3 files changed, 134 insertions, 0 deletions

diff --git a/proxy/tests/Makefile.am b/proxy/tests/Makefile.am
index d3fd56c..ee0e4e3 100644
--- a/proxy/tests/Makefile.am
+++ b/proxy/tests/Makefile.am
@@ -13,6 +13,13 @@ t_accept_SOURCES = \
 t_accept_LDADD = \
     $(GSSAPI_LIBS)
 
+t_cred_store_SOURCES = \
+    t_utils.c \
+    t_cred_store.c
+
+t_cred_store_LDADD = \
+    $(GSSAPI_LIBS)
+
 t_impersonate_SOURCES = \
     t_utils.c \
     t_impersonate.c
@@ -29,6 +36,7 @@ t_init_LDADD = \
 
 check_PROGRAMS = \
     t_acquire \
+    t_cred_store \
     t_impersonate \
     t_accept \
     t_init
diff --git a/proxy/tests/t_cred_store.c b/proxy/tests/t_cred_store.c
new file mode 100644
index 0000000..1c6e861
--- /dev/null
+++ b/proxy/tests/t_cred_store.c
@@ -0,0 +1,86 @@
+/* Copyright (C) 2016 the GSS-PROXY contributors; see COPYING for license */
+
+#include "t_utils.h"
+#include <unistd.h>
+
+int main(int argc, const char *argv[])
+{
+    uint32_t major, minor;
+    gss_key_value_set_desc store = {};
+    int ret = -1;
+    gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_OID_set_desc oid_set = { 1, discard_const(gss_mech_krb5) };
+
+    if (argc != 3) {
+        DEBUG("Usage: %s source_ccache dest_ccache\n", argv[0]);
+        goto done;
+    }
+
+    store.elements = calloc(1, sizeof(struct gss_key_value_element_struct));
+    if (!store.elements) {
+        DEBUG("calloc failed\n");
+        goto done;
+    }
+    store.count = 1;
+    store.elements[0].key = "ccache";
+
+    /* Acquire initial cred handle from store */
+    store.elements[0].value = argv[1];
+    major = gss_acquire_cred_from(&minor,
+                                  GSS_C_NO_NAME,
+                                  GSS_C_INDEFINITE,
+                                  &oid_set,
+                                  GSS_C_INITIATE,
+                                  &store,
+                                  &cred_handle,
+                                  NULL,
+                                  NULL);
+    if (major != GSS_S_COMPLETE) {
+        DEBUG("gss_acquire_cred_from() failed\n");
+        t_log_failure(GSS_C_NO_OID, major, minor);
+        goto done;
+    }
+
+    /* Test storing credentials */
+    store.elements[0].value = argv[2];
+    major = gss_store_cred_into(&minor,
+                                cred_handle,
+                                GSS_C_INITIATE,
+                                GSS_C_NO_OID,
+                                1,
+                                1,
+                                &store,
+                                NULL,
+                                NULL);
+    if (major != GSS_S_COMPLETE) {
+        DEBUG("gss_store_cred_into() failed\n");
+        t_log_failure(GSS_C_NO_OID, major, minor);
+        goto done;
+    }
+
+    /* Test that we can actually manipulate the stored credentials */
+    gss_release_cred(&minor, &cred_handle);
+    cred_handle = GSS_C_NO_CREDENTIAL;
+    major = gss_acquire_cred_from(&minor,
+                                  GSS_C_NO_NAME,
+                                  GSS_C_INDEFINITE,
+                                  &oid_set,
+                                  GSS_C_INITIATE,
+                                  &store,
+                                  &cred_handle,
+                                  NULL,
+                                  NULL);
+    if (major != GSS_S_COMPLETE) {
+        DEBUG("second gss_acquire_cred_from() failed\n");
+        t_log_failure(GSS_C_NO_OID, major, minor);
+        goto done;
+    }
+
+    ret = 0;
+done:
+    if (store.elements) {
+        free(store.elements);
+    }
+    gss_release_cred(&minor, &cred_handle);
+    return ret;
+}
diff --git a/proxy/tests/t_cred_store.py b/proxy/tests/t_cred_store.py
new file mode 100644
index 0000000..fa0856c
--- /dev/null
+++ b/proxy/tests/t_cred_store.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python3
+# Copyright (C) 2016 - GSS-Proxy contributors; see COPYING for the license.
+
+from testlib import *
+
+def run(testdir, env, conf):
+    print("Testing cred store extensions...", file=sys.stderr)
+    logfile = conf["logfile"]
+
+    ccache = "FILE:" + os.path.join(testdir, "t" + conf["prefix"] +
+                                    "_cred_store.ccache")
+    testenv = {"KRB5CCNAME": ccache}
+    testenv.update(env)
+    usr_keytab = os.path.join(testdir, USR_KTNAME)
+    ksetup = subprocess.Popen(["kinit", "-kt", usr_keytab, USR_NAME],
+                              stdout=logfile, stderr=logfile,
+                              env=testenv, preexec_fn=os.setsid)
+    ksetup.wait()
+    if ksetup.returncode != 0:
+        raise ValueError("Kinit %s failed" % USR_NAME)
+
+    testenv = {"KRB5_TRACE": os.path.join(testdir,
+                                          "t" + conf["prefix"] + ".trace"),
+               "GSS_USE_PROXY": "yes",
+               "GSSPROXY_BEHAVIOR": "REMOTE_FIRST"}
+    testenv.update(env)
+    temp_ccache = "FILE:" + os.path.join(testdir, "t" + conf["prefix"] +
+                                         "_temp.ccache")
+    cmd = ["./tests/t_cred_store", ccache, temp_ccache]
+    print("[COMMAND]\n%s\n[ENVIRONMENT]\n%s\n" % (cmd, testenv), file=logfile)
+    logfile.flush()
+
+    p1 = subprocess.Popen(cmd, stderr=subprocess.STDOUT, stdout=logfile,
+                          env=testenv, preexec_fn=os.setsid)
+    try:
+        p1.wait()
+    except subprocess.TimeoutExpired:
+        # p1.returncode is set to None here
+        pass
+    print_return(p1.returncode, "Cred store", False)