krb5: fix entry order in MEMORY keytab

Since krb5_kt_add_entry() adds new entries at the beginning of a MEMORY type keytab and not at the end a simple copy into a MEMORY type keytab will revert the order of the keytab entries. Since e.g. the sssd_krb5 man page give hints about where to add entries into keytab files to help SSSD to find a right entry we have to keep the order when coping a keytab into a MEMORY type keytab. This patch fixes this by doing a second copy to retain the original order. Resolves https://fedorahosted.org/sssd/ticket/2557 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2015-01-15 10:38:33 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-01-19 11:25:20 +0100
commit: 576ad637181b80d39a4e136c9afbf34c57f76156 (patch)
tree: aa0aa465954ac35d409dcf8481719696ceec23b6 /src/tests
parent: 2d5cdfef33dbc8d4a21d6a44676e81501c7af476 (diff)
download: sssd-576ad637181b80d39a4e136c9afbf34c57f76156.tar.gz
sssd-576ad637181b80d39a4e136c9afbf34c57f76156.tar.xz
sssd-576ad637181b80d39a4e136c9afbf34c57f76156.zip
1 files changed, 82 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_copy_keytab.c b/src/tests/cmocka/test_copy_keytab.c
index f46e32195..a9f2161a2 100644
--- a/src/tests/cmocka/test_copy_keytab.c
+++ b/src/tests/cmocka/test_copy_keytab.c
@@ -201,6 +201,86 @@ void test_sss_krb5_kt_have_content(void **state)
      * create empty keytab files */
 }
 
+static bool keytab_entries_equal(krb5_keytab_entry kent1,
+                                 krb5_keytab_entry kent2)
+{
+    if (kent1.vno != kent2.vno
+            || kent1.key.enctype != kent2.key.enctype
+            || kent1.key.length != kent2.key.length
+            || memcmp(kent1.key.contents, kent2.key.contents,
+                      kent1.key.length) != 0 ) {
+        return false;
+    }
+
+    return true;
+}
+
+void test_copy_keytab_order(void **state)
+{
+    krb5_error_code kerr;
+    krb5_error_code kerr_mem;
+    char *mem_keytab_name;
+    krb5_keytab mem_keytab;
+    krb5_kt_cursor mem_cursor;
+    krb5_keytab_entry mem_kent;
+    krb5_keytab keytab;
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry kent;
+    struct keytab_test_ctx *test_ctx = talloc_get_type(*state,
+                                                        struct keytab_test_ctx);
+    assert_non_null(test_ctx);
+
+    kerr = copy_keytab_into_memory(test_ctx, test_ctx->kctx,
+                                   test_ctx->keytab_file_name,
+                                   &mem_keytab_name, &mem_keytab);
+    assert_int_equal(kerr, 0);
+    assert_non_null(mem_keytab_name);
+
+    kerr = krb5_kt_resolve(test_ctx->kctx, mem_keytab_name, &mem_keytab);
+    assert_int_equal(kerr, 0);
+
+    kerr = krb5_kt_resolve(test_ctx->kctx, test_ctx->keytab_file_name, &keytab);
+    assert_int_equal(kerr, 0);
+
+    kerr = krb5_kt_start_seq_get(test_ctx->kctx, mem_keytab, &mem_cursor);
+    assert_int_equal(kerr, 0);
+
+    kerr = krb5_kt_start_seq_get(test_ctx->kctx, keytab, &cursor);
+    assert_int_equal(kerr, 0);
+
+    while ((kerr = krb5_kt_next_entry(test_ctx->kctx, keytab, &kent,
+                                      &cursor)) == 0) {
+        kerr_mem = krb5_kt_next_entry(test_ctx->kctx, mem_keytab, &mem_kent,
+                                      &mem_cursor);
+        assert_int_equal(kerr_mem, 0);
+
+        assert_true(keytab_entries_equal(kent, mem_kent));
+
+        krb5_free_keytab_entry_contents(test_ctx->kctx, &kent);
+        krb5_free_keytab_entry_contents(test_ctx->kctx, &mem_kent);
+    }
+
+    assert_int_equal(kerr, KRB5_KT_END);
+
+    kerr_mem = krb5_kt_next_entry(test_ctx->kctx, mem_keytab, &mem_kent,
+                                  &mem_cursor);
+    assert_int_equal(kerr_mem, KRB5_KT_END);
+
+    kerr = krb5_kt_end_seq_get(test_ctx->kctx, mem_keytab, &mem_cursor);
+    assert_int_equal(kerr, 0);
+
+    kerr = krb5_kt_end_seq_get(test_ctx->kctx, keytab, &cursor);
+    assert_int_equal(kerr, 0);
+
+    talloc_free(mem_keytab_name);
+
+    kerr = krb5_kt_close(test_ctx->kctx, keytab);
+    assert_int_equal(kerr, 0);
+
+    kerr = krb5_kt_close(test_ctx->kctx, mem_keytab);
+    assert_int_equal(kerr, 0);
+}
+
 int main(int argc, const char *argv[])
 {
     poptContext pc;
@@ -217,6 +297,8 @@ int main(int argc, const char *argv[])
                                  setup_keytab, teardown_keytab),
         unit_test_setup_teardown(test_sss_krb5_kt_have_content,
                                  setup_keytab, teardown_keytab),
+        unit_test_setup_teardown(test_copy_keytab_order,
+                                 setup_keytab, teardown_keytab),
     };
 
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
author	Sumit Bose <sbose@redhat.com>	2015-01-15 10:38:33 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-01-19 11:25:20 +0100
commit	576ad637181b80d39a4e136c9afbf34c57f76156 (patch)
tree	aa0aa465954ac35d409dcf8481719696ceec23b6 /src/tests
parent	2d5cdfef33dbc8d4a21d6a44676e81501c7af476 (diff)
download	sssd-576ad637181b80d39a4e136c9afbf34c57f76156.tar.gz sssd-576ad637181b80d39a4e136c9afbf34c57f76156.tar.xz sssd-576ad637181b80d39a4e136c9afbf34c57f76156.zip