From 83f24636ef8d3d2b9c5be46272781ed5e0497ca7 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 18 Oct 2012 16:14:40 +0200
Subject: krb5_auth: check if principal belongs to a different realm

Add a flag if the principal used for authentication does not belong
to our realm. This can be used to act differently for users from other
realms.
---
 src/tests/krb5_utils-tests.c | 45 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

(limited to 'src/tests/krb5_utils-tests.c')

diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index 5fee4544b..636bcd403 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -673,6 +673,47 @@ START_TEST(test_no_substitution)
 }
 END_TEST
 
+START_TEST(test_compare_principal_realm)
+{
+    int ret;
+    bool different_realm;
+
+    ret = compare_principal_realm(NULL, "a", &different_realm);
+    fail_unless(ret == EINVAL, "NULL upn does not cause EINVAL.");
+
+    ret = compare_principal_realm("a", NULL, &different_realm);
+    fail_unless(ret == EINVAL, "NULL realm does not cause EINVAL.");
+
+    ret = compare_principal_realm("a", "b", NULL);
+    fail_unless(ret == EINVAL, "NULL different_realmbool " \
+                               "does not cause EINVAL.");
+
+    ret = compare_principal_realm("", "a", &different_realm);
+    fail_unless(ret == EINVAL, "Empty upn does not cause EINVAL.");
+
+    ret = compare_principal_realm("a", "", &different_realm);
+    fail_unless(ret == EINVAL, "Empty realm does not cause EINVAL.");
+
+    ret = compare_principal_realm("ABC", "ABC", &different_realm);
+    fail_unless(ret == EINVAL, "Short UPN does not cause EINVAL.");
+
+    ret = compare_principal_realm("userABC", "ABC", &different_realm);
+    fail_unless(ret == EINVAL, "Missing '@' does not cause EINVAL.");
+
+    fail_unless(different_realm == false, "Same realm but " \
+                                          "different_realm is not false.");
+    ret = compare_principal_realm("user@ABC", "ABC", &different_realm);
+    fail_unless(ret == EOK, "Failure with same realm");
+    fail_unless(different_realm == false, "Same realm but " \
+                                          "different_realm is not false.");
+
+    ret = compare_principal_realm("user@ABC", "DEF", &different_realm);
+    fail_unless(ret == EOK, "Failure with different realm");
+    fail_unless(different_realm == true, "Different realm but " \
+                                          "different_realm is not true.");
+}
+END_TEST
+
 Suite *krb5_utils_suite (void)
 {
     Suite *s = suite_create ("krb5_utils");
@@ -713,6 +754,10 @@ Suite *krb5_utils_suite (void)
     }
     suite_add_tcase (s, tc_create_dir);
 
+    TCase *tc_krb5_helpers = tcase_create("Helper functions");
+    tcase_add_test(tc_krb5_helpers, test_compare_principal_realm);
+    suite_add_tcase(s, tc_krb5_helpers);
+
     return s;
 }
 
-- 
cgit