Proxy delegated +# credential. # Make up a filename to hold user's initial credentials. def ccache_savefile(realm): diff --git a/src/tests/gssapi/t_s4u2proxy_krb5.c b/src/tests/gssapi/t_s4u2proxy_krb5.c index 3ad1086485..483d915720 100644 --- a/src/tests/gssapi/t_s4u2proxy_krb5.c +++ b/src/tests/gssapi/t_s4u2proxy_krb5.c @@ -117,6 +117,10 @@ main(int argc, char *argv[]) goto cleanup; } + /* Take the opportunity to test cred export/import on the synthesized + * S4U2Proxy delegated cred. */ + export_import_cred(&deleg_cred); + /* Store the delegated credentials. */ ret = krb5_cc_resolve(context, storage_ccname, &storage_ccache); check_k5err(context, "krb5_cc_resolve", ret); |